Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 2427 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2023-7042 A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trigger a denial of service. -- Dec 21, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-6546 A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system. -- Dec 21, 2023 10.19.45.29 (Wind River Linux LTS 19)
CVE-2023-51385 In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name. -- Dec 19, 2023 10.19.45.31 (Wind River Linux LTS 19)
CVE-2023-6932 A use-after-free vulnerability in the Linux kernel\'s ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1. -- Dec 19, 2023 10.19.45.29 (Wind River Linux LTS 19)
CVE-2023-6931 A heap out-of-bounds write vulnerability in the Linux kernel\'s Performance Events system component can be exploited to achieve local privilege escalation. A perf_event\'s read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group(). We recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b. -- Dec 19, 2023 10.19.45.29 (Wind River Linux LTS 19)
CVE-2023-6817 A use-after-free vulnerability in the Linux kernel\'s netfilter: nf_tables component can be exploited to achieve local privilege escalation. The function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free. We recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a. -- Dec 18, 2023 10.19.45.29 (Wind River Linux LTS 19)
CVE-2023-50472 cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c. LOW Dec 14, 2023 10.19.45.31 (Wind River Linux LTS 19)
CVE-2023-50471 cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_InsertItemInArray at cJSON.c. LOW Dec 14, 2023 10.19.45.31 (Wind River Linux LTS 19)
CVE-2023-6478 A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information. -- Dec 13, 2023 10.19.45.31 (Wind River Linux LTS 19)
CVE-2023-6377 A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved. -- Dec 13, 2023 10.19.45.31 (Wind River Linux LTS 19)
CVE-2023-39804 tar: Incorrectly handled extension attributes in PAX archives can lead to a crash. -- Dec 13, 2023 10.19.45.31 (Wind River Linux LTS 19)
CVE-2023-50495 NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry(). -- Dec 12, 2023 10.19.45.31 (Wind River Linux LTS 19)
CVE-2023-45866 Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue. -- Dec 8, 2023 10.19.45.31 (Wind River Linux LTS 19)
CVE-2023-46751 An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer. -- Dec 7, 2023 10.19.45.31 (Wind River Linux LTS 19)
CVE-2023-46218 This flaw allows a malicious HTTP server to set super cookies in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl\'s function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain. LOW Dec 7, 2023 10.19.45.31 (Wind River Linux LTS 19)
CVE-2023-47100 In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \\p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0. -- Dec 3, 2023 10.19.45.31 (Wind River Linux LTS 19)
CVE-2023-39326 A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small. -- Nov 30, 2023 10.19.45.31 (Wind River Linux LTS 19)
CVE-2023-47038 A vulnerability was found in perl. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer. -- Nov 27, 2023 10.19.45.31 (Wind River Linux LTS 19)
CVE-2023-6277 An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB. -- Nov 27, 2023 10.19.45.31 (Wind River Linux LTS 19)
CVE-2023-48706 Vim is a UNIX editor that, prior to version 9.0.2121, has a heap-use-after-free vulnerability. When executing a `:s` command for the very first time and using a sub-replace-special atom inside the substitution part, it is possible that the recursive `:s` call causes free-ing of memory which may later then be accessed by the initial `:s` command. The user must intentionally execute the payload and the whole process is a bit tricky to do since it seems to work only reliably for the very first :s command. It may also cause a crash of Vim. Version 9.0.2121 contains a fix for this issue. -- Nov 24, 2023 10.19.45.31 (Wind River Linux LTS 19)
CVE-2023-6228 An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash. -- Nov 23, 2023 10.19.45.31 (Wind River Linux LTS 19)
CVE-2023-41913 strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm\'s DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message. -- Nov 22, 2023 10.19.45.31 (Wind River Linux LTS 19)
CVE-2023-48237 Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very large value, it may be possible to overflow the size of integer. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `6bf131888` which has been included in version 9.0.2112. Users are advised to upgrade. There are no known workarounds for this vulnerability. -- Nov 17, 2023 10.19.45.31 (Wind River Linux LTS 19)
CVE-2023-48236 Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. Impact is low, user interaction is required and a crash may not even happen in all situations. This vulnerability has been addressed in commit `73b2d379` which has been included in release version 9.0.2111. Users are advised to upgrade. There are no known workarounds for this vulnerability. -- Nov 17, 2023 10.19.45.31 (Wind River Linux LTS 19)
CVE-2023-48235 Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause an overflow. Ironically this happens in the existing overflow check, because the line number becomes negative and LONG_MAX - lnum will cause the overflow. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `060623e` which has been included in release version 9.0.2110. Users are advised to upgrade. There are no known workarounds for this vulnerability. -- Nov 17, 2023 10.19.45.31 (Wind River Linux LTS 19)
CVE-2023-48234 Vim is an open source command line text editor. When getting the count for a normal mode z command, it may overflow for large counts given. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `58f9befca1` which has been included in release version 9.0.2109. Users are advised to upgrade. There are no known workarounds for this vulnerability. -- Nov 17, 2023 10.19.45.31 (Wind River Linux LTS 19)
CVE-2023-48233 Vim is an open source command line text editor. If the count after the :s command is larger than what fits into a (signed) long variable, abort with e_value_too_large. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `ac6378773` which has been included in release version 9.0.2108. Users are advised to upgrade. There are no known workarounds for this vulnerability. -- Nov 17, 2023 10.19.45.31 (Wind River Linux LTS 19)
CVE-2023-48232 Vim is an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines and smooth scrolling is enabled and the cpo-settings include the \'n\' flag. This may happen when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the \'cpo\' setting includes the \'n\' flag. Only users with non-default settings are affected and the exception should only result in a crash. This issue has been addressed in commit `cb0b99f0` which has been included in release version 9.0.2107. Users are advised to upgrade. There are no known workarounds for this vulnerability. -- Nov 17, 2023 10.19.45.31 (Wind River Linux LTS 19)
CVE-2023-48231 Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. This issue has been addressed in commit `25aabc2b` which has been included in release version 9.0.2106. Users are advised to upgrade. There are no known workarounds for this vulnerability. -- Nov 17, 2023 10.19.45.31 (Wind River Linux LTS 19)
CVE-2023-5981 A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. -- Nov 17, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-6176 A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system. -- Nov 16, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-44446 Use-after-free (read) in the MXF demuxer when handling certain files before GStreamer 1.22.7 -- Nov 15, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-23583 Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access. -- Nov 14, 2023 10.19.45.31 (Wind River Linux LTS 19)
CVE-2023-47342 avformat/rtsp: Use rtsp_st->stream_index -- Nov 13, 2023 10.19.45.31 (Wind River Linux LTS 19)
CVE-2023-39197 An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol. -- Nov 10, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-39198 A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation. -- Nov 9, 2023 10.19.45.31 (Wind River Linux LTS 19)
CVE-2023-35825 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-3141. Reason: This candidate is a reservation duplicate of CVE-2023-3141. Notes: All CVE users should reference CVE-2023-3141 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. -- Nov 7, 2023 10.19.45.29 (Wind River Linux LTS 19)
CVE-2023-5870 A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack. -- Nov 7, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-5869 A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server\'s memory. -- Nov 7, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-5868 A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with \'unknown\'-type arguments. Handling \'unknown\'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory. -- Nov 7, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2019-20510 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-13456. Reason: This candidate is a duplicate of CVE-2019-13456. Notes: All CVE users should reference CVE-2019-13456 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage -- Nov 7, 2023 10.19.45.3 (Wind River Linux LTS 19)
CVE-2018-15879 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-6978. Reason: This candidate is a reservation duplicate of CVE-2019-6978. Notes: All CVE users should reference CVE-2019-6978 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage -- Nov 7, 2023 10.19.45.1 (Wind River Linux LTS 19)
CVE-2018-15878 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-6978. Reason: This candidate is a reservation duplicate of CVE-2019-6978. Notes: All CVE users should reference CVE-2019-6978 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage -- Nov 7, 2023 10.19.45.1 (Wind River Linux LTS 19)
CVE-2023-46246 Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it\'s possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068. -- Oct 29, 2023 10.19.45.31 (Wind River Linux LTS 19)
CVE-2023-34059 open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs. -- Oct 27, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-34058 VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . -- Oct 27, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-5717 A heap out-of-bounds write vulnerability in the Linux kernel\'s Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event\'s sibling_list is smaller than its child\'s sibling_list, it can increment or write to memory locations outside of the allocated buffer. We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06. -- Oct 25, 2023 10.19.45.29 (Wind River Linux LTS 19)
CVE-2023-5380 A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed. -- Oct 25, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-5367 A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service. -- Oct 25, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-46316 In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines. -- Oct 25, 2023 10.19.45.30 (Wind River Linux LTS 19)
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online