Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 2427 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2023-45145 Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade. For users unable to upgrade, it is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory. -- Oct 18, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-38546 This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates easy handles that are the individual handles for single transfers. libcurl provides a function call that duplicates en easy handle called [curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html). If a transfer has cookies enabled when the handle is duplicated, the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle did not read any cookies from a specific file on disk, the cloned version of the handle would instead store the file name as `none` (using the four ASCII letters, no quotes). Subsequent use of the cloned handle that does not explicitly set a source to load cookies from would then inadvertently load cookies from a file named `none` - if such a file exists and is readable in the current directory of the program using libcurl. And if using the correct file format of course. LOW Oct 18, 2023 10.19.45.31 (Wind River Linux LTS 19)
CVE-2023-5178 A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation. -- Oct 17, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-45871 An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU. -- Oct 16, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-45862 An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation. -- Oct 16, 2023 10.19.45.29 (Wind River Linux LTS 19)
CVE-2023-45853 MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API. LOW Oct 14, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-5535 Use After Free in GitHub repository vim/vim prior to v9.0.2010. -- Oct 11, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-44487 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. LOW Oct 11, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-42669 A vulnerability was found in Samba\'s rpcecho development server, a non-Windows RPC server used to test Samba\'s DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the rpcecho service operates with only one worker in the main RPC task, allowing calls to the rpcecho server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a sleep() call in the dcesrv_echo_TestSleep() function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the rpcecho server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as rpcecho runs in the main RPC task. -- Oct 11, 2023 10.19.45.31 (Wind River Linux LTS 19)
CVE-2023-4091 A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module acl_xattr is configured with acl_xattr:ignore system acls = yes. The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba\'s permissions. -- Oct 11, 2023 10.19.45.31 (Wind River Linux LTS 19)
CVE-2023-39189 A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. -- Oct 10, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-45322 libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor\'s position is I don\'t think these issues are critical enough to warrant a CVE ID ... because an attacker typically can\'t control when memory allocations fail. -- Oct 7, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-39194 A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure. -- Oct 6, 2023 10.19.45.29 (Wind River Linux LTS 19)
CVE-2023-39193 A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. -- Oct 6, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-39192 A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure. -- Oct 6, 2023 10.19.45.29 (Wind River Linux LTS 19)
CVE-2023-5366 A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses. -- Oct 6, 2023 10.19.45.31 (Wind River Linux LTS 19)
CVE-2023-4693 An out-of-bounds read flaw was found on grub2\'s NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk. -- Oct 6, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-4692 An out-of-bounds write flaw was found in grub2\'s NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub\'s heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved. -- Oct 6, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-42754 A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system. -- Oct 5, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-5441 NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960. -- Oct 5, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-43804 urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn\'t treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn\'t disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5. LOW Oct 4, 2023 10.19.45.31 (Wind River Linux LTS 19)
CVE-2023-5344 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969. -- Oct 4, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-3576 A memory leak flaw was found in Libtiff\'s tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service. -- Oct 4, 2023 10.19.45.31 (Wind River Linux LTS 19)
CVE-2023-42755 A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify` function. This issue may allow a local user to crash the system and cause a denial of service. -- Sep 27, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-42753 An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system. -- Sep 26, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-3341 The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel\'s configured TCP port is necessary. This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1. -- Sep 20, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-4921 A use-after-free vulnerability in the Linux kernel\'s net/sched: sch_qfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue(). We recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8. -- Sep 12, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-4863 Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) -- Sep 12, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-4623 A use-after-free vulnerability in the Linux kernel\'s net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free. We recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f. -- Sep 7, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-4622 A use-after-free vulnerability in the Linux kernel\'s af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer\'s recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free. We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c. -- Sep 7, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-4208 A use-after-free vulnerability in the Linux kernel\'s net/sched: cls_u32 component can be exploited to achieve local privilege escalation. When u32_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free. We recommend upgrading past commit 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81. -- Sep 7, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-36328 Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS). -- Sep 6, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-4781 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873. -- Sep 5, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-4752 Use After Free in GitHub repository vim/vim prior to 9.0.1858. -- Sep 5, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-4750 Use After Free in GitHub repository vim/vim prior to 9.0.1857. -- Sep 5, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-4733 Use After Free in GitHub repository vim/vim prior to 9.0.1840. -- Sep 5, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-39319 The html/template package does not apply the proper rules for handling occurrences of <script, <!--, and </script within JS literals in <script> contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack. -- Sep 4, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-39318 The html/template package does not properly handle HTML-like comment tokens, nor hashbang #! comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack. -- Sep 4, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-4751 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331. -- Sep 4, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-4738 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848. -- Sep 4, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-4736 Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833. -- Sep 4, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-4735 Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847. -- Sep 4, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-4734 Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846. -- Sep 4, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-4641 A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory. -- Sep 1, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-41040 GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the `.git` directory, in some places the name of the file being read is provided by the user, GitPython doesn\'t check if this file is located outside the `.git` directory. This allows an attacker to make GitPython read any file from the system. This vulnerability is present in https://github.com/gitpython-developers/GitPython/blob/1c8310d7cae144f74a671cbe17e51f63a830adbf/git/refs/symbolic.py#L174-L175. That code joins the base directory with a user given string without checking if the final path is located outside the base directory. This vulnerability cannot be used to read the contents of files but could in theory be used to trigger a denial of service for the program. This issue has not yet been addressed. LOW Aug 31, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-20900 A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . -- Aug 31, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-41175 A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. -- Aug 29, 2023 10.19.45.31 (Wind River Linux LTS 19)
CVE-2023-40745 LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. -- Aug 29, 2023 10.19.45.31 (Wind River Linux LTS 19)
CVE-2023-39615 Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor\'s position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input. -- Aug 29, 2023 10.19.45.30 (Wind River Linux LTS 19)
CVE-2023-4459 A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup. -- Aug 22, 2023 10.19.45.30 (Wind River Linux LTS 19)
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online