The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2023-47100 | In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \\p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0. | -- | Dec 3, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-47038 | A vulnerability was found in perl. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer. | -- | Nov 27, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-46838 | Transmit requests in Xen\'s virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts are directly translated into what Linux calls SKB fragments. Such converted request parts can, when for a particular SKB they are all of length zero, lead to a de-reference of NULL in core networking code. | -- | Jan 24, 2024 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-46751 | An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer. | -- | Dec 7, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-46343 | In the Linux kernel before 6.5.9, there is a NULL pointer dereference in send_acknowledge in net/nfc/nci/spi.c. | -- | Jan 23, 2024 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-46316 | In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines. | -- | Oct 25, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-46246 | Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it\'s possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068. | -- | Oct 29, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-46218 | This flaw allows a malicious HTTP server to set super cookies in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl\'s function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain. | LOW | Dec 7, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-45871 | An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU. | -- | Oct 16, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-45866 | Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue. | -- | Dec 8, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-45862 | An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation. | -- | Oct 16, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-45853 | MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API. | LOW | Oct 14, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-45322 | libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor\'s position is I don\'t think these issues are critical enough to warrant a CVE ID ... because an attacker typically can\'t control when memory allocations fail. | -- | Oct 7, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-45145 | Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade. For users unable to upgrade, it is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory. | -- | Oct 18, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-44446 | Use-after-free (read) in the MXF demuxer when handling certain files before GStreamer 1.22.7 | -- | Nov 15, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-43804 | urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn\'t treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn\'t disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5. | LOW | Oct 4, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-42755 | A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify` function. This issue may allow a local user to crash the system and cause a denial of service. | -- | Sep 27, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-42754 | A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system. | -- | Oct 5, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-42753 | An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system. | -- | Sep 26, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-42669 | A vulnerability was found in Samba\'s rpcecho development server, a non-Windows RPC server used to test Samba\'s DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the rpcecho service operates with only one worker in the main RPC task, allowing calls to the rpcecho server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a sleep() call in the dcesrv_echo_TestSleep() function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the rpcecho server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as rpcecho runs in the main RPC task. | -- | Oct 11, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-41913 | strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm\'s DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message. | -- | Nov 22, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-41175 | A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. | -- | Aug 29, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-41040 | GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the `.git` directory, in some places the name of the file being read is provided by the user, GitPython doesn\'t check if this file is located outside the `.git` directory. This allows an attacker to make GitPython read any file from the system. This vulnerability is present in https://github.com/gitpython-developers/GitPython/blob/1c8310d7cae144f74a671cbe17e51f63a830adbf/git/refs/symbolic.py#L174-L175. That code joins the base directory with a user given string without checking if the final path is located outside the base directory. This vulnerability cannot be used to read the contents of files but could in theory be used to trigger a denial of service for the program. This issue has not yet been addressed. | LOW | Aug 31, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-40745 | LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. | -- | Aug 29, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-40547 | A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully. | -- | Jan 25, 2024 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-40359 | xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters (i.e., neither alphanumeric nor underscore), aka a pointer/overflow issue. This can only occur for xterm installations that are configured at compile time to use a certain experimental feature. | -- | Aug 14, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-40303 | GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process. | -- | Aug 14, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-40283 | An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled. | -- | Aug 14, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-39976 | log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered. | -- | Aug 8, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-39804 | In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c. | -- | Dec 13, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-39615 | Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor\'s position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input. | -- | Aug 29, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-39326 | A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small. | -- | Nov 30, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-39319 | The html/template package does not apply the proper rules for handling occurrences of <script, <!--, and </script within JS literals in <script> contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack. | -- | Sep 4, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-39318 | The html/template package does not properly handle HTML-like comment tokens, nor hashbang #! comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack. | -- | Sep 4, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-39198 | A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation. | -- | Nov 9, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-39197 | An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol. | -- | Nov 10, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-39194 | A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure. | -- | Oct 6, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-39193 | A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. | -- | Oct 6, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-39192 | A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure. | -- | Oct 6, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-39189 | A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. | -- | Oct 10, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-38559 | A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs. | -- | Aug 1, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-38546 | This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates easy handles that are the individual handles for single transfers. libcurl provides a function call that duplicates en easy handle called [curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html). If a transfer has cookies enabled when the handle is duplicated, the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle did not read any cookies from a specific file on disk, the cloned version of the handle would instead store the file name as `none` (using the four ASCII letters, no quotes). Subsequent use of the cloned handle that does not explicitly set a source to load cookies from would then inadvertently load cookies from a file named `none` - if such a file exists and is readable in the current directory of the program using libcurl. And if using the correct file format of course. | LOW | Oct 18, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-38473 | A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function. | -- | Jul 20, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-38472 | A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function. | -- | Jul 20, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-38471 | A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function. | -- | Jul 20, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-38470 | A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function. | -- | Jul 20, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-38469 | A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record. | -- | Jul 20, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-38408 | The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009. | -- | Jul 20, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-37920 | Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes e-Tugra root certificates. e-Tugra\'s root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from e-Tugra from the root store. | -- | Jul 25, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-37732 | Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c and /elf/elf.c, which allows the attacker to cause a denial of service via a crafted file. | -- | Jul 26, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
