The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2023-30086 | Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c. | -- | May 9, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-29499 | A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service. | -- | Jun 6, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-29491 | ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. | -- | Apr 14, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-29469 | An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the \'\\0\' value). | LOW | Apr 12, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2023-29409 | Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable. | -- | Jul 27, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-29406 | The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value. | -- | Jul 11, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-29405 | The go command may execute arbitrary code at build time when using cgo. This may occur when running go get on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a #cgo LDFLAGS directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler. | -- | Jun 5, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-29404 | The go command may execute arbitrary code at build time when using cgo. This may occur when running go get on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a #cgo LDFLAGS directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers. | -- | Jun 5, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-29402 | The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go command, i.e. via go get, are not affected (modules retrieved using GOPATH-mode, i.e. GO111MODULE=off, may be affected). | -- | May 15, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-29400 | Templates containing actions in unquoted HTML attributes (e.g. attr={{.}}) executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags. | -- | Apr 21, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-29383 | In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \\n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \\r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that cat /etc/passwd shows a rogue user account. | -- | Apr 14, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2023-29007 | Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user\'s `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`. | -- | Apr 25, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2023-28938 | Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access. | LOW | Aug 11, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-28879 | In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written. | -- | Mar 31, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2023-28856 | Redis is an open source, in-memory database that persists on disk. Authenticated users can use the `HINCRBYFLOAT` command to create an invalid hash field that will crash Redis on access in affected versions. This issue has been addressed in in versions 7.0.11, 6.2.12, and 6.0.19. Users are advised to upgrade. There are no known workarounds for this issue. | -- | Apr 18, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2023-28772 | An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow. | -- | Mar 23, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2023-28756 | A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2. | -- | Mar 31, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2023-28755 | A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1. | -- | Mar 31, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2023-28736 | Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access. | LOW | Aug 11, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-28642 | runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image. | -- | Mar 30, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2023-28488 | client.c in gdhcp in ConnMan through 1.41 could be used by network-adjacent attackers (operating a crafted DHCP server) to cause a stack-based buffer overflow and denial of service, terminating the connman process. | -- | Apr 12, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2023-28487 | Sudo before 1.9.13 does not escape control characters in sudoreplay output. | -- | Mar 16, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2023-28486 | Sudo before 1.9.13 does not escape control characters in log messages. | -- | Mar 16, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2023-28484 | In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c. | LOW | Apr 12, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2023-28466 | do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). | -- | Mar 16, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2023-28450 | An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020. | -- | Mar 16, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2023-28328 | A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service. | -- | Mar 15, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-28322 | An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST. | LOW | May 18, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-28321 | An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as Subject Alternative Name in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`. | LOW | May 18, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-28320 | A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave. | LOW | May 18, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-27561 | runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression. | -- | Mar 3, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2023-27538 | An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection. | LOW | Mar 21, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2023-27536 | An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed. | LOW | Mar 21, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2023-27535 | An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information. | LOW | Mar 21, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2023-27534 | A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user\'s home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user. | LOW | Mar 21, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2023-27522 | HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client. | -- | Mar 7, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2023-26965 | loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image. | -- | Jun 14, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-26607 | In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c. | -- | Feb 26, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2023-26555 | praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver. | LOW | Apr 11, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-26554 | mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a \'\\0\' character. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. | LOW | Apr 11, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-26553 | mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. | LOW | Apr 11, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-26552 | mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. | LOW | Apr 11, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-26551 | mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp<cpdec while loop. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. | LOW | Apr 11, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-26545 | In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. | -- | Feb 26, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2023-26081 | In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts. | -- | Feb 21, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2023-25727 | In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface. | -- | Feb 13, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2023-25690 | Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule ^/here/(.*) http://example.com:8080/elsewhere?$1; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server. | -- | Mar 7, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2023-25652 | Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists. | -- | Apr 25, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2023-25588 | A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service. | LOW | Feb 9, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2023-25587 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | -- | Feb 9, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
