The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2023-25435 | libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753. | -- | Jun 22, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-25434 | libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c:3215. | -- | Jun 14, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-25193 | hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. | -- | Feb 4, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-25155 | Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted `SRANDMEMBER`, `ZRANDMEMBER`, and `HRANDFIELD` commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis versions. Patches were released in Redis version(s) 6.0.18, 6.2.11 and 7.0.9. | -- | Mar 2, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2023-25153 | containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug has been fixed in containerd 1.6.18 and 1.5.18. Users should update to these versions to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images. | -- | Feb 16, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2023-25012 | The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long. | -- | Feb 2, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-24626 | socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process. | -- | Apr 10, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-24540 | Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set \\t\\n\\f\\r\\u0020\\u2028\\u2029 in JavaScript contexts that also contain actions may not be properly sanitized during execution. | -- | Apr 21, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-24539 | Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a \'/\' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input. | -- | Apr 21, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-24538 | Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g. var a = {{.}}), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template.Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported, but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution. | -- | Mar 27, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-24537 | Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow. | -- | Mar 23, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2023-24534 | HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. With fix, header parsing now correctly allocates only the memory required to hold parsed headers. | -- | Mar 12, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-24531 | cmd/go: \"go env\" output does not sanitize values | -- | Feb 15, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-24329 | An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. | LOW | Feb 17, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-24056 | In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes. | -- | Jan 23, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2023-23946 | Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to `git apply`, a path outside the working tree can be overwritten as the user who is running `git apply`. A fix has been prepared and will appear in v2.39.2, v2.38.4, v2.37.6, v2.36.5, v2.35.7, v2.34.7, v2.33.7, v2.32.6, v2.31.7, and v2.30.8. As a workaround, use `git apply --stat` to inspect a patch before applying; avoid applying one that creates a symbolic link and then creates a file beyond the symbolic link. | -- | Feb 14, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2023-23934 | Werkzeug is a comprehensive WSGI web application library. Browsers may allow nameless cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie `=__Host-test=bad` as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3. | -- | Feb 14, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2023-23931 | cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8. | -- | Feb 8, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2023-23916 | An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the chained HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable links in this decompression chain wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a malloc bomb, making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors. | LOW | Feb 16, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-23908 | Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access. | LOW | Aug 9, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-23583 | Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access. | -- | Nov 14, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-23559 | In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. | -- | Jan 13, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2023-23455 | atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). | -- | Jan 12, 2023 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2023-23004 | In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer). | -- | Mar 1, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2023-23000 | In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in the error case, but an error pointer is used. | -- | Mar 1, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-22809 | In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a -- argument that defeats a protection mechanism, e.g., an EDITOR=\'vim -- /path/to/extra/file\' value. | -- | Jan 27, 2023 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2023-22490 | Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local clones whose source `$GIT_DIR/objects` directory contains symbolic links, the `objects` directory itself may still be a symbolic link. These two may be combined to include arbitrary files based on known paths on the victim\'s filesystem within the malicious repository\'s working copy, allowing for data exfiltration in a similar manner as CVE-2022-39253. A fix has been prepared and will appear in v2.39.2 v2.38.4 v2.37.6 v2.36.5 v2.35.7 v2.34.7 v2.33.7 v2.32.6, v2.31.7 and v2.30.8. If upgrading is impractical, two short-term workarounds are available. Avoid cloning repositories from untrusted sources with `--recurse-submodules`. Instead, consider cloning repositories without recursively cloning their submodules, and instead run `git submodule update` at each layer. Before doing so, inspect each new `.gitmodules` file to ensure that it does not contain suspicious module URLs. | -- | Feb 14, 2023 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2023-20900 | A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . | -- | Aug 31, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-20867 | A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. | -- | Jun 13, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-7192 | A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN privileges to cause a denial of service (DoS) attack due to a refcount overflow. | -- | Jan 2, 2024 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-7104 | A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999. | -- | Dec 28, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-7042 | A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. This issue could be exploited to trigger a denial of service. | -- | Dec 21, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-6932 | A use-after-free vulnerability in the Linux kernel\'s ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. We recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1. | -- | Dec 19, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-6931 | A heap out-of-bounds write vulnerability in the Linux kernel\'s Performance Events system component can be exploited to achieve local privilege escalation. A perf_event\'s read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group(). We recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b. | -- | Dec 19, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-6915 | A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing check at a function return. | -- | Jan 16, 2024 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-6817 | A use-after-free vulnerability in the Linux kernel\'s netfilter: nf_tables component can be exploited to achieve local privilege escalation. The function nft_pipapo_walk did not skip inactive elements during set walk which could lead double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free. We recommend upgrading past commit 317eb9685095678f2c9f5a8189de698c5354316a. | -- | Dec 18, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-6816 | A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device\'s particular number of buttons, leading to a heap overflow if a bigger value was used. | -- | Jan 17, 2024 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-6546 | A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci while restarting the gsm mux. This could allow a local unprivileged user to escalate their privileges on the system. | -- | Dec 21, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-6531 | A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector\'s deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on. | -- | Dec 28, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-6478 | A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information. | -- | Dec 13, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-6377 | A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved. | -- | Dec 13, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-6277 | An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen() API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB. | -- | Nov 27, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-6228 | An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash. | -- | Nov 23, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-6200 | A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution. | -- | Jan 29, 2024 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-6176 | A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system. | -- | Nov 16, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-6040 | An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access. | -- | Jan 12, 2024 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-5981 | A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. | -- | Nov 17, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-5870 | A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack. | -- | Nov 7, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-5869 | A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server\'s memory. | -- | Nov 7, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-5868 | A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with \'unknown\'-type arguments. Handling \'unknown\'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory. | -- | Nov 7, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
