The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2023-5869 | A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server\'s memory. | -- | Nov 7, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-5868 | A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with \'unknown\'-type arguments. Handling \'unknown\'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory. | -- | Nov 7, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2019-20510 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-13456. Reason: This candidate is a duplicate of CVE-2019-13456. Notes: All CVE users should reference CVE-2019-13456 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 | 10.19.45.3 (Wind River Linux LTS 19) |
| CVE-2023-46246 | Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it\'s possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068. | -- | Oct 29, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-34059 | open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs. | -- | Oct 27, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-34058 | VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . | -- | Oct 27, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-5717 | A heap out-of-bounds write vulnerability in the Linux kernel\'s Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event\'s sibling_list is smaller than its child\'s sibling_list, it can increment or write to memory locations outside of the allocated buffer. We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06. | -- | Oct 25, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-5380 | A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed. | -- | Oct 25, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-5367 | A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service. | -- | Oct 25, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-46316 | In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines. | -- | Oct 25, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-45871 | An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU. | -- | Oct 16, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-45862 | An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation. | -- | Oct 16, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-45145 | Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade. For users unable to upgrade, it is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory. | -- | Oct 18, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-5178 | A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation. | -- | Oct 17, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-5535 | Use After Free in GitHub repository vim/vim prior to v9.0.2010. | -- | Oct 11, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-42669 | A vulnerability was found in Samba\'s rpcecho development server, a non-Windows RPC server used to test Samba\'s DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the rpcecho service operates with only one worker in the main RPC task, allowing calls to the rpcecho server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a sleep() call in the dcesrv_echo_TestSleep() function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the rpcecho server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as rpcecho runs in the main RPC task. | -- | Oct 11, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-39189 | A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. | -- | Oct 10, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-4091 | A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module acl_xattr is configured with acl_xattr:ignore system acls = yes. The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba\'s permissions. | -- | Oct 11, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-45322 | libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor\'s position is I don\'t think these issues are critical enough to warrant a CVE ID ... because an attacker typically can\'t control when memory allocations fail. | -- | Oct 7, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-42754 | A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system. | -- | Oct 5, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-39194 | A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure. | -- | Oct 6, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-39193 | A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. | -- | Oct 6, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-39192 | A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure. | -- | Oct 6, 2023 | 10.19.45.29 (Wind River Linux LTS 19) |
| CVE-2023-5441 | NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960. | -- | Oct 5, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-5366 | A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses. | -- | Oct 6, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-5344 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969. | -- | Oct 4, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-4693 | An out-of-bounds read flaw was found on grub2\'s NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk. | -- | Oct 6, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-4692 | An out-of-bounds write flaw was found in grub2\'s NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub\'s heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved. | -- | Oct 6, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-3576 | A memory leak flaw was found in Libtiff\'s tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service. | -- | Oct 4, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-42755 | A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify` function. This issue may allow a local user to crash the system and cause a denial of service. | -- | Sep 27, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-42753 | An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system. | -- | Sep 26, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-4504 | Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023. | -- | Sep 22, 2023 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2023-3341 | The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel\'s configured TCP port is necessary. This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1. | -- | Sep 20, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-4921 | A use-after-free vulnerability in the Linux kernel\'s net/sched: sch_qfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue(). We recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8. | -- | Sep 12, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-4863 | Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) | -- | Sep 12, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-4623 | A use-after-free vulnerability in the Linux kernel\'s net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation. If a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free. We recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f. | -- | Sep 7, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-4622 | A use-after-free vulnerability in the Linux kernel\'s af_unix component can be exploited to achieve local privilege escalation. The unix_stream_sendpage() function tries to add data to the last skb in the peer\'s recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free. We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c. | -- | Sep 7, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-4208 | A use-after-free vulnerability in the Linux kernel\'s net/sched: cls_u32 component can be exploited to achieve local privilege escalation. When u32_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free. We recommend upgrading past commit 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81. | -- | Sep 7, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-39319 | The html/template package does not apply the proper rules for handling occurrences of <script, <!--, and </script within JS literals in <script> contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack. | -- | Sep 4, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-39318 | The html/template package does not properly handle HTML-like comment tokens, nor hashbang #! comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack. | -- | Sep 4, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-36328 | Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS). | -- | Sep 6, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-4781 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873. | -- | Sep 5, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-4752 | Use After Free in GitHub repository vim/vim prior to 9.0.1858. | -- | Sep 5, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-4751 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331. | -- | Sep 4, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-4750 | Use After Free in GitHub repository vim/vim prior to 9.0.1857. | -- | Sep 5, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-4738 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848. | -- | Sep 4, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-4736 | Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833. | -- | Sep 4, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-4735 | Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847. | -- | Sep 4, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-4734 | Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846. | -- | Sep 4, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
| CVE-2023-4733 | Use After Free in GitHub repository vim/vim prior to 9.0.1840. | -- | Sep 5, 2023 | 10.19.45.30 (Wind River Linux LTS 19) |
