The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2022-2345 | Use After Free in GitHub repository vim/vim prior to 9.0.0046. | MEDIUM | Jul 8, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
CVE-2022-2344 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045. | MEDIUM | Jul 8, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
CVE-2022-2343 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044. | MEDIUM | Jul 8, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
CVE-2022-2318 | There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. | MEDIUM | Jul 7, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
CVE-2022-2304 | Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. | MEDIUM | Jul 5, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
CVE-2022-2097 | AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn\'t written. In the special case of in place encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p). | MEDIUM | Jul 9, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
CVE-2022-34903 | GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim\'s keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. | MEDIUM | Jul 2, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
CVE-2022-33099 | An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs. | MEDIUM | Jul 1, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
CVE-2022-32208 | When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client. | MEDIUM | Jun 28, 2022 | 10.19.45.29 (Wind River Linux LTS 19) |
CVE-2022-32206 | curl < 7.84.0 supports chained HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable links in this decompression chain was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a malloc bomb, makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. | MEDIUM | Jun 28, 2022 | 10.19.45.28 (Wind River Linux LTS 19) |
CVE-2022-32084 | MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select. | MEDIUM | Jul 1, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
CVE-2022-2289 | Use After Free in GitHub repository vim/vim prior to 9.0. | MEDIUM | Jul 3, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
CVE-2022-2288 | Out-of-bounds Write in GitHub repository vim/vim prior to 9.0. | MEDIUM | Jul 3, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
CVE-2022-2287 | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. | MEDIUM | Jul 2, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
CVE-2022-2286 | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. | MEDIUM | Jul 2, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
CVE-2022-2285 | Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. | MEDIUM | Jul 2, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
CVE-2022-2284 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. | MEDIUM | Jul 2, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
CVE-2022-2264 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. | MEDIUM | Jul 1, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
CVE-2022-2257 | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. | MEDIUM | Jul 1, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
CVE-2022-2058 | Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. | MEDIUM | Jun 30, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
CVE-2022-2057 | Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. | MEDIUM | Jun 30, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
CVE-2022-2056 | Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. | MEDIUM | Jun 30, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
CVE-2022-33070 | Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. | MEDIUM | Jun 23, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
CVE-2022-33068 | An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors. | MEDIUM | Jun 23, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
CVE-2022-2206 | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | MEDIUM | Jun 26, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
CVE-2022-2175 | Buffer Over-read in GitHub repository vim/vim prior to 8.2. | MEDIUM | Jun 23, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
CVE-2022-32278 | XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server. | MEDIUM | Jun 14, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
CVE-2022-2125 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | MEDIUM | Jun 19, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
CVE-2021-46823 | python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service (ReDoS) flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition. | MEDIUM | Jun 18, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
CVE-2021-46822 | The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c. | MEDIUM | Jun 18, 2022 | 10.19.45.29 (Wind River Linux LTS 19) |
CVE-2022-32981 | An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers. | MEDIUM | Jun 10, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
CVE-2022-31626 | In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability. | MEDIUM | Jun 10, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
CVE-2022-31625 | In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service. | MEDIUM | Jun 10, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
CVE-2022-30556 | Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. | MEDIUM | Jun 9, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
CVE-2022-30522 | If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort. | MEDIUM | Jun 9, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
CVE-2022-29404 | In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. | MEDIUM | Jun 9, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
CVE-2022-28615 | Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected. | MEDIUM | Jun 9, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
CVE-2022-28614 | The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the \'ap_rputs\' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue. | MEDIUM | Jun 9, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
CVE-2022-26377 | Inconsistent Interpretation of HTTP Requests (\'HTTP Request Smuggling\') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions. | MEDIUM | Jun 9, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
CVE-2022-2000 | Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. | MEDIUM | Jun 9, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
CVE-2021-3697 | A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. | MEDIUM | Jun 9, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
CVE-2021-3696 | A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it\'s very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. | MEDIUM | Jun 9, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
CVE-2021-3695 | A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12. | MEDIUM | Jun 9, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
CVE-2022-1968 | Use After Free in GitHub repository vim/vim prior to 8.2. | MEDIUM | Jun 2, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
CVE-2022-30789 | A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22. | MEDIUM | May 26, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
CVE-2022-30788 | A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22. | MEDIUM | May 26, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
CVE-2022-30787 | An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite. | MEDIUM | May 26, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
CVE-2022-30786 | A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22. | MEDIUM | May 26, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
CVE-2022-30784 | A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22. | MEDIUM | May 26, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
CVE-2022-30783 | An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite. | MEDIUM | May 26, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |