The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2022-1898 | Use After Free in GitHub repository vim/vim prior to 8.2. | MEDIUM | May 27, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
| CVE-2022-1897 | Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. | MEDIUM | May 27, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
| CVE-2022-1851 | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | MEDIUM | May 25, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
| CVE-2022-1720 | Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution. | MEDIUM | May 18, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
| CVE-2022-30065 | A use-after-free in Busybox 1.35-x\'s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function. | MEDIUM | May 18, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
| CVE-2022-1796 | Use After Free in GitHub repository vim/vim prior to 8.2.4979. | MEDIUM | May 20, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
| CVE-2022-1785 | Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. | MEDIUM | May 20, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
| CVE-2022-1771 | Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975. | MEDIUM | May 20, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
| CVE-2022-1735 | Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. | MEDIUM | May 18, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
| CVE-2022-1734 | A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine. | MEDIUM | May 18, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-1733 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. | MEDIUM | May 21, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
| CVE-2022-30594 | The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. | MEDIUM | May 12, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-29526 | Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible. | MEDIUM | May 12, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-29162 | runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container\'s bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capabilities. In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`) file. | MEDIUM | May 13, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-27782 | libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily. | MEDIUM | May 12, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-27781 | libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server\'s certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation. | MEDIUM | May 12, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-1674 | NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input. | MEDIUM | May 12, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-1629 | Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution | MEDIUM | May 10, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-1621 | Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution | MEDIUM | May 10, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-27776 | A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. | MEDIUM | Apr 28, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-27775 | An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead. | MEDIUM | Apr 28, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-22576 | An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only). | MEDIUM | Apr 28, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2022-1586 | An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT. | MEDIUM | May 7, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-29824 | In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don\'t check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2\'s buffer functions, for example libxslt through 1.1.35, is affected as well. | MEDIUM | May 7, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2022-27337 | A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | MEDIUM | May 6, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-24903 | Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read. While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing modes. It is relatively uncommon, but enabled by default on receivers. Modules `imtcp`, `imptcp`, `imgssapi`, and `imhttp` are used for regular syslog message reception. It is best practice not to directly expose them to the public. When this practice is followed, the risk is considerably lower. Module `imdiag` is a diagnostics module primarily intended for testbench runs. We do not expect it to be present on any production installation. Octet-counted framing is not very common. Usually, it needs to be specifically enabled at senders. If users do not need it, they can turn it off for the most important modules. This will mitigate the vulnerability. | MEDIUM | May 6, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-24735 | Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. The Lua script execution environment in Redis provides some measures that prevent a script from creating side effects that persist and can affect the execution of the same, or different script, at a later time. Several weaknesses of these measures have been publicly known for a long time, but they had no security impact as the Redis security model did not endorse the concept of users or privileges. With the introduction of ACLs in Redis 6.0, these weaknesses can be exploited by a less privileged users to inject Lua code that will execute at a later time, when a privileged user executes a Lua script. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules. | MEDIUM | May 8, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-1620 | NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input. | MEDIUM | May 8, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-1619 | Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution | MEDIUM | May 8, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-1616 | Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution | MEDIUM | May 8, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-1516 | A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system. | MEDIUM | May 5, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2022-1475 | An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file. | MEDIUM | May 3, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
| CVE-2022-29458 | ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. | MEDIUM | Apr 19, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2022-27406 | FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size. | MEDIUM | Apr 22, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2022-27405 | FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request. | MEDIUM | Apr 22, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2022-21427 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | MEDIUM | Apr 20, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-1419 | The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object. | MEDIUM | Apr 24, 2022 | 10.19.45.22 (Wind River Linux LTS 19) |
| CVE-2022-28739 | There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f. | MEDIUM | Apr 13, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-27458 | MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. | MEDIUM | Apr 14, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-27456 | MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. | MEDIUM | Apr 14, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-27452 | MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. | MEDIUM | Apr 14, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-27449 | MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. | MEDIUM | Apr 14, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-27448 | There is an Assertion failure in MariaDB Server v10.9 and below via \'node->pcur->rel_pos == BTR_PCUR_ON\' at /row/row0mysql.cc. | MEDIUM | Apr 14, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-27447 | MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. | MEDIUM | Apr 14, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-27445 | MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. | MEDIUM | Apr 14, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-27387 | MariaDB Server v10.7 and below was discovered to contain a global buffer overflow in the component decimal_bin_size, which is exploited via specially crafted SQL statements. | MEDIUM | Apr 13, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-27386 | MariaDB Server v10.7 and below was discovered to contain a segmentation fault via the component sql/sql_class.cc. | MEDIUM | Apr 13, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-27384 | An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | MEDIUM | Apr 13, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-27383 | MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. | MEDIUM | Apr 13, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-27381 | An issue in the component Field::set_default of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | MEDIUM | Apr 13, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
