The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2022-28199 | NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality. | -- | Sep 1, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
| CVE-2022-3099 | Use After Free in GitHub repository vim/vim prior to 9.0.0360. | -- | Sep 3, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
| CVE-2022-3061 | Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn\'t check the value of \'pixclock\', so it may cause a divide by zero error. | -- | Sep 1, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
| CVE-2022-3037 | Use After Free in GitHub repository vim/vim prior to 9.0.0322. | -- | Sep 1, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
| CVE-2022-3028 | A race condition was found in the Linux kernel\'s IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. | -- | Sep 3, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
| CVE-2022-2879 | Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB. | -- | Sep 4, 2022 | 10.19.45.31 (Wind River Linux LTS 19) |
| CVE-2022-2663 | An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured. | -- | Sep 2, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
| CVE-2022-2521 | It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input. | -- | Aug 31, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2022-2520 | A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input. | -- | Aug 31, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2022-2519 | There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1 | -- | Aug 31, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2022-2132 | A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK. | -- | Sep 2, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
| CVE-2020-27784 | A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had been freed by gprinter_free(). | -- | Sep 1, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
| CVE-2022-38791 | In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock. | -- | Aug 27, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2022-31676 | VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine. | -- | Aug 25, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2022-3016 | Use After Free in GitHub repository vim/vim prior to 9.0.0286. | -- | Aug 28, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
| CVE-2022-2991 | A heap-based buffer overflow was found in the Linux kernel\'s LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This vulnerability allows a local attacker to escalate privileges and execute arbitrary code in the context of the kernel. The attacker must first obtain the ability to execute high-privileged code on the target system to exploit this vulnerability. | -- | Aug 25, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
| CVE-2022-2982 | Use After Free in GitHub repository vim/vim prior to 9.0.0260. | -- | Aug 27, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
| CVE-2022-2980 | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259. | -- | Aug 27, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
| CVE-2022-2978 | A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. | -- | Aug 24, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2022-2964 | A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes. | -- | Aug 28, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
| CVE-2022-2953 | LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8. | -- | Aug 29, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
| CVE-2022-2946 | Use After Free in GitHub repository vim/vim prior to 9.0.0246. | -- | Aug 25, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
| CVE-2022-2938 | A flaw was found in the Linux kernel\'s implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects. | -- | Aug 24, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2022-2923 | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240. | -- | Aug 24, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
| CVE-2021-20223 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | -- | Aug 26, 2022 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2021-3800 | A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition. | -- | Aug 23, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
| CVE-2022-37460 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | -- | Aug 17, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
| CVE-2022-2889 | Use After Free in GitHub repository vim/vim prior to 9.0.0225. | -- | Aug 19, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
| CVE-2022-2874 | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224. | -- | Aug 19, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
| CVE-2022-2869 | libtiff\'s tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation. | -- | Aug 19, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2022-2868 | libtiff\'s tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop. | -- | Aug 18, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2022-2867 | libtiff\'s tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation. | -- | Aug 18, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2022-2862 | Use After Free in GitHub repository vim/vim prior to 9.0.0221. | -- | Aug 19, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
| CVE-2022-2849 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220. | -- | Aug 19, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
| CVE-2022-2845 | Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218. | -- | Aug 19, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
| CVE-2022-2819 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211. | -- | Aug 19, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
| CVE-2022-2817 | Use After Free in GitHub repository vim/vim prior to 9.0.0213. | -- | Aug 19, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
| CVE-2022-2816 | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212. | -- | Aug 19, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
| CVE-2020-27792 | A heap-based buffer overwrite vulnerability was found in GhostScript\'s lp8000_print_page() function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service. | -- | Aug 20, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
| CVE-2022-30633 | Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the \'any\' field tag. | -- | Aug 10, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
| CVE-2022-2625 | A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, this flaw allows an attacker to run arbitrary code as the victim role, which may be a superuser. | -- | Aug 9, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
| CVE-2022-2588 | It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0. | -- | Aug 10, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
| CVE-2022-2586 | It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted. | -- | Aug 10, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
| CVE-2022-2503 | Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5 | -- | Aug 12, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
| CVE-2022-36359 | An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input. | -- | Aug 3, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
| CVE-2022-32293 | In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution. | -- | Aug 3, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
| CVE-2022-32292 | In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code. | -- | Aug 3, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
| CVE-2022-32189 | A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service. | -- | Aug 2, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
| CVE-2022-29154 | An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file). | -- | Aug 2, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
| CVE-2022-20369 | In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223375145References: Upstream kernel | -- | Aug 4, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
