The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2022-1552 | A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user\'s objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity. | -- | May 12, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-1012 | A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem. | -- | May 12, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-1355 | A stack buffer overflow flaw was found in Libtiffs\' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service. | -- | Apr 24, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2022-1354 | A heap buffer overflow flaw was found in Libtiffs\' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service. | -- | Apr 24, 2022 | 10.19.45.27 (Wind River Linux LTS 19) |
| CVE-2022-1184 | A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service. | -- | Apr 20, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2021-4209 | A NULL pointer dereference flaw was found in GnuTLS. As Nettle\'s hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances. | -- | Apr 12, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2022-1158 | A flaw was found in KVM. When updating a guest\'s page table entry, vm_pgoff was improperly used as the offset to get the page\'s pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of service condition. | -- | Apr 10, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-1205 | A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system. | -- | Apr 4, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2022-1204 | A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system. | -- | Apr 4, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2022-1199 | A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability. | -- | Apr 4, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2022-1198 | A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space. | -- | Apr 4, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2022-1016 | A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle \'return\' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. | -- | Mar 30, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2022-0934 | A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service. | -- | Apr 2, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2022-0216 | A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service. | -- | Apr 4, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
| CVE-2022-25310 | A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the fribidi_remove_bidi_marks() function of the lib/fribidi.c file. This flaw allows an attacker to pass a specially crafted file to Fribidi, leading to a crash and causing a denial of service. | -- | Mar 26, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2022-25309 | A heap-based buffer overflow flaw was found in the Fribidi package and affects the fribidi_cap_rtl_to_unicode() function of the fribidi-char-sets-cap-rtl.c file. This flaw allows an attacker to pass a specially crafted file to the Fribidi application with the \'--caprtl\' option, leading to a crash and causing a denial of service. | -- | Mar 26, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2022-25308 | A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service. | -- | Mar 26, 2022 | 10.19.45.23 (Wind River Linux LTS 19) |
| CVE-2022-0850 | A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace. | -- | Mar 6, 2022 | 10.19.45.22 (Wind River Linux LTS 19) |
| CVE-2022-0812 | An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information. | -- | Mar 3, 2022 | 10.19.45.22 (Wind River Linux LTS 19) |
| CVE-2022-0644 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none | -- | Feb 18, 2022 | 10.19.45.22 (Wind River Linux LTS 19) |
| CVE-2022-22942 | The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling \'file\' pointer. | -- | Jan 29, 2022 | 10.19.45.22 (Wind River Linux LTS 19) |
| CVE-2022-0175 | A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure. | -- | Jan 26, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2022-0135 | An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a denial of service or possible code execution. | -- | Feb 2, 2022 | 10.19.45.24 (Wind River Linux LTS 19) |
| CVE-2021-4217 | A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. | -- | Jan 29, 2022 | 10.19.45.26 (Wind River Linux LTS 19) |
| CVE-2021-3996 | A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users\' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. | -- | Jan 25, 2022 | 10.19.45.22 (Wind River Linux LTS 19) |
| CVE-2021-3995 | A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. | -- | Jan 25, 2022 | 10.19.45.22 (Wind River Linux LTS 19) |
| CVE-2022-22747 | After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5. | -- | Jan 14, 2022 | 10.19.45.22 (Wind River Linux LTS 19) |
| CVE-2021-4155 | A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them. | -- | Jan 11, 2022 | 10.19.45.22 (Wind River Linux LTS 19) |
| CVE-2021-4122 | It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanently disabling the encryption layer of that medium. | -- | Jan 14, 2022 | 10.19.45.25 (Wind River Linux LTS 19) |
| CVE-2021-3999 | A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system. | -- | Jan 13, 2022 | 10.19.45.22 (Wind River Linux LTS 19) |
| CVE-2021-3997 | A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp. | -- | Jan 11, 2022 | 10.19.45.22 (Wind River Linux LTS 19) |
| CVE-2021-4135 | A memory leak vulnerability was found in the Linux kernel\'s eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A local user could use this flaw to get unauthorized access to some data. | -- | Dec 22, 2021 | 10.19.45.25 (Wind River Linux LTS 19) |
| CVE-2021-3975 | A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash. | -- | Nov 23, 2021 | 10.19.45.21 (Wind River Linux LTS 19) |
| CVE-2021-34981 | Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the CMTP module. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. Was ZDI-CAN-11977. | -- | Nov 3, 2021 | 10.19.45.21 (Wind River Linux LTS 19) |
| CVE-2021-3896 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-43389. Reason: This candidate is a reservation duplicate of CVE-2021-43389. Notes: All CVE users should reference CVE-2021-43389 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Oct 25, 2021 | 10.19.45.20 (Wind River Linux LTS 19) |
| CVE-2021-3521 | There is a flaw in RPM\'s signature functionality. OpenPGP subkeys are associated with a primary key via a binding signature. RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and public keys from trusted sources. | -- | Oct 8, 2021 | 10.19.45.21 (Wind River Linux LTS 19) |
| CVE-2020-14394 | An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service. | -- | Oct 9, 2021 | 10.19.45.28 (Wind River Linux LTS 19) |
| CVE-2021-3764 | A memory leak flaw was found in the Linux kernel\'s ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability. | -- | Sep 15, 2021 | 10.19.45.20 (Wind River Linux LTS 19) |
| CVE-2021-3669 | A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. | -- | Aug 5, 2021 | 10.19.45.20 (Wind River Linux LTS 19) |
| CVE-2021-3600 | It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code. | -- | Jun 24, 2021 | 10.19.45.17 (Wind River Linux LTS 19) |
| CVE-2021-3587 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-38208. Reason: This candidate is a reservation duplicate of CVE-2021-38208. Notes: All CVE users should reference CVE-2021-38208 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | -- | Jun 9, 2021 | 10.19.45.18 (Wind River Linux LTS 19) |
| CVE-2018-15879 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-6978. Reason: This candidate is a reservation duplicate of CVE-2019-6978. Notes: All CVE users should reference CVE-2019-6978 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 | 10.19.45.1 (Wind River Linux LTS 19) |
| CVE-2018-15878 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-6978. Reason: This candidate is a reservation duplicate of CVE-2019-6978. Notes: All CVE users should reference CVE-2019-6978 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 | 10.19.45.1 (Wind River Linux LTS 19) |
