Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 1673 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2020-11947 iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker. LOW Dec 31, 2020 10.17.41.24 (Wind River Linux LTS 17)
CVE-2019-12953 Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue than CVE-2018-15599. MEDIUM Dec 30, 2020 10.17.41.24 (Wind River Linux LTS 17)
CVE-2020-29569 An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback. HIGH Dec 18, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-29361 An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc. MEDIUM Dec 18, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-29362 An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS#11 function call, the receiving entity may allow the reading of up to 4 bytes of memory past the heap allocation. MEDIUM Dec 16, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-29363 An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may not allocate sufficient length for the buffer to store the deserialized value. HIGH Dec 16, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-29660 A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. HIGH Dec 11, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-29661 A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b. HIGH Dec 11, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-1971 The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL\'s s_server, s_client and verify tools have support for the -crl_download option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL\'s parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w). MEDIUM Dec 10, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-25692 A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service. MEDIUM Dec 8, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-28916 hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address. LOW Dec 4, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-14351 A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. MEDIUM Dec 3, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-14381 A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. MEDIUM Dec 3, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-25624 hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver. MEDIUM Dec 3, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-29371 An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd. LOW Nov 28, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-29370 An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71. MEDIUM Nov 28, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-29368 An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1. MEDIUM Nov 28, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2019-20934 An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c. LOW Nov 28, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-29129 ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. MEDIUM Nov 27, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-29130 slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. MEDIUM Nov 27, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-15437 The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized. MEDIUM Nov 23, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-15436 Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field. HIGH Nov 23, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-28974 A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. MEDIUM Nov 20, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-28915 A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def. MEDIUM Nov 18, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-25705 A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. Kernel versions before 5.10 may be vulnerable to this issue. MEDIUM Nov 17, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-25695 Multiple features escape \"security restricted operation\" sandbox MEDIUM Nov 16, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-25696 psql\'s \\gset allows overwriting specially treated variables HIGH Nov 16, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-25694 Reconnection can downgrade connection security settings MEDIUM Nov 16, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-8694 Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. LOW Nov 12, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-25654 An acl bypass flaw was found in pacemaker. When ACLs are not in use, any user in the haclient group has full access to the configuration, which effectively gives them the ability to run any code as root. HIGH Nov 12, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-25704 There is a memory leak in perf_event_parse_addr_filter. MEDIUM Nov 12, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-0452 Modify an arguments size check and decrease so that the likelihood of the compiler removing it as part of optimizations is low. The arguments check must always be triggered to avoid potential buffer overflows. HIGH Nov 10, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-28196 MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit. MEDIUM Nov 9, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-15999 Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. MEDIUM Nov 7, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-27617 eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol. MEDIUM Nov 6, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-8037 The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. MEDIUM Nov 4, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-14318 The SMB1/2/3 protocols have a concept of \"ChangeNotify\", where a client can request file name notification on a directory handle when a condition such as \"new file creation\" or \"file size change\" or \"file timestamp update\" occurs. MEDIUM Nov 2, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-14383 Some DNS records (such as MX and NS records) usually contain data in the additional section. Samba\'s dnsserver RPC pipe (which is an administrative interface not used in the DNS server itself) made an error in handling the case where there are no records present: instead of noticing the lack of records, it dereferenced uninitialised memory, causing the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay MEDIUM Nov 2, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-14323 A null pointer dereference flaw was found in samba\'s Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service. LOW Oct 29, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2018-18508 In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service. MEDIUM Oct 23, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-27619 In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. HIGH Oct 22, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-12351 A flaw was found in the way the Linux kernel Bluetooth implementation handled L2CAP packets with A2MP CID. A remote attacker in adjacent range could use this flaw to crash the system causing denial of service or potentially execute arbitrary code on the system by sending a specially crafted L2CAP packet. MEDIUM Oct 20, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-25645 A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. MEDIUM Oct 20, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-12352 An information leak flaw was found in the way Linux kernel Bluetooth stack implementation handled initialization of stack memory when handling certain AMP packets. A remote attacker in adjacent range could use this flaw to leak small portions of stack memory on the system by sending a specially crafted AMP packets. LOW Oct 20, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-21674 Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive file. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product\'s official releases are unaffected. MEDIUM Oct 15, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-27153 In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event. HIGH Oct 15, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-25641 A flaw was found in the Linux kernel\'s implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability. MEDIUM Oct 11, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-25643 A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. HIGH Oct 11, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-26934 phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link. MEDIUM Oct 10, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-26116 http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. MEDIUM Oct 8, 2020 10.17.41.23 (Wind River Linux LTS 17)
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version.
Live chat
Online