The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2020-11947 | iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker. | LOW | Dec 31, 2020 | 10.17.41.24 (Wind River Linux LTS 17) |
CVE-2019-12953 | Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue than CVE-2018-15599. | MEDIUM | Dec 30, 2020 | 10.17.41.24 (Wind River Linux LTS 17) |
CVE-2020-29569 | An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback. | HIGH | Dec 18, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-29361 | An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc. | MEDIUM | Dec 18, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-29362 | An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS#11 function call, the receiving entity may allow the reading of up to 4 bytes of memory past the heap allocation. | MEDIUM | Dec 16, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-29363 | An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may not allocate sufficient length for the buffer to store the deserialized value. | HIGH | Dec 16, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-29660 | A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. | HIGH | Dec 11, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-29661 | A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b. | HIGH | Dec 11, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-1971 | The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL\'s s_server, s_client and verify tools have support for the -crl_download option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL\'s parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w). | MEDIUM | Dec 10, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-25692 | A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service. | MEDIUM | Dec 8, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-28916 | hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address. | LOW | Dec 4, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-14351 | A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | MEDIUM | Dec 3, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-14381 | A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | MEDIUM | Dec 3, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-25624 | hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver. | MEDIUM | Dec 3, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-29371 | An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd. | LOW | Nov 28, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-29370 | An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71. | MEDIUM | Nov 28, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-29368 | An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1. | MEDIUM | Nov 28, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2019-20934 | An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c. | LOW | Nov 28, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-29129 | ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. | MEDIUM | Nov 27, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-29130 | slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. | MEDIUM | Nov 27, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-15437 | The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized. | MEDIUM | Nov 23, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-15436 | Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field. | HIGH | Nov 23, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-28974 | A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. | MEDIUM | Nov 20, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-28915 | A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def. | MEDIUM | Nov 18, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-25705 | A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. Kernel versions before 5.10 may be vulnerable to this issue. | MEDIUM | Nov 17, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-25695 | Multiple features escape \"security restricted operation\" sandbox | MEDIUM | Nov 16, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-25696 | psql\'s \\gset allows overwriting specially treated variables | HIGH | Nov 16, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-25694 | Reconnection can downgrade connection security settings | MEDIUM | Nov 16, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-8694 | Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | LOW | Nov 12, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-25654 | An acl bypass flaw was found in pacemaker. When ACLs are not in use, any user in the haclient group has full access to the configuration, which effectively gives them the ability to run any code as root. | HIGH | Nov 12, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-25704 | There is a memory leak in perf_event_parse_addr_filter. | MEDIUM | Nov 12, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-0452 | Modify an arguments size check and decrease so that the likelihood of the compiler removing it as part of optimizations is low. The arguments check must always be triggered to avoid potential buffer overflows. | HIGH | Nov 10, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-28196 | MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit. | MEDIUM | Nov 9, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-15999 | Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | MEDIUM | Nov 7, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-27617 | eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol. | MEDIUM | Nov 6, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-8037 | The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. | MEDIUM | Nov 4, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-14318 | The SMB1/2/3 protocols have a concept of \"ChangeNotify\", where a client can request file name notification on a directory handle when a condition such as \"new file creation\" or \"file size change\" or \"file timestamp update\" occurs. | MEDIUM | Nov 2, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-14383 | Some DNS records (such as MX and NS records) usually contain data in the additional section. Samba\'s dnsserver RPC pipe (which is an administrative interface not used in the DNS server itself) made an error in handling the case where there are no records present: instead of noticing the lack of records, it dereferenced uninitialised memory, causing the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay | MEDIUM | Nov 2, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-14323 | A null pointer dereference flaw was found in samba\'s Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service. | LOW | Oct 29, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2018-18508 | In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service. | MEDIUM | Oct 23, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-27619 | In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. | HIGH | Oct 22, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-12351 | A flaw was found in the way the Linux kernel Bluetooth implementation handled L2CAP packets with A2MP CID. A remote attacker in adjacent range could use this flaw to crash the system causing denial of service or potentially execute arbitrary code on the system by sending a specially crafted L2CAP packet. | MEDIUM | Oct 20, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-25645 | A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. | MEDIUM | Oct 20, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-12352 | An information leak flaw was found in the way Linux kernel Bluetooth stack implementation handled initialization of stack memory when handling certain AMP packets. A remote attacker in adjacent range could use this flaw to leak small portions of stack memory on the system by sending a specially crafted AMP packets. | LOW | Oct 20, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-21674 | Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive file. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product\'s official releases are unaffected. | MEDIUM | Oct 15, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-27153 | In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event. | HIGH | Oct 15, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-25641 | A flaw was found in the Linux kernel\'s implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability. | MEDIUM | Oct 11, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-25643 | A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | HIGH | Oct 11, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-26934 | phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link. | MEDIUM | Oct 10, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
CVE-2020-26116 | http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. | MEDIUM | Oct 8, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |