Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 1855 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2021-25217 In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted. -- May 26, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-31535 XLookupColor() and other X libraries function lack proper validation of the length of their string parameters. If those parameters can be controlled by an external application (for instance a color name that can be emitted via a terminal control sequence) it can lead to the emission of extra X protocol requests to the X server. -- May 19, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-3200 Buffer overflow vulnerability in libsolv 2020-12-13 via the Solver * testcase_read(Pool *pool, FILE *fp, const char *testcase, Queue *job, char **resultp, int *resultflagsp function at src/testcase.c: line 2334, which could cause a denial of service MEDIUM May 18, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-33033 The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value. LOW May 14, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-3541 A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service. -- May 14, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-3524 ceph object gateway: radosgw: CRLF injection MEDIUM May 12, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2020-26145 An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. LOW May 11, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2020-26141 An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. LOW May 11, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-23134 net/nfc: fix use-after-free llcp_sock_bind/connect MEDIUM May 10, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-3537 Parsing specially crafted Mixed Content while parsing XML data may lead to invalid data structure being created, as errors were not propagated. This could lead to several NULL Pointer Dereference when post-validating documents parsed in recovery mode. MEDIUM May 10, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-3527 A flaw was found in the USB redirection support (usb-redir) of QEMU. More specifically, usb-host and usb-redirect try to batch bulk transfers by combining many small USB packets into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk sending is used in usbredir_handle_bulk_data() to dynamically allocate a variable length array (VLA) on the stack. Since the total size is not bounded, a malicious guest could be able to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service.A flaw was found in the USB redirection support (usb-redir) of QEMU. More specifically, usb-host and usb-redirect try to batch bulk transfers by combining many small USB packets into a single, large transfer request, to reduce the overhead and improve performance. The combined size of the bulk sending is used in usbredir_handle_bulk_data() to dynamically allocate a variable length array (VLA) on the stack. Since the total size is not bounded, a malicious guest could be able to influence the array length and cause the QEMU process to perform an excessive allocation on the stack, resulting in a denial of service. LOW May 10, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-32052 In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because HttpResponse prohibits newlines in HTTP headers. MEDIUM May 6, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-31916 An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. MEDIUM May 6, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-31542 In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names. MEDIUM May 6, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-25215 In BIND 9.0.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record triggering the flaw described above, the named process will terminate due to a failed assertion check. The vulnerability affects all currently maintained BIND 9 branches (9.11, 9.11-S, 9.16, 9.16-S, 9.17) as well as all other versions of BIND 9. MEDIUM Apr 29, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-25214 In BIND 9.8.5 -> 9.8.8, 9.9.3 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.9.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND 9 Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a malformed IXFR triggering the flaw described above, the named process will terminate due to a failed assertion the next time the transferred secondary zone is refreshed. MEDIUM Apr 29, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-3518 libxml2: use-after-free in xmlXIncludeDoProcess() in xinclude.c MEDIUM Apr 29, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-3517 libxml2: heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c HIGH Apr 29, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-3516 libxml2: use-after-free in xmlEncodeEntitiesInternal() in entities.c -- Apr 29, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-3497 GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files. MEDIUM Apr 25, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-3506 An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. MEDIUM Apr 20, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2020-35505 QEMU: NULL pointer dereference in do_busid_cmd() in hw/scsi/esp.c LOW Apr 20, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2020-35504 QEMU: NULL pointer dereference in scsi_req_continue() in hw/scsi/scsi-bus.c LOW Apr 20, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-3472 Insufficient checks on the lengths of the XInput extension ChangeFeedbackControl request can lead to out of bounds memory accesses in the X server. HIGH Apr 14, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-3487 binutils: excessive debug section size can cause excessive memory consumption in bfd\'s dwarf2.c HIGH Apr 12, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-29154 BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. HIGH Apr 10, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-28658 In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability. MEDIUM Apr 9, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-3483 Linux kernel: a use-after-free bug in nosy driver MEDIUM Apr 8, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2020-36312 An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d. LOW Apr 7, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-28965 There is an XML round-trip vulnerability in REXML gem bundled with Ruby. MEDIUM Apr 6, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-29647 An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624. LOW Apr 5, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-29650 An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf. MEDIUM Apr 5, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-22876 curl 7.1.1 to and including 7.75.0 is vulnerable to an Exposure of Private Personal Information to an Unauthorized Actor by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request. MEDIUM Apr 4, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-30002 An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b. LOW Apr 2, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-30004 In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. MEDIUM Apr 2, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-20277 User-controlled LDAP filter strings against the AD DC LDAP server may crash the LDAP server MEDIUM Apr 1, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-29265 An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70. MEDIUM Mar 27, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-29264 An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled, aka CID-d8861bab48b6. MEDIUM Mar 27, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-28964 A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. LOW Mar 26, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-28972 In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name \'\\0\' termination, aka CID-cc7a0bb058b8. HIGH Mar 26, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-28971 In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. MEDIUM Mar 26, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2020-27840 An anonymous attacker can crash the Samba AD DC LDAP server by sending easily crafted DNs as part of a bind request. More serious heap corruption is likely also possible. MEDIUM Mar 25, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-20292 The specific flaw exists within DRM memory management. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. HIGH Mar 22, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-28660 rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base. HIGH Mar 20, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-28831 decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data. MEDIUM Mar 19, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2020-35492 A flaw was found in cairo\'s image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo\'s image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability. MEDIUM Mar 19, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2020-35519 An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. MEDIUM Mar 18, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-3448 Use random source ports where possible if source addresses/interfaces in use. MEDIUM Mar 18, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2020-35521 A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service. MEDIUM Mar 12, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2020-35522 In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack. MEDIUM Mar 12, 2021 10.17.41.24 (Wind River Linux LTS 17)
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version.
Live chat
Online