Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 1855 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2020-36226 A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. MEDIUM Jan 29, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2020-36227 A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. MEDIUM Jan 29, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-3156 Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via sudoedit -s and a command-line argument that ends with a single backslash character. HIGH Jan 29, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2020-36228 An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service. MEDIUM Jan 29, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2020-36230 A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. MEDIUM Jan 29, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2020-36224 A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. MEDIUM Jan 28, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2020-36221 An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). MEDIUM Jan 28, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2020-36223 A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). MEDIUM Jan 28, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2020-36225 A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. MEDIUM Jan 28, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-3326 The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. MEDIUM Jan 28, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2020-36222 A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. MEDIUM Jan 28, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2020-35513 A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with access to the NFS could use this flaw to starve the resources causing denial of service. MEDIUM Jan 26, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-3114 In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field. MEDIUM Jan 26, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2020-29443 ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated. LOW Jan 26, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2020-14410 SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file. MEDIUM Jan 22, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2020-14409 SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. MEDIUM Jan 22, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2020-7071 A flaw was found in PHP in the way the function parse_url() returns an erroneous host, which would be valid for `FILTER_VALIDATE_URL`. MEDIUM Jan 20, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-20181 QEMU Plan 9 File System TOCTOU Privilege Escalation Vulnerability Edit. MEDIUM Jan 20, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2020-25685 A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity. MEDIUM Jan 20, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2020-25681 A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. HIGH Jan 20, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-3178 ** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior. MEDIUM Jan 20, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2020-25686 A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the Birthday Attacks section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity. MEDIUM Jan 20, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2020-25684 A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query\'s attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity. MEDIUM Jan 20, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-3177 Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely. HIGH Jan 19, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2020-28374 In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore. MEDIUM Jan 16, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-3121 An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the skippy peanut butter issue. HIGH Jan 14, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2020-25709 A malicious packet can force OpenLDAP to fail an assertion in certificateListValidate function in servers/slapd/schema_init.c. MEDIUM Jan 14, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2020-25710 A malicious packet can force OpenLDAP to fail an assertion in csnNormalize23 function in servers/slapd/schema_init.c. MEDIUM Jan 14, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-21252 The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package jquery-validation. jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service). This is fixed in 1.19.3. MEDIUM Jan 13, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2021-23239 The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. LOW Jan 12, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2020-35512 On Unix, avoid a use-after-free if two usernames have the same numeric uid. In older versions this could lead to a crash (denial of service) or other undefined behaviour, possibly including incorrect authorization decisions if <policy group=...> is used. Like Unix filesystems, D-Bus\' model of identity cannot distinguish between users of different names with the same numeric uid, so this configuration is not advisable on systems where D-Bus will be used. HIGH Jan 11, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2020-25678 A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible. MEDIUM Jan 8, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2020-36158 mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332. HIGH Jan 8, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2020-35494 There\'s a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34. MEDIUM Jan 7, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2020-35493 A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34. MEDIUM Jan 7, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2019-25013 The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read. MEDIUM Jan 6, 2021 10.17.41.24 (Wind River Linux LTS 17)
CVE-2020-11947 iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker. LOW Dec 31, 2020 10.17.41.24 (Wind River Linux LTS 17)
CVE-2019-12953 Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue than CVE-2018-15599. MEDIUM Dec 30, 2020 10.17.41.24 (Wind River Linux LTS 17)
CVE-2020-29569 An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback. HIGH Dec 18, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-29361 An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc. MEDIUM Dec 18, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-29362 An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS#11 function call, the receiving entity may allow the reading of up to 4 bytes of memory past the heap allocation. MEDIUM Dec 16, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-29363 An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may not allocate sufficient length for the buffer to store the deserialized value. HIGH Dec 16, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-0444 In audit_free_lsm_field of auditfilter.c, there is a possible bad kfree due to a logic error in audit_data_to_entry. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-150693166References: Upstream kernel HIGH Dec 15, 2020 10.17.41.24 (Wind River Linux LTS 17)
CVE-2020-29660 A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. HIGH Dec 11, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-29661 A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b. HIGH Dec 11, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-1971 The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL\'s s_server, s_client and verify tools have support for the -crl_download option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL\'s parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w). MEDIUM Dec 10, 2020 10.17.41.23 (Wind River Linux LTS 17)
CVE-2020-8285 libcurl offers a wildcard matching functionality, which allows a callback (set with `CURLOPT_CHUNK_BGN_FUNCTION`) to return information back to libcurl on how to handle a specific entry in a directory when libcurl iterates over a list of all available entries. When this callback returns `CURL_CHUNK_BGN_FUNC_SKIP`, to tell libcurl to not deal with that file, the internal function in libcurl then calls itself recursively to handle the next directory entry. If there\'s a sufficient amount of file entries and if the callback returns \"skip\" enough number of times, libcurl runs out of stack space. The exact amount will of course vary with platforms, compilers and other environmental factors. MEDIUM Dec 10, 2020 10.17.41.24 (Wind River Linux LTS 17)
CVE-2020-8284 The flaw is caused via the fact that by default, Extended Passive Mode (EPSV) FTP connections fallback to Passive Mode (PASV) in the event that EPSV is not supported. In PASV mode, the server replies to the FTP client with an IPv4 address and port[1], to which it should connect. In EPSV, only a port number is sent[2], hence the implementation of PASV is where the flaw lies. This flaw involves a malicious server sending a malicious IP in a PASV response, causing the FTP client (curl in this case), to connect to the malicious IP. The patch addresses this by skipping (not acting upon) the IPv4 address provided by the server in PASV mode by default as of curl 7.74.0. MEDIUM Dec 10, 2020 10.17.41.24 (Wind River Linux LTS 17)
CVE-2020-29651 A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality. MEDIUM Dec 10, 2020 10.17.41.24 (Wind River Linux LTS 17)
CVE-2020-16592 A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file. MEDIUM Dec 10, 2020 10.17.41.24 (Wind River Linux LTS 17)
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version.
Live chat
Online