The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2021-26676 | gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp. | LOW | Feb 16, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2021-26675 | A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code. | MEDIUM | Feb 16, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2021-20193 | An issue was discovered in GNU Tar 1.33 and earlier. There is a memory leak in read_header() in list.c in the tar application. | -- | Feb 9, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2021-21702 | Null Dereference in SoapClient | MEDIUM | Feb 8, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2021-20221 | hw/intc/arm_gic: Fix interrupt ID in GICD_SG | -- | Feb 8, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2021-3348 | nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71. | LOW | Feb 5, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2021-3281 | In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by startapp --template and startproject --template) allows directory traversal via an archive with absolute paths or relative paths with dot segments. | MEDIUM | Feb 5, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2021-21285 | In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing. | MEDIUM | Feb 2, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2021-21284 | In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using --userns-remap, if the root user in the remapped namespace has access to the host filesystem they can modify files under /var/lib/docker/<remapping> that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user. | LOW | Feb 2, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2020-36229 | A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. | MEDIUM | Jan 29, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2020-36226 | A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. | MEDIUM | Jan 29, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2021-3347 | An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458. | HIGH | Jan 29, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2020-36227 | A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. | MEDIUM | Jan 29, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2021-3156 | Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via sudoedit -s and a command-line argument that ends with a single backslash character. | HIGH | Jan 29, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2020-36228 | An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service. | MEDIUM | Jan 29, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2020-36230 | A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. | MEDIUM | Jan 29, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2020-36224 | A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. | MEDIUM | Jan 28, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2020-36221 | An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). | MEDIUM | Jan 28, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2020-36223 | A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). | MEDIUM | Jan 28, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2020-36225 | A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. | MEDIUM | Jan 28, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2020-36222 | A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. | MEDIUM | Jan 28, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2021-3114 | In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field. | MEDIUM | Jan 26, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2020-29443 | ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated. | LOW | Jan 26, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2020-14410 | SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file. | MEDIUM | Jan 22, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2020-14409 | SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. | MEDIUM | Jan 22, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2020-7071 | A flaw was found in PHP in the way the function parse_url() returns an erroneous host, which would be valid for `FILTER_VALIDATE_URL`. | MEDIUM | Jan 20, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2021-20181 | QEMU Plan 9 File System TOCTOU Privilege Escalation Vulnerability Edit. | -- | Jan 20, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2020-25685 | A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity. | MEDIUM | Jan 20, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2020-25681 | A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | HIGH | Jan 20, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2021-3178 | ** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior. | MEDIUM | Jan 20, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2020-25686 | A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the Birthday Attacks section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity. | MEDIUM | Jan 20, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2020-25684 | A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query\'s attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity. | MEDIUM | Jan 20, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2021-3177 | Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely. | HIGH | Jan 19, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2020-28374 | In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore. | MEDIUM | Jan 16, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2021-3121 | An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the skippy peanut butter issue. | HIGH | Jan 14, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2021-23240 | selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable. | MEDIUM | Jan 14, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2020-25709 | A malicious packet can force OpenLDAP to fail an assertion in certificateListValidate function in servers/slapd/schema_init.c. | LOW | Jan 14, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2020-25710 | A malicious packet can force OpenLDAP to fail an assertion in csnNormalize23 function in servers/slapd/schema_init.c. | LOW | Jan 14, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2021-0342 | In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. User interaction is not required for exploitation. Product: Android; Versions: Android kernel; Android ID: A-146554327. | MEDIUM | Jan 13, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2021-21252 | The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package jquery-validation. jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service). This is fixed in 1.19.3. | MEDIUM | Jan 13, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2021-23239 | The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. | LOW | Jan 12, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2020-35512 | On Unix, avoid a use-after-free if two usernames have the same numeric uid. In older versions this could lead to a crash (denial of service) or other undefined behaviour, possibly including incorrect authorization decisions if <policy group=...> is used. Like Unix filesystems, D-Bus\' model of identity cannot distinguish between users of different names with the same numeric uid, so this configuration is not advisable on systems where D-Bus will be used. | HIGH | Jan 11, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2020-25678 | A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible. | MEDIUM | Jan 8, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2020-36158 | mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332. | HIGH | Jan 8, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2020-35493 | A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34. | MEDIUM | Jan 7, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2020-35965 | decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations. | MEDIUM | Jan 5, 2021 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2020-11947 | iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker. | LOW | Dec 31, 2020 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2019-12953 | Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue than CVE-2018-15599. | MEDIUM | Dec 30, 2020 | 10.18.44.22 (Wind River Linux LTS 18) |
CVE-2020-27781 | User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack project can view the access key. This enables the attacker to target any resource that the user has access to. This can be done to even admin users, compromising the ceph administrator. This flaw affects Ceph versions prior to 16.2.0. | LOW | Dec 19, 2020 | 10.18.44.21 (Wind River Linux LTS 18) |
CVE-2020-29569 | An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback. | HIGH | Dec 18, 2020 | 10.18.44.21 (Wind River Linux LTS 18) |