Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 1283 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2021-26676 gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp. LOW Feb 16, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2021-26675 A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code. MEDIUM Feb 16, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2021-20193 An issue was discovered in GNU Tar 1.33 and earlier. There is a memory leak in read_header() in list.c in the tar application. -- Feb 9, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2021-21702 Null Dereference in SoapClient MEDIUM Feb 8, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2021-20221 hw/intc/arm_gic: Fix interrupt ID in GICD_SG -- Feb 8, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2021-3348 nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71. LOW Feb 5, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2021-3281 In Django 2.2 before 2.2.18, 3.0 before 3.0.12, and 3.1 before 3.1.6, the django.utils.archive.extract method (used by startapp --template and startproject --template) allows directory traversal via an archive with absolute paths or relative paths with dot segments. MEDIUM Feb 5, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2021-21285 In Docker before versions 9.03.15, 20.10.3 there is a vulnerability in which pulling an intentionally malformed Docker image manifest crashes the dockerd daemon. Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing. MEDIUM Feb 2, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2021-21284 In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using --userns-remap, if the root user in the remapped namespace has access to the host filesystem they can modify files under /var/lib/docker/<remapping> that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user. LOW Feb 2, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2020-36229 A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. MEDIUM Jan 29, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2020-36226 A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. MEDIUM Jan 29, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2021-3347 An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458. HIGH Jan 29, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2020-36227 A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. MEDIUM Jan 29, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2021-3156 Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via sudoedit -s and a command-line argument that ends with a single backslash character. HIGH Jan 29, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2020-36228 An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service. MEDIUM Jan 29, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2020-36230 A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. MEDIUM Jan 29, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2020-36224 A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. MEDIUM Jan 28, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2020-36221 An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). MEDIUM Jan 28, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2020-36223 A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). MEDIUM Jan 28, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2020-36225 A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. MEDIUM Jan 28, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2020-36222 A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. MEDIUM Jan 28, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2021-3114 In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field. MEDIUM Jan 26, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2020-29443 ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated. LOW Jan 26, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2020-14410 SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP file. MEDIUM Jan 22, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2020-14409 SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. MEDIUM Jan 22, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2020-7071 A flaw was found in PHP in the way the function parse_url() returns an erroneous host, which would be valid for `FILTER_VALIDATE_URL`. MEDIUM Jan 20, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2021-20181 QEMU Plan 9 File System TOCTOU Privilege Escalation Vulnerability Edit. -- Jan 20, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2020-25685 A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity. MEDIUM Jan 20, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2020-25681 A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. HIGH Jan 20, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2021-3178 ** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior. MEDIUM Jan 20, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2020-25686 A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the Birthday Attacks section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity. MEDIUM Jan 20, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2020-25684 A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query\'s attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity. MEDIUM Jan 20, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2021-3177 Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely. HIGH Jan 19, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2020-28374 In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore. MEDIUM Jan 16, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2021-3121 An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the skippy peanut butter issue. HIGH Jan 14, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2021-23240 selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable. MEDIUM Jan 14, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2020-25709 A malicious packet can force OpenLDAP to fail an assertion in certificateListValidate function in servers/slapd/schema_init.c. LOW Jan 14, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2020-25710 A malicious packet can force OpenLDAP to fail an assertion in csnNormalize23 function in servers/slapd/schema_init.c. LOW Jan 14, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2021-0342 In tun_get_user of tun.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges required. User interaction is not required for exploitation. Product: Android; Versions: Android kernel; Android ID: A-146554327. MEDIUM Jan 13, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2021-21252 The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package jquery-validation. jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service). This is fixed in 1.19.3. MEDIUM Jan 13, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2021-23239 The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. LOW Jan 12, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2020-35512 On Unix, avoid a use-after-free if two usernames have the same numeric uid. In older versions this could lead to a crash (denial of service) or other undefined behaviour, possibly including incorrect authorization decisions if <policy group=...> is used. Like Unix filesystems, D-Bus\' model of identity cannot distinguish between users of different names with the same numeric uid, so this configuration is not advisable on systems where D-Bus will be used. HIGH Jan 11, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2020-25678 A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear text. This can be found by searching the mgr logs for grafana and dashboard, with passwords visible. MEDIUM Jan 8, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2020-36158 mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332. HIGH Jan 8, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2020-35493 A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34. MEDIUM Jan 7, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2020-35965 decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations. MEDIUM Jan 5, 2021 10.18.44.22 (Wind River Linux LTS 18)
CVE-2020-11947 iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker. LOW Dec 31, 2020 10.18.44.22 (Wind River Linux LTS 18)
CVE-2019-12953 Dropbear 2011.54 through 2018.76 has an inconsistent failure delay that may lead to revealing valid usernames, a different issue than CVE-2018-15599. MEDIUM Dec 30, 2020 10.18.44.22 (Wind River Linux LTS 18)
CVE-2020-27781 User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack project can view the access key. This enables the attacker to target any resource that the user has access to. This can be done to even admin users, compromising the ceph administrator. This flaw affects Ceph versions prior to 16.2.0. LOW Dec 19, 2020 10.18.44.21 (Wind River Linux LTS 18)
CVE-2020-29569 An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback. HIGH Dec 18, 2020 10.18.44.21 (Wind River Linux LTS 18)
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version.
Live chat
Online