Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 692 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2020-27843 A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability. HIGH Jan 8, 2021 10.19.45.15 (Wind River Linux LTS 19)
CVE-2020-27842 There\'s a flaw in openjpeg\'s t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability. MEDIUM Jan 7, 2021 10.19.45.15 (Wind River Linux LTS 19)
CVE-2020-27841 There\'s a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability. MEDIUM Jan 7, 2021 10.19.45.15 (Wind River Linux LTS 19)
CVE-2020-27845 There\'s a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg\'s conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability. MEDIUM Jan 7, 2021 10.19.45.15 (Wind River Linux LTS 19)
CVE-2020-35965 decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations. MEDIUM Jan 5, 2021 10.19.45.15 (Wind River Linux LTS 19)
CVE-2020-35964 track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing. MEDIUM Jan 3, 2021 10.19.45.15 (Wind River Linux LTS 19)
CVE-2020-11947 iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker. LOW Dec 31, 2020 10.19.45.15 (Wind River Linux LTS 19)
CVE-2019-20808 In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the ati_cursor_define() routine while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service. LOW Dec 31, 2020 10.19.45.15 (Wind River Linux LTS 19)
CVE-2020-27781 User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack project can view the access key. This enables the attacker to target any resource that the user has access to. This can be done to even admin users, compromising the ceph administrator. This flaw affects Ceph versions prior to 16.2.0. LOW Dec 19, 2020 10.19.45.15 (Wind River Linux LTS 19)
CVE-2020-29569 An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback. HIGH Dec 18, 2020 10.19.45.15 (Wind River Linux LTS 19)
CVE-2020-29361 An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc. MEDIUM Dec 18, 2020 10.19.45.15 (Wind River Linux LTS 19)
CVE-2020-29362 An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS#11 function call, the receiving entity may allow the reading of up to 4 bytes of memory past the heap allocation. MEDIUM Dec 16, 2020 10.19.45.15 (Wind River Linux LTS 19)
CVE-2020-29363 An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may not allocate sufficient length for the buffer to store the deserialized value. HIGH Dec 16, 2020 10.19.45.15 (Wind River Linux LTS 19)
CVE-2020-29660 A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. HIGH Dec 11, 2020 10.19.45.15 (Wind River Linux LTS 19)
CVE-2020-29661 A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b. HIGH Dec 11, 2020 10.19.45.15 (Wind River Linux LTS 19)
CVE-2020-1971 The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL\'s s_server, s_client and verify tools have support for the -crl_download option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL\'s parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w). MEDIUM Dec 10, 2020 10.19.45.15 (Wind River Linux LTS 19)
CVE-2020-25692 A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service. MEDIUM Dec 8, 2020 10.19.45.15 (Wind River Linux LTS 19)
CVE-2020-28916 hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address. LOW Dec 4, 2020 10.19.45.15 (Wind River Linux LTS 19)
CVE-2020-14351 A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. MEDIUM Dec 3, 2020 10.19.45.15 (Wind River Linux LTS 19)
CVE-2020-14381 A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. MEDIUM Dec 3, 2020 10.19.45.14 (Wind River Linux LTS 19)
CVE-2020-25624 hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver. MEDIUM Dec 3, 2020 10.19.45.15 (Wind River Linux LTS 19)
CVE-2020-29371 An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd. LOW Nov 28, 2020 10.19.45.15 (Wind River Linux LTS 19)
CVE-2020-29370 An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71. MEDIUM Nov 28, 2020 10.19.45.14 (Wind River Linux LTS 19)
CVE-2020-29368 An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1. MEDIUM Nov 28, 2020 10.19.45.14 (Wind River Linux LTS 19)
CVE-2020-29369 An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe. MEDIUM Nov 28, 2020 10.19.45.14 (Wind River Linux LTS 19)
CVE-2020-29129 ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. MEDIUM Nov 27, 2020 10.19.45.15 (Wind River Linux LTS 19)
CVE-2020-29130 slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length. MEDIUM Nov 27, 2020 10.19.45.15 (Wind River Linux LTS 19)
CVE-2020-28974 A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. MEDIUM Nov 20, 2020 10.19.45.14 (Wind River Linux LTS 19)
CVE-2020-28941 An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once. MEDIUM Nov 19, 2020 10.19.45.15 (Wind River Linux LTS 19)
CVE-2020-28915 A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def. MEDIUM Nov 18, 2020 10.19.45.15 (Wind River Linux LTS 19)
CVE-2020-25705 A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. Kernel versions before 5.10 may be vulnerable to this issue. MEDIUM Nov 17, 2020 10.19.45.14 (Wind River Linux LTS 19)
CVE-2020-25695 Multiple features escape \"security restricted operation\" sandbox MEDIUM Nov 16, 2020 10.19.45.14 (Wind River Linux LTS 19)
CVE-2020-25696 psql\'s \\gset allows overwriting specially treated variables HIGH Nov 16, 2020 10.19.45.14 (Wind River Linux LTS 19)
CVE-2020-25694 Reconnection can downgrade connection security settings MEDIUM Nov 16, 2020 10.19.45.14 (Wind River Linux LTS 19)
CVE-2020-28366 cmd/go: arbitrary code can be injected into cgo generated files MEDIUM Nov 16, 2020 10.19.45.14 (Wind River Linux LTS 19)
CVE-2020-8694 Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. LOW Nov 12, 2020 10.19.45.15 (Wind River Linux LTS 19)
CVE-2020-25654 An acl bypass flaw was found in pacemaker. When ACLs are not in use, any user in the haclient group has full access to the configuration, which effectively gives them the ability to run any code as root. HIGH Nov 12, 2020 10.19.45.14 (Wind River Linux LTS 19)
CVE-2020-25704 There is a memory leak in perf_event_parse_addr_filter. MEDIUM Nov 12, 2020 10.19.45.15 (Wind River Linux LTS 19)
CVE-2020-0452 Modify an arguments size check and decrease so that the likelihood of the compiler removing it as part of optimizations is low. The arguments check must always be triggered to avoid potential buffer overflows. HIGH Nov 10, 2020 10.19.45.14 (Wind River Linux LTS 19)
CVE-2020-28196 MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit. MEDIUM Nov 9, 2020 10.19.45.15 (Wind River Linux LTS 19)
CVE-2020-15999 Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. MEDIUM Nov 7, 2020 10.19.45.14 (Wind River Linux LTS 19)
CVE-2020-27617 eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol. MEDIUM Nov 6, 2020 10.19.45.14 (Wind River Linux LTS 19)
CVE-2020-27616 ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process. MEDIUM Nov 6, 2020 10.19.45.14 (Wind River Linux LTS 19)
CVE-2020-8037 The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. MEDIUM Nov 4, 2020 10.19.45.14 (Wind River Linux LTS 19)
CVE-2020-14318 The SMB1/2/3 protocols have a concept of \"ChangeNotify\", where a client can request file name notification on a directory handle when a condition such as \"new file creation\" or \"file size change\" or \"file timestamp update\" occurs. MEDIUM Nov 2, 2020 10.19.45.13 (Wind River Linux LTS 19)
CVE-2020-14383 Some DNS records (such as MX and NS records) usually contain data in the additional section. Samba\'s dnsserver RPC pipe (which is an administrative interface not used in the DNS server itself) made an error in handling the case where there are no records present: instead of noticing the lack of records, it dereferenced uninitialised memory, causing the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay MEDIUM Nov 2, 2020 10.19.45.13 (Wind River Linux LTS 19)
CVE-2020-14323 A null pointer dereference flaw was found in samba\'s Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service. LOW Oct 29, 2020 10.19.45.13 (Wind River Linux LTS 19)
CVE-2020-14789 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). MEDIUM Oct 23, 2020 10.19.45.14 (Wind River Linux LTS 19)
CVE-2020-27673 An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271. MEDIUM Oct 23, 2020 10.19.45.14 (Wind River Linux LTS 19)
CVE-2020-14812 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). MEDIUM Oct 23, 2020 10.19.45.14 (Wind River Linux LTS 19)
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version.
Live chat
Online