MontaVista CVE List and Response
MontaVista continually monitors the security community and customers for threats. We follow the community on CVE scoring (NVD) and set fix priority accordingly for affected products. Please view the following CVEs that have been remediated or are in process by clicking the CVE Year to the left or use the CVE Filters below.
For inquiries into CVEs at MontaVista, please send email to security@mvista.com
| CVE | Score | Severity | Package | Description | Published | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| CVE-2015-9999 |
4.0 (i)
| ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. | 2022-10-01 | |||||||||||||||
| CVE-2017-100010 |
5.4 (i)
| normal | curl | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. | 2022-10-01 | |||||||||||||
| CVE-2017-100036 |
7.4 (i)
| glibc | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. | 2022-10-01 | ||||||||||||||
| CVE-2022-23816 |
5.6 (i)
| normal | kernel | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. | 2022-10-01 | |||||||||||||
| CVE-2022-41849 |
4.3 (i)
| normal | kernel | drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect. | 2022-09-29 | |||||||||||||
| CVE-2022-41850 |
4.3 (i)
| normal | kernel | roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress. | 2022-09-29 | |||||||||||||
| CVE-2022-41848 |
4.3 (i)
| normal | kernel | drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach. | 2022-09-29 | |||||||||||||
| CVE-2022-3352 |
6.6 (i)
| normal | vim | Use After Free in GitHub repository vim/vim prior to 9.0.0614. | 2022-09-29 | |||||||||||||
| CVE-2016-2338 |
4.7 (i)
| normal | ruby | An exploitable heap overflow vulnerability exists in the Psych::Emitter start_document function of Ruby. In Psych::Emitter start_document function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase this array size after mentioned allocation and cause heap overflow. | 2022-09-28 | |||||||||||||
| CVE-2014-0147 |
7.5 (i)
| serious | qemu | Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorrectly calling update_refcount() routine. | 2022-09-28 |