Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 216537 entries
IDDescriptionPriorityModified date
CVE-2020-18155 SQL Injection vulnerability in Subrion CMS v4.2.1 in the search page if a website uses a PDO connection. HIGH Jul 15, 2021
CVE-2020-18157 Cross Site Request Forgery (CSRF) vulnerability in MetInfo 6.1.3 via a doaddsave action in admin/index.php. MEDIUM Jul 30, 2021
CVE-2020-18158 Cross Site Scripting (XSS) vulnerability in HuCart 5.7.4 via nickname in index.php. LOW Jul 30, 2021
CVE-2020-18164 SQL Injection vulnerability exists in tp-shop 2.x-3.x via the /index.php/home/api/shop fBill parameter. HIGH Aug 18, 2021
CVE-2020-18165 Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the Website SEO Keywords field on the page admin/info.php?shuyu. LOW May 12, 2021
CVE-2020-18166 Unrestricted File Upload in LAOBANCMS v2.0 allows remote attackers to upload arbitrary files by attaching a file with a .jpg.php extension to the component admin/wenjian.php?wj=../templets/pc. HIGH May 14, 2021
CVE-2020-18167 Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the Homepage Introduction field of component admin/info.php?shuyu. LOW May 14, 2021
CVE-2020-18169 A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit 19.1.1.2860 allows attackers to escalate privileges. NOTE: Exploit of the Snagit installer would require the end user to ignore other safety mechanisms provided by the Host OS. See reference document for more details MEDIUM Jul 27, 2021
CVE-2020-18170 An issue in the SeChangeNotifyPrivilege component of Abloy Key Manager Version 7.14301.0.0 allows attackers to escalate privileges via a change in permissions. HIGH Jul 27, 2021
CVE-2020-18171 TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) which can allow attackers to obfuscate and embed crafted files used to escalate privileges. NOTE: This implies that Snagit\'s use of OLE is a security vulnerability unto itself and it is not. See reference document for more details HIGH Jul 27, 2021
CVE-2020-18172 A code injection vulnerability in the SeDebugPrivilege component of Trezor Bridge 2.0.27 allows attackers to escalate privileges. HIGH Jul 27, 2021
CVE-2020-18173 A DLL injection vulnerability in 1password.dll of 1Password 7.3.712 allows attackers to execute arbitrary code. MEDIUM Jul 27, 2021
CVE-2020-18174 A process injection vulnerability in setup.exe of AutoHotkey 1.1.32.00 allows attackers to escalate privileges. HIGH Jul 27, 2021
CVE-2020-18175 SQL Injection vulnerability in Metinfo 6.1.3 via a dosafety_emailadd action in basic.php. HIGH Jul 30, 2021
CVE-2020-18178 Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit, and delete arbitrary files via a crafted POST request to the component /hcms/admin/index.php/language/ajax. HIGH May 18, 2021
CVE-2020-18184 In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametres_edittpl.php allows remote attackers to execute arbitrary PHP code by placing this code into a template. MEDIUM Oct 2, 2020
CVE-2020-18185 class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment. HIGH Oct 8, 2020
CVE-2020-18190 Bludit v3.8.1 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /admin/ajax/upload-profile-picture. MEDIUM Oct 9, 2020
CVE-2020-18191 GetSimpleCMS-3.3.15 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /GetSimpleCMS-3.3.15/admin/log.php MEDIUM Oct 5, 2020
CVE-2020-18194 Cross Site Scripting (XSS) in emlog v6.0.0 allows remote attackers to execute arbitrary code by adding a crafted script as a link to a new blog post. MEDIUM May 18, 2021
CVE-2020-18195 Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete a specific article via the component /admin.php?action=page. MEDIUM May 18, 2021
CVE-2020-18198 Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete specific images via the component /admin.php?action=images. MEDIUM May 18, 2021
CVE-2020-18215 Multiple SQL Injection vulnerabilities in PHPSHE 1.7 in phpshe/admin.php via the (1) ad_id, (2) menu_id, and (3) cashout_id parameters, which could let a remote malicious user execute arbitrary code. MEDIUM Feb 12, 2021
CVE-2020-18220 Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted for users to be susceptible to dictionary attacks. MEDIUM May 20, 2021
CVE-2020-18221 Cross Site Scripting (XSS) in Typora v0.9.65 and earlier allows remote attackers to execute arbitrary code by injecting commands during block rendering of a mathematical formula. MEDIUM May 28, 2021
CVE-2020-18229 Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter $cfg_copyright of component /admin/web_config.php. LOW May 28, 2021
CVE-2020-18230 Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter $cfg_switchshow of component /admin/web_config.php. LOW May 28, 2021
CVE-2020-18232 Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file. -- Aug 22, 2023
CVE-2020-18259 ED01-CMS v1.0 was discovered to contain a reflective cross-site scripting (XSS) vulnerability in the component sposts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Post title or Post content fields. MEDIUM Nov 5, 2021
CVE-2020-18261 An arbitrary file upload vulnerability in the image upload function of ED01-CMS v1.0 allows attackers to execute arbitrary commands. HIGH Nov 5, 2021
CVE-2020-18262 ED01-CMS v1.0 was discovered to contain a SQL injection in the component cposts.php via the cid parameter. HIGH Nov 5, 2021
CVE-2020-18263 PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability in the component search.php via the search parameter. This vulnerability allows attackers to access sensitive database information. MEDIUM Nov 5, 2021
CVE-2020-18264 Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component Simple-Log/admin/admin.php?act=act_edit_member. MEDIUM Jun 9, 2021
CVE-2020-18265 Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote attackers to gain privilege and execute arbitrary code via the component Simple-Log/admin/admin.php?act=act_add_member. MEDIUM Jun 9, 2021
CVE-2020-18268 Open Redirect in Z-BlogPHP v1.5.2 and earlier allows remote attackers to obtain sensitive information via the redirect parameter in the component zb_system/cmd.php. MEDIUM Jun 7, 2021
CVE-2020-18280 Cross Site Scripting vulnerability found in Phodal CMD v.1.0 allows a local attacker to execute arbitrary code via the EMBED SRC function. -- May 9, 2023
CVE-2020-18282 Cross-site scripting (XSS) vulnerability in NoneCms 1.3.0 allows remote attackers to inject arbitrary web script or HTML via feedback feature. -- May 11, 2023
CVE-2020-18324 Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.1 via the q parameter in the Kickstart template. MEDIUM Mar 4, 2022
CVE-2020-18325 Multilple Cross Site Scripting (XSS) vulnerability exists in Intelliants Subrion CMS v4.2.1 in the Configuration panel. MEDIUM Mar 4, 2022
CVE-2020-18326 Cross Site Request Forgery (CSRF) vulnerability exists in Intelliants Subrion CMS v4.2.1 via the Members administrator function, which could let a remote unauthenticated malicious user send an authorised request to victim and successfully create an arbitrary administrator user. MEDIUM Mar 4, 2022
CVE-2020-18327 Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.2 MEDIUM Mar 4, 2022
CVE-2020-18329 An issue was discovered in Rehau devices that use a pCOWeb card BIOS v6.27, BOOT v5.00, web version v2.2, allows attackers to gain full unauthenticated access to the configuration and service interface. -- Jan 27, 2023
CVE-2020-18330 An issue was discovered in the default configuration of ChinaMobile PLC Wireless Router model GPN2.4P21-C-CN running the firmware version W2000EN-01(hardware platform Gpn2.4P21-C_WIFI-V0.05), allows attackers to gain access to the configuration interface. -- Jan 27, 2023
CVE-2020-18331 Directory traversal vulnerability in ChinaMobile PLC Wireless Router model GPN2.4P21-C-CN running the firmware version W2000EN-01(hardware platform Gpn2.4P21-C_WIFI-V0.05), via the getpage parameter to /cgi-bin/webproc. -- Jan 27, 2023
CVE-2020-18336 Cross Site Scripting (XSS) vulnerability found in Typora v.0.9.65 allows a remote attacker to obtain sensitive information via the PDF file exporting function. -- Oct 10, 2023
CVE-2020-18378 A NULL pointer dereference was discovered in SExpressionWasmBuilder::makeBlock in wasm/wasm-s-parser.c in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as. -- Aug 22, 2023
CVE-2020-18382 Heap-buffer-overflow in /src/wasm/wasm-binary.cpp in wasm::WasmBinaryBuilder::visitBlock(wasm::Block*) in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-opt. -- Aug 22, 2023
CVE-2020-18392 Stack overflow vulnerability in parse_array Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file. MEDIUM May 28, 2021
CVE-2020-18395 A NULL-pointer deference issue was discovered in GNU_gama::set() in ellipsoid.h in Gama 2.04 which can lead to a denial of service (DOS) via segment faults caused by crafted inputs. MEDIUM May 28, 2021
CVE-2020-18404 An issue was discovered in espcms version P8.18101601. There is a cross site scripting (XSS) vulnerability that allows arbitrary code to be executed via the title parameter. -- Jun 27, 2023
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online