Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 216537 entries
IDDescriptionPriorityModified date
CVE-2022-0361 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. MEDIUM Feb 2, 2022
CVE-2022-0359 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. MEDIUM Feb 2, 2022
CVE-2022-0352 Cross-site Scripting (XSS) - Reflected in Pypi calibreweb prior to 0.6.16. MEDIUM Feb 2, 2022
CVE-2022-0348 Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2. LOW Feb 2, 2022
CVE-2022-0203 Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2. MEDIUM Feb 2, 2022
CVE-2022-0135 An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a denial of service or possible code execution. -- Feb 2, 2022
CVE-2021-46517 There is an Assertion `mjs_stack_size(&mjs->scopes) > 0\' failed at src/mjs_exec.c in Cesanta MJS v2.20.0. MEDIUM Feb 2, 2022
CVE-2021-46515 There is an Assertion `mjs_stack_size(&mjs->scopes) >= scopes_len\' failed at src/mjs_exec.c in Cesanta MJS v2.20.0. MEDIUM Feb 2, 2022
CVE-2021-46514 There is an Assertion \'ppos != NULL && mjs_is_number(*ppos)\' failed at src/mjs_core.c in Cesanta MJS v2.20.0. MEDIUM Feb 2, 2022
CVE-2021-46511 There is an Assertion `m->len >= sizeof(v)\' failed at src/mjs_core.c in Cesanta MJS v2.20.0. MEDIUM Feb 2, 2022
CVE-2021-46508 There is an Assertion `i < parts_cnt\' failed at src/mjs_bcode.c in Cesanta MJS v2.20.0. MEDIUM Feb 2, 2022
CVE-2021-46507 Jsish v3.5.0 was discovered to contain a stack overflow via Jsi_LogMsg at src/jsiUtils.c. MEDIUM Feb 2, 2022
CVE-2021-46505 Jsish v3.5.0 was discovered to contain a stack overflow via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x5b1e5. MEDIUM Feb 2, 2022
CVE-2021-46504 There is an Assertion \'vp != resPtr\' failed at jsiEval.c in Jsish v3.5.0. MEDIUM Feb 2, 2022
CVE-2021-46503 Jsish v3.5.0 was discovered to contain a heap-use-after-free via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x79732. This vulnerability can lead to a Denial of Service (DoS). MEDIUM Feb 2, 2022
CVE-2021-46502 Jsish v3.5.0 was discovered to contain a heap-use-after-free via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x5166d. This vulnerability can lead to a Denial of Service (DoS). MEDIUM Feb 2, 2022
CVE-2021-46501 Jsish v3.5.0 was discovered to contain a heap-use-after-free via SortSubCmd in src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS). MEDIUM Feb 2, 2022
CVE-2021-46500 Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_ArgTypeCheck in src/jsiFunc.c. This vulnerability can lead to a Denial of Service (DoS). MEDIUM Feb 2, 2022
CVE-2021-46499 Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_ValueCopyMove in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS). MEDIUM Feb 2, 2022
CVE-2021-46498 Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_wswebsocketObjFree in src/jsiWebSocket.c. This vulnerability can lead to a Denial of Service (DoS). MEDIUM Feb 2, 2022
CVE-2021-46497 Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_UserObjDelete in src/jsiUserObj.c. This vulnerability can lead to a Denial of Service (DoS). MEDIUM Feb 2, 2022
CVE-2021-46496 Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_ObjFree in src/jsiObj.c. This vulnerability can lead to a Denial of Service (DoS). MEDIUM Feb 2, 2022
CVE-2021-46495 Jsish v3.5.0 was discovered to contain a heap-use-after-free via DeleteTreeValue in src/jsiObj.c. This vulnerability can lead to a Denial of Service (DoS). MEDIUM Feb 2, 2022
CVE-2021-46494 Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsi_ValueLookupBase in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS). MEDIUM Feb 2, 2022
CVE-2021-46492 Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_FunctionInvoke at src/jsiFunc.c. This vulnerability can lead to a Denial of Service (DoS). MEDIUM Feb 2, 2022
CVE-2021-46491 Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_CommandPkgOpts at src/jsiCmds.c. This vulnerability can lead to a Denial of Service (DoS). MEDIUM Feb 2, 2022
CVE-2021-46490 Jsish v3.5.0 was discovered to contain a SEGV vulnerability via NumberConstructor at src/jsiNumber.c. This vulnerability can lead to a Denial of Service (DoS). MEDIUM Feb 2, 2022
CVE-2021-46489 Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_DecrRefCount in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS). MEDIUM Feb 2, 2022
CVE-2021-46488 Jsish v3.5.0 was discovered to contain a SEGV vulnerability via jsi_ArrayConcatCmd at src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS). MEDIUM Feb 2, 2022
CVE-2021-46487 Jsish v3.5.0 was discovered to contain a SEGV vulnerability via /lib/x86_64-linux-gnu/libc.so.6+0x18e506. This vulnerability can lead to a Denial of Service (DoS). MEDIUM Feb 2, 2022
CVE-2021-46486 Jsish v3.5.0 was discovered to contain a SEGV vulnerability via jsi_ArraySpliceCmd at src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS). MEDIUM Feb 2, 2022
CVE-2021-46485 Jsish v3.5.0 was discovered to contain a SEGV vulnerability via Jsi_ValueIsNumber at src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS). MEDIUM Feb 2, 2022
CVE-2021-46484 Jsish v3.5.0 was discovered to contain a heap-use-after-free via Jsi_IncrRefCount in src/jsiValue.c. This vulnerability can lead to a Denial of Service (DoS). MEDIUM Feb 2, 2022
CVE-2021-46448 H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/customers.php?page=1&cID. HIGH Feb 2, 2022
CVE-2021-46447 A cross-site scripting (XSS) vulnerability in H.H.G Multistore v5.1.0 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the State parameter under the Address Book module. LOW Feb 2, 2022
CVE-2021-46446 H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_access_group_edit&aagID. HIGH Feb 2, 2022
CVE-2021-46445 H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/categories.php?box_group_id. HIGH Feb 2, 2022
CVE-2021-46444 H.H.G Multistore v5.1.0 and below was discovered to contain a SQL injection vulnerability via /admin/admin.php?module=admin_group_edit&agID. HIGH Feb 2, 2022
CVE-2021-46428 A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 ( and previous versions via the bot_avatar parameter in SystemSettings.php. HIGH Feb 2, 2022
CVE-2021-46427 An SQL Injection vulnerability exists in Sourcecodester Simple Chatbot Application 1.0 via the message parameter in Master.php. HIGH Feb 2, 2022
CVE-2021-46386 File upload vulnerability in mingSoft MCMS through 5.2.5, allows remote attackers to execute arbitrary code via a crafted jspx webshell to net.mingsoft.basic.action.web.FileAction#upload. HIGH Feb 2, 2022
CVE-2021-46383 https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.web.DictAction#list. The attack vector is: 0 or sleep(3). ¶¶ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database. MEDIUM Feb 2, 2022
CVE-2021-46377 There is a front-end sql injection vulnerability in cszcms 1.2.9 via cszcms/controllers/Member.php#viewUser HIGH Feb 2, 2022
CVE-2021-46118 jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.article.kit.ArticleNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code. MEDIUM Feb 2, 2022
CVE-2021-46116 jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController#doInstall. The admin panel provides a function through which attackers can install templates and inject some malicious code. MEDIUM Feb 2, 2022
CVE-2021-46097 Dolphinphp v1.5.0 contains a remote code execution vulnerability in /application/common.php#action_log MEDIUM Feb 2, 2022
CVE-2021-46093 eliteCMS v1.0 is vulnerable to Insecure Permissions via manage_uploads.php. HIGH Feb 2, 2022
CVE-2021-46088 Zabbix 4.0 LTS, 4.2, 4.4, and 5.0 LTS is vulnerable to Remote Code Execution (RCE). Any user with the Zabbix Admin role is able to run custom shell script on the application server in the context of the application user. MEDIUM Feb 2, 2022
CVE-2021-46065 A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code. LOW Feb 2, 2022
CVE-2021-45975 In ListCheck.exe in Acer Care Center 4.x before 4.00.3038, a vulnerability in the loading mechanism of Windows DLLs could allow a local attacker to perform a DLL hijacking attack. This vulnerability is due to incorrect handling of directory search paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file on the targeted system. This file will execute when the vulnerable application launches. A successful exploit could allow the attacker to execute arbitrary code on the targeted system with local administrator privileges. MEDIUM Feb 2, 2022
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online