Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 216537 entries
IDDescriptionPriorityModified date
CVE-2024-26482 An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting (such as with an H1 element) is allowed, but there is backend sanitization such that the reporter\'s mentioned injecting malicious scripts would not occur. -- Feb 22, 2024
CVE-2024-26481 Kirby CMS v4.1.0 was discovered to contain a reflected self-XSS vulnerability via the URL parameter. -- Feb 22, 2024
CVE-2024-26476 An issue in open-emr before v.7.0.2 allows a remote attacker to escalate privileges via a crafted script to the formid parameter in the ereq_form.php component. -- Feb 29, 2024
CVE-2024-26475 An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5.8.8 allows a local attacker to cause a denial of service via the grub_sfs_read_extent function. -- Mar 14, 2024
CVE-2024-26473 A reflected cross-site scripting (XSS) vulnerability in SocialMediaWebsite v1.0.1 allows attackers to inject malicious JavaScript into the web browser of a victim via the poll parameter in poll.php. -- Feb 29, 2024
CVE-2024-26472 KLiK SocialMediaWebsite version 1.0.1 from msaad1999 has a reflected cross-site scripting (XSS) vulnerability which may allow remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the \'selector\' or \'validator\' parameters of \'create-new-pwd.php\'. -- Feb 29, 2024
CVE-2024-26471 A reflected cross-site scripting (XSS) vulnerability in zhimengzhe iBarn v1.5 allows attackers to inject malicious JavaScript into the web browser of a victim via the search parameter in offer.php. -- Feb 29, 2024
CVE-2024-26470 A host header injection vulnerability in the forgot password function of FullStackHero\'s WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request. -- Feb 29, 2024
CVE-2024-26469 Server-Side Request Forgery (SSRF) vulnerability in Tunis Soft Product Designer (productdesigner) module for PrestaShop before version 1.178.36, allows remote attackers to cause a denial of service (DoS) and escalate privileges via the url parameter in the postProcess() method. -- Mar 4, 2024
CVE-2024-26468 A DOM based cross-site scripting (XSS) vulnerability in the component index.html of jstrieb/urlpages before commit 035b647 allows attackers to execute arbitrary Javascript via sending a crafted URL. -- Feb 26, 2024
CVE-2024-26467 A DOM based cross-site scripting (XSS) vulnerability in the component generator.html of tabatkins/railroad-diagrams before commit ea9a123 allows attackers to execute arbitrary Javascript via sending a crafted URL. -- Feb 26, 2024
CVE-2024-26466 A DOM based cross-site scripting (XSS) vulnerability in the component /dom/ranges/Range-test-iframe.html of web-platform-tests/wpt before commit 938e843 allows attackers to execute arbitrary Javascript via sending a crafted URL. -- Feb 26, 2024
CVE-2024-26465 A DOM based cross-site scripting (XSS) vulnerability in the component /beep/Beep.Instrument.js of stewdio beep.js before commit ef22ad7 allows attackers to execute arbitrary Javascript via sending a crafted URL. -- Feb 26, 2024
CVE-2024-26464 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. -- Feb 28, 2024
CVE-2024-26462 Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c. -- Feb 27, 2024
CVE-2024-26461 Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. -- Feb 27, 2024
CVE-2024-26458 Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. -- Feb 27, 2024
CVE-2024-26455 fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bit/plugins/custom_calyptia/calyptia.c. -- Feb 26, 2024
CVE-2024-26454 A Cross Site Scripting vulnerability in Healthcare-Chatbot through 9b7058a can occur via a crafted payload to the email1 or pwd1 parameter in login.php. -- Mar 15, 2024
CVE-2024-26450 An issue exists within Piwigo before v.14.2.0 allowing a malicious user to take over the application. This exploit involves chaining a Cross Site Request Forgery vulnerability to issue a Stored Cross Site Scripting payload stored within an Admin user\'s dashboard, executing remote JavaScript. This can be used to upload a new PHP file under an administrator and directly call that file from the victim\'s instance to connect back to a malicious listener. -- Feb 29, 2024
CVE-2024-26445 flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_place.php -- Feb 22, 2024
CVE-2024-26369 An issue in the HistoryQosPolicy component of FastDDS v2.12.x, v2.11.x, v2.10.x, and v2.6.x leads to a SIGABRT (signal abort) upon receiving DataWriter\'s data. -- Mar 19, 2024
CVE-2024-26352 flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_places.php -- Feb 22, 2024
CVE-2024-26351 flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_place.php -- Feb 22, 2024
CVE-2024-26350 flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_contact_form_settings.php -- Feb 22, 2024
CVE-2024-26349 flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_translation.php -- Feb 22, 2024
CVE-2024-26342 A Null pointer dereference in usr/sbin/httpd in ASUS AC68U 3.0.0.4.384.82230 allows remote attackers to trigger DoS via network packet. -- Feb 29, 2024
CVE-2024-26339 swftools v0.9.2 was discovered to contain a strcpy parameter overlap via /home/swftools/src/swfc+0x48318a. -- Mar 5, 2024
CVE-2024-26337 swftools v0.9.2 was discovered to contain a segmentation violation via the function s_font at swftools/src/swfc.c. -- Mar 5, 2024
CVE-2024-26335 swftools v0.9.2 was discovered to contain a segmentation violation via the function state_free at swftools/src/swfc-history.c. -- Mar 5, 2024
CVE-2024-26334 swftools v0.9.2 was discovered to contain a segmentation violation via the function compileSWFActionCode at swftools/lib/action/actioncompiler.c. -- Mar 5, 2024
CVE-2024-26333 swftools v0.9.2 was discovered to contain a segmentation violation via the function free_lines at swftools/lib/modules/swfshape.c. -- Mar 5, 2024
CVE-2024-26328 An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c does not set NumVFs to PCI_SRIOV_TOTAL_VF, and thus interaction with hw/nvme/ctrl.c is mishandled. -- Feb 20, 2024
CVE-2024-26327 An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF implementations. -- Feb 20, 2024
CVE-2024-26318 Serenity before 6.8.0 allows XSS via an email link because LoginPage.tsx permits return URLs that do not begin with a / character. -- Feb 20, 2024
CVE-2024-26313 Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.13.P3 HF1 (6.13.0.3.1) is also a fixed release. -- Mar 8, 2024
CVE-2024-26311 Archer Platform 6.x before 6.14 P2 HF1 (6.14.0.2.1) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this by tricking a victim application user into supplying malicious JavaScript code to the vulnerable web application. This code is then reflected to the victim and gets executed by the web browser in the context of the vulnerable web application. -- Feb 22, 2024
CVE-2024-26310 Archer Platform 6.8 before 6.14 P2 (6.14.0.2) contains an improper access control vulnerability. A remote authenticated malicious user could potentially exploit this to gain access to API information that should only be accessible with extra privileges. -- Feb 22, 2024
CVE-2024-26309 Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a sensitive information disclosure vulnerability. An unauthenticated attacker could potentially obtain access to sensitive information via an internal URL. -- Mar 8, 2024
CVE-2024-26308 Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue. -- Feb 20, 2024
CVE-2024-26307 Possible race condition vulnerability in Apache Doris. Some of code using `chmod()` method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file. This could theoretically happen, but the impact would be minimal. This issue affects Apache Doris: before 1.2.8, before 2.0.4. Users are recommended to upgrade to version 2.0.4, which fixes the issue. -- Mar 21, 2024
CVE-2024-26303 Authenticated Denial of Service Vulnerability in ArubaOS-Switch SSH Daemon -- Mar 26, 2024
CVE-2024-26302 A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager. -- Feb 28, 2024
CVE-2024-26301 A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager. -- Feb 28, 2024
CVE-2024-26300 A vulnerability in the guest interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim\'s browser in the context of the affected interface. -- Feb 28, 2024
CVE-2024-26299 A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim\'s browser in the context of the affected interface. -- Feb 28, 2024
CVE-2024-26298 Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. -- Feb 28, 2024
CVE-2024-26297 Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. -- Feb 28, 2024
CVE-2024-26296 Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. -- Feb 28, 2024
CVE-2024-26295 Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. -- Feb 28, 2024
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online