Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 164054 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2022-23270 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability HIGH May 11, 2022 n/a
CVE-2022-23271 Microsoft Dynamics GP Elevation Of Privilege Vulnerability HIGH Feb 9, 2022 n/a
CVE-2022-23272 Microsoft Dynamics GP Elevation Of Privilege Vulnerability HIGH Feb 9, 2022 n/a
CVE-2022-23273 Microsoft Dynamics GP Elevation Of Privilege Vulnerability HIGH Feb 9, 2022 n/a
CVE-2022-23274 Microsoft Dynamics GP Remote Code Execution Vulnerability MEDIUM Feb 9, 2022 n/a
CVE-2022-23276 SQL Server for Linux Containers Elevation of Privilege Vulnerability MEDIUM Feb 9, 2022 n/a
CVE-2022-23277 Microsoft Exchange Server Remote Code Execution Vulnerability MEDIUM Mar 14, 2022 n/a
CVE-2022-23278 Microsoft Defender for Endpoint Spoofing Vulnerability MEDIUM Mar 14, 2022 n/a
CVE-2022-23279 Windows ALPC Elevation of Privilege Vulnerability MEDIUM May 11, 2022 n/a
CVE-2022-23280 Microsoft Outlook for Mac Security Feature Bypass Vulnerability MEDIUM Feb 10, 2022 n/a
CVE-2022-23281 Windows Common Log File System Driver Information Disclosure Vulnerability LOW Mar 14, 2022 n/a
CVE-2022-23282 Paint 3D Remote Code Execution Vulnerability MEDIUM Mar 14, 2022 n/a
CVE-2022-23283 Windows ALPC Elevation of Privilege Vulnerability MEDIUM Mar 14, 2022 n/a
CVE-2022-23284 Windows Print Spooler Elevation of Privilege Vulnerability HIGH Mar 14, 2022 n/a
CVE-2022-23285 Remote Desktop Client Remote Code Execution Vulnerability MEDIUM Mar 14, 2022 n/a
CVE-2022-23286 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability MEDIUM Mar 14, 2022 n/a
CVE-2022-23287 Windows ALPC Elevation of Privilege Vulnerability MEDIUM Mar 14, 2022 n/a
CVE-2022-23288 Windows DWM Core Library Elevation of Privilege Vulnerability MEDIUM Mar 14, 2022 n/a
CVE-2022-23290 Windows Inking COM Elevation of Privilege Vulnerability HIGH Mar 14, 2022 n/a
CVE-2022-23291 Windows DWM Core Library Elevation of Privilege Vulnerability HIGH Mar 14, 2022 n/a
CVE-2022-23292 Microsoft Power BI Spoofing Vulnerability MEDIUM Apr 15, 2022 n/a
CVE-2022-23293 Windows Fast FAT File System Driver Elevation of Privilege Vulnerability HIGH Mar 14, 2022 n/a
CVE-2022-23294 Windows Event Tracing Remote Code Execution Vulnerability MEDIUM Mar 14, 2022 n/a
CVE-2022-23295 Raw Image Extension Remote Code Execution Vulnerability MEDIUM Mar 14, 2022 n/a
CVE-2022-23296 Windows Installer Elevation of Privilege Vulnerability HIGH Mar 14, 2022 n/a
CVE-2022-23297 Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability LOW Mar 14, 2022 n/a
CVE-2022-23298 Windows NT OS Kernel Elevation of Privilege Vulnerability MEDIUM Mar 14, 2022 n/a
CVE-2022-23299 Windows PDEV Elevation of Privilege Vulnerability HIGH Mar 14, 2022 n/a
CVE-2022-23300 Raw Image Extension Remote Code Execution Vulnerability MEDIUM Mar 14, 2022 n/a
CVE-2022-23301 HEVC Video Extensions Remote Code Execution Vulnerability MEDIUM Mar 14, 2022 n/a
CVE-2022-23302 JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. MEDIUM Jan 18, 2022 n/a
CVE-2022-23303 The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494. MEDIUM Jan 18, 2022 n/a
CVE-2022-23304 The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495. MEDIUM Jan 18, 2022 n/a
CVE-2022-23305 By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. MEDIUM Jan 18, 2022 n/a
CVE-2022-23307 CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists. HIGH Jan 18, 2022 n/a
CVE-2022-23308 valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. MEDIUM Feb 21, 2022 n/a
CVE-2022-23312 A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP9 Security Patch 1). The integrated web application Online Help in affected product contains a Cross-Site Scripting (XSS) vulnerability that could be exploited if unsuspecting users are tricked into accessing a malicious link. MEDIUM Feb 9, 2022 n/a
CVE-2022-23314 MCMS v5.2.4 was discovered to contain a SQL injection vulnerability via /ms/mdiy/model/importJson.do. HIGH Jan 21, 2022 n/a
CVE-2022-23315 MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.do. HIGH Jan 21, 2022 n/a
CVE-2022-23316 An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=file&ctrl=download&path=../../1.txt. MEDIUM Feb 8, 2022 n/a
CVE-2022-23317 CobaltStrike <=4.5 HTTP(S) listener does not determine whether the request URL begins with /, and attackers can obtain relevant information by specifying the URL. MEDIUM Feb 15, 2022 n/a
CVE-2022-23318 A heap-buffer-overflow in pcf2bdf, versions >= 1.05 allows an attacker to trigger unsafe memory access via a specially crafted PCF font file. This out-of-bound read may lead to an application crash, information disclosure via program memory or other context-dependent impact. MEDIUM Feb 18, 2022 n/a
CVE-2022-23319 A segmentation fault during PCF file parsing in pcf2bdf versions >=1.05 allows an attacker to trigger a program crash via a specially crafted PCF font file. This crash affects the availability of the software and dependent downstream components. MEDIUM Feb 18, 2022 n/a
CVE-2022-23320 XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database. MEDIUM Feb 7, 2022 n/a
CVE-2022-23321 A persistent cross-site scripting (XSS) vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStore application on version 12.3.7244.0. LOW Feb 10, 2022 n/a
CVE-2022-23327 A design flaw in Go-Ethereum 1.10.12 and older versions allows an attacker node to send 5120 future transactions with a high gas price in one message, which can purge all of pending transactions in a victim node\'s memory pool, causing a denial of service (DoS). MEDIUM Mar 4, 2022 n/a
CVE-2022-23328 A design flaw in all versions of Go-Ethereum allows an attacker node to send 5120 pending transactions of a high gas price from one account that all fully spend the full balance of the account to a victim Geth node, which can purge all of pending transactions in a victim node\'s memory pool and then occupy the memory pool to prevent new transactions from entering the pool, resulting in a denial of service (DoS). MEDIUM Mar 4, 2022 n/a
CVE-2022-23329 A vulnerability in ${freemarker.template.utility.Execute?new() of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading malicious files. HIGH Feb 9, 2022 n/a
CVE-2022-23330 A remote code execution (RCE) vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitrary code via a crafted JAR package. MEDIUM Feb 9, 2022 n/a
CVE-2022-23331 In DataEase v1.6.1, an authenticated user can gain unauthorized access to all user information and can change the administrator password. MEDIUM Feb 11, 2022 n/a
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online