Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 164513 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2023-4826 The SocialDriver WordPress theme before version 2024 has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties resulting in a cross-site scripting (XSS) attack. -- Feb 23, 2024 n/a
CVE-2022-48626 In the Linux kernel, the following vulnerability has been resolved: moxart: fix potential use-after-free on remove path It was reported that the mmc host structure could be accessed after it was freed in moxart_remove(), so fix this by saving the base register of the device and using it instead of the pointer dereference. -- Feb 26, 2024 n/a
CVE-2022-43842 IBM Aspera Console 3.4.0 through 3.4.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 239079. -- Feb 23, 2024 n/a
CVE-2022-34357 IBM Cognos Analytics Mobile Server 11.1.7, 11.2.4, and 12.0.0 is vulnerable to Denial of Service due to due to weak or absence of rate limiting. By making unlimited http requests, it is possible for a single user to exhaust server resources over a period of time making service unavailable for other legitimate users. IBM X-Force ID: 230510. -- Feb 26, 2024 n/a
CVE-2021-46906 In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: fix info leak in hid_submit_ctrl In hid_submit_ctrl(), the way of calculating the report length doesn\'t take into account that report->size can be zero. When running the syzkaller reproducer, a report of size 0 causes hid_submit_ctrl) to calculate transfer_buffer_length as 16384. When this urb is passed to the usb core layer, KMSAN reports an info leak of 16384 bytes. To fix this, first modify hid_report_len() to account for the zero report size case by using DIV_ROUND_UP for the division. Then, call it from hid_submit_ctrl(). -- Feb 26, 2024 n/a
CVE-2021-46905 In the Linux kernel, the following vulnerability has been resolved: net: hso: fix NULL-deref on disconnect regression Commit 8a12f8836145 (net: hso: fix null-ptr-deref during tty device unregistration) fixed the racy minor allocation reported by syzbot, but introduced an unconditional NULL-pointer dereference on every disconnect instead. Specifically, the serial device table must no longer be accessed after the minor has been released by hso_serial_tty_unregister(). -- Feb 26, 2024 n/a
CVE-2021-46904 In the Linux kernel, the following vulnerability has been resolved: net: hso: fix null-ptr-deref during tty device unregistration Multiple ttys try to claim the same the minor number causing a double unregistration of the same device. The first unregistration succeeds but the next one results in a null-ptr-deref. The get_free_serial_index() function returns an available minor number but doesn\'t assign it immediately. The assignment is done by the caller later. But before this assignment, calls to get_free_serial_index() would return the same minor number. Fix this by modifying get_free_serial_index to assign the minor number immediately after one is found to be and rename it to obtain_minor() to better reflect what it does. Similary, rename set_serial_by_index() to release_minor() and modify it to free up the minor number of the given hso_serial. Every obtain_minor() should have corresponding release_minor() call. -- Feb 26, 2024 n/a
CVE-2021-44457 Rejected reason: This is unused. -- Feb 26, 2024 n/a
CVE-2021-43351 Rejected reason: This is unused. -- Feb 26, 2024 n/a
CVE-2021-41860 Rejected reason: This is unused. -- Feb 26, 2024 n/a
CVE-2021-41859 Rejected reason: This is unused. -- Feb 26, 2024 n/a
CVE-2021-41858 Rejected reason: This is unused. -- Feb 26, 2024 n/a
CVE-2021-41857 Rejected reason: This is unused. -- Feb 26, 2024 n/a
CVE-2021-41856 Rejected reason: This is unused. -- Feb 26, 2024 n/a
CVE-2021-41855 Rejected reason: This is unused. -- Feb 26, 2024 n/a
CVE-2021-41854 Rejected reason: This is unused. -- Feb 26, 2024 n/a
CVE-2021-41853 Rejected reason: This is unused. -- Feb 26, 2024 n/a
CVE-2021-41852 Rejected reason: This is unused. -- Feb 26, 2024 n/a
CVE-2021-41851 Rejected reason: This is unused. -- Feb 26, 2024 n/a
CVE-2021-37405 Rejected reason: This is unused. -- Feb 26, 2024 n/a
CVE-2021-33167 Rejected reason: This is unused. -- Feb 26, 2024 n/a
CVE-2021-33165 Rejected reason: This is unused. -- Feb 26, 2024 n/a
CVE-2021-33163 Rejected reason: This is unused. -- Feb 26, 2024 n/a
CVE-2021-33162 Rejected reason: This is unused. -- Feb 26, 2024 n/a
CVE-2021-33161 Rejected reason: This is unused. -- Feb 26, 2024 n/a
CVE-2021-33160 Rejected reason: This is unused. -- Feb 26, 2024 n/a
CVE-2021-33158 Rejected reason: This is unused. -- Feb 26, 2024 n/a
CVE-2021-33157 Rejected reason: This is unused. -- Feb 26, 2024 n/a
CVE-2021-33156 Rejected reason: This is unused. -- Feb 26, 2024 n/a
CVE-2021-33154 Rejected reason: This is unused. -- Feb 26, 2024 n/a
CVE-2021-33153 Rejected reason: This is unused. -- Feb 26, 2024 n/a
CVE-2021-33152 Rejected reason: This is unused. -- Feb 26, 2024 n/a
CVE-2021-33151 Rejected reason: This is unused. -- Feb 26, 2024 n/a
CVE-2021-33148 Rejected reason: This is unused. -- Feb 26, 2024 n/a
CVE-2021-33146 Rejected reason: This is unused. -- Feb 26, 2024 n/a
CVE-2021-33145 Rejected reason: This is unused. -- Feb 26, 2024 n/a
CVE-2021-33144 Rejected reason: This is unused. -- Feb 26, 2024 n/a
CVE-2021-33143 Rejected reason: This is unused. -- Feb 26, 2024 n/a
CVE-2021-33142 Rejected reason: This is unused. -- Feb 26, 2024 n/a
CVE-2021-33141 Rejected reason: This is unused. -- Feb 26, 2024 n/a
CVE-2021-33140 Rejected reason: This is unused. -- Feb 26, 2024 n/a
CVE-2021-33138 Rejected reason: This is unused. -- Feb 26, 2024 n/a
CVE-2021-33136 Rejected reason: This is unused. -- Feb 26, 2024 n/a
CVE-2021-33134 Rejected reason: This is unused. -- Feb 26, 2024 n/a
CVE-2021-33133 Rejected reason: This is unused. -- Feb 26, 2024 n/a
CVE-2021-33132 Rejected reason: This is unused. -- Feb 26, 2024 n/a
CVE-2021-33131 Rejected reason: This is unused. -- Feb 26, 2024 n/a
CVE-2021-33127 Rejected reason: This is unused. -- Feb 26, 2024 n/a
CVE-2021-33125 Rejected reason: This is unused. -- Feb 26, 2024 n/a
CVE-2021-33121 Rejected reason: This is unused. -- Feb 26, 2024 n/a
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online