Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 164054 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2022-29810 The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter. LOW May 5, 2022 n/a
CVE-2022-29808 In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linking is enabled. -- Aug 3, 2022 n/a
CVE-2022-29807 A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow for remote code execution via download_agent_installer.php. -- Aug 3, 2022 n/a
CVE-2022-29806 ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability. HIGH May 6, 2022 n/a
CVE-2022-29805 A Java Deserialization vulnerability in the Fishbowl Server in Fishbowl Inventory before 2022.4.1 allows remote attackers to execute arbitrary code via a crafted XML payload. -- Aug 19, 2022 n/a
CVE-2022-29804 Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack. -- Jun 4, 2022 n/a
CVE-2022-29801 A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem. MEDIUM May 20, 2022 n/a
CVE-2022-29800 A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-dispatcher believes to be owned by root with ones that are not. -- May 3, 2022 n/a
CVE-2022-29799 A vulnerability was found in networkd-dispatcher. This flaw exists because no functions are sanitized by the OperationalState or the AdministrativeState of networkd-dispatcher. This attack leads to a directory traversal to escape from the “/etc/networkd-dispatcher” base directory. -- May 3, 2022 n/a
CVE-2022-29798 There is a denial of service vulnerability in CV81-WDM FW versions 01.70.49.29.46. Successful exploitation could cause denial of service. HIGH Jun 18, 2022 n/a
CVE-2022-29797 There is a buffer overflow vulnerability in CV81-WDM FW 01.70.49.29.46. Successful exploitation of this vulnerability may lead to privilege escalation. HIGH Jun 18, 2022 n/a
CVE-2022-29796 The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services. MEDIUM May 13, 2022 n/a
CVE-2022-29795 The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of this vulnerability will affect the kernel availability. MEDIUM May 13, 2022 n/a
CVE-2022-29794 The frame scheduling module has a Use After Free (UAF) vulnerability.Successful exploitation of this vulnerability will affect data integrity, availability, and confidentiality. HIGH May 13, 2022 n/a
CVE-2022-29793 There is a configuration defect in the activation lock of mobile phones.Successful exploitation of this vulnerability may affect application availability. MEDIUM May 13, 2022 n/a
CVE-2022-29792 The chip component has a vulnerability of disclosing CPU SNs.Successful exploitation of this vulnerability may affect data confidentiality. MEDIUM May 13, 2022 n/a
CVE-2022-29791 The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services. MEDIUM May 13, 2022 n/a
CVE-2022-29790 The graphics acceleration service has a vulnerability in multi-thread access to the database.Successful exploitation of this vulnerability may cause service exceptions. MEDIUM May 13, 2022 n/a
CVE-2022-29789 The HiAIserver has a vulnerability in verifying the validity of the properties used in the model.Successful exploitation of this vulnerability will affect AI services. MEDIUM May 13, 2022 n/a
CVE-2022-29788 libmobi before v0.10 contains a NULL pointer dereference via the component mobi_buffer_getpointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted mobi file. MEDIUM Jun 2, 2022 n/a
CVE-2022-29784 PublicCMS V4.0.202204.a and below contains an information leak via the component /views/directive/sys/SysConfigDataDirective.java. MEDIUM Jun 3, 2022 n/a
CVE-2022-29780 Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c. LOW Jun 2, 2022 n/a
CVE-2022-29779 Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c. LOW Jun 2, 2022 n/a
CVE-2022-29778 D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter \'descriptor\' at SetVirtualServerSettings.php MEDIUM Jun 3, 2022 n/a
CVE-2022-29777 Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a heap overflow via the component DesktopEditor/fontengine/fontconverter/FontFileBase.h. HIGH Jun 2, 2022 n/a
CVE-2022-29776 Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp. HIGH Jun 2, 2022 n/a
CVE-2022-29775 iSpyConnect iSpy v7.2.2.0 allows attackers to bypass authentication via a crafted URL. HIGH Jun 21, 2022 n/a
CVE-2022-29774 iSpy v7.2.2.0 is vulnerable to remote command execution via path traversal. HIGH Jun 21, 2022 n/a
CVE-2022-29773 An access control issue in aleksis/core/util/auth_helpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set. LOW Jun 3, 2022 n/a
CVE-2022-29770 XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /xxl-job-admin/jobinfo. LOW Jun 3, 2022 n/a
CVE-2022-29767 adbyby v2.7 allows external users to make connections via port 8118. This can cause a program logic error and lead to a Denial of Service (DoS) via high CPU usage due to a large number of connections. MEDIUM Jun 3, 2022 n/a
CVE-2022-29751 Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_client. HIGH May 12, 2022 n/a
CVE-2022-29750 Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_service. HIGH May 12, 2022 n/a
CVE-2022-29749 Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_invoice. HIGH May 12, 2022 n/a
CVE-2022-29748 Simple Client Management System 1.0 is vulnerable to SQL Injection via \\cms\\admin?page=client/manage_client&id=. HIGH May 12, 2022 n/a
CVE-2022-29747 Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/manage_invoice&id= // Leak place ---> id. HIGH May 12, 2022 n/a
CVE-2022-29746 Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/classes/Users.php?f=delete. HIGH May 12, 2022 n/a
CVE-2022-29745 Money Transfer Management System 1.0 is vulnerable to SQL Injection via \\mtms\\classes\\Master.php?f=delete_transaction. HIGH May 12, 2022 n/a
CVE-2022-29741 Money Transfer Management System 1.0 is vulnerable to SQL Injection via \\mtms\\classes\\Master.php?f=delete_fee. HIGH May 12, 2022 n/a
CVE-2022-29739 Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=user/manage_user&id=. HIGH May 12, 2022 n/a
CVE-2022-29738 Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=transaction/send&id=, id. HIGH May 12, 2022 n/a
CVE-2022-29735 Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 allows attackers to execute arbitrary commands via a crafted HTTP request. MEDIUM Jun 2, 2022 n/a
CVE-2022-29734 A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter. LOW Jun 2, 2022 n/a
CVE-2022-29733 Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and store sensitive information in cleartext. This vulnerability allows attackers to intercept HTTP Cookie authentication credentials via a man-in-the-middle attack. MEDIUM Jun 2, 2022 n/a
CVE-2022-29732 Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to contain a cross-site scripting (XSS) vulnerability via the Username parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload. MEDIUM Jun 2, 2022 n/a
CVE-2022-29731 An access control issue in ICT Protege GX/WX 2.08 allows attackers to leak SHA1 password hashes of other users. MEDIUM Jun 2, 2022 n/a
CVE-2022-29730 USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered to contain hard-coded credentials for its highest privileged account. The credentials cannot be altered through normal operation of the device. HIGH Jun 2, 2022 n/a
CVE-2022-29729 Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the webUI login page. MEDIUM Jun 2, 2022 n/a
CVE-2022-29728 Survey Sparrow Enterprise Survey Software 2022 has a Reflected cross-site scripting (XSS) vulnerability in the test parameter. MEDIUM May 11, 2022 n/a
CVE-2022-29727 Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site scripting (XSS) vulnerability in the Signup parameter. LOW May 11, 2022 n/a
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online