Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 131873 entries
IDDescriptionPriorityModified date
CVE-2021-37470 In NCH WebDictate v2.13, persistent Cross Site Scripting (XSS) exists in the Recipient Name field. An authenticated user can add or modify the affected field to inject arbitrary JavaScript. -- Jul 25, 2021
CVE-2021-37469 In NCH WebDictate v2.13 and earlier, authenticated users can abuse logprop?file=/.. path traversal to read files on the filesystem. -- Jul 25, 2021
CVE-2021-37468 NCH Reflect CRM 3.01 allows local users to discover cleartext user account information by reading the configuration files. -- Jul 25, 2021
CVE-2021-37467 In NCH Quorum v2.03 and earlier, XSS exists via /conferencebrowseuploadfile?confid= (reflected). -- Jul 25, 2021
CVE-2021-37466 In NCH Quorum v2.03 and earlier, XSS exists via /conference?id= (reflected). -- Jul 25, 2021
CVE-2021-37465 In NCH Quorum v2.03 and earlier, XSS exists via /uploaddoc?id= (reflected). -- Jul 25, 2021
CVE-2021-37464 In NCH Quorum v2.03 and earlier, XSS exists via Conference Description (stored). -- Jul 25, 2021
CVE-2021-37463 In NCH Quorum v2.03 and earlier, XSS exists via User Display Name (stored). -- Jul 25, 2021
CVE-2021-37462 Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /ipblacklist?errorip= (reflected). -- Jul 25, 2021
CVE-2021-37461 Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /extensionsinstruction?id= (reflected). -- Jul 25, 2021
CVE-2021-37460 Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /planprop?id= (reflected). -- Jul 25, 2021
CVE-2021-37459 Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the customer name field (stored). -- Jul 25, 2021
CVE-2021-37458 Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the primary phone field (stored). -- Jul 25, 2021
CVE-2021-37457 Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the SipRule field (stored). -- Jul 25, 2021
CVE-2021-37456 Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the blacklist IP address (stored). -- Jul 25, 2021
CVE-2021-37455 Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the outbound dialing plan (stored). -- Jul 25, 2021
CVE-2021-37454 Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the line name (stored). -- Jul 25, 2021
CVE-2021-37453 Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the extension name (stored). -- Jul 25, 2021
CVE-2021-37452 NCH Quorum v2.03 and earlier allows local users to discover cleartext login information relating to users by reading the local .dat configuration files. -- Jul 25, 2021
CVE-2021-37451 Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /msglist?mbx= (reflected). -- Jul 25, 2021
CVE-2021-37450 Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmprop?id= (reflected). -- Jul 25, 2021
CVE-2021-37449 Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmlist?folder= (reflected). -- Jul 25, 2021
CVE-2021-37448 Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via the Mailbox name (stored). -- Jul 25, 2021
CVE-2021-37447 In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentdelete?file=/.. for file deletion. -- Jul 25, 2021
CVE-2021-37446 In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via documentprop?file=/.. for file reading. -- Jul 25, 2021
CVE-2021-37445 In NCH Quorum v2.03 and earlier, an authenticated user can use directory traversal via logprop?file=/.. for file reading. -- Jul 25, 2021
CVE-2021-37444 NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element\'s pathname is set to a Windows startup folder, a file for the inbuilt Out-Going Message function, or a file for the the inbuilt Autodial function. -- Jul 25, 2021
CVE-2021-37443 NCH IVM Attendant v5.12 and earlier allows path traversal via the logdeleteselected check0 parameter for file deletion. -- Jul 25, 2021
CVE-2021-37442 NCH IVM Attendant v5.12 and earlier allows path traversal via viewfile?file=/.. to read files. -- Jul 25, 2021
CVE-2021-37441 NCH Axon PBX v2.22 and earlier allows path traversal for file deletion via the logdelete?file=/.. substring. -- Jul 25, 2021
CVE-2021-37440 NCH Axon PBX v2.22 and earlier allows path traversal for file disclosure via the logprop?file=/.. substring. -- Jul 25, 2021
CVE-2021-37439 NCH FlexiServer v6.00 suffers from a syslog?file=/.. path traversal vulnerability. -- Jul 25, 2021
CVE-2021-26699 OX App Suite before 7.10.3-rev4 and 7.10.4 before 7.10.4-rev4 allows SSRF via a shared SVG document that is mishandled by the imageconverter component when the .png extension is used. -- Jul 25, 2021
CVE-2021-26698 OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and the dl parameter is used. -- Jul 25, 2021
CVE-2021-23413 This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values (e.g __proto__, toString, etc) results in a returned object with a modified prototype instance. -- Jul 25, 2021
CVE-2021-3663 firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts -- Jul 25, 2021
CVE-2021-37436 Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor marketing statements about safely removing personal content via a factory reset. Also, the vendor has reportedly indicated that they are working on mitigations. -- Jul 24, 2021
CVE-2021-33910 basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash. -- Jul 24, 2021
CVE-2021-36747 Blackboard Learn through 9.1 allows XSS by an authenticated user via the Feedback to Learner form. LOW Jul 23, 2021
CVE-2021-36746 Blackboard Learn through 9.1 allows XSS by an authenticated user via the Assignment Instructions HTML editor. LOW Jul 23, 2021
CVE-2021-34268 An issue in the USBH_ParseDevDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service (DOS) via a malformed USB device packet. -- Jul 23, 2021
CVE-2021-34267 An in the USBH_MSC_InterfaceInit() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service (DOS) when the system tries to communicate with the connected endpoint. -- Jul 23, 2021
CVE-2021-34262 A buffer overflow vulnerability in the USBH_ParseEPDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code. -- Jul 23, 2021
CVE-2021-34261 An issue in USBH_ParseCfgDesc() of STMicroelectronics STM32Cube Middleware v1.8.0 and below causes a denial of service due to the system hanging when trying to set a remote wake-up feature. -- Jul 23, 2021
CVE-2021-34260 A buffer overflow vulnerability in the USBH_ParseInterfaceDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code. -- Jul 23, 2021
CVE-2021-34259 A buffer overflow vulnerability in the USBH_ParseCfgDesc() function of STMicroelectronics STM32Cube Middleware v1.8.0 and below allows attackers to execute arbitrary code. -- Jul 23, 2021
CVE-2021-33909 fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. -- Jul 23, 2021
CVE-2021-32786 mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9, `oidc_validate_redirect_url()` does not parse URLs the same way as most browsers do. As a result, this function can be bypassed and leads to an Open Redirect vulnerability in the logout functionality. This bug has been fixed in version 2.4.9 by replacing any backslash of the URL to redirect with slashes to address a particular breaking change between the different specifications (RFC2396 / RFC3986 and WHATWG). As a workaround, this vulnerability can be mitigated by configuring `mod_auth_openidc` to only allow redirection whose destination matches a given regular expression. -- Jul 23, 2021
CVE-2021-32785 mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When mod_auth_openidc versions prior to 2.4.9 are configured to use an unencrypted Redis cache (`OIDCCacheEncrypt off`, `OIDCSessionType server-cache`, `OIDCCacheType redis`), `mod_auth_openidc` wrongly performed argument interpolation before passing Redis requests to `hiredis`, which would perform it again and lead to an uncontrolled format string bug. Initial assessment shows that this bug does not appear to allow gaining arbitrary code execution, but can reliably provoke a denial of service by repeatedly crashing the Apache workers. This bug has been corrected in version 2.4.9 by performing argument interpolation only once, using the `hiredis` API. As a workaround, this vulnerability can be mitigated by setting `OIDCCacheEncrypt` to `on`, as cache keys are cryptographically hashed before use when this option is enabled. -- Jul 23, 2021
CVE-2021-32783 Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy\'s admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy remotely (a denial of service), or to expose the existence of any Secret that Envoy is using for its configuration, including most notably TLS Keypairs. However, it *cannot* be used to get the *content* of those secrets. Since this attack allows access to the administration interface, a variety of administration options are available, such as shutting down the Envoy or draining traffic. In general, the Envoy admin interface cannot easily be used for making changes to the cluster, in-flight requests, or backend services, but it could be used to shut down or drain Envoy, change traffic routing, or to retrieve secret metadata, as mentioned above. The issue will be addressed in Contour v1.18.0 and a cherry-picked patch release, v1.17.1, has been released to cover users who cannot upgrade at this time. For more details refer to the linked GitHub Security Advisory. -- Jul 23, 2021
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online