Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 164176 entries
IDDescriptionPriorityModified date
CVE-2022-45669 Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterGet function. -- Dec 2, 2022
CVE-2022-45668 Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. -- Dec 2, 2022
CVE-2022-45667 Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. -- Dec 2, 2022
CVE-2022-45664 Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the list parameter in the formwrlSSIDget function. -- Dec 2, 2022
CVE-2022-45663 Tenda i22 V1.0.0.3(4687) was discovered to contain a buffer overflow via the index parameter in the formWifiMacFilterSet function. -- Dec 2, 2022
CVE-2022-45661 Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the time parameter in the setSmartPowerManagement function. -- Dec 2, 2022
CVE-2022-45660 Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the schedStartTime parameter in the setSchedWifi function. -- Dec 2, 2022
CVE-2022-45659 Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the wpapsk_crypto parameter in the fromSetWirelessRepeat function. -- Dec 2, 2022
CVE-2022-45658 Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the schedEndTime parameter in the setSchedWifi function. -- Dec 2, 2022
CVE-2022-45657 Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function. -- Dec 2, 2022
CVE-2022-45656 Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the time parameter in the fromSetSysTime function. -- Dec 2, 2022
CVE-2022-45655 Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the timeZone parameter in the form_fast_setting_wifi_set function. -- Dec 2, 2022
CVE-2022-45654 Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the ssid parameter in the form_fast_setting_wifi_set function. -- Dec 2, 2022
CVE-2022-45653 Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the page parameter in the fromNatStaticSetting function. -- Dec 2, 2022
CVE-2022-45652 Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the startIp parameter in the formSetPPTPServer function. -- Dec 2, 2022
CVE-2022-45651 Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the formSetVirtualSer function. -- Dec 2, 2022
CVE-2022-45650 Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the firewallEn parameter in the formSetFirewallCfg function. -- Dec 2, 2022
CVE-2022-45649 Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the endIp parameter in the formSetPPTPServer function. -- Dec 2, 2022
CVE-2022-45648 Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the devName parameter in the formSetDeviceName function. -- Dec 2, 2022
CVE-2022-45647 Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeed parameter in the formSetClientState function. -- Dec 2, 2022
CVE-2022-45646 Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeedUp parameter in the formSetClientState function. -- Dec 2, 2022
CVE-2022-45645 Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceMac parameter in the addWifiMacFilter function. -- Dec 2, 2022
CVE-2022-45644 Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the formSetClientState function. -- Dec 2, 2022
CVE-2022-45643 Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the deviceId parameter in the addWifiMacFilter function. -- Dec 2, 2022
CVE-2022-45641 Tenda AC6V1.0 V15.03.05.19 is vulnerable to Buffer Overflow via formSetMacFilterCfg. -- Dec 2, 2022
CVE-2022-45640 Tenda Tenda AC6V1.0 V15.03.05.19 is affected by buffer overflow. Causes a denial of service (local). -- Dec 1, 2022
CVE-2022-45562 Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 allow attackers to manipulate and access system settings with backdoor account low privilege, this can lead to change hardware settings and execute arbitrary commands in vulnerable system functions that is requires high privilege to access. -- Dec 2, 2022
CVE-2022-45536 AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the id parameter at \\admin\\post_comments.php. This vulnerability allows attackers to access database information. -- Nov 23, 2022
CVE-2022-45535 AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at \\admin\\categories.php. This vulnerability allows attackers to access database information. -- Nov 23, 2022
CVE-2022-45529 AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the post_category_id parameter at \\admin\\includes\\edit_post.php. This vulnerability allows attackers to access database information. -- Nov 23, 2022
CVE-2022-45483 Lazy Mouse allows an attacker (in a man in the middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N -- Dec 2, 2022
CVE-2022-45482 Lazy Mouse server enforces weak password requirements and doesn\'t implement rate limiting, allowing remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary commands. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H -- Dec 2, 2022
CVE-2022-45480 PC Keyboard WiFi & Bluetooth allows an attacker (in a man-in-the-middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N -- Dec 2, 2022
CVE-2022-45476 Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files. -- Nov 25, 2022
CVE-2022-45475 Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files. -- Nov 25, 2022
CVE-2022-45474 drachtio-server 0.8.18 has a request-handler.cpp event_cb use-after-free for any request. -- Nov 18, 2022
CVE-2022-45473 In drachtio-server 0.8.18, /var/log/drachtio has mode 0777 and drachtio.log has mode 0666. -- Nov 18, 2022
CVE-2022-45472 CAE LearningSpace Enterprise (with Intuity License) image 267r patch 639 allows DOM XSS, related to ontouchmove and onpointerup. -- Nov 26, 2022
CVE-2022-45471 In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address -- Nov 18, 2022
CVE-2022-45470 ** UNSUPPORTED WHEN ASSIGNED ** missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed. -- Nov 23, 2022
CVE-2022-45462 Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher -- Nov 26, 2022
CVE-2022-45461 The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to execute arbitrary commands as root. -- Nov 17, 2022
CVE-2022-45442 Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue. -- Dec 1, 2022
CVE-2022-45422 When LG SmartShare is installed, local privilege escalation is possible through DLL Hijacking attack. The LG ID is LVE-HOT-220005. -- Nov 23, 2022
CVE-2022-45402 In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver\'s `/login` endpoint. -- Nov 17, 2022
CVE-2022-45401 Jenkins Associated Files Plugin 0.2.1 and earlier does not escape names of associated files, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. -- Nov 18, 2022
CVE-2022-45400 Jenkins JAPEX Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. -- Nov 20, 2022
CVE-2022-45399 A missing permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics. -- Nov 18, 2022
CVE-2022-45398 A cross-site request forgery (CSRF) vulnerability in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics. -- Nov 18, 2022
CVE-2022-45397 Jenkins OSF Builder Suite : : XML Linter Plugin 1.0.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. -- Nov 20, 2022
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online