Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 126455 entries
IDDescriptionPriorityModified date
CVE-2021-30146 Seafile 7.0.5 (2019) allows Persistent XSS via the share of library functionality. LOW Apr 6, 2021
CVE-2021-30145 Before this commit, the user could specify a printf format string which wasn\'t verified, and could result in 1) Undefined behavior due to missing or non-matching arguments. 2) Buffer overflow due to untested result length. -- Apr 14, 2021
CVE-2021-30144 The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileged users to bypass access control on viewing information about the last ten events, the connected users, and the users in the tech category. For example, plugins/dashboard/front/main2.php can be used. MEDIUM Apr 9, 2021
CVE-2021-30141 ** DISPUTED ** Module/Settings/UserExport.php in Friendica through 2021.01 allows settings/userexport to be used by anonymous users, as demonstrated by an attempted access to an array offset on a value of type null, and excessive memory consumption. NOTE: the vendor states the feature still requires a valid authentication cookie even if the route is accessible to non-logged users. MEDIUM Apr 5, 2021
CVE-2021-30140 LiquidFiles 3.4.15 has stored XSS through the send email functionality when sending a file via email to an administrator. When a file has no extension and contains malicious HTML / JavaScript content (such as SVG with HTML content), the payload is executed upon a click. This is fixed in 3.5. LOW Apr 6, 2021
CVE-2021-30130 phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification. -- Apr 6, 2021
CVE-2021-30127 TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the admin web server accessible over the Internet on TCP port 8181, which is arguably inconsistent with the It is only available on the local network documentation. NOTE: manually editing /etc/upnp.json provides a partial but undocumented workaround. HIGH Apr 3, 2021
CVE-2021-30126 Lightmeter ControlCenter 1.1.0 through 1.5.x before 1.5.1 allows anyone who knows the URL of a publicly available Lightmeter instance to access application settings, possibly including an SMTP password and a Slack access token, via a settings HTTP query. MEDIUM Apr 2, 2021
CVE-2021-30125 Jamf Pro before 10.28.0 allows XSS related to inventory history, aka PI-009376. MEDIUM Apr 2, 2021
CVE-2021-30123 FFmpeg <=4.3 contains a buffer overflow vulnerability in libavcodec through a crafted file that may lead to remote code execution. MEDIUM Apr 7, 2021
CVE-2021-30114 Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a voucher payment request through module/accounting/voucher/create. The application fails to validate the CSRF token for a POST request using admin privilege. MEDIUM Apr 8, 2021
CVE-2021-30113 A blind XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in event name and description fields. An attacker can inject a JavaScript code that will be stored in the page. If any visitor sees the event, then the payload will be executed and sends the victim\'s information to the attacker website. MEDIUM Apr 8, 2021
CVE-2021-30112 Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a student_leave_application request through module/core/studentleaveapplication/create. The application fails to validate the CSRF token for a POST request using Guardian privilege. MEDIUM Apr 8, 2021
CVE-2021-30111 A stored XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events, then the payload will be executed. LOW Apr 8, 2021
CVE-2021-30109 Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting (XSS) vulnerability within the hyperlink creation module. MEDIUM Apr 5, 2021
CVE-2021-30074 docsify 4.12.1 is affected by Cross Site Scripting (XSS) because the search component does not appropriately encode Code Blocks and mishandles the character. MEDIUM Apr 3, 2021
CVE-2021-30072 An issue was discovered in prog.cgi on D-Link DIR-878 1.30B08 devices. Because strcat is misused, there is a stack-based buffer overflow that does not require authentication. HIGH Apr 2, 2021
CVE-2021-30058 Knowage Suite before 7.4 is vulnerable to cross-site scripting (XSS). An attacker can inject arbitrary external script in \'/knowagecockpitengine/api/1.0/pages/execute\' via the \'SBI_HOST\' parameter. MEDIUM Apr 5, 2021
CVE-2021-30057 A stored HTML injection vulnerability exists in Knowage Suite version 7.1. An attacker can inject arbitrary HTML in /restful-services/2.0/analyticalDrivers via the \'LABEL\' and \'NAME\' parameters. LOW Apr 5, 2021
CVE-2021-30056 Knowage Suite before 7.4 is vulnerable to reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in /restful-services/publish via the \'EXEC_FROM\' parameter that can lead to data leakage. LOW Apr 5, 2021
CVE-2021-30055 A SQL injection vulnerability in Knowage Suite version 7.1 exists in the documentexecution/url analytics driver component via the \'par_year\' parameter when running a report. MEDIUM Apr 5, 2021
CVE-2021-30046 VIGRA Computer Vision Library Version-1-11-1 contains a segmentation fault vulnerability in the impex.hxx read_image_band() function, in which a crafted file can cause a denial of service. -- Apr 6, 2021
CVE-2021-30045 SerenityOS 2021-03-27 contains a buffer overflow vulnerability in the EndOfCentralDirectory::read() function. MEDIUM Apr 6, 2021
CVE-2021-30044 Cross Site Scripting (XSS) in Remote Clinic v2.0 via the First Name or Last Name field on staff/register.php. LOW Apr 13, 2021
CVE-2021-30042 Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Clinic Name, Clinic Address, Clinic City, or Clinic Contact field on clinics/register.php LOW Apr 13, 2021
CVE-2021-30039 Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Fever or Blood Pressure field on the patients/register-report.php. LOW Apr 13, 2021
CVE-2021-30034 Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Symptons field on patients/register-report.php. LOW Apr 13, 2021
CVE-2021-30030 Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Full Name field on register-patient.php. LOW Apr 13, 2021
CVE-2021-30004 In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. MEDIUM Apr 2, 2021
CVE-2021-30003 An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices. There is Stored XSS in the administrative interface via urlfilter.cgi?add url_address. LOW Apr 2, 2021
CVE-2021-30002 An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b. LOW Apr 2, 2021
CVE-2021-30000 An issue was discovered in LATRIX 0.6.0. SQL injection in the txtaccesscode parameter of inandout.php leads to information disclosure and code execution. HIGH Apr 2, 2021
CVE-2021-29999 An issue was discovered in Wind River VxWorks through 6.8. There is a possible stack overflow in dhcp server. HIGH Apr 16, 2021
CVE-2021-29998 An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client. MEDIUM Apr 16, 2021
CVE-2021-29997 An issue was discovered in Wind River VxWorks 7 before 21.03, A specially crafted packet may lead to buffer over-read on IKE LOW Apr 16, 2021
CVE-2021-29996 Mark Text through 0.16.3 allows attackers arbitrary command execution. This could lead to Remote Code Execution (RCE) by opening .md files containing a mutation Cross Site Scripting (XSS) payload. MEDIUM Apr 5, 2021
CVE-2021-29943 When using ConfigurableInternodeAuthHadoopPlugin for authentication, Apache Solr versions prior to 8.8.2 would forward/proxy distributed requests using server credentials instead of original client credentials. This would result in incorrect authorization resolution on the receiving hosts. -- Apr 13, 2021
CVE-2021-29942 An issue was discovered in the reorder crate through 2021-02-24 for Rust. swap_index can return uninitialized values if an iterator returns a len() that is too large. HIGH Apr 1, 2021
CVE-2021-29941 An issue was discovered in the reorder crate through 2021-02-24 for Rust. swap_index has an out-of-bounds write if an iterator returns a len() that is too small. HIGH Apr 1, 2021
CVE-2021-29940 An issue was discovered in the through crate through 2021-02-18 for Rust. There is a double free (in through and through_and) upon a panic of the map function. HIGH Apr 1, 2021
CVE-2021-29939 An issue was discovered in the stackvector crate through 2021-02-19 for Rust. There is an out-of-bounds write in StackVec::extend if size_hint provides certain anomalous data. HIGH Apr 1, 2021
CVE-2021-29938 An issue was discovered in the slice-deque crate through 2021-02-19 for Rust. A double drop can occur in SliceDeque::drain_filter upon a panic in a predicate function. MEDIUM Apr 1, 2021
CVE-2021-29937 An issue was discovered in the telemetry crate through 2021-02-17 for Rust. There is a drop of uninitialized memory if a value.clone() call panics within misc::vec_with_size(). HIGH Apr 1, 2021
CVE-2021-29936 An issue was discovered in the adtensor crate through 2021-01-11 for Rust. There is a drop of uninitialized memory via the FromIterator implementation for Vector and Matrix. HIGH Apr 1, 2021
CVE-2021-29935 An issue was discovered in the rocket crate before 0.4.7 for Rust. uri::Formatter can have a use-after-free if a user-provided function panics. HIGH Apr 1, 2021
CVE-2021-29934 An issue was discovered in PartialReader in the uu_od crate before 0.0.4 for Rust. Attackers can read the contents of uninitialized memory locations via a user-provided Read operation. HIGH Apr 1, 2021
CVE-2021-29933 An issue was discovered in the insert_many crate through 2021-01-26 for Rust. Elements may be dropped twice if a .next() method panics. MEDIUM Apr 1, 2021
CVE-2021-29932 An issue was discovered in the parse_duration crate through 2021-03-18 for Rust. It allows attackers to cause a denial of service (CPU and memory consumption) via a duration string with a large exponent. MEDIUM Apr 5, 2021
CVE-2021-29931 An issue was discovered in the arenavec crate through 2021-01-12 for Rust. A double drop can sometimes occur upon a panic in T::drop(). MEDIUM Apr 1, 2021
CVE-2021-29930 An issue was discovered in the arenavec crate through 2021-01-12 for Rust. A drop of uninitialized memory can sometimes occur upon a panic in T::default(). MEDIUM Apr 1, 2021
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version.
Live chat
Online