Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 216537 entries
IDDescriptionPriorityModified date
CVE-2023-34333 AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause an untrusted pointer to dereference via a local network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. -- Jan 10, 2024
CVE-2023-40544 An attacker with access to the network where the affected devices are located could maliciously actions to obtain, via a sniffer, sensitive information exchanged via TCP communications. -- Feb 7, 2024
CVE-2023-49610 MachineSense FeverWarn Raspberry Pi-based devices lack input sanitization, which could allow an attacker on an adjacent network to send a message running commands or could overflow the stack. -- Feb 1, 2024
CVE-2023-41084 Session management within the web application is incorrect and allows attackers to steal session cookies to perform a multitude of actions that the web app allows on the device. -- Sep 19, 2023
CVE-2023-32289 The affected application lacks proper validation of user-supplied data when parsing project files (e.g.., CSP). This could lead to an out-of-bounds read in IO_CFG. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. -- Jun 6, 2023
CVE-2023-41088 The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker with access to the network, where clients have access to the DexGate server, could capture traffic. The attacker can later us the information within it to access the application. -- Oct 19, 2023
CVE-2023-22813 A device API endpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile Apps, SanDisk ibi iOS and Android Mobile Apps, My Cloud OS 5 Web App, My Cloud Home Web App and the SanDisk ibi Web App. Due to a permissive CORS policy and missing authentication requirement for private IPs, a remote attacker on the same network as the device could obtain device information by convincing a victim user to visit an attacker-controlled server and issue a cross-site request. This issue affects My Cloud OS 5 Mobile App: before 4.21.0; My Cloud Home Mobile App: before 4.21.0; ibi Mobile App: before 4.21.0; My Cloud OS 5 Web App: before 4.26.0-6126; My Cloud Home Web App: before 4.26.0-6126; ibi Web App: before 4.26.0-6126. -- May 10, 2023
CVE-2023-34050 In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in messages from untrusted sources; however by default, when no allowed list was provided, all classes could be deserialized. Specifically, an application is vulnerable if * the SimpleMessageConverter or SerializerMessageConverter is used * the user does not configure allowed list patterns * untrusted message originators gain permissions to write messages to the RabbitMQ broker to send malicious content -- Oct 19, 2023
CVE-2023-40465 Several versions of ALEOS, including ALEOS 4.16.0, include an opensource third-party component which can be exploited from the local area network, resulting in a Denial of Service condition for the captive portal. -- Dec 5, 2023
CVE-2023-40464 Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded SSL certificate and private key. An attacker with access to these items could potentially perform a man in the middle attack between the ACEManager client and ACEManager server. -- Dec 5, 2023
CVE-2023-40461 The ACEManager component of ALEOS 4.16 and earlier allows an authenticated user with Administrator privileges to access a file upload field which does not fully validate the file name, creating a Stored Cross-Site Scripting condition. -- Dec 5, 2023
CVE-2023-40462 The ACEManager component of ALEOS 4.16 and earlier does not perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting within ten seconds of becoming unavailable. -- Dec 5, 2023
CVE-2023-40460 The ACEManager component of ALEOS 4.16 and earlier does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within ACEManager, altering the device functionality until the device is restarted. -- Dec 5, 2023
CVE-2023-40463 When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and earlier store the SHA512 hash of the common root password for that version in a directory accessible to a user with root privileges or equivalent access. -- Dec 5, 2023
CVE-2023-25550 A CWE-94: Improper Control of Generation of Code (\'Code Injection\') vulnerability exists that allows remote code execution via the “hostname” parameter when maliciously crafted hostname syntax is entered. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) -- Apr 18, 2023
CVE-2023-3043 AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. -- Jan 10, 2024
CVE-2023-50705 An attacker could create malicious requests to obtain sensitive information about the web server. -- Dec 20, 2023
CVE-2023-42765 An attacker with access to the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the username parameter in the SNMP configuration. -- Feb 7, 2024
CVE-2023-23579 Datakit CrossCadWare_x64.dll contains an out-of-bounds write past the end of an allocated buffer while parsing a specially crafted SLDPRT file. This could allow an attacker to execute code in the context of the current process. -- Apr 21, 2023
CVE-2023-6930 EuroTel ETL3100 versions v01c01 and v01x37 suffer from an unauthenticated configuration and log download vulnerability. This enables the attacker to disclose sensitive information and assist in authentication bypass, privilege escalation, and full system access. -- Dec 19, 2023
CVE-2023-40145 In Weintek\'s cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device. -- Oct 19, 2023
CVE-2023-43492 In Weintek\'s cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication. -- Oct 19, 2023
CVE-2023-20560 Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading to denial of service. -- Aug 15, 2023
CVE-2023-5909 KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect. -- Nov 30, 2023
CVE-2023-47867 MachineSense FeverWarn devices are configured as Wi-Fi hosts in a way that attackers within range could connect to the device\'s web services and compromise the device. -- Feb 1, 2024
CVE-2023-38582 Persistent cross-site scripting (XSS) in the web application of MOD3GP-SY-120K allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into the field MAIL_RCV. When a legitimate user attempts to access to the vulnerable page of the web application, the XSS payload will be executed. -- Sep 19, 2023
CVE-2023-35765 PiiGAB M-Bus stores credentials in a plaintext file, which could allow a low-level user to gain admin credentials. -- Jul 7, 2023
CVE-2023-32652 PiiGAB M-Bus does not validate identification strings before processing, which could make it vulnerable to cross-site scripting attacks. -- Jul 7, 2023
CVE-2023-3703 Proscend Advice ICR Series routers FW version 1.76 - CWE-1392: Use of Default Credentials -- Sep 4, 2023
CVE-2023-46663 Sielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. -- Oct 26, 2023
CVE-2023-40459 The ACEManager component of ALEOS 4.16 and earlier does not adequately perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting within ten seconds of becoming unavailable. -- Dec 5, 2023
CVE-2023-32281 The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to an out-of-bounds read in the FontManager. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. -- Jun 6, 2023
CVE-2023-41089 The affected product is vulnerable to an improper authentication vulnerability, which may allow an attacker to impersonate a legitimate user as long as the device keeps the session active, since the attack takes advantage of the cookie header to generate legitimate requests. -- Oct 19, 2023
CVE-2023-33222 When handling contactless cards, usage of a specific function to get additional information from the card which doesn\'t check the boundary on the data received while reading. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device -- Dec 15, 2023
CVE-2023-33221 When reading DesFire keys, the function that reads the card isn\'t properly checking the boundaries when copying internally the data received. This allows a heap based buffer overflow that could lead to a potential Remote Code Execution on the targeted device. This is especially problematic if you use Default DESFire key. -- Dec 15, 2023
CVE-2023-28412 When supplied with a random MAC address, Snap One OvrC cloud servers will return information about the device. The MAC address of devices can be enumerated in an attack and the OvrC cloud will disclose their information. -- May 23, 2023
CVE-2023-1288 An XML External Entity injection (XXE) vulnerability in ENOVIA Live Collaboration V6R2013xE allows an attacker to read local files on the server. -- Mar 9, 2023
CVE-2022-43378 A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause the user to be tricked into performing unintended actions when external address frames are not properly restricted. Affected Products: NetBotz 4 - 355/450/455/550/570 (V4.7.0 and prior) -- Apr 18, 2023
CVE-2023-25549 A CWE-94: Improper Control of Generation of Code (\'Code Injection\') vulnerability exists that allows for remote code execution when using a parameter of the DCE network settings endpoint. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) -- Apr 18, 2023
CVE-2023-45213 A potential attacker with access to the Westermo Lynx device would be able to execute malicious code that could affect the correct functioning of the device. -- Feb 7, 2024
CVE-2023-37294 AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. -- Jan 10, 2024
CVE-2023-22846 Datakit CrossCadWare_x64.dll contains an out-of-bounds read past the end of an allocated buffer while parsing a specially crafted SLDPRT file. This vulnerability could allow an attacker to disclose sensitive information. -- Apr 21, 2023
CVE-2023-1145 Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution. -- Mar 30, 2023
CVE-2023-33220 During the retrofit validation process, the firmware doesn\'t properly check the boundaries while copying some attributes to check. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device -- Dec 15, 2023
CVE-2023-43609 In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could obtain access to sensitive information or cause a denial-of-service condition. -- Feb 15, 2024
CVE-2023-34394 In Keysight Geolocation Server v2.4.2 and prior, an attacker could upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges due to an improper path validation, which could result in local privilege escalation or a denial-of-service condition. -- Jul 20, 2023
CVE-2023-38584 In Weintek\'s cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication. -- Oct 19, 2023
CVE-2023-20564 Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel execution. -- Aug 15, 2023
CVE-2023-20561 Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD ?Prof may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to denial of service. -- Aug 8, 2023
CVE-2023-49115 MachineSense devices use unauthenticated MQTT messaging to monitor devices and remote viewing of sensor data by users. -- Feb 1, 2024
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online