Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 216537 entries
IDDescriptionPriorityModified date
CVE-2021-28345 Remote Procedure Call Runtime Remote Code Execution Vulnerability MEDIUM Apr 13, 2021
CVE-2021-28344 Remote Procedure Call Runtime Remote Code Execution Vulnerability MEDIUM Apr 13, 2021
CVE-2021-28343 Remote Procedure Call Runtime Remote Code Execution Vulnerability MEDIUM Apr 13, 2021
CVE-2021-28342 Remote Procedure Call Runtime Remote Code Execution Vulnerability MEDIUM Apr 13, 2021
CVE-2021-28341 Remote Procedure Call Runtime Remote Code Execution Vulnerability MEDIUM Apr 13, 2021
CVE-2021-28340 Remote Procedure Call Runtime Remote Code Execution Vulnerability MEDIUM Apr 13, 2021
CVE-2021-28339 Remote Procedure Call Runtime Remote Code Execution Vulnerability MEDIUM Apr 13, 2021
CVE-2021-28338 Remote Procedure Call Runtime Remote Code Execution Vulnerability MEDIUM Apr 13, 2021
CVE-2021-28337 Remote Procedure Call Runtime Remote Code Execution Vulnerability MEDIUM Apr 13, 2021
CVE-2021-28336 Remote Procedure Call Runtime Remote Code Execution Vulnerability MEDIUM Apr 13, 2021
CVE-2021-28335 Remote Procedure Call Runtime Remote Code Execution Vulnerability MEDIUM Apr 13, 2021
CVE-2021-28334 Remote Procedure Call Runtime Remote Code Execution Vulnerability MEDIUM Apr 13, 2021
CVE-2021-28333 Remote Procedure Call Runtime Remote Code Execution Vulnerability MEDIUM Apr 13, 2021
CVE-2021-28332 Remote Procedure Call Runtime Remote Code Execution Vulnerability MEDIUM Apr 13, 2021
CVE-2021-28331 Remote Procedure Call Runtime Remote Code Execution Vulnerability MEDIUM Apr 13, 2021
CVE-2021-28330 Remote Procedure Call Runtime Remote Code Execution Vulnerability MEDIUM Apr 13, 2021
CVE-2021-28329 Remote Procedure Call Runtime Remote Code Execution Vulnerability MEDIUM Apr 13, 2021
CVE-2021-28327 Remote Procedure Call Runtime Remote Code Execution Vulnerability MEDIUM Apr 13, 2021
CVE-2021-1666 Remote Procedure Call Runtime Remote Code Execution Vulnerability MEDIUM Jan 12, 2021
CVE-2021-1664 Remote Procedure Call Runtime Remote Code Execution Vulnerability MEDIUM Jan 12, 2021
CVE-2021-1658 Remote Procedure Call Runtime Remote Code Execution Vulnerability MEDIUM Jan 12, 2021
CVE-2021-1660 Remote Procedure Call Runtime Remote Code Execution Vulnerability MEDIUM Jan 12, 2021
CVE-2021-1701 Remote Procedure Call Runtime Remote Code Execution Vulnerability HIGH Jan 12, 2021
CVE-2021-1700 Remote Procedure Call Runtime Remote Code Execution Vulnerability HIGH Jan 12, 2021
CVE-2021-1667 Remote Procedure Call Runtime Remote Code Execution Vulnerability HIGH Jan 12, 2021
CVE-2021-1671 Remote Procedure Call Runtime Remote Code Execution Vulnerability MEDIUM Jan 12, 2021
CVE-2021-1673 Remote Procedure Call Runtime Remote Code Execution Vulnerability MEDIUM Jan 12, 2021
CVE-2016-7815 Remote Service Manager 3.0.0 to 3.1.4 fails to verify client certificates, which may allow remote attackers to gain access to systems on the network. MEDIUM May 10, 2017
CVE-2018-6494 Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, may lead to unauthorized disclosure of data. MEDIUM May 23, 2018
CVE-2019-11646 Remote unauthorized command execution and unauthorized disclosure of information in Micro Focus Service Manager, versions 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61. This vulnerability could allow Remote unauthorized command execution and unauthorized disclosure of information. HIGH Jun 4, 2019
CVE-2023-33480 RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell. The vulnerabilities are caused by a lack of input validation and access control in the staff/register.php endpoint and the edit-my-profile.php page. By sending a series of specially crafted requests to the RemoteClinic application, an attacker can create admin users with more privileges than their own, upload a PHP file containing arbitrary code, and execute arbitrary commands via the PHP shell. -- Nov 7, 2023
CVE-2023-33478 RemoteClinic 2.0 has a SQL injection vulnerability in the ID parameter of /medicines/stocks.php. -- Nov 7, 2023
CVE-2023-33481 RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection attack in the \'start\' GET parameter of patients/index.php. -- Nov 7, 2023
CVE-2023-33479 RemoteClinic version 2.0 contains a SQL injection vulnerability in the /staff/edit.php file. -- Nov 7, 2023
CVE-2024-0901 Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length. -- Mar 22, 2024
CVE-2018-15919 Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states \'We understand that the OpenSSH developers do not want to treat such a username enumeration (or oracle) as a vulnerability.\' MEDIUM Aug 28, 2018
CVE-2011-4201 remote_support.cgi in the Tadasoft Restorepoint 3.2 evaluation image allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) pid1 or (2) pid2 parameter in a stop_remote_support action. High Dec 13, 2011
CVE-2020-26412 Removed group members were able to use the To-Do functionality to retrieve updated information on confidential epics starting in GitLab EE 13.2 before 13.6.2. MEDIUM Dec 11, 2020
CVE-2022-26485 Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0. -- Dec 22, 2022
CVE-2023-35167 Remult is a CRUD framework for full-stack TypeScript. If you used the apiPrefilter option of the `@Entity` decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the `id` of an entity instance is not authorized to access, can gain read, update and delete access to it. The issue is fixed in version 0.20.6. As a workaround, set the `apiPrefilter` option to a filter object instead of a function. -- Jun 24, 2023
CVE-2022-35143 Renato v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks. -- Aug 4, 2022
CVE-2022-35144 Renato v0.17.0 was discovered to contain a cross-site scripting (XSS) vulnerability. -- Aug 4, 2022
CVE-2023-39075 Renault Zoe EV 2021 automotive infotainment system versions 283C35202R to 283C35519R (builds 11.10.2021 to 16.01.2023) allows attackers to crash the infotainment system by sending arbitrary USB data via a USB device. -- Aug 3, 2023
CVE-2023-33865 RenderDoc before 1.27 allows local privilege escalation via a symlink attack. It relies on the /tmp/RenderDoc directory regardless of ownership. -- Jun 8, 2023
CVE-2022-4862 Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information. This issue affects M-Files New Web: before 22.12.12140.3. -- Mar 11, 2023
CVE-2010-2297 rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an HTML document that has a large colspan attribute within a table. High Jun 16, 2010
CVE-2011-1804 rendering/RenderBox.cpp in WebCore in WebKit before r86862, as used in Google Chrome before 11.0.696.71, does not properly render floats, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a stale pointer. High May 27, 2011
CVE-2012-4514 rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to trying to reuse a frame with a null part. Medium Nov 12, 2012
CVE-2011-1793 rendering/svg/RenderSVGResourceFilter.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted SVG document that leads to a stale pointer. High Dec 29, 2014
CVE-2011-1798 rendering/svg/RenderSVGText.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 does not properly perform a cast of an unspecified variable during an attempt to handle a block child, which allows remote attackers to cause a denial of service (application crash) or possibly have unknown other impact via a crafted text element in an SVG document. High Dec 29, 2014
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online