Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 238061 entries
IDDescriptionPriorityModified date
CVE-2024-47344 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StylemixThemes uListing.This issue affects uListing: from n/a through 2.1.5. -- Oct 7, 2024
CVE-2024-47335 Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Bit Form Bit Form – Contact Form Plugin allows SQL Injection.This issue affects Bit Form – Contact Form Plugin: from n/a through 2.13.11. -- Oct 7, 2024
CVE-2024-47191 OATH Toolkit pam_oath usersfile ${HOME} privilege escalation -- Oct 7, 2024
CVE-2024-46325 TP-Link WR740N V6 has a stack overflow vulnerability via the ssid parameter in /userRpm/popupSiteSurveyRpm.htm url. -- Oct 7, 2024
CVE-2024-45153 Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. -- Oct 7, 2024
CVE-2024-43047 Memory corruption while maintaining memory maps of HLOS memory. -- Oct 7, 2024
CVE-2024-42027 The E2EE password entropy generated by Rocket.Chat Mobile prior to version 4.5.1 is insufficient, allowing attackers to crack it if they have the appropriate time and resources. -- Oct 7, 2024
CVE-2024-38425 Information disclosure while sending implicit broadcast containing APP launch information. -- Oct 7, 2024
CVE-2024-38399 Memory corruption while processing user packets to generate page faults. -- Oct 7, 2024
CVE-2024-38397 Transient DOS while parsing probe response and assoc response frame. -- Oct 7, 2024
CVE-2024-33073 Information disclosure while parsing the BSS parameter change count or MLD capabilities fields of the ML IE. -- Oct 7, 2024
CVE-2024-33071 Transient DOS while parsing the MBSSID IE from the beacons when IE length is 0. -- Oct 7, 2024
CVE-2024-33070 Transient DOS while parsing ESP IE from beacon/probe response frame. -- Oct 7, 2024
CVE-2024-33069 Transient DOS when transmission of management frame sent by host is not successful and error status is received in the host. -- Oct 7, 2024
CVE-2024-33066 Memory corruption while redirecting log file to any file location with any file name. -- Oct 7, 2024
CVE-2024-33065 Memory corruption while taking snapshot when an offset variable is set by camera driver. -- Oct 7, 2024
CVE-2024-33064 Information disclosure while parsing the multiple MBSSID IEs from the beacon. -- Oct 7, 2024
CVE-2024-33049 Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame. -- Oct 7, 2024
CVE-2024-23379 Memory corruption while unmapping the fastrpc map when two threads can free the same map in concurrent scenario. -- Oct 7, 2024
CVE-2024-23378 Memory corruption while invoking IOCTL calls for MSM module from the user space during audio playback and record. -- Oct 7, 2024
CVE-2024-23376 Memory corruption while sending the persist buffer command packet from the user-space to the kernel space through the IOCTL call. -- Oct 7, 2024
CVE-2024-23375 Memory corruption during the network scan request. -- Oct 7, 2024
CVE-2024-23374 Memory corruption is possible when an attempt is made from userspace or console to write some haptics effects pattern to the haptics debugfs file. -- Oct 7, 2024
CVE-2024-23370 Memory corruption when a process invokes IOCTL calls from user-space to create a HAB virtual channel and another process invokes IOCTL calls to destroy the same. -- Oct 7, 2024
CVE-2024-23369 Memory corruption when invalid length is provided from HLOS for FRS/UDS request/response buffers. -- Oct 7, 2024
CVE-2024-21455 Memory corruption when a compat IOCTL call is followed by another IOCTL call from userspace to a driver. -- Oct 7, 2024
CVE-2024-20103 In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09001358; Issue ID: MSV-1599. -- Oct 7, 2024
CVE-2024-20102 In wlan driver, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998892; Issue ID: MSV-1601. -- Oct 7, 2024
CVE-2024-20101 In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998901; Issue ID: MSV-1602. -- Oct 7, 2024
CVE-2024-20100 In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998449; Issue ID: MSV-1603. -- Oct 7, 2024
CVE-2024-20099 In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08997492; Issue ID: MSV-1625. -- Oct 7, 2024
CVE-2024-20098 In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996886; Issue ID: MSV-1626. -- Oct 7, 2024
CVE-2024-20097 In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1630. -- Oct 7, 2024
CVE-2024-20096 In m4u, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996900; Issue ID: MSV-1635. -- Oct 7, 2024
CVE-2024-20095 In m4u, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996894; Issue ID: MSV-1636. -- Oct 7, 2024
CVE-2024-20094 In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00843282; Issue ID: MSV-1535. -- Oct 7, 2024
CVE-2024-20093 In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1699. -- Oct 7, 2024
CVE-2024-20092 In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1700. -- Oct 7, 2024
CVE-2024-20091 In vdec, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1701. -- Oct 7, 2024
CVE-2024-20090 In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1703. -- Oct 7, 2024
CVE-2024-9566 A vulnerability classified as critical was found in D-Link DIR-619L B1 2.06. This vulnerability affects the function formDeviceReboot of the file /goform/formDeviceReboot. The manipulation of the argument next_page leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. -- Oct 7, 2024
CVE-2024-9565 A vulnerability has been found in D-Link DIR-605L 2.13B01 BETA and classified as critical. Affected by this vulnerability is the function formSetPassword of the file /goform/formSetPassword. The manipulation of the argument curTime leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. -- Oct 7, 2024
CVE-2024-9564 A vulnerability, which was classified as critical, was found in D-Link DIR-605L 2.13B01 BETA. Affected is the function formWlanWizardSetup of the file /goform/formWlanWizardSetup. The manipulation of the argument webpage leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. -- Oct 7, 2024
CVE-2024-9563 A vulnerability, which was classified as critical, has been found in D-Link DIR-605L 2.13B01 BETA. This issue affects the function formWlanSetup_Wizard of the file /goform/formWlanSetup_Wizard. The manipulation of the argument webpage leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. -- Oct 7, 2024
CVE-2024-47854 An XSS vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back to an authenticated user without sanitization if executed by that user. -- Oct 6, 2024
CVE-2024-47650 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Axton WP-WebAuthn allows Stored XSS.This issue affects WP-WebAuthn: from n/a through 1.3.1. -- Oct 6, 2024
CVE-2024-47368 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Leap13 Premium Blocks – Gutenberg Blocks for WordPress allows Stored XSS.This issue affects Premium Blocks – Gutenberg Blocks for WordPress: from n/a through 2.1.33. -- Oct 6, 2024
CVE-2024-47367 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Reflected XSS.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.13.0. -- Oct 6, 2024
CVE-2024-47366 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in WPVibes Elementor Addon Elements allows Stored XSS.This issue affects Elementor Addon Elements: from n/a through 1.13.6. -- Oct 6, 2024
CVE-2024-47365 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Atakan Au Automatically Hierarchic Categories in Menu allows Stored XSS.This issue affects Automatically Hierarchic Categories in Menu: from n/a through 2.0.5. -- Oct 6, 2024
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online