Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 150585 entries
IDDescriptionPriorityModified date
CVE-2022-30129 Visual Studio Code Remote Code Execution Vulnerability. -- May 11, 2022
CVE-2022-30062 ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Read via tp.php -- May 11, 2022
CVE-2022-30061 ftcms <=2.1 was discovered to be vulnerable to directory traversal attacks via the parameter tp. -- May 11, 2022
CVE-2022-30060 ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Write via admin/controllers/tp.php -- May 11, 2022
CVE-2022-30059 Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Delete vulnerability via the neirong parameter at \\backend\\controllers\\DbController.php. -- May 11, 2022
CVE-2022-30058 Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Download vulnerability via the neirong parameter at \\backend\\controllers\\DbController.php. -- May 11, 2022
CVE-2022-30057 Shopwind <=v3.4.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability. -- May 11, 2022
CVE-2022-30048 Mingsoft MCMS 5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/list URI via orderBy parameter. -- May 11, 2022
CVE-2022-30047 Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/listExcludeApp URI via orderBy parameter. -- May 11, 2022
CVE-2022-30040 Tenda AX1803 v1.0.0.1_2890 is vulnerable to Buffer Overflow. The vulnerability lies in rootfs_ In / goform / setsystimecfg of / bin / tdhttpd in ubif file system, attackers can access http://ip/goform/SetSysTimeCfg, and by setting the ntpserve parameter, the stack buffer overflow can be caused to achieve the effect of router denial of service. -- May 11, 2022
CVE-2022-29978 There is a floating point exception error in sixel_encoder_do_resize, encoder.c:633 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file. -- May 11, 2022
CVE-2022-29977 There is an assertion failure error in stbi__jpeg_huff_decode, stb_image.h:1894 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file. -- May 11, 2022
CVE-2022-29976 An Authenticated Reflected Cross-site scripting at BCC Parameter was discovered in MDaemon before 22.0.0 . -- May 11, 2022
CVE-2022-29975 An Authenticated Reflected Cross-site scripting at CC Parameter was discovered in MDaemon before 22.0.0 . -- May 11, 2022
CVE-2022-29932 The HTTP Server in PRIMEUR SPAZIO 2.5.1.954 (File Transfer) allows an unauthenticated attacker to obtain sensitive data (related to the content of transferred files) via a crafted HTTP request. -- May 11, 2022
CVE-2022-29898 On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the configuration file uploader in the WebUI to execute arbitrary code with root privileges on the OS due to an improper validation of an integrity check value in all versions of the firmware. -- May 11, 2022
CVE-2022-29897 On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the traceroute utility integrated in the WebUI to execute arbitrary code with root privileges on the OS due to an improper input validation in all versions of the firmware. -- May 11, 2022
CVE-2022-29848 In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read sensitive operating-system attributes from a host that is accessible by the WhatsUp Gold system. -- May 11, 2022
CVE-2022-29847 In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold user credentials to an arbitrary host. -- May 11, 2022
CVE-2022-29846 In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to obtain the WhatsUp Gold installation serial number. -- May 11, 2022
CVE-2022-29845 In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file. -- May 11, 2022
CVE-2022-29728 Survey Sparrow Enterprise Survey Software 2022 has a Reflected cross-site scripting (XSS) vulnerability in the test parameter. -- May 11, 2022
CVE-2022-29727 Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site scripting (XSS) vulnerability in the Signup parameter. -- May 11, 2022
CVE-2022-29656 Wedding Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Wedding-Management/package_detail.php. -- May 11, 2022
CVE-2022-29655 An arbitrary file upload vulnerability in the Upload Photos module of Wedding Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. -- May 11, 2022
CVE-2022-29616 SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption. -- May 11, 2022
CVE-2022-29613 Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number. On successful exploitation, the attacker can view personal details of other users causing a limited impact on confidentiality of the application. -- May 11, 2022
CVE-2022-29611 SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. -- May 11, 2022
CVE-2022-29610 SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete (theme) data, which could result in Stored Cross-Site Scripting (XSS) attack. -- May 11, 2022
CVE-2022-29399 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the url parameter in the function FUN_00415bf0. -- May 11, 2022
CVE-2022-29398 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the File parameter in the function FUN_0041309c. -- May 11, 2022
CVE-2022-29397 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004196c8. -- May 11, 2022
CVE-2022-29396 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_00418f10. -- May 11, 2022
CVE-2022-29395 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the apcliKey parameter in the function FUN_0041bac4. -- May 11, 2022
CVE-2022-29394 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macAddress parameter in the function FUN_0041b448. -- May 11, 2022
CVE-2022-29393 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004192cc. -- May 11, 2022
CVE-2022-29392 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_00418c24. -- May 11, 2022
CVE-2022-29391 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004200c8. -- May 11, 2022
CVE-2022-29318 An arbitrary file upload vulnerability in the New Entry module of Car Rental Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. -- May 11, 2022
CVE-2022-29317 Simple Bus Ticket Booking System v1.0 was discovered to contain multiple SQL injection vulnerbilities via the username and password parameters at /assets/partials/_handleLogin.php. -- May 11, 2022
CVE-2022-29316 Complete Online Job Search System v1.0 was discovered to contain a SQL injection vulnerability via /eris/index.php?q=result&searchfor=advancesearch. -- May 11, 2022
CVE-2022-29151 Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-29135, CVE-2022-29150. -- May 11, 2022
CVE-2022-29150 Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-29135, CVE-2022-29151. -- May 11, 2022
CVE-2022-29148 Visual Studio Remote Code Execution Vulnerability. -- May 11, 2022
CVE-2022-29145 .NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29117. -- May 11, 2022
CVE-2022-29142 Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-29133. -- May 11, 2022
CVE-2022-29141 Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139. -- May 11, 2022
CVE-2022-29140 Windows Print Spooler Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-29114. -- May 11, 2022
CVE-2022-29139 Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29141. -- May 11, 2022
CVE-2022-29138 Windows Clustered Shared Volume Elevation of Privilege Vulnerability. -- May 11, 2022
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online