All customers except US A&D: to ensure that you can access all of your product downloads, you must log in to the Wind River Delivers portal https://delivers.windriver.com and visit the My Products page to force an initial sync of your product entitlement. Only after you’ve completed this step will you be able to access and download product content through the Artifacts, Registry, and Git interfaces. This also applies to users attempting to run the Wind River installer in maintenance or update mode or Linux installation updates at the command line.

Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 142792 entries
IDDescriptionPriorityModified date
CVE-2022-21279 Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H). -- Jan 21, 2022
CVE-2022-21278 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H). -- Jan 21, 2022
CVE-2022-21274 Vulnerability in the Oracle Sourcing product of Oracle E-Business Suite (component: Intelligence, RFx Creation). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Sourcing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Sourcing accessible data as well as unauthorized access to critical data or complete access to all Oracle Sourcing accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). -- Jan 19, 2022
CVE-2022-21256 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). -- Jan 21, 2022
CVE-2022-21253 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). -- Jan 21, 2022
CVE-2022-21251 Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Instance Main). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Installed Base. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). -- Jan 19, 2022
CVE-2022-21249 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L). -- Jan 21, 2022
CVE-2022-0337 Inappropriate implementation in File System API -- Jan 24, 2022
CVE-2022-0329 Code Injection in PyPi loguru prior to and including 0.5.3. -- Jan 21, 2022
CVE-2022-0326 NULL Pointer Dereference in Homebrew mruby prior to 3.2. -- Jan 21, 2022
CVE-2022-0323 Improper Neutralization of Special Elements Used in a Template Engine in Packagist mustache/mustache prior to 2.14.1. -- Jan 21, 2022
CVE-2022-0322 kernel: DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c -- Jan 24, 2022
CVE-2022-0319 Out-of-bounds Read in vim/vim prior to 8.2. -- Jan 22, 2022
CVE-2022-0318 Heap-based Buffer Overflow in vim/vim prior to 8.2. -- Jan 21, 2022
CVE-2022-0311 Heap buffer overflow in Task Manager. -- Jan 21, 2022
CVE-2022-0310 Heap buffer overflow in Task Manager -- Jan 21, 2022
CVE-2022-0309 Inappropriate implementation in Autofill -- Jan 21, 2022
CVE-2022-0308 Use after free in Data Transfer -- Jan 21, 2022
CVE-2022-0307 Use after free in Optimization Guide -- Jan 21, 2022
CVE-2022-0306 Heap buffer overflow in PDFium -- Jan 21, 2022
CVE-2022-0305 Inappropriate implementation in Service Worker API -- Jan 21, 2022
CVE-2022-0304 Use after free in Bookmarks. -- Jan 21, 2022
CVE-2022-0303 Race in GPU Watchdog -- Jan 21, 2022
CVE-2022-0302 Use after free in Omnibox. -- Jan 21, 2022
CVE-2022-0301 Heap buffer overflow in DevTools -- Jan 21, 2022
CVE-2022-0300 Use after free in Text Input Method Editor -- Jan 21, 2022
CVE-2022-0298 Use after free in Scheduling -- Jan 21, 2022
CVE-2022-0297 Use after free in Vulkan -- Jan 21, 2022
CVE-2022-0296 Use after free in Printing -- Jan 21, 2022
CVE-2022-0295 Use after free in Omnibox -- Jan 21, 2022
CVE-2022-0294 Inappropriate implementation in Push messaging -- Jan 21, 2022
CVE-2022-0293 Use after free in Web packaging -- Jan 21, 2022
CVE-2022-0292 Inappropriate implementation in Fenced Frames -- Jan 21, 2022
CVE-2022-0291 Inappropriate implementation in Storage -- Jan 21, 2022
CVE-2022-0290 Use after free in Site isolation -- Jan 21, 2022
CVE-2022-0289 Use after free in Safe browsing -- Jan 21, 2022
CVE-2022-0285 Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.9. -- Jan 20, 2022
CVE-2022-0282 Code Injection in Packagist microweber/microweber prior to 1.2.11. -- Jan 20, 2022
CVE-2022-0281 Exposure of Sensitive Information to an Unauthorized Actor in Packagist microweber/microweber prior to 1.2.11. -- Jan 20, 2022
CVE-2022-0278 Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11. -- Jan 20, 2022
CVE-2022-0277 Improper Access Control in Packagist microweber/microweber prior to 1.2.11. -- Jan 20, 2022
CVE-2022-0274 Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2. -- Jan 21, 2022
CVE-2022-0266 Authorization Bypass Through User-Controlled Key in Packagist remdex/livehelperchat prior to 3.92v. -- Jan 19, 2022
CVE-2022-0264 kernel: address leakage in BPF atomic fetch -- Jan 19, 2022
CVE-2022-0263 Unrestricted Upload of File with Dangerous Type in Packagist pimcore/pimcore prior to 10.2.7. -- Jan 18, 2022
CVE-2022-0262 Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.7. -- Jan 18, 2022
CVE-2022-0261 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. -- Jan 18, 2022
CVE-2022-0260 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.7. -- Jan 18, 2022
CVE-2022-0258 pimcore is vulnerable to Improper Neutralization of Special Elements used in an SQL Command -- Jan 18, 2022
CVE-2022-0257 pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') -- Jan 18, 2022
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online