Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 139106 entries
IDDescriptionPriorityModified date
CVE-2011-1415 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-1290. Reason: This candidate is a duplicate of CVE-2011-1290. Notes: All CVE users should reference CVE-2011-1290 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. REJECT Mar 17, 2011
CVE-2011-1501 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-1571. Reason: This candidate is a duplicate of CVE-2011-1571. Notes: All CVE users should reference CVE-2011-1571 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. REJECT May 6, 2011
CVE-2011-2708 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-2708. Reason: This candidate is a duplicate of CVE-2011-2708. Notes: All CVE users should reference CVE-2011-2708 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. REJECT Nov 23, 2011
CVE-2011-2810 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-0253. Reason: This candidate is a reservation duplicate of CVE-2011-0253. Notes: All CVE users should reference CVE-2011-0253 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. REJECT Aug 19, 2011
CVE-2011-3633 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4062. Reason: This candidate is a duplicate of CVE-2011-4062. Notes: All CVE users should reference CVE-2011-4062 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. REJECT Dec 12, 2011
CVE-2011-3867 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-2998. Reason: This candidate is a duplicate of CVE-2011-2998. Notes: All CVE users should reference CVE-2011-2998 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. REJECT Sep 30, 2011
CVE-2011-4084 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4858. Reason: This candidate is a duplicate of CVE-2011-4858. Notes: All CVE users should reference CVE-2011-4858 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. REJECT Jan 6, 2012
CVE-2011-4123 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-3874. Reason: This candidate is a duplicate of CVE-2011-3874. Notes: All CVE users should reference CVE-2011-3874 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. REJECT Jan 25, 2012
CVE-2011-4323 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-2726. Reason: This candidate is a duplicate of CVE-2011-2726. Notes: All CVE users should reference CVE-2011-2726 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. REJECT Dec 12, 2011
CVE-2011-4331 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4331. Reason: This candidate is a duplicate of CVE-2011-4331. Notes: All CVE users should reference CVE-2011-4331 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. REJECT Nov 23, 2011
CVE-2011-4359 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4343. Reason: This candidate is a duplicate of CVE-2011-4343. Notes: All CVE users should reference CVE-2011-4343 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. REJECT Dec 12, 2011
CVE-2011-4456 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4313. Reason: This candidate is a reservation duplicate of CVE-2011-4313. Notes: All CVE users should reference CVE-2011-4313 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. REJECT Nov 16, 2011
CVE-2011-4779 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4642. Reason: This candidate is a reservation duplicate of CVE-2011-4642. Notes: All CVE users should reference CVE-2011-4642 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. REJECT Dec 20, 2011
CVE-2012-0026 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-0287. Reason: This candidate is a duplicate of CVE-2012-0287. Notes: All CVE users should reference CVE-2012-0287 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. REJECT Jan 4, 2012
CVE-2021-44150 The client in tusdotnet through 2.5.0 relies on SHA-1 to prevent spoofing of file content. MEDIUM Nov 26, 2021
CVE-2021-44147 An XML External Entity issue in Claris FileMaker Pro and Server (including WebDirect) before 19.4.1 allows a remote attacker to disclose local files via a crafted XML/Excel document and perform server-side request forgery attacks. MEDIUM Nov 23, 2021
CVE-2021-44144 Croatia Control Asterix 2.8.1 has a heap-based buffer over-read, with additional details to be disclosed at a later date. MEDIUM Nov 24, 2021
CVE-2021-43582 A Use-After-Free Remote Vulnerability exists when reading a DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. MEDIUM Nov 26, 2021
CVE-2021-43581 An Out-of-Bounds Read vulnerability exists when reading a U3D file using Open Design Alliance PRC SDK before 2022.11. The specific issue exists within the parsing of U3D files. Incorrect use of the LibJpeg source manager inside the U3D library, and crafted data in a U3D file, can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. MEDIUM Nov 26, 2021
CVE-2021-43560 A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users\' calendar action events. MEDIUM Nov 26, 2021
CVE-2021-43559 A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The delete related badge functionality did not include the necessary token check to prevent a CSRF risk. MEDIUM Nov 26, 2021
CVE-2021-43558 A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk. MEDIUM Nov 26, 2021
CVE-2021-43557 The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri without verification. The $request_uri is the full original request URI without normalization. This makes it possible to construct a URI to bypass the block list on some occasions. For instance, when the block list contains ^/internal/, a URI like `//internal/` can be used to bypass it. Some other plugins also have the same issue. And it may affect the developer\'s custom plugin. MEDIUM Nov 26, 2021
CVE-2021-43016 Adobe InCopy version 16.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. MEDIUM Nov 25, 2021
CVE-2021-42737 Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. MEDIUM Nov 24, 2021
CVE-2021-42733 Adobe Prelude version 10.1 (and earlier) is affected by an improper input validation vulnerability in the XDCAMSAM directory. An unauthenticated attacker could leverage this vulnerability to execute arbitrary code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. MEDIUM Nov 24, 2021
CVE-2021-42727 Acrobat RoboHelp Server versions 2020.0.1 (and earlier) are affected by a Path traversal vulnerability. The authenticated attacker can upload arbitrary files outside of the intended directory to cause remote code execution with privileges of user running Tomcat. Exploitation of this issue requires user interaction in that a victim must navigate to a planted file on the server. MEDIUM Nov 24, 2021
CVE-2021-42707 PLC Editor Versions 1.3.8 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code. MEDIUM Nov 23, 2021
CVE-2021-42705 PLC Editor Versions 1.3.8 and prior is vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code. MEDIUM Nov 23, 2021
CVE-2021-40775 Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious SVG file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. MEDIUM Nov 24, 2021
CVE-2021-40774 Adobe Prelude version 10.1 (and earlier) is affected by a null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. MEDIUM Nov 24, 2021
CVE-2021-40773 Adobe Prelude version 10.1 (and earlier) is affected by a null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. MEDIUM Nov 24, 2021
CVE-2021-40772 Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. MEDIUM Nov 24, 2021
CVE-2021-40771 Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. MEDIUM Nov 24, 2021
CVE-2021-40770 Adobe Prelude version 10.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. MEDIUM Nov 24, 2021
CVE-2021-38980 IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key Lifecycle Manager) 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 212786. MEDIUM Nov 24, 2021
CVE-2021-38875 IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 208398. MEDIUM Nov 24, 2021
CVE-2021-38378 OX App Suite 7.10.5 allows Information Exposure because a caching mechanism can caused a Modified By response to show a person\'s name. MEDIUM Nov 23, 2021
CVE-2021-38377 OX App Suite through 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within truncated e-mail, because there is a predictable UUID with HTML transformation results. MEDIUM Nov 23, 2021
CVE-2021-38376 OX App Suite through 7.10.5 has Incorrect Access Control for retrieval of session information via the rampup action of the login API call. MEDIUM Nov 23, 2021
CVE-2021-38375 OX App Suite through 7.10.5 allows XSS via the alt attribute of an IMG element in a truncated e-mail message. MEDIUM Nov 23, 2021
CVE-2021-38146 The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data. MEDIUM Nov 23, 2021
CVE-2021-36917 WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated by any unauthenticated user. It is possible to retrieve a reset token which can then be used to deactivate the plugin. MEDIUM Nov 27, 2021
CVE-2021-36335 Dell EMC CloudLink 7.1 and all prior versions contain an Improper Input Validation Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, leading to execution of arbitrary files on the server MEDIUM Nov 27, 2021
CVE-2021-36334 Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula Injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to arbitrary code execution on end user machine MEDIUM Nov 27, 2021
CVE-2021-36332 Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javascript Injection Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, directing end user to arbitrary and potentially malicious websites. MEDIUM Nov 27, 2021
CVE-2021-36311 Dell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Any local malicious user with networker user privileges may exploit this vulnerability to upload malicious file to unauthorized locations and execute it. MEDIUM Nov 27, 2021
CVE-2021-36300 iDRAC9 versions prior to 5.00.00.00 contain an improper input validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability by sending a specially crafted malicious request to crash the webserver or cause information disclosure. MEDIUM Nov 26, 2021
CVE-2021-36299 Dell iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.29.00 and 5.00.00.00 contain an SQL injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to the affected application. MEDIUM Nov 27, 2021
CVE-2021-33495 OX App Suite 7.10.5 allows XSS via an OX Chat system message. MEDIUM Nov 23, 2021
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online