Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 153501 entries
IDDescriptionPriorityModified date
CVE-2011-1415 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-1290. Reason: This candidate is a duplicate of CVE-2011-1290. Notes: All CVE users should reference CVE-2011-1290 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. REJECT Mar 17, 2011
CVE-2011-1501 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-1571. Reason: This candidate is a duplicate of CVE-2011-1571. Notes: All CVE users should reference CVE-2011-1571 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. REJECT May 6, 2011
CVE-2011-2708 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-2708. Reason: This candidate is a duplicate of CVE-2011-2708. Notes: All CVE users should reference CVE-2011-2708 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. REJECT Nov 23, 2011
CVE-2011-2810 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-0253. Reason: This candidate is a reservation duplicate of CVE-2011-0253. Notes: All CVE users should reference CVE-2011-0253 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. REJECT Aug 19, 2011
CVE-2011-3633 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4062. Reason: This candidate is a duplicate of CVE-2011-4062. Notes: All CVE users should reference CVE-2011-4062 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. REJECT Dec 12, 2011
CVE-2011-3867 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-2998. Reason: This candidate is a duplicate of CVE-2011-2998. Notes: All CVE users should reference CVE-2011-2998 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. REJECT Sep 30, 2011
CVE-2011-4084 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4858. Reason: This candidate is a duplicate of CVE-2011-4858. Notes: All CVE users should reference CVE-2011-4858 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. REJECT Jan 6, 2012
CVE-2011-4123 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-3874. Reason: This candidate is a duplicate of CVE-2011-3874. Notes: All CVE users should reference CVE-2011-3874 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. REJECT Jan 25, 2012
CVE-2011-4323 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-2726. Reason: This candidate is a duplicate of CVE-2011-2726. Notes: All CVE users should reference CVE-2011-2726 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. REJECT Dec 12, 2011
CVE-2011-4331 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4331. Reason: This candidate is a duplicate of CVE-2011-4331. Notes: All CVE users should reference CVE-2011-4331 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. REJECT Nov 23, 2011
CVE-2011-4359 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4343. Reason: This candidate is a duplicate of CVE-2011-4343. Notes: All CVE users should reference CVE-2011-4343 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. REJECT Dec 12, 2011
CVE-2011-4456 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4313. Reason: This candidate is a reservation duplicate of CVE-2011-4313. Notes: All CVE users should reference CVE-2011-4313 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. REJECT Nov 16, 2011
CVE-2011-4779 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4642. Reason: This candidate is a reservation duplicate of CVE-2011-4642. Notes: All CVE users should reference CVE-2011-4642 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. REJECT Dec 20, 2011
CVE-2012-0026 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-0287. Reason: This candidate is a duplicate of CVE-2012-0287. Notes: All CVE users should reference CVE-2012-0287 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. REJECT Jan 4, 2012
CVE-2022-33140 The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the default configuration. Command injection requires ShellUserGroupProvider to be one of the enabled User Group Providers in the Authorizers configuration. Command injection also requires an authenticated user with elevated privileges. Apache NiFi requires an authenticated user with authorization to modify access policies in order to execute the command. Apache NiFi Registry requires an authenticated user with authorization to read user groups in order to execute the command. The resolution removes command formatting based on user-provided arguments. MEDIUM Jun 15, 2022
CVE-2022-32992 Online Tours And Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the tname parameter at /admin/operations/tax.php. MEDIUM Jun 15, 2022
CVE-2022-32991 Web Based Quiz System v1.0 was discovered to contain a SQL injection vulnerability via the eid parameter at welcome.php. MEDIUM Jun 15, 2022
CVE-2022-32741 Attacker is able to determine if the provided username exists (and it\'s valid) using Request New Password feature, based on the response time. MEDIUM Jun 13, 2022
CVE-2022-32740 A reply to a forwarded email article by a 3rd party could unintensionally expose the email content to the ticket customer under certain circumstances. MEDIUM Jun 13, 2022
CVE-2022-32739 When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number. MEDIUM Jun 13, 2022
CVE-2022-32565 An issue was discovered in Couchbase Server before 7.0.4. The Backup Service log leaks unredacted usernames and document ids. MEDIUM Jun 14, 2022
CVE-2022-32564 An issue was discovered in Couchbase Server before 7.0.4. In couchbase-cli, server-eshell leaks the Cluster Manager cookie. MEDIUM Jun 14, 2022
CVE-2022-32562 An issue was discovered in Couchbase Server before 7.0.4. Operations may succeed on a collection using stale RBAC permission. MEDIUM Jun 14, 2022
CVE-2022-32560 An issue was discovered in Couchbase Server before 7.0.4. XDCR lacks role checking when changing internal settings. MEDIUM Jun 14, 2022
CVE-2022-32559 An issue was discovered in Couchbase Server before 7.0.4. Random HTTP requests lead to leaked metrics. MEDIUM Jun 15, 2022
CVE-2022-32558 An issue was discovered in Couchbase Server before 7.0.4. Sample bucket loading may leak internal user passwords during a failure. MEDIUM Jun 14, 2022
CVE-2022-32557 An issue was discovered in Couchbase Server before 7.0.4. The Index Service does not enforce authentication for TCP/TLS servers. MEDIUM Jun 15, 2022
CVE-2022-32550 An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to create connections to the 1Password service. In specific circumstances, this issue allowed a malicious server to convince a 1Password app or integration it is communicating with the 1Password service. MEDIUM Jun 16, 2022
CVE-2022-32433 itsourcecode Advanced School Management System v1.0 is vulnerable to Arbitrary code execution via ip/school/view/all_teacher.php. MEDIUM Jun 16, 2022
CVE-2022-32381 itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_admin_profile.php?my_index=. MEDIUM Jun 16, 2022
CVE-2022-32380 itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_student_subject.php?index=. MEDIUM Jun 16, 2022
CVE-2022-32379 itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_parents_profile.php?my_index=. MEDIUM Jun 16, 2022
CVE-2022-32378 itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_teacher_profile.php?my_index=. MEDIUM Jun 16, 2022
CVE-2022-32377 itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_exam_timetable.php?id=. MEDIUM Jun 16, 2022
CVE-2022-32376 itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_events.php?event_id=. MEDIUM Jun 16, 2022
CVE-2022-32375 itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_timetable.php?id=. MEDIUM Jun 16, 2022
CVE-2022-32374 itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_subject_routing.php?id=. MEDIUM Jun 16, 2022
CVE-2022-32373 itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_exam.php?id=. MEDIUM Jun 16, 2022
CVE-2022-32372 itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_subject.php?id=. MEDIUM Jun 16, 2022
CVE-2022-32371 itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_teacher.php?id=. MEDIUM Jun 16, 2022
CVE-2022-32370 itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_classroom.php?id=. MEDIUM Jun 16, 2022
CVE-2022-32368 itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_grade.php?id=. MEDIUM Jun 16, 2022
CVE-2022-32367 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=inquiries/view_inquiry&id=. MEDIUM Jun 15, 2022
CVE-2022-32366 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/fields/view_field.php?id=. MEDIUM Jun 15, 2022
CVE-2022-32365 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/fields/manage_field.php?id=. MEDIUM Jun 15, 2022
CVE-2022-32364 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=products/manage_product&id=. MEDIUM Jun 15, 2022
CVE-2022-32363 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/view_category.php?id=. MEDIUM Jun 15, 2022
CVE-2022-32362 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/manage_category.php?id=. MEDIUM Jun 15, 2022
CVE-2022-32359 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_category. MEDIUM Jun 15, 2022
CVE-2022-32358 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_inquiry. MEDIUM Jun 15, 2022
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online