Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 159818 entries
IDDescriptionPriorityModified date
CVE-2022-37798 Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the function formSetVirtualSer. -- Aug 26, 2022
CVE-2022-37428 PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties. -- Aug 26, 2022
CVE-2022-37418 The Remote Keyless Entry (RKE) receiving unit on certain Nissan, Kia, and Hyundai vehicles through 2017 allows remote attackers to perform unlock operations and force a resynchronization after capturing two consecutive valid key fob signals over the radio, aka a RollBack attack. The attacker retains the ability to unlock indefinitely. -- Aug 24, 2022
CVE-2022-37333 SQL injection vulnerability in the Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows remote authenticated attackers to execute arbitrary SQL commands. -- Aug 24, 2022
CVE-2022-37318 Archer Platform 6.9 SP2 P2 before 6.11 P3 (6.11.0.3) contain a reflected XSS vulnerability. A remote unauthenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious JavaScript code to the vulnerable web application. This code is then reflected to the victim and gets executed by the web browser in the context of the vulnerable web application. 6.10 P4 (6.10.0.4) and 6.11 P2 HF4 (6.11.0.2.4) are also fixed releases. -- Aug 26, 2022
CVE-2022-37317 Archer Platform 6.x before 6.11 P3 contain an HTML injection vulnerability. An authenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user to execute malicious code in the context of the web application. 6.10 P4 (6.10.0.4) and 6.11 P2 HF4 (6.11.0.2.4) are also fixed releases. -- Aug 26, 2022
CVE-2022-37316 Archer Platform 6.8 before 6.11 P3 (6.11.0.3) contains an improper API access control vulnerability in a multi-instance system that could potentially present unauthorized metadata to an authenticated user of the affected system. 6.10 P3 HF1 (6.10.0.3.1) is also a fixed release. -- Aug 26, 2022
CVE-2022-37305 The Remote Keyless Entry (RKE) receiving unit on certain Honda vehicles through 2018 allows remote attackers to perform unlock operations and force a resynchronization after capturing five consecutive valid RKE signals over the radio, aka a RollBack attack. The attacker retains the ability to unlock indefinitely. -- Aug 24, 2022
CVE-2022-37292 Tenda AX12 V22.03.01.21_CN is vulnerable to Buffer Overflow. This overflow is triggered in the sub_42FDE4 function, which satisfies the request of the upper-level interface function sub_430124, that is, handles the post request under /goform/SetIpMacBind. -- Aug 27, 2022
CVE-2022-37245 MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the Blacklist endpoint. -- Aug 26, 2022
CVE-2022-37244 MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to IFRAME Injectionvia the currentRequest parameter. after login leads to inject malicious tag leads to IFRAME injection. -- Aug 25, 2022
CVE-2022-37243 MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the whitelist endpoint. -- Aug 26, 2022
CVE-2022-37242 MDaemon Technologies SecurityGateway for Email Servers 8.5.2, is vulnerable to HTTP Response splitting via the data parameter. -- Aug 25, 2022
CVE-2022-37241 MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the data_leak_list_ajax endpoint. -- Aug 26, 2022
CVE-2022-37240 MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to HTTP Response splitting via the format parameter. -- Aug 25, 2022
CVE-2022-37239 MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the rulles_list_ajax endpoint. -- Aug 26, 2022
CVE-2022-37238 MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the currentRequest parameter. -- Aug 27, 2022
CVE-2022-37223 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list. -- Aug 25, 2022
CVE-2022-37199 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list. -- Aug 25, 2022
CVE-2022-37181 72crm 9.0 has an Arbitrary file upload vulnerability. -- Aug 24, 2022
CVE-2022-37178 An issue was discovered in 72crm 9.0. There is a SQL Injection vulnerability in View the task calendar. -- Aug 24, 2022
CVE-2022-37162 Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS). An attacker can obtain javascript code execution by adding arbitrary javascript code in the \'Location\' field of a calendar event. -- Aug 27, 2022
CVE-2022-37161 Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) via SVG file upload. -- Aug 27, 2022
CVE-2022-37160 Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with administrative rights by opening an SVG file as an administrator user. -- Aug 27, 2022
CVE-2022-37159 Claroline 13.5.7 and prior is vulnerable to Remote code execution via arbitrary file upload. -- Aug 27, 2022
CVE-2022-37158 RuoYi v3.8.3 has a Weak password vulnerability in the management system. -- Aug 25, 2022
CVE-2022-37153 An issue was discovered in Artica Proxy 4.30.000000. There is a XSS vulnerability via the password parameter in /fw.login.php. -- Aug 26, 2022
CVE-2022-37152 An issue was discovered in Online Diagnostic Lab Management System 1.0, There is a SQL injection vulnerability via dob parameter in /classes/Users.php?f=save_client -- Aug 27, 2022
CVE-2022-37151 There is an unauthorized access vulnerability in Online Diagnostic Lab Management System 1.0. -- Aug 27, 2022
CVE-2022-37150 An issue was discovered in Online Diagnostic Lab Management System 1.0. There is a stored XSS vulnerability via firstname, address, middlename, lastname , gender, email, contact parameters. -- Aug 27, 2022
CVE-2022-37134 D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via /goform/form2Wan.cgi. When wantype is 3, l2tp_usrname will be decrypted by base64, and the result will be stored in v94, which does not check the size of l2tp_usrname, resulting in stack overflow. -- Aug 24, 2022
CVE-2022-37133 D-link DIR-816 A2_v1.10CNB04.img reboots the router without authentication via /goform/doReboot. No authentication is required, and reboot is executed when the function returns at the end. -- Aug 24, 2022
CVE-2022-37113 Bluecms 1.6 has SQL injection in line 132 of admin/area.php -- Aug 24, 2022
CVE-2022-37112 BlueCMS 1.6 has SQL injection in line 55 of admin/model.php -- Aug 24, 2022
CVE-2022-37111 BlueCMS 1.6 has SQL injection in line 132 of admin/article.php -- Aug 24, 2022
CVE-2022-37100 H3C H200 H200V100R004 was discovered to contain a stack overflow via the function UpdateMacClone. -- Aug 25, 2022
CVE-2022-37099 H3C H200 H200V100R004 was discovered to contain a stack overflow via the function UpdateSnat. -- Aug 25, 2022
CVE-2022-37098 H3C H200 H200V100R004 was discovered to contain a stack overflow via the function UpdateIpv6Params. -- Aug 25, 2022
CVE-2022-37097 H3C H200 H200V100R004 was discovered to contain a stack overflow via the function SetAPInfoById. -- Aug 25, 2022
CVE-2022-37096 H3C H200 H200V100R004 was discovered to contain a stack overflow via the function EnableIpv6. -- Aug 25, 2022
CVE-2022-37095 H3C H200 H200V100R004 was discovered to contain a stack overflow via the function UpdateWanParams. -- Aug 25, 2022
CVE-2022-37094 H3C H200 H200V100R004 was discovered to contain a stack overflow via the function Edit_BasicSSID_5G. -- Aug 25, 2022
CVE-2022-37093 H3C H200 H200V100R004 was discovered to contain a stack overflow via the function AddMacList. -- Aug 25, 2022
CVE-2022-37092 H3C H200 H200V100R004 was discovered to contain a stack overflow via the function SetAPWifiorLedInfoById. -- Aug 25, 2022
CVE-2022-37091 H3C H200 H200V100R004 was discovered to contain a stack overflow via the function EditWlanMacList. -- Aug 25, 2022
CVE-2022-37090 H3C H200 H200V100R004 was discovered to contain a stack overflow via the function Edit_BasicSSID. -- Aug 25, 2022
CVE-2022-37089 H3C H200 H200V100R004 was discovered to contain a stack overflow via the function EditMacList. -- Aug 25, 2022
CVE-2022-37088 H3C H200 H200V100R004 was discovered to contain a stack overflow via the function SetAP5GWifiById. -- Aug 25, 2022
CVE-2022-37087 H3C H200 H200V100R004 was discovered to contain a stack overflow via the function SetMobileAPInfoById. -- Aug 25, 2022
CVE-2022-37086 H3C H200 H200V100R004 was discovered to contain a stack overflow via the function Asp_SetTimingtimeWifiAndLed. -- Aug 25, 2022
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online