Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 226160 entries
IDDescriptionPriorityModified date
CVE-2022-33657 Azure Site Recovery Elevation of Privilege Vulnerability MEDIUM Jul 13, 2022
CVE-2022-33656 Azure Site Recovery Elevation of Privilege Vulnerability MEDIUM Jul 13, 2022
CVE-2022-33655 Azure Site Recovery Elevation of Privilege Vulnerability MEDIUM Jul 13, 2022
CVE-2022-33654 Azure Site Recovery Elevation of Privilege Vulnerability MEDIUM Jul 13, 2022
CVE-2022-33653 Azure Site Recovery Elevation of Privilege Vulnerability MEDIUM Jul 13, 2022
CVE-2022-33652 Azure Site Recovery Elevation of Privilege Vulnerability MEDIUM Jul 13, 2022
CVE-2022-33651 Azure Site Recovery Elevation of Privilege Vulnerability MEDIUM Jul 13, 2022
CVE-2022-33650 Azure Site Recovery Elevation of Privilege Vulnerability MEDIUM Jul 13, 2022
CVE-2022-33644 Xbox Live Save Service Elevation of Privilege Vulnerability MEDIUM Jul 13, 2022
CVE-2022-33643 Azure Site Recovery Elevation of Privilege Vulnerability MEDIUM Jul 13, 2022
CVE-2022-33642 Azure Site Recovery Elevation of Privilege Vulnerability MEDIUM Jul 13, 2022
CVE-2022-33641 Azure Site Recovery Elevation of Privilege Vulnerability MEDIUM Jul 13, 2022
CVE-2022-33637 Microsoft Defender for Endpoint Tampering Vulnerability MEDIUM Jul 13, 2022
CVE-2022-33633 Skype for Business and Lync Remote Code Execution Vulnerability MEDIUM Jul 13, 2022
CVE-2022-33632 Microsoft Office Security Feature Bypass Vulnerability MEDIUM Jul 13, 2022
CVE-2022-33173 An algorithm-downgrade issue was discovered in Couchbase Server before 7.0.4. Analytics Remote Links may temporarily downgrade to non-TLS connection to determine the TLS port number, using SCRAM-SHA instead. MEDIUM Jul 12, 2022
CVE-2022-33157 The libconnect extension before 7.0.8 and 8.x before 8.1.0 for TYPO3 allows XSS. MEDIUM Jul 13, 2022
CVE-2022-33156 The matomo_integration (aka Matomo Integration) extension before 1.3.2 for TYPO3 allows XSS. MEDIUM Jul 13, 2022
CVE-2022-33138 A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). Affected devices do not perform authentication for several web API endpoints. This could allow an unauthenticated remote attacker to read and download data from the device. MEDIUM Jul 15, 2022
CVE-2022-33137 A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). The web session management of affected devices does not invalidate session ids in certain logout scenarios. This could allow an authenticated remote attacker to hijack other users\' sessions. MEDIUM Jul 15, 2022
CVE-2022-32434 EIPStackGroup OpENer v2.3.0 was discovered to contain a stack overflow via /bin/posix/src/ports/POSIX/OpENer+0x56073d. MEDIUM Jul 16, 2022
CVE-2022-32416 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_product. MEDIUM Jul 15, 2022
CVE-2022-32415 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/?p=products/view_product&id=. MEDIUM Jul 15, 2022
CVE-2022-32406 GtkRadiant v1.6.6 was discovered to contain a buffer overflow via the component q3map2. This vulnerability can cause a Denial of Service (DoS) via a crafted MAP file. MEDIUM Jul 15, 2022
CVE-2022-32317 The MPlayer Project v1.5 was discovered to contain a heap use-after-free resulting in a double free in the preinit function at libvo/vo_v4l2.c. This vulnerability can lead to a Denial of Service (DoS) via a crafted file. The device=strdup statement is not executed on every call. Note: This has been disputed by third parties as invalid and not reproduceable. MEDIUM Jul 15, 2022
CVE-2022-32298 Toybox v0.8.7 was discovered to contain a NULL pointer dereference via the component httpd.c. This vulnerability can lead to a Denial of Service (DoS) via unspecified vectors. MEDIUM Jul 15, 2022
CVE-2022-32297 Piwigo v12.2.0 was discovered to contain SQL injection vulnerability via the Search function. MEDIUM Jul 15, 2022
CVE-2022-32249 Under special integration scenario of SAP Business one and SAP HANA - version 10.0, an attacker can exploit HANA cockpit?s data volume to gain access to highly sensitive information (e.g., high privileged account credentials) MEDIUM Jul 13, 2022
CVE-2022-32248 Due to missing input validation in the Manage Checkbooks component of SAP S/4HANA - version 101, 102, 103, 104, 105, 106, an attacker could insert or edit the value of an existing field in the database. This leads to an impact on the integrity of the data. MEDIUM Jul 13, 2022
CVE-2022-32247 SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the User inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. MEDIUM Jul 13, 2022
CVE-2022-32246 SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. On successful exploitation, the attacker can cause limited impact on confidentiality and integrity of the application MEDIUM Jul 13, 2022
CVE-2022-32114 An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. NOTE: the project documentation suggests that a user with the Media Library Create (upload) permission is supposed to be able to upload PDF files containing JavaScript, and that all files in a public assets folder are accessible to the outside world (unless the filename begins with a dot character). The administrator can choose to allow only image, video, and audio files (i.e., not PDF) if desired. MEDIUM Jul 14, 2022
CVE-2022-32096 Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via the component r_jwe_aesgcm_key_unwrap. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted JWE token. MEDIUM Jul 13, 2022
CVE-2022-31904 EGT-Kommunikationstechnik UG Mediacenter before v2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Online_Update.php. MEDIUM Jul 12, 2022
CVE-2022-31598 Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed operation. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. MEDIUM Jul 16, 2022
CVE-2022-31597 Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of privileges leading to low impact on confidentiality and integrity of the data. MEDIUM Jul 13, 2022
CVE-2022-31593 SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. MEDIUM Jul 16, 2022
CVE-2022-31592 The application SAP Enterprise Extension Defense Forces & Public Security - versions 605, 606, 616,617,618, 802, 803, 804, 805, 806, does not perform necessary authorization checks for an authenticated user over the network, resulting in escalation of privileges leading to a limited impact on confidentiality. MEDIUM Jul 16, 2022
CVE-2022-31591 SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a search path that contains an unquoted element. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service MEDIUM Jul 16, 2022
CVE-2022-31588 The zippies/testplatform repository through 2016-07-19 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. MEDIUM Jul 15, 2022
CVE-2022-31587 The yuriyouzhou/KG-fashion-chatbot repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. MEDIUM Jul 15, 2022
CVE-2022-31586 The unizar-30226-2019-06/ChangePop-Back repository through 2019-06-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. MEDIUM Jul 15, 2022
CVE-2022-31585 The umeshpatil-dev/Home__internet repository through 2020-08-28 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. MEDIUM Jul 15, 2022
CVE-2022-31584 The stonethree/s3label repository through 2019-08-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. MEDIUM Jul 15, 2022
CVE-2022-31583 The sravaniboinepelli/AutomatedQuizEval repository through 2020-04-27 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. MEDIUM Jul 15, 2022
CVE-2022-31582 The shaolo1/VideoServer repository through 2019-09-21 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. MEDIUM Jul 15, 2022
CVE-2022-31581 The scorelab/OpenMF repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. MEDIUM Jul 15, 2022
CVE-2022-31580 The sanojtharindu/caretakerr-api repository through 2021-05-17 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. MEDIUM Jul 15, 2022
CVE-2022-31579 The ralphjzhang/iasset repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. MEDIUM Jul 15, 2022
CVE-2022-31578 The piaoyunsoft/bt_lnmp repository through 2019-10-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. MEDIUM Jul 15, 2022
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online