Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 131873 entries
IDDescriptionPriorityModified date
CVE-2021-36758 1Password Connect server before 1.2 is missing validation checks, permitting users to create Secrets Automation access tokens that can be used to perform privilege escalation. Malicious users authorized to create Secrets Automation access tokens can create tokens that have access beyond what the user is authorized to access, but limited to the existing authorizations of the Secret Automation the token is created in. -- Jul 16, 2021
CVE-2021-36755 Nightscout Web Monitor (aka cgm-remote-monitor) 14.2.2 allows XSS via a crafted X-Forwarded-For header. -- Jul 16, 2021
CVE-2021-36753 sharkdp BAT before 0.18.2 executes less.exe from the current working directory. -- Jul 15, 2021
CVE-2021-36747 Blackboard Learn through 9.1 allows XSS by an authenticated user via the Feedback to Learner form. LOW Jul 23, 2021
CVE-2021-36746 Blackboard Learn through 9.1 allows XSS by an authenticated user via the Assignment Instructions HTML editor. LOW Jul 23, 2021
CVE-2021-36740 Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x before 6.6.1, and 6.0 LTS before 6.0.8. -- Jul 14, 2021
CVE-2021-36716 A ReDoS (regular expression denial of service) flaw was found in the Segment is-email package before 1.0.1 for Node.js. An attacker that is able to provide crafted input to the isEmail(input) function may cause an application to consume an excessive amount of CPU. MEDIUM Jul 16, 2021
CVE-2021-36383 Xen Orchestra (with xo-web through 5.80.0 and xo-server through 5.84.0) mishandles authorization, as demonstrated by modified WebSocket resourceSet.getAll data is which the attacker changes the permission field from none to admin. The attacker gains access to data sets such as VMs, Backups, Audit, Users, and Groups. MEDIUM Jul 15, 2021
CVE-2021-36382 Devolutions Server before 2021.1.18, and LTS before 2020.3.20, allows attackers to intercept private keys via a man-in-the-middle attack against the connections/partial endpoint (which accepts cleartext). MEDIUM Jul 14, 2021
CVE-2021-36381 In Edifecs Transaction Management through 2021-07-12, an unauthenticated user can inject arbitrary text into a user\'s browser via logon.jsp?logon_error= on the login screen of the Web application. MEDIUM Jul 14, 2021
CVE-2021-36377 Fossil before 2.14.2 and 2.15.x before 2.15.2 often skips the hostname check during TLS certificate validation. MEDIUM Jul 12, 2021
CVE-2021-36376 dandavison delta before 0.8.3 on Windows resolves an executable\'s pathname as a relative path from the current directory. MEDIUM Jul 16, 2021
CVE-2021-36374 When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected. MEDIUM Jul 16, 2021
CVE-2021-36373 When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected. MEDIUM Jul 16, 2021
CVE-2021-36371 Emissary-Ingress (formerly Ambassador API Gateway) through 1.13.9 allows attackers to bypass client certificate requirements (i.e., mTLS cert_required) on backend upstreams when more than one TLSContext is defined and at least one configuration exists that does not require client certificate authentication. The attacker must send an SNI specifying an unprotected backend and an HTTP Host header specifying a protected backend. MEDIUM Jul 10, 2021
CVE-2021-36367 PuTTY through 0.75 proceeds with establishing an SSH session even if it has never sent a substantive authentication response. This makes it easier for an attacker-controlled SSH server to present a later spoofed authentication prompt (that the attacker can use to capture credential data, and use that data for purposes that are undesired by the client user). MEDIUM Jul 10, 2021
CVE-2021-36230 HashiCorp Terraform Enterprise releases up to v202106-1 did not properly perform authorization checks on a subset of API requests executed using the run token, allowing privilege escalation to organization owner. Fixed in v202107-1. -- Jul 21, 2021
CVE-2021-36222 Fix KDC null deref on bad encrypted challenge -- Jul 13, 2021
CVE-2021-36217 Avahi 0.8 allows a local denial of service (NULL pointer dereference and daemon crash) against avahi-daemon via the D-Bus interface or a ping .local command. LOW Jul 7, 2021
CVE-2021-36214 LINE client for iOS before 10.16.3 allows cross site script with specific header in WebView. MEDIUM Jul 15, 2021
CVE-2021-36213 In HashiCorp Consul before 1.10.1 (and Consul Enterprise), xds can generate a situation where a single L7 deny intention (with a default deny policy) results in an allow action. -- Jul 17, 2021
CVE-2021-36212 app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored XSS in the sharing groups view. MEDIUM Jul 8, 2021
CVE-2021-36158 In the xrdp package (in branches through 3.14) for Alpine Linux, RDP sessions are vulnerable to man-in-the-middle attacks because pre-generated RSA certificates and private keys are used. MEDIUM Jul 8, 2021
CVE-2021-36155 LengthPrefixedMessageReader in gRPC Swift 1.1.0 and earlier allocates buffers of arbitrary length, which allows remote attackers to cause uncontrolled resource consumption and deny service. MEDIUM Jul 9, 2021
CVE-2021-36154 HTTP2ToRawGRPCServerCodec in gRPC Swift 1.1.1 and earlier allows remote attackers to deny service via the delivery of many small messages within a single HTTP/2 frame, leading to Uncontrolled Recursion and stack consumption. MEDIUM Jul 9, 2021
CVE-2021-36153 Mismanaged state in GRPCWebToHTTP2ServerCodec.swift in gRPC Swift 1.1.0 and 1.1.1 allows remote attackers to deny service by sending malformed requests. MEDIUM Jul 9, 2021
CVE-2021-36148 An issue was discovered in ACRN before 2.5. dmar_free_irte in hypervisor/arch/x86/vtd.c allows an irte_alloc_bitmap buffer overflow. MEDIUM Jul 3, 2021
CVE-2021-36147 An issue was discovered in ACRN before 2.5. It allows a devicemodel/hw/pci/virtio/virtio_net.c virtio_net_ping_rxq NULL pointer dereference for vq->used. MEDIUM Jul 3, 2021
CVE-2021-36146 ACRN before 2.5 has a devicemodel/hw/pci/xhci.c NULL Pointer Dereference for a trb pointer. MEDIUM Jul 3, 2021
CVE-2021-36145 The Device Model in ACRN through 2.5 has a devicemodel/core/mem.c use-after-free for a freed rb_entry. MEDIUM Jul 3, 2021
CVE-2021-36144 The polling timer handler in ACRN before 2.5 has a use-after-free for a freed virtio device, related to devicemodel/hw/pci/virtio/*.c. MEDIUM Jul 3, 2021
CVE-2021-36143 ACRN before 2.5 has a hw/pci/virtio/virtio.c vq_endchains NULL Pointer Dereference. MEDIUM Jul 3, 2021
CVE-2021-36132 An issue was discovered in the FileImporter extension in MediaWiki through 1.36. For certain relaxed configurations of the $wgFileImporterRequiredRight variable, it might not validate all appropriate user rights, thus allowing a user with insufficient rights to perform operations (specifically file uploads) that they should not be allowed to perform. MEDIUM Jul 2, 2021
CVE-2021-36131 An XSS issue was discovered in the SportsTeams extension in MediaWiki through 1.36. Within several special pages, a privileged user could inject arbitrary HTML and JavaScript within various data fields. The attack could easily propagate across many pages for many users. LOW Jul 2, 2021
CVE-2021-36130 An XSS issue was discovered in the SocialProfile extension in MediaWiki through 1.36. Within several gift-related special pages, a privileged user with the awardmanage right could inject arbitrary HTML and JavaScript within various gift-related data fields. The attack could easily propagate across many pages for many users. LOW Jul 2, 2021
CVE-2021-36129 An issue was discovered in the Translate extension in MediaWiki through 1.36. The Aggregategroups Action API module does not validate the parameter for aggregategroup when action=remove is set, thus allowing users with the translate-manage right to silently delete various groups\' metadata. MEDIUM Jul 2, 2021
CVE-2021-36128 An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. Autoblocks for CentralAuth-issued suppression blocks are not properly implemented. HIGH Jul 2, 2021
CVE-2021-36127 An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalUserRights page provided search results which, for a suppressed MediaWiki user, were different than for any other user, thus easily disclosing suppressed accounts (which are supposed to be completely hidden). MEDIUM Jul 2, 2021
CVE-2021-36126 An issue was discovered in the AbuseFilter extension in MediaWiki through 1.36. If the MediaWiki:Abusefilter-blocker message is invalid within the content language, the filter user falls back to the English version, but that English version could also be invalid on a wiki. This would result in a fatal error, and potentially fail to block or restrict a potentially nefarious user. HIGH Jul 2, 2021
CVE-2021-36125 An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalRenameRequest page is vulnerable to infinite loops and denial of service attacks when a user\'s current username is beyond an arbitrary maximum configuration value (MaxNameChars). MEDIUM Jul 2, 2021
CVE-2021-36124 An issue was discovered in Echo ShareCare 8.15.5. It does not perform authentication or authorization checks when accessing a subset of sensitive resources, leading to the ability for unauthenticated users to access pages that are vulnerable to attacks such as SQL injection. HIGH Jul 15, 2021
CVE-2021-36123 An issue was discovered in Echo ShareCare 8.15.5. The TextReader feature in General/TextReader/TextReader.cfm is susceptible to a local file inclusion vulnerability when processing remote input in the textFile parameter from an authenticated user, leading to the ability to read arbitrary files on the server filesystems as well any files accessible via Universal Naming Convention (UNC) paths. MEDIUM Jul 15, 2021
CVE-2021-36122 An issue was discovered in Echo ShareCare 8.15.5. The UnzipFile feature in Access/EligFeedParse_Sup/UnzipFile_Upd.cfm is susceptible to a command argument injection vulnerability when processing remote input in the zippass parameter from an authenticated user, leading to the ability to inject arbitrary arguments to 7z.exe. MEDIUM Jul 15, 2021
CVE-2021-36121 An issue was discovered in Echo ShareCare 8.15.5. The file-upload feature in Access/DownloadFeed_Mnt/FileUpload_Upd.cfm is susceptible to an unrestricted upload vulnerability via the name1 parameter, when processing remote input from an authenticated user, leading to the ability for arbitrary files to be written to arbitrary filesystem locations via ../ Directory Traversal on the Z: drive (a hard-coded drive letter where ShareCare application files reside) and remote code execution as the ShareCare service user (NT AUTHORITY\\SYSTEM). MEDIUM Jul 15, 2021
CVE-2021-36090 When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress\' zip package. -- Jul 16, 2021
CVE-2021-36089 Grok 7.6.6 through 9.2.0 has a heap-based buffer overflow in grk::FileFormatDecompress::apply_palette_clr (called from grk::FileFormatDecompress::applyColour). MEDIUM Jul 1, 2021
CVE-2021-36088 Fluent Bit (aka fluent-bit) 1.7.0 through 1.7,4 has a double free in flb_free (called from flb_parser_json_do and flb_parser_do). HIGH Jul 1, 2021
CVE-2021-36087 The CIL compiler in SELinux 3.2 has a heap-based buffer over-read in ebitmap_match_any (called indirectly from cil_check_neverallow). NOTE: bad0a746e9f4cf260dedba5828d9645d50176aac is cited in the OSV fixed field but does not have a code change. LOW Jul 1, 2021
CVE-2021-36086 The CIL compiler in SELinux 3.2 has a use-after-free in cil_reset_classpermission (called from cil_reset_classperms_set and cil_reset_classperms_list). LOW Jul 1, 2021
CVE-2021-36085 The CIL compiler in SELinux 3.2 has a use-after-free in __cil_verify_classperms (called from __verify_map_perm_classperms and hashtab_map). LOW Jul 1, 2021
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online