Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 178779 entries
IDDescriptionPriorityModified date
CVE-2023-29868 Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker with agent and customer roles could perform unauthorized changes on articles where they only have customer permissions. -- May 3, 2023
CVE-2023-29867 Zammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker could gain information about linked accounts of users involved in their tickets using the Zammad API. -- May 3, 2023
CVE-2023-29863 Medical Systems Co. Medisys Weblab Products v19.4.03 was discovered to contain a SQL injection vulnerability via the tem:statement parameter in the WSDL files. -- May 11, 2023
CVE-2023-29862 An issue found in Agasio-Camera device version not specified allows a remote attacker to execute arbitrary code via the check and authLevel parameters. -- May 15, 2023
CVE-2023-29861 An issue found in FLIR-DVTEL version not specified allows a remote attacker to execute arbitrary code via a crafted request to the management page of the device. -- May 15, 2023
CVE-2023-29857 An issue in Teslamate v1.27.1 allows attackers to obtain sensitive information via directly accessing the teslamate link. -- May 18, 2023
CVE-2023-29856 ** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-868L Hardware version A1, firmware version 1.12 is vulnerable to Buffer Overflow. The vulnerability is in scandir.sgi binary. -- May 3, 2023
CVE-2023-29855 WBCE CMS 1.5.3 has a command execution vulnerability via admin/languages/install.php. -- Apr 18, 2023
CVE-2023-29854 DirCMS 6.0.0 has a Cross Site Scripting (XSS) vulnerability in the foreground. -- Apr 18, 2023
CVE-2023-29850 SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user\'s geolocation and device information. -- Apr 14, 2023
CVE-2023-29849 Bang Resto 1.0 was discovered to contain multiple SQL injection vulnerabilities via the btnMenuItemID, itemID, itemPrice, menuID, staffID, or itemqty parameter. -- Apr 24, 2023
CVE-2023-29848 Bang Resto 1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the itemName parameter in the admin/menu.php Add New Menu function. -- Apr 24, 2023
CVE-2023-29847 AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the comment_author and comment_content parameters at /post.php. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via a crafted payload. -- Apr 14, 2023
CVE-2023-29842 ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection (Time-based) via the EN_tyid POST parameter. -- May 4, 2023
CVE-2023-29839 A Stored Cross Site Scripting (XSS) vulnerability exists in multiple pages of Hotel Druid version 3.0.4, which allows arbitrary execution of commands. The vulnerable fields are Surname, Name, and Nickname in the Document function. -- May 3, 2023
CVE-2023-29838 Insecure Permission vulnerability found in Botkind/Siber Systems SyncApp v.19.0.3.0 allows a local attacker toe escalate privileges via the SyncService.exe file. -- May 23, 2023
CVE-2023-29837 Cross Site Scripting vulnerability found in Exelysis Unified Communication Solution (EUCS) v.1.0 allows a remote attacker to gain privileges via the URL path of the eucsAdmin login web page. -- May 18, 2023
CVE-2023-29836 Cross Site Scripting vulnerability found in Exelysis Unified Communication Solutions (EUCS) v.1.0 allows a remote attacker to execute arbitrary code via the Username parameter of the eucsAdmin login form. -- Apr 27, 2023
CVE-2023-29835 Insecure Permission vulnerability found in Wondershare Dr.Fone v.12.9.6 allows a remote attacker to escalate privileges via the service permission function. -- Apr 27, 2023
CVE-2023-29827 ** DISPUTED ** ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter. NOTE: this is disputed by the vendor because the render function is not intended to be used with untrusted input. -- May 4, 2023
CVE-2023-29820 ** DISPUTED ** An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to access sensitive information via the EXE installer. NOTE: the vendor\'s perspective is that this is not a separate vulnerability relative to CVE-2023-29818 and CVE-2023-29819. -- May 12, 2023
CVE-2023-29819 An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via a crafted payload. -- May 12, 2023
CVE-2023-29818 An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via the default allowlist feature being stored as non-admin. -- May 12, 2023
CVE-2023-29815 mccms v2.6.3 is vulnerable to Cross Site Request Forgery (CSRF). -- Apr 28, 2023
CVE-2023-29809 SQL injection vulnerability found in Maximilian Vogt companymaps (cmaps) v.8.0 allows a remote attacker to execute arbitrary code via a crafted script in the request. -- May 12, 2023
CVE-2023-29808 Cross Site Scripting (XSS) vulnerability in vogtmh cmaps (companymaps) 8.0 allows attackers to execute arbitrary code. -- May 12, 2023
CVE-2023-29805 WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerability via the pro_stor_canceltrans_handler_part_19 function. -- Apr 14, 2023
CVE-2023-29804 WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerability via the sys_smb_pwdmod function. -- Apr 14, 2023
CVE-2023-29803 TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the pid parameter in the disconnectVPN function. -- Apr 14, 2023
CVE-2023-29802 TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function. -- Apr 14, 2023
CVE-2023-29801 TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain multiple command injection vulnerabilities via the rtLogEnabled and rtLogServer parameters in the setSyslogCfg function. -- Apr 14, 2023
CVE-2023-29800 TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function. -- Apr 14, 2023
CVE-2023-29799 TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function. -- Apr 14, 2023
CVE-2023-29798 TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function. -- Apr 14, 2023
CVE-2023-29791 kodbox <= 1.37 is vulnerable to Cross Site Scripting (XSS) via the debug information. -- May 11, 2023
CVE-2023-29790 kodbox 1.2.x through 1.3.7 has a Sensitive Information Leakage issue. -- May 12, 2023
CVE-2023-29780 Third Reality Smart Blind 1.00.54 contains a denial-of-service vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes. -- Apr 25, 2023
CVE-2023-29779 Sengled Dimmer Switch V0.0.9 contains a denial of service (DOS) vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes. After receiving the malicious command, the device will keep reporting its status and finally drain its battery after receiving the \'Set_short_poll_interval\' command. -- Apr 25, 2023
CVE-2023-29778 GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection via /usr/lib/oui-httpd/rpc/logread. -- May 3, 2023
CVE-2023-29774 Dreamer CMS 3.0.1 is vulnerable to stored Cross Site Scripting (XSS). -- Apr 18, 2023
CVE-2023-29772 A Cross-site scripting (XSS) vulnerability in the System Log/General Log page of the administrator web UI in ASUS RT-AC51U wireless router firmware version up to and including 3.0.0.4.380.8591 allows remote attackers to inject arbitrary web script or HTML via a malicious network request. -- May 2, 2023
CVE-2023-29746 An issue found in The Thaiger v.1.2 for Android allows unauthorized apps to cause a code execution attack by manipulating the SharedPreference files. -- Jun 2, 2023
CVE-2023-29745 An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a persistent denial of service attack by manipulating the database. -- May 31, 2023
CVE-2023-29743 An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a persistent denial of service attack by manipulating the database. -- May 30, 2023
CVE-2023-29742 An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a code execution attack by manipulating the database. -- May 31, 2023
CVE-2023-29741 An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause an escalation of privileges attack by manipulating the database. -- May 30, 2023
CVE-2023-29740 An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android allows unauthorized apps to cause a denial of service attack by manipulating the database. -- May 30, 2023
CVE-2023-29739 An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the component. -- May 30, 2023
CVE-2023-29738 An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android allows a local attacker to cause code execution and escalation of Privileges via the database files. -- May 30, 2023
CVE-2023-29737 An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android allows a local attacker to cause a denial of service via the database files. -- May 30, 2023
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online