Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 164176 entries
IDDescriptionPriorityModified date
CVE-2022-42113 A Cross-site scripting (XSS) vulnerability in Document Library module in Liferay Portal 7.4.3.30 through 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote attackers to inject arbitrary web script or HTML via the `redirect` parameter. -- Oct 20, 2022
CVE-2022-42112 A Cross-site scripting (XSS) vulnerability in the Portal Search module\'s Sort widget in Liferay Portal 7.2.0 through 7.4.3.24, and Liferay DXP 7.2 before fix pack 19, 7.3 before update 5, and DXP 7.4 before update 25 allows remote attackers to inject arbitrary web script or HTML via a crafted payload. -- Oct 20, 2022
CVE-2022-42111 A Cross-site scripting (XSS) vulnerability in the Sharing module\'s user notification in Liferay Portal 7.2.1 through 7.4.2, and Liferay DXP 7.2 before fix pack 19, and 7.3 before update 4 allows remote attackers to inject arbitrary web script or HTML by sharing an asset with a crafted payload. -- Nov 17, 2022
CVE-2022-42110 A Cross-site scripting (XSS) vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML. -- Nov 17, 2022
CVE-2022-42109 Online-shopping-system-advanced 1.0 was discovered to contain a SQL injection vulnerability via the p parameter at /shopping/product.php. -- Nov 30, 2022
CVE-2022-42100 KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location input reply-form. -- Nov 30, 2022
CVE-2022-42099 KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location Forum Subject input. -- Nov 30, 2022
CVE-2022-42098 KLiK SocialMediaWebsite version v1.0.1 is vulnerable to SQL Injection via the profile.php. -- Nov 23, 2022
CVE-2022-42097 Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via \'Comment.\' . -- Nov 23, 2022
CVE-2022-42096 Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via Post content. -- Nov 23, 2022
CVE-2022-42095 Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Page content. -- Nov 25, 2022
CVE-2022-42094 Backdrop CMS version 1.23.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the \'Card\' content. -- Nov 23, 2022
CVE-2022-42092 Backdrop CMS 1.22.0 has Unrestricted File Upload vulnerability via \'themes\' that allows attackers to Remote Code Execution. -- Oct 9, 2022
CVE-2022-42087 Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. -- Oct 14, 2022
CVE-2022-42086 Tenda AX1803 US_AX1803v2.0br_v1.0.0.1_2994_CN_ZGYD01_4 is vulnerable to Cross Site Request Forgery (CSRF) via function TendaAteMode. -- Oct 14, 2022
CVE-2022-42081 Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via sched_end_time parameter. -- Oct 14, 2022
CVE-2022-42080 Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a heap overflow via sched_start_time parameter. -- Oct 14, 2022
CVE-2022-42079 Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to contain a stack overflow via the function formWifiBasicSet. -- Oct 14, 2022
CVE-2022-42078 Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolRestoreSet. -- Oct 14, 2022
CVE-2022-42077 Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot. -- Oct 14, 2022
CVE-2022-42075 Wedding Planner v1.0 is vulnerable to arbitrary code execution. -- Oct 7, 2022
CVE-2022-42074 Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editcategory.php?id=. -- Oct 7, 2022
CVE-2022-42073 Online Diagnostic Lab Management System v1.0 is vulnerable to SQL Injection via /diagnostic/editclient.php?id=. -- Oct 7, 2022
CVE-2022-42071 Online Birth Certificate Management System version 1.0 suffers from a Cross Site Scripting (XSS) Vulnerability. -- Oct 14, 2022
CVE-2022-42070 Online Birth Certificate Management System version 1.0 is vulnerable to Cross Site Request Forgery (CSRF). -- Oct 14, 2022
CVE-2022-42069 Online Birth Certificate Management System version 1.0 suffers from a persistent Cross Site Scripting (XSS) vulnerability. -- Oct 15, 2022
CVE-2022-42067 Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object Reference (IDOR) vulnerability -- Oct 14, 2022
CVE-2022-42066 Online Examination System version 1.0 suffers from a cross site scripting vulnerability via index.php. -- Oct 15, 2022
CVE-2022-42064 Online Diagnostic Lab Management System version 1.0 remote exploit that bypasses login with SQL injection and then uploads a shell. -- Oct 15, 2022
CVE-2022-42060 Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setWanPpoe function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. -- Nov 18, 2022
CVE-2022-42058 Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a stack overflow via the setRemoteWebManage function. This vulnerability allows attackers to cause a Denial of Service (DoS) via crafted overflow data. -- Nov 18, 2022
CVE-2022-42055 Multiple command injection vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 via the ping and traceroute tools allow attackers to read arbitrary files on the system. -- Oct 27, 2022
CVE-2022-42054 Multiple stored cross-site scripting (XSS) vulnerabilities in GL.iNet GoodCloud IoT Device Management System Version 1.00.220412.00 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Company Name and Description text fields. -- Oct 27, 2022
CVE-2022-42053 Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the PortMappingServer parameter in the setPortMapping function. -- Nov 18, 2022
CVE-2022-42044 The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0. -- Oct 13, 2022
CVE-2022-42043 The d8s-xml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-html package. The affected version is 0.1.0. -- Oct 13, 2022
CVE-2022-42042 The d8s-networking package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0. -- Oct 13, 2022
CVE-2022-42041 The d8s-file-system package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0. -- Oct 13, 2022
CVE-2022-42040 The d8s-algorithms package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0. -- Oct 13, 2022
CVE-2022-42039 The d8s-lists package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-dicts package. The affected version is 0.1.0. -- Oct 13, 2022
CVE-2022-42038 The d8s-ip-addresses package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. -- Oct 13, 2022
CVE-2022-42037 The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. -- Oct 13, 2022
CVE-2022-42036 The d8s-urls package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. -- Oct 13, 2022
CVE-2022-42034 Wedding Planner v1.0 is vulnerable to arbitrary code execution via users_profile.php. -- Oct 11, 2022
CVE-2022-42029 Chamilo 1.11.16 is affected by an authenticated local file inclusion vulnerability which allows authenticated users with access to \'big file uploads\' to copy/move files from anywhere in the file system into the web directory. -- Oct 19, 2022
CVE-2022-42021 Best Student Result Management System v1.0 is vulnerable to SQL Injection via /upresult/upresult/notice-details.php?nid=. -- Oct 21, 2022
CVE-2022-42012 An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format. -- Oct 8, 2022
CVE-2022-42011 An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type. -- Oct 8, 2022
CVE-2022-42010 An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures. -- Oct 8, 2022
CVE-2022-42004 In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. -- Oct 4, 2022
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online