Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 136717 entries
IDDescriptionPriorityModified date
CVE-2021-41456 There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1004 in the nhmldmx_send_sample() function szXmlTo parameter which leads to a denial of service vulnerability. MEDIUM Oct 7, 2021
CVE-2021-41428 Insecure permissions in Update Manager <= 5.8.0.2300 and DFL <= 12.5.1001.5 in DATEV programs v14.1 allows attacker to escalate privileges via insufficient configuration of service components. HIGH Sep 23, 2021
CVE-2021-41395 Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted database name or username. MEDIUM Sep 20, 2021
CVE-2021-41394 Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows alteration of build artifacts in some situations. MEDIUM Sep 20, 2021
CVE-2021-41393 Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations. HIGH Sep 20, 2021
CVE-2021-41392 static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal Electron API. HIGH Sep 17, 2021
CVE-2021-41391 In Ericsson ECM before 18.0, it was observed that Security Management Endpoint in User Profile Management Section is vulnerable to stored XSS via a name, leading to session hijacking and full account takeover. LOW Sep 17, 2021
CVE-2021-41390 In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection. MEDIUM Sep 17, 2021
CVE-2021-41387 seatd-launch in seatd 0.6.x before 0.6.2 allows privilege escalation because it uses execlp and may be installed setuid root. HIGH Sep 17, 2021
CVE-2021-41385 The third party intelligence connector in Securonix SNYPR 6.3.1 Build 184295_0302 allows an authenticated user to obtain access to server configuration details via SSRF. MEDIUM Oct 5, 2021
CVE-2021-41383 setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute arbitrary shell commands via shell metacharacters in the ntp_server field. HIGH Sep 17, 2021
CVE-2021-41382 Plastic SCM before 10.0.16.5622 mishandles the WebAdmin server management interface. MEDIUM Sep 22, 2021
CVE-2021-41381 Payara Micro Community 5.2021.6 and below allows Directory Traversal. MEDIUM Sep 23, 2021
CVE-2021-41380 RealVNC Viewer 6.21.406 allows remote VNC servers to cause a denial of service (application crash) via crafted RFB protocol data. MEDIUM Sep 17, 2021
CVE-2021-41363 Intune Management Extension Security Feature Bypass Vulnerability -- Oct 13, 2021
CVE-2021-41361 Active Directory Federation Server Spoofing Vulnerability -- Oct 13, 2021
CVE-2021-41357 Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40449, CVE-2021-40450. -- Oct 13, 2021
CVE-2021-41355 .NET Core and Visual Studio Information Disclosure Vulnerability -- Oct 13, 2021
CVE-2021-41354 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability -- Oct 13, 2021
CVE-2021-41353 Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability -- Oct 13, 2021
CVE-2021-41352 SCOM Information Disclosure Vulnerability -- Oct 13, 2021
CVE-2021-41350 Microsoft Exchange Server Spoofing Vulnerability -- Oct 13, 2021
CVE-2021-41348 Microsoft Exchange Server Elevation of Privilege Vulnerability -- Oct 13, 2021
CVE-2021-41347 Windows AppX Deployment Service Elevation of Privilege Vulnerability -- Oct 14, 2021
CVE-2021-41346 Console Window Host Security Feature Bypass Vulnerability -- Oct 13, 2021
CVE-2021-41345 Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26441, CVE-2021-40478, CVE-2021-40488, CVE-2021-40489. -- Oct 14, 2021
CVE-2021-41344 Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40487. -- Oct 13, 2021
CVE-2021-41343 Windows Fast FAT File System Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-38662. -- Oct 13, 2021
CVE-2021-41342 Windows MSHTML Platform Remote Code Execution Vulnerability -- Oct 13, 2021
CVE-2021-41340 Windows Graphics Component Remote Code Execution Vulnerability -- Oct 13, 2021
CVE-2021-41339 Microsoft DWM Core Library Elevation of Privilege Vulnerability -- Oct 13, 2021
CVE-2021-41338 Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability -- Oct 13, 2021
CVE-2021-41337 Active Directory Security Feature Bypass Vulnerability -- Oct 13, 2021
CVE-2021-41336 Windows Kernel Information Disclosure Vulnerability -- Oct 13, 2021
CVE-2021-41335 Windows Kernel Elevation of Privilege Vulnerability -- Oct 13, 2021
CVE-2021-41334 Windows Desktop Bridge Elevation of Privilege Vulnerability -- Oct 13, 2021
CVE-2021-41332 Windows Print Spooler Information Disclosure Vulnerability -- Oct 13, 2021
CVE-2021-41331 Windows Media Audio Decoder Remote Code Execution Vulnerability -- Oct 13, 2021
CVE-2021-41330 Microsoft Windows Media Foundation Remote Code Execution Vulnerability -- Oct 13, 2021
CVE-2021-41329 Datalust Seq before 2021.2.6259 allows users (with view filters applied to their accounts) to see query results not constrained by their view filter. This information exposure, caused by an internal cache key collision, occurs when the user\'s view filter includes an array or IN clause, and when another user has recently executed an identical query differing only by the array elements. MEDIUM Oct 6, 2021
CVE-2021-41326 In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call. HIGH Sep 17, 2021
CVE-2021-41325 Broken access control for user creation in Pydio Cells 2.2.9 allows remote anonymous users to create standard users via the profile parameter. (In addition, such users can be granted several admin permissions via the Roles parameter.) MEDIUM Oct 7, 2021
CVE-2021-41324 Directory traversal in the Copy, Move, and Delete features in Pydio Cells 2.2.9 allows remote authenticated users to enumerate personal files (or Cells files belonging to any user) via the nodes parameter (for Copy and Move) or via the Path parameter (for Delete). MEDIUM Oct 7, 2021
CVE-2021-41323 Directory traversal in the Compress feature in Pydio Cells 2.2.9 allows remote authenticated users to overwrite personal files, or Cells files belonging to any user, via the format parameter. MEDIUM Oct 7, 2021
CVE-2021-41322 Poly VVX 400/410 through 5.3.1 allows low-privileged users to change the Admin password by modifying a POST parameter to 120 during the password reset process. MEDIUM Oct 4, 2021
CVE-2021-41320 A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4.83 (64-bit edition) with higher privilege than the average authenticated user. -- Oct 15, 2021
CVE-2021-41318 In Progress WhatsUp Gold prior to version 21.1.0, an application endpoint failed to adequately sanitize malicious input. which could allow an unauthenticated attacker to execute arbitrary code in a victim\'s browser. MEDIUM Oct 7, 2021
CVE-2021-41317 XSS Hunter Express before 2021-09-17 does not properly enforce authentication requirements for paths. HIGH Sep 17, 2021
CVE-2021-41316 The Device42 Main Appliance before 17.05.01 does not sanitize user input in its Nmap Discovery utility. An attacker (with permissions to add or edit jobs run by this utility) can inject an extra argument to overwrite arbitrary files as the root user on the Remote Collector. HIGH Sep 17, 2021
CVE-2021-41315 The Device42 Remote Collector before 17.05.01 does not sanitize user input in its SNMP Connectivity utility. This allows an authenticated attacker (with access to the console application) to execute arbitrary OS commands and escalate privileges. HIGH Sep 17, 2021
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online