Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 150584 entries
IDDescriptionPriorityModified date
CVE-2022-29854 A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, versions 1.8 (1.8.0.12) and earlier, could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution. -- May 13, 2022
CVE-2022-29849 In Progress OpenEdge before 11.7.14 and 12.x before 12.2.9, certain SUID binaries within the OpenEdge application were susceptible to privilege escalation. If exploited, a local attacker could elevate their privileges and compromise the affected system. HIGH May 2, 2022
CVE-2022-29848 In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read sensitive operating-system attributes from a host that is accessible by the WhatsUp Gold system. -- May 11, 2022
CVE-2022-29847 In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold user credentials to an arbitrary host. -- May 11, 2022
CVE-2022-29846 In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to obtain the WhatsUp Gold installation serial number. -- May 11, 2022
CVE-2022-29845 In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file. -- May 11, 2022
CVE-2022-29824 In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don\'t check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2\'s buffer functions, for example libxslt through 1.1.35, is affected as well. MEDIUM May 7, 2022
CVE-2022-29821 In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possible MEDIUM May 5, 2022
CVE-2022-29820 In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible LOW May 5, 2022
CVE-2022-29819 In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible MEDIUM May 5, 2022
CVE-2022-29818 In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed LOW May 5, 2022
CVE-2022-29817 In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible MEDIUM May 5, 2022
CVE-2022-29816 In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible LOW May 5, 2022
CVE-2022-29815 In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible MEDIUM May 5, 2022
CVE-2022-29814 In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible MEDIUM May 5, 2022
CVE-2022-29813 In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible MEDIUM May 5, 2022
CVE-2022-29812 In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient LOW May 5, 2022
CVE-2022-29811 In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible. LOW May 5, 2022
CVE-2022-29810 The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter. LOW May 5, 2022
CVE-2022-29806 ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability. HIGH May 6, 2022
CVE-2022-29800 networkd-dispatcher: Time-of-check-time-of-use (TOCTOU) race condition -- May 3, 2022
CVE-2022-29799 networkd-dispatcher: Directory traversal -- May 3, 2022
CVE-2022-29796 The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services. -- May 13, 2022
CVE-2022-29795 The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of this vulnerability will affect the kernel availability. -- May 13, 2022
CVE-2022-29794 The frame scheduling module has a Use After Free (UAF) vulnerability.Successful exploitation of this vulnerability will affect data integrity, availability, and confidentiality. -- May 13, 2022
CVE-2022-29793 There is a configuration defect in the activation lock of mobile phones.Successful exploitation of this vulnerability may affect application availability. -- May 13, 2022
CVE-2022-29792 The chip component has a vulnerability of disclosing CPU SNs.Successful exploitation of this vulnerability may affect data confidentiality. -- May 13, 2022
CVE-2022-29791 The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services. -- May 13, 2022
CVE-2022-29790 The graphics acceleration service has a vulnerability in multi-thread access to the database.Successful exploitation of this vulnerability may cause service exceptions. -- May 13, 2022
CVE-2022-29789 The HiAIserver has a vulnerability in verifying the validity of the properties used in the model.Successful exploitation of this vulnerability will affect AI services. -- May 13, 2022
CVE-2022-29751 Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_client. -- May 12, 2022
CVE-2022-29750 Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_service. -- May 12, 2022
CVE-2022-29749 Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_invoice. -- May 12, 2022
CVE-2022-29748 Simple Client Management System 1.0 is vulnerable to SQL Injection via \\cms\\admin?page=client/manage_client&id=. -- May 12, 2022
CVE-2022-29747 Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/manage_invoice&id= // Leak place ---> id. -- May 12, 2022
CVE-2022-29746 Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/classes/Users.php?f=delete. -- May 12, 2022
CVE-2022-29745 Money Transfer Management System 1.0 is vulnerable to SQL Injection via \\mtms\\classes\\Master.php?f=delete_transaction. -- May 12, 2022
CVE-2022-29741 Money Transfer Management System 1.0 is vulnerable to SQL Injection via \\mtms\\classes\\Master.php?f=delete_fee. -- May 12, 2022
CVE-2022-29739 Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=user/manage_user&id=. -- May 12, 2022
CVE-2022-29738 Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=transaction/send&id=, id. -- May 12, 2022
CVE-2022-29728 Survey Sparrow Enterprise Survey Software 2022 has a Reflected cross-site scripting (XSS) vulnerability in the test parameter. -- May 11, 2022
CVE-2022-29727 Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site scripting (XSS) vulnerability in the Signup parameter. -- May 11, 2022
CVE-2022-29701 A lack of rate limiting in the \'forgot password\' feature of Zammad v5.1.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages. MEDIUM May 5, 2022
CVE-2022-29700 A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service (DoS) during password verification. MEDIUM May 5, 2022
CVE-2022-29656 Wedding Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Wedding-Management/package_detail.php. -- May 11, 2022
CVE-2022-29655 An arbitrary file upload vulnerability in the Upload Photos module of Wedding Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. -- May 11, 2022
CVE-2022-29616 SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption. -- May 11, 2022
CVE-2022-29613 Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number. On successful exploitation, the attacker can view personal details of other users causing a limited impact on confidentiality of the application. -- May 11, 2022
CVE-2022-29611 SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. -- May 11, 2022
CVE-2022-29610 SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete (theme) data, which could result in Stored Cross-Site Scripting (XSS) attack. -- May 11, 2022
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online