Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 164176 entries
IDDescriptionPriorityModified date
CVE-2022-44740 Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Creative Mail plugin <= 1.5.4 on WordPress. -- Nov 20, 2022
CVE-2022-44737 Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Security (AIOS) – Security and Firewall (WordPress plugin) <= 5.1.0 on WordPress. -- Nov 22, 2022
CVE-2022-44736 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Chameleon plugin <= 1.4.3 on WordPress. -- Nov 18, 2022
CVE-2022-44733 Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900. -- Nov 8, 2022
CVE-2022-44732 Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900. -- Nov 8, 2022
CVE-2022-44727 The EU Cookie Law GDPR (Banner + Blocker) module before 2.1.3 for PrestaShop allows SQL Injection via a cookie ( lgcookieslaw or __lglaw ). -- Nov 10, 2022
CVE-2022-44725 OPC Foundation Local Discovery Server (LDS) through 1.04.403.478 uses a hard-coded file path to a configuration file. This allows a normal user to create a malicious file that is loaded by LDS (running as a high-privilege user). -- Nov 18, 2022
CVE-2022-44724 The Handy Tip macro in Stiltsoft Handy Macros for Confluence Server/Data Center 3.x before 3.5.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability. -- Nov 4, 2022
CVE-2022-44721 CrowdStrike Falcon 6.44.15806 allows an administrative attacker to uninstall Falcon Sensor, bypassing the intended protection mechanism in which uninstallation requires possessing a one-time token. (The sensor is managed at the kernel level.) -- Dec 4, 2022
CVE-2022-44646 In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user\'s settings -- Nov 3, 2022
CVE-2022-44641 In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service. -- Nov 18, 2022
CVE-2022-44638 In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y. -- Nov 5, 2022
CVE-2022-44635 Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code. This issue affects Apache Fineract version 1.8.0 and prior versions. We recommend users to upgrade to 1.8.1. -- Dec 1, 2022
CVE-2022-44634 Auth. (admin+) Arbitrary File Read vulnerability in S2W – Import Shopify to WooCommerce plugin <= 1.1.12 on WordPress. -- Nov 20, 2022
CVE-2022-44628 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in JumpDEMAND Inc. 4ECPS Web Forms plugin <= 0.2.17 on WordPress. -- Nov 4, 2022
CVE-2022-44627 Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO plugin <= 1.8.12 on WordPress allows attackers to create or delete sitemaps. -- Nov 4, 2022
CVE-2022-44624 In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters -- Nov 3, 2022
CVE-2022-44623 In JetBrains TeamCity version before 2022.10, Project Viewer could see scrambled secure values in the MetaRunner settings -- Nov 3, 2022
CVE-2022-44622 In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive -- Nov 4, 2022
CVE-2022-44591 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anthologize plugin <= 0.8.0 on WordPress. -- Nov 18, 2022
CVE-2022-44590 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in James Lao\'s Simple Video Embedder plugin <= 2.2 on WordPress. -- Nov 10, 2022
CVE-2022-44586 Auth. (admin+) Stored Cross-Site Scripting (XSS) in Ayoub Media AM-HiLi plugin <= 1.0 on WordPress. -- Nov 4, 2022
CVE-2022-44584 Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress. -- Nov 20, 2022
CVE-2022-44583 Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress. -- Nov 20, 2022
CVE-2022-44577 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. -- Nov 18, 2022
CVE-2022-44576 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in AgentEasy Properties plugin <= 1.0.4 on WordPress. -- Nov 4, 2022
CVE-2022-44563 There is a race condition vulnerability in SD upgrade mode. Successful exploitation of this vulnerability may affect data confidentiality. -- Nov 10, 2022
CVE-2022-44562 The system framework layer has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation. -- Nov 10, 2022
CVE-2022-44561 The preset launcher module has a permission verification vulnerability. Successful exploitation of this vulnerability makes unauthorized apps add arbitrary widgets and shortcuts without interaction. -- Nov 9, 2022
CVE-2022-44560 The launcher module has an Intent redirection vulnerability. Successful exploitation of this vulnerability may cause launcher module data to be modified. -- Nov 9, 2022
CVE-2022-44559 The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation. -- Nov 9, 2022
CVE-2022-44558 The AMS module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation. -- Nov 9, 2022
CVE-2022-44557 The SmartTrimProcessEvent module has a vulnerability of obtaining the read and write permissions on arbitrary system files. Successful exploitation of this vulnerability may affect data confidentiality. -- Nov 9, 2022
CVE-2022-44556 Missing parameter type validation in the DRM module. Successful exploitation of this vulnerability may affect availability. -- Nov 9, 2022
CVE-2022-44555 The DDMP/ODMF module has a service hijacking vulnerability. Successful exploit of this vulnerability may cause services to be unavailable. -- Nov 9, 2022
CVE-2022-44554 The power module has a vulnerability in permission verification. Successful exploitation of this vulnerability may cause abnormal status of a module on the device. -- Nov 9, 2022
CVE-2022-44553 The HiView module has a vulnerability of not filtering third-party apps out when the HiView module traverses to invoke the system provider. Successful exploitation of this vulnerability may cause third-party apps to start periodically. -- Nov 9, 2022
CVE-2022-44552 The lock screen module has defects introduced in the design process. Successful exploitation of this vulnerability may affect system availability. -- Nov 9, 2022
CVE-2022-44551 The iaware module has a vulnerability in thread security. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability. -- Nov 9, 2022
CVE-2022-44550 The graphics display module has a UAF vulnerability when traversing graphic layers. Successful exploitation of this vulnerability may affect system availability. -- Nov 10, 2022
CVE-2022-44549 The LBS module has a vulnerability in geofencing API access. Successful exploitation of this vulnerability may cause third-party apps to access the geofencing APIs without authorization, affecting user confidentiality. -- Nov 10, 2022
CVE-2022-44548 There is a vulnerability in permission verification during the Bluetooth pairing process. Successful exploitation of this vulnerability may cause the dialog box for confirming the pairing not to be displayed during Bluetooth pairing. -- Nov 10, 2022
CVE-2022-44547 The Display Service module has a UAF vulnerability. Successful exploitation of this vulnerability may affect the display service availability. -- Nov 10, 2022
CVE-2022-44546 The kernel module has the vulnerability that the mapping is not cleared after the memory is automatically released. Successful exploitation of this vulnerability may cause a system restart. -- Nov 10, 2022
CVE-2022-44544 Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript. -- Nov 6, 2022
CVE-2022-44542 lesspipe before 2.06 allows attackers to execute code via Perl Storable (pst) files, because of deserialized object destructor execution via a key/value pair in a hash. -- Nov 1, 2022
CVE-2022-44457 A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML Module (Mendix 7 compatible) (All versions >= V1.17.0), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML Module (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.2), Mendix SAML Module (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML Module (Mendix 9 compatible, New Track) (All versions >= V3.3.1 < V3.3.5), Mendix SAML Module (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0), Mendix SAML Module (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.4). Affected versions of the module insufficiently protect from packet capture replay, only when the not recommended, non default configuration option `\'Allow Idp Initiated Authentication\'` is enabled. This CVE entry describes the incomplete fix for CVE-2022-37011 in a specific non default configuration. -- Nov 9, 2022
CVE-2022-44415 Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/mechanics/view_mechanic.php?id=. -- Nov 20, 2022
CVE-2022-44414 Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/services/manage_service.php?id=. -- Nov 20, 2022
CVE-2022-44413 Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/mechanics/manage_mechanic.php?id=. -- Nov 20, 2022
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online