Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 98530 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2022-44142 Samba: This vulnerability allows remote attackers to execute arbitrary code as root on affected Samba installations that use the VFS module vfs_fruit. -- Feb 1, 2022 n/a
CVE-2022-30781 Gitea before 1.6.7 does not escape git fetch remote. -- May 16, 2022 n/a
CVE-2022-30779 Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution via an unserialize pop chain in __destruct in GuzzleHttp\\Cookie\\FileCookieJar.php. -- May 16, 2022 n/a
CVE-2022-30778 Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution via an unserialize pop chain in __destruct in Illuminate\\Broadcasting\\PendingBroadcast.php and dispatch($command) in Illuminate\\Bus\\QueueingDispatcher.php. -- May 16, 2022 n/a
CVE-2022-30775 xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE_CXX_COMPILER=afl-clang-fast++ option. -- May 16, 2022 n/a
CVE-2022-30770 Terminalfour before 8.3.8 allows XSS, aka RDSM-31817. 8.2.18.2.1 and 8.2.18.5 are also fixed versions. -- May 16, 2022 n/a
CVE-2022-30767 nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196. LOW May 16, 2022 n/a
CVE-2022-30765 Calibre-Web before 0.6.18 allows user table SQL Injection. -- May 16, 2022 n/a
CVE-2022-30763 Janet before 1.22.0 mishandles arrays. -- May 16, 2022 n/a
CVE-2022-30708 Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter. -- May 15, 2022 n/a
CVE-2022-30594 The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. -- May 12, 2022 n/a
CVE-2022-30592 liblsquic/lsquic_qenc_hdl.c in LiteSpeed QUIC (aka LSQUIC) before 3.1.0 mishandles MAX_TABLE_CAPACITY. -- May 12, 2022 n/a
CVE-2022-30557 Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution. -- May 12, 2022 n/a
CVE-2022-30525 A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device. -- May 12, 2022 n/a
CVE-2022-30524 There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by (for example) sending a crafted pdf file to the pdftotext binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. -- May 9, 2022 n/a
CVE-2022-30489 WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi. -- May 13, 2022 n/a
CVE-2022-30453 ShopWind <= 3.4.2 has a RCE vulnerability in Database.php -- May 11, 2022 n/a
CVE-2022-30452 ShopWind <= v3.4.2 has a Sql injection vulnerability in Database.php -- May 11, 2022 n/a
CVE-2022-30451 An authenticated user could execute code via a SQLi vulnerability in waimairenCMS before version 9.1. -- May 12, 2022 n/a
CVE-2022-30450 A Remote Code Execution (RCE) vulnerability exists in waimairen 9.1 via wx.php -- May 12, 2022 n/a
CVE-2022-30449 Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in room.php. -- May 12, 2022 n/a
CVE-2022-30448 Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a File upload vulnerability in treatmentrecord.php. -- May 12, 2022 n/a
CVE-2022-30417 Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via ctpms/admin/?page=user/manage_user&id=. -- May 13, 2022 n/a
CVE-2022-30415 Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/applications/update_status.php?id=. -- May 13, 2022 n/a
CVE-2022-30414 Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/?page=applications/view_application&id=. -- May 13, 2022 n/a
CVE-2022-30413 Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=delete_application. -- May 13, 2022 n/a
CVE-2022-30412 Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/individuals/update_status.php?id=. -- May 13, 2022 n/a
CVE-2022-30411 Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/?page=individuals/view_individual&id=. -- May 13, 2022 n/a
CVE-2022-30408 Covid-19 Travel Pass Management System v1.0 is vulnerable to file deletion via /ctpms/classes/Master.php?f=delete_img. -- May 13, 2022 n/a
CVE-2022-30407 Pharmacy Sales And Inventory System v1.0 is vulnerable to SQL Injection via /pharmacy-sales-and-inventory-system/manage_user.php?id=. -- May 13, 2022 n/a
CVE-2022-30404 College Management System v1.0 is vulnerable to SQL Injection via /College_Management_System/admin/display-teacher.php?teacher_id=. -- May 13, 2022 n/a
CVE-2022-30403 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/?p=products&c=. -- May 13, 2022 n/a
CVE-2022-30402 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=maintenance/manage_sub_category&id=. -- May 13, 2022 n/a
CVE-2022-30401 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/?p=view_product&id=. -- May 13, 2022 n/a
CVE-2022-30400 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/orders/view_order.php?view=user&id=. -- May 13, 2022 n/a
CVE-2022-30399 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=maintenance/manage_category&id=. -- May 13, 2022 n/a
CVE-2022-30398 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=orders/view_order&id=. -- May 13, 2022 n/a
CVE-2022-30396 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=inventory/manage_inventory&id=. -- May 13, 2022 n/a
CVE-2022-30395 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_cart. -- May 13, 2022 n/a
CVE-2022-30393 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=product/manage_product&id=. -- May 13, 2022 n/a
CVE-2022-30392 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_sub_category. -- May 13, 2022 n/a
CVE-2022-30391 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_category. -- May 13, 2022 n/a
CVE-2022-30387 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=pay_order. -- May 13, 2022 n/a
CVE-2022-30386 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_featured. -- May 13, 2022 n/a
CVE-2022-30385 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_order. -- May 13, 2022 n/a
CVE-2022-30384 Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_inventory. -- May 13, 2022 n/a
CVE-2022-30381 Merchandise Online Store v1.0 is vulnerable to file deletion via /vloggers_merch/classes/Master.php?f=delete_img. -- May 13, 2022 n/a
CVE-2022-30379 Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/?page=user/manage_user&id=. -- May 13, 2022 n/a
CVE-2022-30378 Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/?page=posts/view_post&id=. -- May 13, 2022 n/a
CVE-2022-30376 Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/members/view_member.php?id=. -- May 13, 2022 n/a
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online