Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 171507 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2019-12474 Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. MEDIUM Jul 11, 2019 n/a
CVE-2019-12473 Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. MEDIUM Jul 16, 2019 n/a
CVE-2019-12471 Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. MEDIUM Jul 16, 2019 n/a
CVE-2019-12466 Wikimedia MediaWiki through 1.32.1 allows CSRF. MEDIUM Jul 11, 2019 n/a
CVE-2019-12470 Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. MEDIUM Jul 16, 2019 n/a
CVE-2020-36324 Wikimedia Quarry analytics-quarry-web before 2020-12-15 allows Reflected XSS because app.py does not explicitly set the application/json content type. MEDIUM Apr 21, 2021 n/a
CVE-2022-36080 Wikmd is a file based wiki that uses markdown. Prior to version 1.7.1, an attacker could capture user\'s session cookies or execute malicious Javascript when a victim edits a markdown file. Version 1.7.1 fixes this issue. -- Sep 12, 2022 n/a
CVE-2022-36081 Wikmd is a file based wiki that uses markdown. Prior to version 1.7.1, Wikmd is vulnerable to path traversal when accessing `/list/<path:folderpath>` and discloses lists of files located on the server including sensitive data. Version 1.7.1 fixes this issue. -- Sep 12, 2022 n/a
CVE-2018-10862 WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the \'Zip Slip\' vulnerability. MEDIUM Jul 28, 2018 n/a
CVE-2022-3143 wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user. -- Jan 13, 2023 n/a
CVE-2022-47635 Wildix WMS 6 before 6.02.20221216, WMS 5 before 5.04.20221214, and WMS4 before 4.04.45396.23 allows Server-side request forgery (SSRF) via ZohoClient.php. -- Dec 21, 2022 n/a
CVE-2017-3216 WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request. HIGH Jun 19, 2017 n/a
CVE-2022-23922 WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the Program Announcer directory and elevate permissions whenever the program is executed. MEDIUM Feb 25, 2022 n/a
CVE-2022-23104 WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the program Operator Workspace directory, which holds DLL files and executables. A low-privilege attacker could write a malicious DLL file to the Operator Workspace directory to achieve privilege escalation and the permissions of the user running the program. MEDIUM Feb 25, 2022 n/a
CVE-2022-24485 Win32 File Enumeration Remote Code Execution Vulnerability MEDIUM Apr 15, 2022 n/a
CVE-2022-24508 Win32 File Enumeration Remote Code Execution Vulnerability MEDIUM Mar 9, 2022 n/a
CVE-2022-24534 Win32 Stream Enumeration Remote Code Execution Vulnerability MEDIUM Apr 15, 2022 n/a
CVE-2022-21983 Win32 Stream Enumeration Remote Code Execution Vulnerability MEDIUM Apr 15, 2022 n/a
CVE-2024-30038 Win32k Elevation of Privilege Vulnerability -- May 14, 2024 n/a
CVE-2024-30030 Win32k Elevation of Privilege Vulnerability -- May 14, 2024 n/a
CVE-2024-30028 Win32k Elevation of Privilege Vulnerability -- May 14, 2024 n/a
CVE-2024-26241 Win32k Elevation of Privilege Vulnerability -- Apr 9, 2024 n/a
CVE-2024-21346 Win32k Elevation of Privilege Vulnerability -- Feb 13, 2024 n/a
CVE-2024-20686 Win32k Elevation of Privilege Vulnerability -- Jan 9, 2024 n/a
CVE-2024-20683 Win32k Elevation of Privilege Vulnerability -- Jan 9, 2024 n/a
CVE-2023-36011 Win32k Elevation of Privilege Vulnerability -- Dec 12, 2023 n/a
CVE-2023-35631 Win32k Elevation of Privilege Vulnerability -- Dec 12, 2023 n/a
CVE-2023-41772 Win32k Elevation of Privilege Vulnerability -- Oct 10, 2023 n/a
CVE-2023-36776 Win32k Elevation of Privilege Vulnerability -- Oct 10, 2023 n/a
CVE-2023-36743 Win32k Elevation of Privilege Vulnerability -- Oct 10, 2023 n/a
CVE-2023-36732 Win32k Elevation of Privilege Vulnerability -- Oct 10, 2023 n/a
CVE-2023-36731 Win32k Elevation of Privilege Vulnerability -- Oct 10, 2023 n/a
CVE-2022-35750 Win32k Elevation of Privilege Vulnerability -- Jun 1, 2023 n/a
CVE-2023-35337 Win32k Elevation of Privilege Vulnerability -- Jul 11, 2023 n/a
CVE-2023-29336 Win32k Elevation of Privilege Vulnerability -- May 9, 2023 n/a
CVE-2023-24902 Win32k Elevation of Privilege Vulnerability -- May 9, 2023 n/a
CVE-2023-24914 Win32k Elevation of Privilege Vulnerability -- Apr 11, 2023 n/a
CVE-2022-38050 Win32k Elevation of Privilege Vulnerability -- Oct 13, 2022 n/a
CVE-2022-26914 Win32k Elevation of Privilege Vulnerability MEDIUM Apr 15, 2022 n/a
CVE-2022-21996 Win32k Elevation of Privilege Vulnerability HIGH Feb 9, 2022 n/a
CVE-2022-21887 Win32k Elevation of Privilege Vulnerability HIGH Jan 12, 2022 n/a
CVE-2022-21882 Win32k Elevation of Privilege Vulnerability HIGH Jan 12, 2022 n/a
CVE-2021-41357 Win32k Elevation of Privilege Vulnerability MEDIUM Oct 13, 2021 n/a
CVE-2021-40450 Win32k Elevation of Privilege Vulnerability MEDIUM Oct 13, 2021 n/a
CVE-2021-40449 Win32k Elevation of Privilege Vulnerability MEDIUM Oct 13, 2021 n/a
CVE-2021-38639 Win32k Elevation of Privilege Vulnerability MEDIUM Sep 15, 2021 n/a
CVE-2021-36975 Win32k Elevation of Privilege Vulnerability MEDIUM Sep 15, 2021 n/a
CVE-2021-34516 Win32k Elevation of Privilege Vulnerability MEDIUM Jul 14, 2021 n/a
CVE-2021-34449 Win32k Elevation of Privilege Vulnerability MEDIUM Jul 17, 2021 n/a
CVE-2021-28310 Win32k Elevation of Privilege Vulnerability MEDIUM Apr 16, 2021 n/a
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online