Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 175431 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2023-5544 Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk. -- Nov 9, 2023 n/a
CVE-2021-21383 Wiki.js an open-source wiki app built on Node.js. Wiki.js before version 2.5.191 is vulnerable to stored cross-site scripting through mustache expressions in code blocks. This vulnerability exists due to mustache expressions being parsed by Vue during content injection even though it is contained within a `<pre>` element. By creating a crafted wiki page, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the page is viewed by other users. For an example see referenced GitHub Security Advisory. Commit 5ffa189383dd716f12b56b8cae2ba0d075996cf1 fixes this vulnerability by adding the v-pre directive to all `<pre>` tags during the render. LOW Mar 18, 2021 n/a
CVE-2022-23654 Wiki.js is a wiki app built on Node.js. In affected versions an authenticated user with write access on a restricted set of paths can update a page outside the allowed paths by specifying a different target page ID while keeping the path intact. The access control incorrectly check the path access against the user-provided values instead of the actual path associated to the page ID. Commit https://github.com/Requarks/wiki/commit/411802ec2f654bb5ed1126c307575b81e2361c6b fixes this vulnerability by checking access control on the path associated with the page ID instead of the user-provided value. When the path is different than the current value, a second access control check is then performed on the user-provided path before the move operation. LOW Feb 24, 2022 n/a
CVE-2021-43800 Wiki.js is a wiki app built on Node.js. Prior to version 2.5.254, directory traversal outside of Wiki.js context is possible when a storage module with local asset cache fetching is enabled on a Windows host. A malicious user can potentially read any file on the file system by crafting a special URL that allows for directory traversal. This is only possible on a Wiki.js server running on Windows, when a storage module implementing local asset cache (e.g Local File System or Git) is enabled and that no web application firewall solution (e.g. cloudflare) strips potentially malicious URLs. Commit number 414033de9dff66a327e3f3243234852f468a9d85 fixes this vulnerability by sanitizing the path before it is passed on to the storage module. The sanitization step removes any windows directory traversal sequences from the path. As a workaround, disable any storage module with local asset caching capabilities (Local File System, Git). MEDIUM Dec 8, 2021 n/a
CVE-2021-43855 Wiki.js is a wiki app built on node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through a SVG file upload made via a custom request with a fake MIME type. By creating a crafted SVG file, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the SVG is viewed directly by other users. Scripts do not execute when loaded inside a page via normal `<img>` tags. The malicious SVG can only be uploaded by crafting a custom request to the server with a fake MIME type. A patch in version 2.5.264 fixes this vulnerability by adding an additional file extension verification check to the optional (enabled by default) SVG sanitization step to all file uploads that match the SVG mime type. As a workaround, disable file upload for all non-trusted users. LOW Dec 27, 2021 n/a
CVE-2021-43856 Wiki.js is a wiki app built on Node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through non-image file uploads for file types that can be viewed directly inline in the browser. By creating a malicious file which can execute inline JS when viewed in the browser (e.g. XML files), a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the file is viewed directly by other users. The file must be opened directly by the user and will not trigger directly in a normal Wiki.js page. A patch in version 2.5.264 fixes this vulnerability by adding an optional (enabled by default) force download flag to all non-image file types, preventing the file from being viewed inline in the browser. As a workaround, disable file upload for all non-trusted users. --- Thanks to @Haxatron for reporting this vulnerability. Initially reported via https://huntr.dev/bounties/266bff09-00d9-43ca-a4bb-bb540642811f/ LOW Dec 27, 2021 n/a
CVE-2021-43842 Wiki.js is a wiki app built on Node.js. Wiki.js versions 2.5.257 and earlier are vulnerable to stored cross-site scripting through a SVG file upload. By creating a crafted SVG file, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the SVG is viewed directly by other users. Scripts do not execute when loaded inside a page via normal `<img>` tags. Commit 5d3e81496fba1f0fbd64eeb855f30f69a9040718 fixes this vulnerability by adding an optional (enabled by default) SVG sanitization step to all file uploads that match the SVG mime type. As a workaround, disable file upload for all non-trusted users. Wiki.js version 2.5.260 is the first production version to contain a patch. Version 2.5.258 is the first development build to contain a patch and is available only as a Docker image as requarks/wiki:canary-2.5.258. -- Dec 21, 2021 n/a
CVE-2024-34710 Wiki.js is al wiki app built on Node.js. Client side template injection was discovered, that could allow an attacker to inject malicious JavaScript into the content section of pages that would execute once a victim loads the page that contains the payload. This was possible through the injection of a invalid HTML tag with a template injection payload on the next line. This vulnerability is fixed in 2.5.303. -- May 21, 2024 n/a
CVE-2019-16917 WiKID Enterprise 2FA (two factor authentication) Enterprise Server through 4.2.0-b2047 is vulnerable to SQL injection through the searchDevices.jsp endpoint. The uid and domain parameters are used, unsanitized, in a SQL query constructed in the buildSearchWhereClause function. MEDIUM Oct 22, 2019 n/a
CVE-2018-18075 WikidForum 2.20 has SQL Injection via the rpc.php parent_post_id or num_records parameter, or the index.php?action=search select_sort parameter. HIGH Oct 9, 2018 n/a
CVE-2024-25107 WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. On Special:WikiDiscover, the `Language::date` function is used when making the human-readable timestamp for inclusion on the wiki_creation column. This function uses interface messages to translate the names of months and days. It uses the `->text()` output mode, returning unescaped interface messages. Since the output is not escaped later, the unescaped interface message is included on the output, resulting in an XSS vulnerability. Exploiting this on-wiki requires the `(editinterface)` right. This vulnerability has been addressed in commit `267e763a0`. Users are advised to update their installations. There are no known workarounds for this vulnerability. -- Feb 9, 2024 n/a
CVE-2022-23375 WikiDocs version 0.1.18 has an authenticated remote code execution vulnerability. An attacker can upload a malicious file using the image upload form through index.php. MEDIUM Feb 19, 2022 n/a
CVE-2022-23376 WikiDocs version 0.1.18 has multiple reflected XSS vulnerabilities on different pages. MEDIUM Feb 19, 2022 n/a
CVE-2019-12474 Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. MEDIUM Jul 11, 2019 n/a
CVE-2019-12473 Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. MEDIUM Jul 16, 2019 n/a
CVE-2019-12471 Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. MEDIUM Jul 16, 2019 n/a
CVE-2019-12466 Wikimedia MediaWiki through 1.32.1 allows CSRF. MEDIUM Jul 11, 2019 n/a
CVE-2019-12470 Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. MEDIUM Jul 16, 2019 n/a
CVE-2020-36324 Wikimedia Quarry analytics-quarry-web before 2020-12-15 allows Reflected XSS because app.py does not explicitly set the application/json content type. MEDIUM Apr 21, 2021 n/a
CVE-2022-36080 Wikmd is a file based wiki that uses markdown. Prior to version 1.7.1, an attacker could capture user\'s session cookies or execute malicious Javascript when a victim edits a markdown file. Version 1.7.1 fixes this issue. -- Sep 12, 2022 n/a
CVE-2022-36081 Wikmd is a file based wiki that uses markdown. Prior to version 1.7.1, Wikmd is vulnerable to path traversal when accessing `/list/<path:folderpath>` and discloses lists of files located on the server including sensitive data. Version 1.7.1 fixes this issue. -- Sep 12, 2022 n/a
CVE-2018-10862 WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the \'Zip Slip\' vulnerability. MEDIUM Jul 28, 2018 n/a
CVE-2022-3143 wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user. -- Jan 13, 2023 n/a
CVE-2022-47635 Wildix WMS 6 before 6.02.20221216, WMS 5 before 5.04.20221214, and WMS4 before 4.04.45396.23 allows Server-side request forgery (SSRF) via ZohoClient.php. -- Dec 21, 2022 n/a
CVE-2017-3216 WiMAX routers based on the MediaTek SDK (libmtk) that use a custom httpd plugin are vulnerable to an authentication bypass allowing a remote, unauthenticated attacker to gain administrator access to the device by performing an administrator password change on the device via a crafted POST request. HIGH Jun 19, 2017 n/a
CVE-2022-23922 WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the Program Announcer directory and elevate permissions whenever the program is executed. MEDIUM Feb 25, 2022 n/a
CVE-2022-23104 WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the program Operator Workspace directory, which holds DLL files and executables. A low-privilege attacker could write a malicious DLL file to the Operator Workspace directory to achieve privilege escalation and the permissions of the user running the program. MEDIUM Feb 25, 2022 n/a
CVE-2022-24485 Win32 File Enumeration Remote Code Execution Vulnerability MEDIUM Apr 15, 2022 n/a
CVE-2022-24508 Win32 File Enumeration Remote Code Execution Vulnerability MEDIUM Mar 9, 2022 n/a
CVE-2022-24534 Win32 Stream Enumeration Remote Code Execution Vulnerability MEDIUM Apr 15, 2022 n/a
CVE-2022-21983 Win32 Stream Enumeration Remote Code Execution Vulnerability MEDIUM Apr 15, 2022 n/a
CVE-2024-30091 Win32k Elevation of Privilege Vulnerability -- Jun 13, 2024 n/a
CVE-2024-30087 Win32k Elevation of Privilege Vulnerability -- Jun 13, 2024 n/a
CVE-2024-30082 Win32k Elevation of Privilege Vulnerability -- Jun 13, 2024 n/a
CVE-2024-30038 Win32k Elevation of Privilege Vulnerability -- May 14, 2024 n/a
CVE-2024-30030 Win32k Elevation of Privilege Vulnerability -- May 14, 2024 n/a
CVE-2024-30028 Win32k Elevation of Privilege Vulnerability -- May 14, 2024 n/a
CVE-2024-26241 Win32k Elevation of Privilege Vulnerability -- Apr 9, 2024 n/a
CVE-2024-21346 Win32k Elevation of Privilege Vulnerability -- Feb 13, 2024 n/a
CVE-2024-20686 Win32k Elevation of Privilege Vulnerability -- Jan 9, 2024 n/a
CVE-2024-20683 Win32k Elevation of Privilege Vulnerability -- Jan 9, 2024 n/a
CVE-2023-36011 Win32k Elevation of Privilege Vulnerability -- Dec 12, 2023 n/a
CVE-2023-35631 Win32k Elevation of Privilege Vulnerability -- Dec 12, 2023 n/a
CVE-2023-41772 Win32k Elevation of Privilege Vulnerability -- Oct 10, 2023 n/a
CVE-2023-36776 Win32k Elevation of Privilege Vulnerability -- Oct 10, 2023 n/a
CVE-2023-36743 Win32k Elevation of Privilege Vulnerability -- Oct 10, 2023 n/a
CVE-2023-36732 Win32k Elevation of Privilege Vulnerability -- Oct 10, 2023 n/a
CVE-2023-36731 Win32k Elevation of Privilege Vulnerability -- Oct 10, 2023 n/a
CVE-2022-35750 Win32k Elevation of Privilege Vulnerability -- Jun 1, 2023 n/a
CVE-2023-35337 Win32k Elevation of Privilege Vulnerability -- Jul 11, 2023 n/a
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online