Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 43765 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2017-16055 `sqlserver` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. MEDIUM Jun 4, 2018 -- (VxWorks 7)
CVE-2017-16051 `sqliter` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. MEDIUM Jun 4, 2018 -- (VxWorks 7)
CVE-2017-16050 `sqlite.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. MEDIUM Jun 4, 2018 -- (VxWorks 7)
CVE-2017-16049 `nodesqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. MEDIUM Jun 4, 2018 -- (VxWorks 7)
CVE-2017-16054 `nodefabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. MEDIUM Jun 4, 2018 -- (VxWorks 7)
CVE-2017-16048 `node-sqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. MEDIUM Jun 4, 2018 -- (VxWorks 7)
CVE-2017-16052 `node-fabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. MEDIUM Jun 4, 2018 -- (VxWorks 7)
CVE-2018-3767 `memjs` versions <= 1.1.0 allocates and stores buffers on typed input, resulting in DoS and uninitialized memory usage. MEDIUM Jul 5, 2018 -- (VxWorks 7)
CVE-2017-16046 `mariadb` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. MEDIUM Jun 4, 2018 -- (VxWorks 7)
CVE-2017-16045 `jquery.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. MEDIUM Jun 4, 2018 -- (VxWorks 7)
CVE-2017-16039 `hftp` is a static http or ftp server `hftp` is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url. MEDIUM Jun 4, 2018 -- (VxWorks 7)
CVE-2017-16037 `gomeplus-h5-proxy` is vulnerable to a directory traversal issue, allowing attackers to access any file in the system by placing '../' in the URL. MEDIUM Jun 4, 2018 -- (VxWorks 7)
CVE-2017-16053 `fabric-js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. MEDIUM Jun 4, 2018 -- (VxWorks 7)
CVE-2017-16038 `f2e-server` 1.12.11 and earlier is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url. This is compounded by `f2e-server` requiring elevated privileges to run. MEDIUM Jun 4, 2018 -- (VxWorks 7)
CVE-2017-16044 `d3.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. MEDIUM Jun 4, 2018 -- (VxWorks 7)
CVE-2017-16036 `badjs-sourcemap-server` receives files sent by `badjs-sourcemap`. `badjs-sourcemap-server` is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing ../ in the url. MEDIUM Jun 5, 2018 -- (VxWorks 7)
CVE-2014-1858 __init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file. -- Jan 8, 2018 -- (VxWorks 7)
CVE-2015-9262 _XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow. -- Aug 7, 2018 -- (VxWorks 7)
CVE-2019-14973 _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash. MEDIUM Aug 25, 2019 -- (VxWorks 7)
CVE-2019-13597 _s_/sprm/_s_/dyn/Player_setScriptFile in Sahi Pro 8.0.0 allows command execution. It allows one to run \".sah\" scripts via Sahi Launcher. Also, one can create a new script with an editor. It is possible to execute commands on the server using the _execute() function. HIGH Jul 30, 2019 -- (VxWorks 7)
CVE-2018-18065 _set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. MEDIUM Oct 8, 2018 -- (VxWorks 7)
CVE-2019-7748 _includes\\online.php in DbNinja 3.2.7 allows XSS via the data.php task parameter if _users/admin/tasks.php exists. Medium Feb 12, 2019 -- (VxWorks 7)
CVE-2018-15563 _core/admin/pages/add/ in Subrion CMS 4.2.1 has XSS via the titles[en] parameter. MEDIUM Oct 2, 2018 -- (VxWorks 7)
CVE-2018-16790 _bson_iter_next_internal in bson-iter.c in libbson 1.12.0, as used in MongoDB mongo-c-driver and other products, has a heap-based buffer over-read via a crafted bson buffer. MEDIUM Sep 10, 2018 -- (VxWorks 7)
CVE-2017-14938 _bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file. Medium Oct 3, 2017 -- (VxWorks 7)
CVE-2017-15225 _bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file. MEDIUM Oct 10, 2017 -- (VxWorks 7)
CVE-2018-11077 \'getlogs\' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 is affected by an OS command injection vulnerability. A malicious Avamar admin user may potentially be able to execute arbitrary commands under root privilege. HIGH Nov 26, 2018 -- (VxWorks 7)
CVE-2018-5740 \"deny-answer-aliases\" is a little-used feature intended to help recursive server operators protect end users against DNS rebinding attacks, a potential method of circumventing the security model used by client browsers. However, a defect in this feature makes it easy, when the feature is in use, to experience an assertion failure in name.c. Affects BIND 9.7.0->9.8.8, 9.9.0->9.9.13, 9.10.0->9.10.8, 9.11.0->9.11.4, 9.12.0->9.12.2, 9.13.0->9.13.2. MEDIUM Jun 10, 2019 -- (VxWorks 7)
CVE-2018-4445 \"Clear History and Website Data\" did not clear the history. The issue was addressed with improved data deletion. This issue affected versions prior to iOS 12.1.1, Safari 12.0.2. MEDIUM Apr 5, 2019 -- (VxWorks 7)
CVE-2017-1000120 [ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows remote authenticated users to execute arbitrary SQL commands via the fields parameter. MEDIUM Oct 4, 2017 -- (VxWorks 7)
CVE-2019-10647 ZZZCMS zzzphp v1.6.3 allows remote attackers to execute arbitrary PHP code via a .php URL in the plugins/ueditor/php/controller.php?action=catchimage source[] parameter because of a lack of inc/zzz_file.php restrictions. For example, source%5B%5D=http%3A%2F%2F192.168.0.1%2Ftest.php can be used if the 192.168.0.1 web server sends the contents of a .php file (i.e., it does not interpret a .php file). HIGH Apr 1, 2019 -- (VxWorks 7)
CVE-2019-1010151 zzcms zzmcms 8.3 and earlier is affected by: File Delete to getshell. The impact is: getshell. The component is: /user/ppsave.php. HIGH Jul 29, 2019 -- (VxWorks 7)
CVE-2019-1010148 zzcms version 8.3 and earlier is affected by: SQL Injection. The impact is: zzcms File Delete to Code Execution. HIGH Jul 24, 2019 -- (VxWorks 7)
CVE-2019-1010149 zzcms version 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: zzcms File Delete to Code Execution. The component is: user/licence_save.php. HIGH Jul 26, 2019 -- (VxWorks 7)
CVE-2018-1000653 zzcms version 8.3 and earlier contains a SQL Injection vulnerability in zt/top.php line 5 that can result in could be attacked by sql injection in zzcms in nginx. This attack appear to be exploitable via running zzcms in nginx. HIGH Aug 20, 2018 -- (VxWorks 7)
CVE-2018-17415 zzcms V8.3 has a SQL injection in /user/zs_elite.php via the id parameter. MEDIUM Mar 22, 2019 -- (VxWorks 7)
CVE-2018-17414 zzcms v8.3 has a SQL injection in /user/jobmanage.php via the bigclass parameter. MEDIUM Mar 22, 2019 -- (VxWorks 7)
CVE-2018-17412 zzcms v8.3 contains a SQL Injection vulnerability in /user/logincheck.php via an X-Forwarded-For HTTP header. HIGH Mar 22, 2019 -- (VxWorks 7)
CVE-2018-14962 zzcms 8.3 has stored XSS related to the content variable in user/manage.php and zt/show.php. LOW Aug 6, 2018 -- (VxWorks 7)
CVE-2018-14963 zzcms 8.3 has CSRF via the admin/adminadd.php?action=add URI. MEDIUM Aug 6, 2018 -- (VxWorks 7)
CVE-2018-17136 zzcms 8.3 contains a SQL Injection vulnerability in /user/check.php via a Client-Ip HTTP header. HIGH Sep 17, 2018 -- (VxWorks 7)
CVE-2019-1010153 zzcms 8.3 and earlier is affected by: SQL Injection. The impact is: sql inject. The component is: zs/subzs.php. HIGH Jul 24, 2019 -- (VxWorks 7)
CVE-2019-1010152 zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: user/manage.php line 31-80. HIGH Jul 24, 2019 -- (VxWorks 7)
CVE-2019-1010150 zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: /user/zssave.php. HIGH Jul 26, 2019 -- (VxWorks 7)
CVE-2018-7434 zzcms 8.2 allows remote attackers to discover the full path via a direct request to 3/qq_connect2.0/API/class/ErrorCase.class.php or 3/ucenter_api/code/friend.php. MEDIUM Feb 23, 2018 -- (VxWorks 7)
CVE-2019-9078 zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter because inc/stopsqlin.php does not block a mixed-case string such as sCrIpT. LOW Mar 20, 2019 -- (VxWorks 7)
CVE-2018-9129 ZyXEL ZyWALL/USG series devices have a Bleichenbacher vulnerability in their Internet Key Exchange (IKE) handshake implementation used for IPsec based VPN connections. MEDIUM Aug 15, 2018 -- (VxWorks 7)
CVE-2017-17550 ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account. This account\'s access could, for example, subsequently be used for stored XSS. MEDIUM Nov 10, 2018 -- (VxWorks 7)
CVE-2017-7964 Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote attackers to conduct DNS hijacking attacks by reconfiguring the built-in dnshijacker process. HIGH Apr 19, 2017 -- (VxWorks 7)
CVE-2019-7391 ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF. MEDIUM Mar 25, 2019 -- (VxWorks 7)
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version.
Live chat
Online