Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 160555 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2019-1010152 zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: user/manage.php line 31-80. HIGH Jul 24, 2019 n/a
CVE-2019-1010150 zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: /user/zssave.php. HIGH Jul 26, 2019 n/a
CVE-2018-7434 zzcms 8.2 allows remote attackers to discover the full path via a direct request to 3/qq_connect2.0/API/class/ErrorCase.class.php or 3/ucenter_api/code/friend.php. MEDIUM Feb 23, 2018 n/a
CVE-2023-50104 ZZCMS 2023 has a file upload vulnerability in 3/E_bak5.1/upload/index.php, allowing attackers to exploit this loophole to gain server privileges and execute arbitrary code. -- Dec 29, 2023 n/a
CVE-2022-40447 ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the keyword parameter at /admin/baojia_list.php. -- Sep 22, 2022 n/a
CVE-2022-40446 ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the component /admin/sendmailto.php?tomail=&groupid=. -- Sep 23, 2022 n/a
CVE-2022-40444 ZZCMS 2022 was discovered to contain a full path disclosure vulnerability via the page /admin/index.PHP? _server. -- Sep 23, 2022 n/a
CVE-2020-23426 zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as CSRF. HIGH Apr 8, 2021 n/a
CVE-2019-9078 zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter because inc/stopsqlin.php does not block a mixed-case string such as sCrIpT. LOW Mar 20, 2019 n/a
CVE-2022-24644 ZZ Inc. KeyMouse Windows 3.08 and prior is affected by a remote code execution vulnerability during an unauthenticated update. To exploit this vulnerability, a user must trigger an update of an affected installation of KeyMouse. MEDIUM Mar 10, 2022 n/a
CVE-2018-9129 ZyXEL ZyWALL/USG series devices have a Bleichenbacher vulnerability in their Internet Key Exchange (IKE) handshake implementation used for IPsec based VPN connections. MEDIUM Aug 15, 2018 n/a
CVE-2017-17550 ZyXEL ZyWALL USG 2.12 AQQ.2 and 3.30 AQQ.7 devices are affected by a CSRF vulnerability via a cgi-bin/zysh-cgi cmd action to add a user account. This account\'s access could, for example, subsequently be used for stored XSS. MEDIUM Nov 10, 2018 n/a
CVE-2021-46387 ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard hijacking and session hijacking. MEDIUM Mar 2, 2022 n/a
CVE-2017-7964 Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote attackers to conduct DNS hijacking attacks by reconfiguring the built-in dnshijacker process. HIGH Apr 19, 2017 n/a
CVE-2020-24354 Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by shell injection. MEDIUM Sep 4, 2020 n/a
CVE-2020-24355 Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by insecure permissions which allows regular and other users to create new users with elevated privileges. This is done by changing FirstIndex field in JSON that is POST-ed during account creation. Similar may also be possible with account deletion. HIGH Sep 2, 2020 n/a
CVE-2019-7391 ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF. MEDIUM Mar 25, 2019 n/a
CVE-2018-18754 ZyXEL VMG3312-B10B 1.00(AAPP.7) devices have a backdoor root account with the tTn3+Z@!Sr0O+ password hash in the etc/default.cfg file. MEDIUM Oct 29, 2018 n/a
CVE-2018-15602 Zyxel VMG3312 B10B devices are affected by a persistent XSS vulnerability via the pages/connectionStatus/connectionStatus-hostEntry.cmd hostname parameter. MEDIUM Aug 26, 2018 n/a
CVE-2018-19326 Zyxel VMG1312-B10D devices before 5.13(AAXA.8)C0 allow ../ Directory Traversal, as demonstrated by reading /etc/passwd. MEDIUM Nov 17, 2018 n/a
CVE-2016-10227 Zyxel USG50 Security Appliance and NWA3560-N Access Point allow remote attackers to cause a denial of service (CPU consumption) via a flood of ICMPv4 Port Unreachable packets. HIGH Feb 23, 2017 n/a
CVE-2016-10401 ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP's deployment of these devices). HIGH Jul 25, 2017 n/a
CVE-2018-5330 ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (router unreachable/unresponsive) via a flood of fragmented UDP packets. HIGH Jan 16, 2018 n/a
CVE-2017-17901 ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1. HIGH Dec 29, 2017 n/a
CVE-2019-15815 ZyXEL P-1302-T10D v3 devices with firmware version 2.00(ABBX.3) and earlier do not properly enforce access control and could allow an unauthorized user to access certain pages that require admin privileges. MEDIUM Nov 12, 2019 n/a
CVE-2015-7256 ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00, and SBG3500-N000 small business gateways; GS1900-8 and GS1900-24 switches; and C1000Z, Q1000, FR1000Z, and P8702N project models use non-unique X.509 certificates and SSH host keys. MEDIUM Sep 28, 2017 n/a
CVE-2017-15226 Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the ozkerz component because beginIndex and endIndex are used directly in a popen call. HIGH Oct 10, 2017 n/a
CVE-2019-6710 Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices allow login.cgi CSRF. MEDIUM Mar 22, 2019 n/a
CVE-2020-15327 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication. -- Sep 29, 2022 n/a
CVE-2020-15329 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permissions. -- Sep 29, 2022 n/a
CVE-2020-15328 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blobstorage/ permissions. -- Sep 29, 2022 n/a
CVE-2020-15332 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions. -- Sep 29, 2022 n/a
CVE-2020-15322 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM hardcoded password for the debian-sys-maint account. HIGH Jul 6, 2020 n/a
CVE-2020-15347 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account. -- Sep 29, 2022 n/a
CVE-2020-15323 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234 password for the a1@chopin account default credentials. HIGH Jul 6, 2020 n/a
CVE-2020-15321 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password for the livedbuser account. HIGH Jul 6, 2020 n/a
CVE-2020-15320 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros password for the root account. HIGH Jul 2, 2020 n/a
CVE-2020-15335 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests. MEDIUM Jun 26, 2020 n/a
CVE-2020-15336 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests. MEDIUM Jun 26, 2020 n/a
CVE-2020-15343 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user_key API. -- Sep 29, 2022 n/a
CVE-2020-15342 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user API. -- Sep 29, 2022 n/a
CVE-2020-15344 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_user_id_and_key API. -- Sep 29, 2022 n/a
CVE-2020-15345 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_instances_for_update API. -- Sep 29, 2022 n/a
CVE-2020-15341 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated update_all_realm_license API. -- Sep 29, 2022 n/a
CVE-2020-15324 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/opt/axXMPPHandler/config/xmpp_config.py file that stores hardcoded credentials. HIGH Jul 6, 2020 n/a
CVE-2020-15337 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a Use of GET Request Method With Sensitive Query Strings issue for /registerCpe requests. -- Sep 29, 2022 n/a
CVE-2020-15338 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a Use of GET Request Method With Sensitive Query Strings issue for /cnr requests. -- Sep 29, 2022 n/a
CVE-2020-15314 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account. MEDIUM Jul 2, 2020 n/a
CVE-2020-15319 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/mysql chroot directory tree. MEDIUM Jul 2, 2020 n/a
CVE-2020-15317 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/axess chroot directory tree. MEDIUM Jul 6, 2020 n/a
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online