Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 171507 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2023-40434 A configuration issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access a user\'s Photos Library. -- Oct 3, 2023 n/a
CVE-2017-13911 A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS X El Capitan 10.11.6 Security Update 2018-002, macOS Sierra 10.12.6 Security Update 2018-002, macOS High Sierra 10.13.2. HIGH Apr 4, 2019 n/a
CVE-2018-4342 A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14.1. LOW Apr 5, 2019 n/a
CVE-2018-4353 A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14. HIGH Apr 8, 2019 n/a
CVE-2018-4355 A configuration issue was addressed with additional restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14. MEDIUM Apr 5, 2019 n/a
CVE-2020-18121 A configuration issue in Indexhibit 2.1.5 allows authenticated attackers to modify .php files, leading to getshell. MEDIUM Sep 2, 2021 n/a
CVE-2019-6140 A configuration issue has been discovered in Forcepoint Email Security 8.4.x and 8.5.x: the product is left in a vulnerable state if the hybrid registration process is not completed. High Apr 11, 2019 n/a
CVE-2021-42761 A condition for session fixation vulnerability [CWE-384] in the session management of FortiWeb versions 6.4 all versions, 6.3.0 through 6.3.16, 6.2.0 through 6.2.6, 6.1.0 through 6.1.2, 6.0.0 through 6.0.7, 5.9.0 through 5.9.1 may allow a remote, unauthenticated attacker to infer the session identifier of other users and possibly usurp their session. -- Feb 16, 2023 n/a
CVE-2021-36181 A concurrent execution using shared resource with improper Synchronization vulnerability (\'Race Condition\') in the customer database interface of FortiPortal before 6.0.6 may allow an authenticated, low-privilege user to bring the underlying database data into an inconsistent state via specific coordination of web requests. LOW Nov 4, 2021 n/a
CVE-2020-29014 A concurrent execution using shared resource with improper synchronization (\'race condition\') in the command shell of FortiSandbox before 3.2.2 may allow an authenticated attacker to bring the system into an unresponsive state via specifically orchestrated sequences of commands. MEDIUM Jul 10, 2021 n/a
CVE-2023-23597 A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the <code>file://</code> context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. This vulnerability affects Firefox < 109. -- Jan 18, 2023 n/a
CVE-2019-11741 A compromised sandboxed content process can perform a Universal Cross-site Scripting (UXSS) attack on content from any site it can cause to be loaded in the same process. Because addons.mozilla.org and accounts.firefox.com have close ties to the Firefox product, malicious manipulation of these sites within the browser can potentially be used to modify a user\'s Firefox configuration. These two sites will now be isolated into their own process and not allowed to be loaded in a standard content process. This vulnerability affects Firefox < 69. MEDIUM Oct 2, 2019 n/a
CVE-2021-26371 A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure. -- May 9, 2023 n/a
CVE-2018-12365 A compromised IPC child process can escape the content sandbox and list the names of arbitrary files on the file system without user consent or interaction. This could result in exposure of private local files. This vulnerability affects Thunderbird < 60, Thunderbird < 52.9, Firefox ESR < 60.1, Firefox ESR < 52.9, and Firefox < 61. MEDIUM Oct 18, 2018 n/a
CVE-2019-11765 A compromised content process could send a message to the parent process that would cause the \'Click to Play\' permission prompt to be shown. However, due to lack of validation from the parent process, if the user accepted the permission request an attacker-controlled permission would be granted rather than the \'Click to Play\' permission. This vulnerability affects Firefox < 70. MEDIUM Jan 13, 2020 n/a
CVE-2024-0748 A compromised content process could have updated the document URI. This could have allowed an attacker to set an arbitrary URI in the address bar or history. This vulnerability affects Firefox < 122. -- Jan 23, 2024 n/a
CVE-2023-5168 A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. -- Sep 29, 2023 n/a
CVE-2023-5169 A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. -- Oct 5, 2023 n/a
CVE-2021-24001 A compromised content process could have performed session history manipulations it should not have been able to due to testing infrastructure that was not restricted to testing-only configurations. This vulnerability affects Firefox < 88. MEDIUM Jun 24, 2021 n/a
CVE-2019-25136 A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. This vulnerability affects Firefox < 70. -- Jun 20, 2023 n/a
CVE-2021-22385 A component of the Huawei smartphone has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause Kernel Code Execution. HIGH Aug 10, 2021 n/a
CVE-2021-22386 A component of the Huawei smartphone has a Double Free vulnerability. Local attackers may exploit this vulnerability to cause Root Elevation of Privileges. MEDIUM Aug 10, 2021 n/a
CVE-2021-22466 A component of the HarmonyOS has a Use After Free vulnerability. Local attackers may exploit this vulnerability to cause kernel crash. LOW Oct 28, 2021 n/a
CVE-2021-22463 A component of the HarmonyOS has a Use After Free vulnerability . Local attackers may exploit this vulnerability to cause Kernel Information disclosure. LOW Oct 28, 2021 n/a
CVE-2021-22470 A component of the HarmonyOS has a Privileges Controls vulnerability. Local attackers may exploit this vulnerability to expand the Recording Trusted Domain. MEDIUM Oct 28, 2021 n/a
CVE-2021-22326 A component of the HarmonyOS has a Privilege Dropping / Lowering Errors vulnerability. Local attackers may exploit this vulnerability to obtain Kernel space read/write capability. MEDIUM Jun 30, 2021 n/a
CVE-2021-22295 A component of the HarmonyOS has a permission bypass vulnerability. Local attackers may exploit this vulnerability to cause the device to hang due to the page error OsVmPageFaultHandler. LOW Aug 6, 2021 n/a
CVE-2021-22423 A component of the HarmonyOS has a Out-of-bounds Write Vulnerability. Local attackers may exploit this vulnerability to cause integer overflow. HIGH Aug 3, 2021 n/a
CVE-2021-22464 A component of the HarmonyOS has a Out-of-bounds Read vulnerability. Local attackers may exploit this vulnerability to cause system Soft Restart. MEDIUM Oct 28, 2021 n/a
CVE-2021-22469 A component of the HarmonyOS has a Out-of-bounds Read vulnerability. Local attackers may exploit this vulnerability to cause kernel out-of-bounds read. LOW Oct 28, 2021 n/a
CVE-2021-22459 A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause System functions which are unavailable. LOW Oct 28, 2021 n/a
CVE-2021-22471 A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause nearby process crash. LOW Oct 28, 2021 n/a
CVE-2021-22462 A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause kernel crash. LOW Oct 28, 2021 n/a
CVE-2021-22424 A component of the HarmonyOS has a Kernel Memory Leakage Vulnerability. Local attackers may exploit this vulnerability to cause Kernel Denial of Service. MEDIUM Aug 3, 2021 n/a
CVE-2021-22455 A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause the memory which is not released. LOW Oct 28, 2021 n/a
CVE-2021-22451 A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting. MEDIUM Oct 28, 2021 n/a
CVE-2021-22422 A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting. HIGH Aug 3, 2021 n/a
CVE-2021-22418 A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting. HIGH Aug 3, 2021 n/a
CVE-2021-22419 A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability. Local attackers may exploit this vulnerability to cause persistent dos. MEDIUM Aug 3, 2021 n/a
CVE-2021-22460 A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability. Local attackers may exploit this vulnerability to bypass the control mechanism. LOW Oct 28, 2021 n/a
CVE-2021-22450 A component of the HarmonyOS has a Incomplete Cleanup vulnerability. Local attackers may exploit this vulnerability to cause memory exhaustion. MEDIUM Oct 28, 2021 n/a
CVE-2021-22458 A component of the HarmonyOS has a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. Local attackers may exploit this vulnerability to cause arbitrary code execution. MEDIUM Oct 28, 2021 n/a
CVE-2021-22421 A component of the HarmonyOS has a Improper Privilege Management vulnerability. Local attackers may exploit this vulnerability to cause further Elevation of Privileges. HIGH Aug 3, 2021 n/a
CVE-2021-22376 A component of the HarmonyOS has a Improper Privilege Management vulnerability. Local attackers may exploit this vulnerability to bypass user restrictions. HIGH Jun 30, 2021 n/a
CVE-2021-22467 A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to read at any address. LOW Oct 28, 2021 n/a
CVE-2021-22452 A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to read at any address. LOW Oct 29, 2021 n/a
CVE-2021-22457 A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to cause out-of-bounds write. LOW Oct 28, 2021 n/a
CVE-2021-22453 A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to cause nearby process crash. LOW Oct 29, 2021 n/a
CVE-2021-22465 A component of the HarmonyOS has a Heap-based Buffer Overflow vulnerability. Local attackers may exploit this vulnerability to cause Kernel System unavailable. LOW Oct 28, 2021 n/a
CVE-2021-22420 A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause the underlying trust of the application trustlist mechanism is missing.. HIGH Aug 3, 2021 n/a
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online