Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 112121 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2022-29321 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the lanip parameter in /goform/setNetworkLan. HIGH May 10, 2022 n/a
CVE-2022-29322 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the IPADDR and nvmacaddr parameters in /goform/form2Dhcpip. HIGH May 10, 2022 n/a
CVE-2022-29323 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the MAC parameter in /goform/editassignment. HIGH May 10, 2022 n/a
CVE-2022-29324 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the proto parameter in /goform/form2IPQoSTcAdd. HIGH May 10, 2022 n/a
CVE-2022-29325 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addurlfilter parameter in /goform/websURLFilter. HIGH May 10, 2022 n/a
CVE-2022-29326 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addhostfilter parameter in /goform/websHostFilter. HIGH May 10, 2022 n/a
CVE-2022-29327 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the urladd parameter in /goform/websURLFilterAddDel. HIGH May 10, 2022 n/a
CVE-2022-29328 D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a stack overflow via the function checkvalidupgrade. HIGH May 10, 2022 n/a
CVE-2022-29329 D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a heap overflow via the devicename parameter in /goform/setDeviceSettings. HIGH May 10, 2022 n/a
CVE-2022-29330 Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via unspecified vectors. MEDIUM Jun 24, 2022 n/a
CVE-2022-29332 D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal. An attacker could use the ../../../../ setting of the FTP server folder to set the router\'s root folder for FTP access. This allows you to access the entire router file system via the FTP server. MEDIUM May 17, 2022 n/a
CVE-2022-29333 A vulnerability in CyberLink Power Director v14 allows attackers to escalate privileges via a crafted .exe file. MEDIUM May 25, 2022 n/a
CVE-2022-29334 An issue in H v1.0 allows attackers to bypass authentication via a session replay attack. HIGH May 25, 2022 n/a
CVE-2022-29337 C-DATA FD702XW-X-R430 v2.1.13_X001 was discovered to contain a command injection vulnerability via the va_cmd parameter in formlanipv6. This vulnerability allows attackers to execute arbitrary commands via a crafted HTTP request. HIGH May 25, 2022 n/a
CVE-2022-29339 In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils/bitstream.c has a failed assertion, which causes a Denial of Service. This vulnerability was fixed in commit 9ea93a2. MEDIUM May 5, 2022 n/a
CVE-2022-29340 GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gf_isom_parse_movie_boxes_internal due to improper return value handling of GF_SKIP_BOX, which causes a Denial of Service. This vulnerability was fixed in commit 37592ad. MEDIUM May 5, 2022 n/a
CVE-2022-29347 An arbitrary file upload vulnerability in Web@rchiv 1.0 allows attackers to execute arbitrary commands via a crafted PHP file. HIGH May 4, 2022 n/a
CVE-2022-29349 kkFileView v4.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java. MEDIUM May 25, 2022 n/a
CVE-2022-29351 An arbitrary file upload vulnerability in the file upload module of Tiddlywiki5 v5.2.2 allows attackers to execute arbitrary code via a crafted SVG file. HIGH May 16, 2022 n/a
CVE-2022-29353 An arbitrary file upload vulnerability in the file upload module of Graphql-upload v13.0.0 allows attackers to execute arbitrary code via a crafted filename. HIGH May 16, 2022 n/a
CVE-2022-29354 An arbitrary file upload vulnerability in the file upload module of Keystone v4.2.1 allows attackers to execute arbitrary code via a crafted file. HIGH May 16, 2022 n/a
CVE-2022-29358 epub2txt2 v2.04 was discovered to contain an integer overflow via the function bug in _parse_special_tag at sxmlc.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted XML file. MEDIUM May 25, 2022 n/a
CVE-2022-29359 A stored cross-site scripting (XSS) vulnerability in /scas/?page=clubs/application_form&id=7 of School Club Application System v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter. MEDIUM May 25, 2022 n/a
CVE-2022-29360 The Email Viewer in RainLoop through 1.6.0 allows XSS via a crafted email message. -- Jul 29, 2022 n/a
CVE-2022-29361 ** DISPUTED ** Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body. NOTE: the vendor\'s position is that this behavior can only occur in unsupported configurations involving development mode and an HTTP server from outside the Werkzeug project. HIGH May 25, 2022 n/a
CVE-2022-29362 A cross-site scripting (XSS) vulnerability in /navigation/create?ParentID=%23 of ZKEACMS v3.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ParentID parameter. LOW May 25, 2022 n/a
CVE-2022-29363 Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function in login_control.php. This vulnerability allows attackers to getshell via writing arbitrary files. HIGH May 12, 2022 n/a
CVE-2022-29368 Moddable commit before 135aa9a4a6a9b49b60aa730ebc3bcc6247d75c45 was discovered to contain an out-of-bounds read via the function fxUint8Getter at /moddable/xs/sources/xsDataView.c. MEDIUM May 12, 2022 n/a
CVE-2022-29369 Nginx NJS v0.7.2 was discovered to contain a segmentation violation via njs_lvlhsh_bucket_find at njs_lvlhsh.c. MEDIUM May 12, 2022 n/a
CVE-2022-29376 Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the directory. MEDIUM May 24, 2022 n/a
CVE-2022-29377 Totolink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a stacker overflow in the fread function at infostat.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via the parameter CONTENT_LENGTH. MEDIUM May 24, 2022 n/a
CVE-2022-29379 ** DISPUTED ** Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c. NOTE: multiple third parties dispute this report, e.g., the behavior is only found in unreleased development code that was not part of the 0.7.2, 0.7.3, or 0.7.4 release. HIGH May 25, 2022 n/a
CVE-2022-29380 Academy-LMS v4.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the SEO panel. LOW May 25, 2022 n/a
CVE-2022-29383 NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi. HIGH May 13, 2022 n/a
CVE-2022-29391 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004200c8. HIGH May 11, 2022 n/a
CVE-2022-29392 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_00418c24. HIGH May 11, 2022 n/a
CVE-2022-29393 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004192cc. HIGH May 11, 2022 n/a
CVE-2022-29394 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macAddress parameter in the function FUN_0041b448. HIGH May 11, 2022 n/a
CVE-2022-29395 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the apcliKey parameter in the function FUN_0041bac4. HIGH May 11, 2022 n/a
CVE-2022-29396 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_00418f10. HIGH May 11, 2022 n/a
CVE-2022-29397 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004196c8. HIGH May 11, 2022 n/a
CVE-2022-29398 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the File parameter in the function FUN_0041309c. HIGH May 11, 2022 n/a
CVE-2022-29399 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the url parameter in the function FUN_00415bf0. HIGH May 11, 2022 n/a
CVE-2022-29402 TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. This vulnerability allows attackers to connect to the UART port via a serial connection and execute commands as the root user without authentication. HIGH May 26, 2022 n/a
CVE-2022-29404 In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. MEDIUM Jun 9, 2022 n/a
CVE-2022-29405 In Apache Archiva, any registered user can reset password for any users. This is fixed in Archiva 2.2.8 MEDIUM May 25, 2022 n/a
CVE-2022-29406 Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in DynamicWebLab\'s WordPress Team Manager plugin <= 1.6.9 at WordPress. LOW Jun 15, 2022 n/a
CVE-2022-29408 Persistent Cross-Site Scripting (XSS) vulnerability in Vsourz Digital\'s Advanced Contact form 7 DB plugin <= 1.8.7 at WordPress. MEDIUM May 25, 2022 n/a
CVE-2022-29410 Authenticated SQL Injection (SQLi) vulnerability in Mufeng\'s Hermit ????? plugin <= 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via (&ids). MEDIUM May 6, 2022 n/a
CVE-2022-29411 SQL Injection (SQLi) vulnerability in Mufeng\'s Hermit ????? plugin <= 3.1.6 on WordPress allows attackers to execute SQLi attack via (&id). HIGH May 6, 2022 n/a
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online