Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 160555 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2023-43707 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the CatalogsPageDescriptionForm[1][name] parameter, potentially leading to unauthorized execution of scripts within a user\'s web browser. -- Oct 6, 2023 n/a
CVE-2023-43708 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the configuration_title[1](MODULE_PAYMENT_SAGE_PAY_SERVER_TEXT_TITLE) parameter, potentially leading to unauthorized execution of scripts within a user\'s web browser. -- Oct 6, 2023 n/a
CVE-2023-43709 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the configuration_title[1](MODULE) parameter, potentially leading to unauthorized execution of scripts within a user\'s web browser. -- Oct 6, 2023 n/a
CVE-2023-43710 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the configuration_title[1][MODULE_SHIPPING_PERCENT_TEXT_TITLE] parameter, potentially leading to unauthorized execution of scripts within a user\'s web browser. -- Oct 6, 2023 n/a
CVE-2023-43711 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the admin_firstname parameter, potentially leading to unauthorized execution of scripts within a user\'s web browser. -- Oct 6, 2023 n/a
CVE-2023-43712 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the access_levels_name parameter, potentially leading to unauthorized execution of scripts within a user\'s web browser. -- Oct 6, 2023 n/a
CVE-2023-43713 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability, which allows attackers to inject JS via the title parameter, in the /admin/admin-menu/add-submit endpoint, which can lead to unauthorized execution of scripts in a user\'s web browser. -- Oct 6, 2023 n/a
CVE-2023-43714 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the SKIP_CART_PAGE_TITLE[1] parameter, potentially leading to unauthorized execution of scripts within a user\'s web browser. -- Oct 6, 2023 n/a
CVE-2023-43715 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the ENTRY_FIRST_NAME_MIN_LENGTH_TITLE[1] parameter, potentially leading to unauthorized execution of scripts within a user\'s web browser. -- Oct 6, 2023 n/a
CVE-2023-43716 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the MAX_DISPLAY_NEW_PRODUCTS_TITLE[1] parameter, potentially leading to unauthorized execution of scripts within a user\'s web browser. -- Oct 6, 2023 n/a
CVE-2023-43717 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the MSEARCH_HIGHLIGHT_ENABLE_TITLE[1] parameter, potentially leading to unauthorized execution of scripts within a user\'s web browser. -- Oct 6, 2023 n/a
CVE-2023-43718 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the MSEARCH_ENABLE_TITLE[1] parameter, potentially leading to unauthorized execution of scripts within a user\'s web browser. -- Oct 6, 2023 n/a
CVE-2023-43719 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the SHIPPING_GENDER_TITLE[1] parameter, potentially leading to unauthorized execution of scripts within a user\'s web browser. -- Oct 6, 2023 n/a
CVE-2023-43720 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the BILLING_GENDER_TITLE[1] parameter, potentially leading to unauthorized execution of scripts within a user\'s web browser. -- Oct 6, 2023 n/a
CVE-2023-43721 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the PACKING_SLIPS_SUMMARY_TITLE[1] parameter, potentially leading to unauthorized execution of scripts within a user\'s web browser. -- Oct 6, 2023 n/a
CVE-2023-43722 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the orders_status_groups_name[1] parameter, potentially leading to unauthorized execution of scripts within a user\'s web browser. -- Oct 6, 2023 n/a
CVE-2023-43723 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the orders_status_name[1] parameter, potentially leading to unauthorized execution of scripts within a user\'s web browser. -- Oct 6, 2023 n/a
CVE-2023-43724 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the derb6zmklgtjuhh2cn5chn2qjbm2stgmfa4.oastify.comscription[1][name] parameter, potentially leading to unauthorized execution of scripts within a user\'s web browser. -- Oct 6, 2023 n/a
CVE-2023-43725 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the orders_products_status_name_long[1] parameter, potentially leading to unauthorized execution of scripts within a user\'s web browser. -- Oct 6, 2023 n/a
CVE-2023-43726 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the orders_products_status_manual_name_long[1] parameter, potentially leading to unauthorized execution of scripts within a user\'s web browser. -- Oct 6, 2023 n/a
CVE-2023-43727 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the stock_indication_text[1] parameter, potentially leading to unauthorized execution of scripts within a user\'s web browser. -- Oct 6, 2023 n/a
CVE-2023-43728 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the stock_delivery_terms_text[1] parameter, potentially leading to unauthorized execution of scripts within a user\'s web browser. -- Oct 6, 2023 n/a
CVE-2023-43729 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the xsell_type_name[1] parameter, potentially leading to unauthorized execution of scripts within a user\'s web browser. -- Oct 6, 2023 n/a
CVE-2023-43730 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the countries_name[1] parameter, potentially leading to unauthorized execution of scripts within a user\'s web browser. -- Oct 6, 2023 n/a
CVE-2023-43731 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the zone_name parameter, potentially leading to unauthorized execution of scripts within a user\'s web browser. -- Oct 6, 2023 n/a
CVE-2023-43732 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the tax_class_title parameter, potentially leading to unauthorized execution of scripts within a user\'s web browser. -- Oct 6, 2023 n/a
CVE-2023-43733 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the company_address parameter, potentially leading to unauthorized execution of scripts within a user\'s web browser. -- Oct 6, 2023 n/a
CVE-2023-43734 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the name parameter, potentially leading to unauthorized execution of scripts within a user\'s web browser. -- Oct 6, 2023 n/a
CVE-2023-43735 Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the formats_titles[7] parameter, potentially leading to unauthorized execution of scripts within a user\'s web browser. -- Oct 6, 2023 n/a
CVE-2023-43737 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. -- Oct 26, 2023 n/a
CVE-2023-43738 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. -- Oct 27, 2023 n/a
CVE-2023-43739 The \'bookisbn\' parameter of the cart.php resource does not validate the characters received and they are sent unfiltered to the database. -- Sep 30, 2023 n/a
CVE-2023-43740 Online Book Store Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the \'image\' parameter of admin_edit.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. -- Oct 6, 2023 n/a
CVE-2023-43741 A time-of-check-time-of-use race condition vulnerability in Buildkite Elastic CI for AWS versions prior to 6.7.1 and 5.22.5 allows the buildkite-agent user to bypass a symbolic link check for the PIPELINE_PATH variable in the fix-buildkite-agent-builds-permissions script. -- Dec 22, 2023 n/a
CVE-2023-43742 An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an unauthenticated attacker to obtain an administrative session via a protection mechanism failure in the authentication function. In normal operation, the Zultys MX Administrator Windows client connects to port 7505 and attempts authentication, submitting the administrator username and password to the server. Upon authentication failure, the server sends a login failure message prompting the client to disconnect. However, if the client ignores the failure message instead and attempts to continue, the server does not forcibly close the connection and processes all subsequent requests from the client as if authentication had been successful. -- Dec 8, 2023 n/a
CVE-2023-43743 A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an authenticated attacker to execute arbitrary SQL queries on the backend database via the filter parameter in requests to the /newapi/ endpoint in the Zultys MX web interface. -- Dec 8, 2023 n/a
CVE-2023-43744 An OS command injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an administrator to execute arbitrary OS commands via a file name parameter in a patch application function. The Zultys MX Administrator client has a Patch Manager section that allows administrators to apply patches to the device. The user supplied filename for the patch file is passed to a shell script without validation. Including bash command substitution characters in a patch file name results in execution of the provided command. -- Dec 8, 2023 n/a
CVE-2023-43746 When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BIG-IP external monitor on a BIG-IP system.  A successful exploit can allow the attacker to cross a security boundary.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. -- Oct 10, 2023 n/a
CVE-2023-43749 Rejected reason: This is unused. -- Feb 14, 2024 n/a
CVE-2023-43752 OS command injection vulnerability in WRC-X3000GS2-W v1.05 and earlier, WRC-X3000GS2-B v1.05 and earlier, and WRC-X3000GS2A-B v1.05 and earlier allows a network-adjacent authenticated user to execute an arbitrary OS command by sending a specially crafted request. -- Nov 16, 2023 n/a
CVE-2023-43754 Mattermost fails to check whether the  “Allow users to view archived channels”  setting is enabled during permalink previews display, allowing members to view permalink previews of archived channels even if the “Allow users to view archived channels” setting is disabled.  -- Nov 27, 2023 n/a
CVE-2023-43755 Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. During the processing and parsing of certain fields in XML elements from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution. -- Nov 9, 2023 n/a
CVE-2023-43756 in OpenHarmony v3.2.4 and prior versions allow a local attacker causes information leak through out-of-bounds Read. -- Feb 6, 2024 n/a
CVE-2023-43757 Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO.,LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and intercept the communication. As for the affected products/versions, see the information provided by the vendor under [References] section. -- Nov 16, 2023 n/a
CVE-2023-43760 Certain WithSecure products allow Denial of Service via a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. -- Sep 26, 2023 n/a
CVE-2023-43761 Certain WithSecure products allow Denial of Service (infinite loop). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. -- Sep 26, 2023 n/a
CVE-2023-43762 Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend). This affects WithSecure Policy Manager 15 and Policy Manager Proxy 15. -- Sep 26, 2023 n/a
CVE-2023-43763 Certain WithSecure products allow XSS via an unvalidated parameter in the endpoint. This affects WithSecure Policy Manager 15 on Windows and Linux. -- Sep 26, 2023 n/a
CVE-2023-43764 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-43762. Reason: This candidate is a duplicate of CVE-2023-43762. Notes: All CVE users should reference CVE-2023-43762 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. -- Sep 26, 2023 n/a
CVE-2023-43765 Certain WithSecure products allow Denial of Service in the aeelf component. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. -- Sep 26, 2023 n/a
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online