Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 161425 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2023-43177 CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes. -- Nov 18, 2023 n/a
CVE-2023-43183 Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows read-only users to arbitrarily change the password of an admin and hijack their account. -- Feb 5, 2024 n/a
CVE-2023-43187 A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests. -- Sep 28, 2023 n/a
CVE-2023-43191 SpringbootCMS 1.0 foreground message can be embedded malicious code saved in the database. When users browse the comments, these malicious codes embedded in the HTML will be executed, and the user\'s browser will be controlled by the attacker, so as to achieve the special purpose of the attacker, such as cookie theft -- Oct 2, 2023 n/a
CVE-2023-43192 SQL injection can exist in a newly created part of the SpringbootCMS 1.0 background, and the parameters submitted by users are not filtered. As a result, special characters in parameters destroy the original logic of SQL statements. Attackers can use this vulnerability to execute any SQL statement. -- Oct 2, 2023 n/a
CVE-2023-43193 Submitty before v22.06.00 is vulnerable to Cross Site Scripting (XSS). An attacker can create a malicious link in the forum that leads to XSS. -- Nov 2, 2023 n/a
CVE-2023-43194 Submitty before v22.06.00 is vulnerable to Incorrect Access Control. An attacker can delete any post in the forum by modifying request parameter. -- Nov 2, 2023 n/a
CVE-2023-43196 D-Link DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the zn_jb parameter in the arp_sys.asp function. -- Sep 20, 2023 n/a
CVE-2023-43197 D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the fn parameter in the tgfile.asp function. -- Sep 20, 2023 n/a
CVE-2023-43198 D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the popupId parameter in the H5/hi_block.asp function. -- Sep 20, 2023 n/a
CVE-2023-43199 D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the prev parameter in the H5/login.cgi function. -- Sep 20, 2023 n/a
CVE-2023-43200 D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the id parameter in the yyxz.data function. -- Sep 20, 2023 n/a
CVE-2023-43201 D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the hi_up parameter in the qos_ext.asp function. -- Sep 20, 2023 n/a
CVE-2023-43202 D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function pcap_download_handler. This vulnerability allows attackers to execute arbitrary commands via the update.device.packet-capture.tftp-file-name parameter. -- Sep 20, 2023 n/a
CVE-2023-43203 D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a stack overflow vulnerability in the function update_users. -- Sep 20, 2023 n/a
CVE-2023-43204 D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function sub_2EF50. This vulnerability allows attackers to execute arbitrary commands via the manual-time-string parameter. -- Sep 20, 2023 n/a
CVE-2023-43206 D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function web_cert_download_handler. This vulnerability allows attackers to execute arbitrary commands via the certDownload parameter. -- Sep 20, 2023 n/a
CVE-2023-43207 D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function config_upload_handler. This vulnerability allows attackers to execute arbitrary commands via the configRestore parameter. -- Sep 20, 2023 n/a
CVE-2023-43208 NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679. -- Oct 26, 2023 n/a
CVE-2023-43216 SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ip.php. -- Sep 27, 2023 n/a
CVE-2023-43222 SeaCMS v12.8 has an arbitrary code writing vulnerability in the /jxz7g2/admin_ping.php file. -- Sep 27, 2023 n/a
CVE-2023-43226 An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file. -- Sep 29, 2023 n/a
CVE-2023-43232 A stored cross-site scripting (XSS) vulnerability in the Website column management function of DedeBIZ v6.2.11 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter. -- Sep 28, 2023 n/a
CVE-2023-43233 A stored cross-site scripting (XSS) vulnerability in the cms/content/edit component of YZNCMS v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter. -- Oct 2, 2023 n/a
CVE-2023-43234 DedeBIZ v6.2.11 was discovered to contain multiple remote code execution (RCE) vulnerabilities at /admin/file_manage_control.php via the $activepath and $filename parameters. -- Sep 29, 2023 n/a
CVE-2023-43235 D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter StartTime and EndTime in SetWifiDownSettings. -- Sep 21, 2023 n/a
CVE-2023-43236 D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter statuscheckpppoeuser in dir_setWanWifi. -- Sep 21, 2023 n/a
CVE-2023-43237 D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter macCloneMac in setMAC. -- Sep 21, 2023 n/a
CVE-2023-43238 D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter nvmacaddr in form2Dhcpip.cgi. -- Sep 21, 2023 n/a
CVE-2023-43239 D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter flag_5G in showMACfilterMAC. -- Sep 21, 2023 n/a
CVE-2023-43240 D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter sip_address in ipportFilter. -- Sep 21, 2023 n/a
CVE-2023-43241 D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter TXPower and GuardInt in SetWLanRadioSecurity. -- Sep 21, 2023 n/a
CVE-2023-43242 D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter removeRuleList in form2IPQoSTcDel. -- Sep 21, 2023 n/a
CVE-2023-43250 XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow. There is a User Mode Write AV via a crafted image file. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution. -- Oct 18, 2023 n/a
CVE-2023-43251 XNSoft Nconvert 7.136 has an Exception Handler Chain Corrupted via a crafted image file. Attackers could exploit this issue for a Denial of Service (DoS) or possibly to achieve code execution. -- Oct 19, 2023 n/a
CVE-2023-43252 XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow via a crafted image file. -- Oct 19, 2023 n/a
CVE-2023-43256 A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sensitive files in the host machine by exploiting a non-sanitized user input. -- Sep 25, 2023 n/a
CVE-2023-43260 Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the admin panel. -- Oct 5, 2023 n/a
CVE-2023-43261 An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components. -- Oct 4, 2023 n/a
CVE-2023-43263 A Cross-site scripting (XSS) vulnerability in Froala Editor v.4.1.1 allows attackers to execute arbitrary code via the Markdown component. -- Sep 29, 2023 n/a
CVE-2023-43267 A cross-site scripting (XSS) vulnerability in the publish article function of emlog pro v2.1.14 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title field. -- Oct 4, 2023 n/a
CVE-2023-43268 Deyue Remote Vehicle Management System v1.1 was discovered to contain a deserialization vulnerability. -- Oct 4, 2023 n/a
CVE-2023-43269 pigcms up to 7.0 was discovered to contain an arbitrary file upload vulnerability. -- Oct 5, 2023 n/a
CVE-2023-43270 dst-admin v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the userId parameter at /home/playerOperate. -- Sep 25, 2023 n/a
CVE-2023-43271 Incorrect access control in 70mai a500s v1.2.119 allows attackers to directly access and delete the video files of the driving recorder through ftp and other protocols. -- Oct 10, 2023 n/a
CVE-2023-43274 Phpjabbers PHP Shopping Cart 4.2 is vulnerable to SQL Injection via the id parameter. -- Sep 21, 2023 n/a
CVE-2023-43275 Cross-Site Request Forgery (CSRF) vulnerability in DedeCMS v5.7 in 110 backend management interface via /catalog_add.php, allows attackers to create crafted web pages due to a lack of verification of the token value of the submitted form. -- Nov 16, 2023 n/a
CVE-2023-43278 A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account. -- Sep 26, 2023 n/a
CVE-2023-43281 Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function. -- Oct 25, 2023 n/a
CVE-2023-43284 D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 100A53DBR-Retail devices allow an authenticated remote attacker to execute arbitrary code via an unspecified manipulation of the QoS POST parameter. -- Oct 6, 2023 n/a
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online