Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 199260 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2023-49342 Temporary data passed between application components by Budgie Extras Clockworks applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel. -- Dec 14, 2023 n/a
CVE-2023-49343 Temporary data passed between application components by Budgie Extras Dropby applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel. -- Dec 14, 2023 n/a
CVE-2023-49344 Temporary data passed between application components by Budgie Extras Window Shuffler applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel. -- Dec 14, 2023 n/a
CVE-2023-49345 Temporary data passed between application components by Budgie Extras Takeabreak applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel. -- Dec 14, 2023 n/a
CVE-2023-49346 Temporary data passed between application components by Budgie Extras WeatherShow applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false information to users or deny access to the application and panel. -- Dec 14, 2023 n/a
CVE-2023-49347 Temporary data passed between application components by Budgie Extras Windows Previews could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may read private information from windows, present false information to users, or deny access to the application. -- Dec 14, 2023 n/a
CVE-2023-49351 A stack-based buffer overflow vulnerability in /bin/webs binary in Edimax BR6478AC V2 firmware veraion v1.23 allows attackers to overwrite other values located on the stack due to an incorrect use of the strcpy() function. -- Jan 16, 2024 n/a
CVE-2023-49355 decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the []-1.2e-1111111111 input. NOTE: this is not the same as CVE-2023-50246. The CVE-2023-50246 71c2ab5 reference mentions -10E-1000010001, which is not in normalized scientific notation. -- Dec 11, 2023 n/a
CVE-2023-49356 A stack buffer overflow vulnerability in MP3Gain v1.6.2 allows an attacker to cause a denial of service via the WriteMP3GainAPETag function at apetag.c:592. -- Dec 22, 2023 n/a
CVE-2023-49363 Rockoa <2.3.3 is vulnerable to SQL Injection. The problem exists in the indexAction method in reimpAction.php. -- Dec 13, 2023 n/a
CVE-2023-49371 RuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via /system/dept/edit. -- Dec 3, 2023 n/a
CVE-2023-49372 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/save. -- Dec 5, 2023 n/a
CVE-2023-49373 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/slide/delete. -- Dec 5, 2023 n/a
CVE-2023-49374 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/slide/update. -- Dec 5, 2023 n/a
CVE-2023-49375 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/update. -- Dec 5, 2023 n/a
CVE-2023-49376 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/delete. -- Dec 5, 2023 n/a
CVE-2023-49377 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/update. -- Dec 5, 2023 n/a
CVE-2023-49378 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/form/save. -- Dec 5, 2023 n/a
CVE-2023-49379 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /admin/friend_link/save. -- Dec 5, 2023 n/a
CVE-2023-49380 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/friend_link/delete. -- Dec 5, 2023 n/a
CVE-2023-49381 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/update. -- Dec 5, 2023 n/a
CVE-2023-49382 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/div/delete. -- Dec 5, 2023 n/a
CVE-2023-49383 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/tag/save. -- Dec 5, 2023 n/a
CVE-2023-49391 An issue was discovered in free5GC version 3.3.0, allows remote attackers to execute arbitrary code and cause a denial of service (DoS) on AMF component via crafted NGAP message. -- Dec 22, 2023 n/a
CVE-2023-49394 Zentao versions 4.1.3 and before has a URL redirect vulnerability, which prevents the system from functioning properly. -- Jan 10, 2024 n/a
CVE-2023-49395 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/update. -- Dec 5, 2023 n/a
CVE-2023-49396 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/save. -- Dec 5, 2023 n/a
CVE-2023-49397 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/updateStatus. -- Dec 5, 2023 n/a
CVE-2023-49398 JFinalCMS v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/category/delete. -- Dec 5, 2023 n/a
CVE-2023-49402 Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function localMsg. -- Dec 7, 2023 n/a
CVE-2023-49403 Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setFixTools. -- Dec 7, 2023 n/a
CVE-2023-49404 Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formAdvancedSetListSet. -- Dec 7, 2023 n/a
CVE-2023-49405 Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function UploadCfg. -- Dec 7, 2023 n/a
CVE-2023-49406 Tenda W30E V16.01.0.12(4843) was discovered to contain a Command Execution vulnerability via the function /goform/telnet. -- Dec 7, 2023 n/a
CVE-2023-49408 Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the function set_device_name. -- Dec 7, 2023 n/a
CVE-2023-49409 Tenda AX3 V16.03.12.11 was discovered to contain a Command Execution vulnerability via the function /goform/telnet. -- Dec 7, 2023 n/a
CVE-2023-49410 Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function via the function set_wan_status. -- Dec 7, 2023 n/a
CVE-2023-49411 Tenda W30E V16.01.0.12(4843) contains a stack overflow vulnerability via the function formDeleteMeshNode. -- Dec 7, 2023 n/a
CVE-2023-49417 TOTOLink A7000R V9.1.0u.6115_B20201022 has a stack overflow vulnerability via setOpModeCfg. -- Dec 11, 2023 n/a
CVE-2023-49418 TOTOLink A7000R V9.1.0u.6115_B20201022has a stack overflow vulnerability via setIpPortFilterRules. -- Dec 11, 2023 n/a
CVE-2023-49424 Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg. -- Dec 7, 2023 n/a
CVE-2023-49425 Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg . -- Dec 7, 2023 n/a
CVE-2023-49426 Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetStaticRouteCfg. -- Dec 7, 2023 n/a
CVE-2023-49427 Buffer Overflow vulnerability in Tenda AX12 V22.03.01.46, allows remote attackers to cause a denial of service (DoS) via list parameter in SetNetControlList function. -- Jan 10, 2024 n/a
CVE-2023-49428 Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the \'mac\' parameter at /goform/SetOnlineDevName. -- Dec 7, 2023 n/a
CVE-2023-49429 Tenda AX9 V22.03.01.46 was discovered to contain a SQL command injection vulnerability in the \'setDeviceInfo\' feature through the \'mac\' parameter at /goform/setModules. -- Dec 7, 2023 n/a
CVE-2023-49430 Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the \'list\' parameter at /goform/SetStaticRouteCfg. -- Dec 7, 2023 n/a
CVE-2023-49431 Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the \'mac\' parameter at /goform/SetOnlineDevName. -- Dec 7, 2023 n/a
CVE-2023-49432 Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the \'deviceList\' parameter at /goform/setMacFilterCfg. -- Dec 7, 2023 n/a
CVE-2023-49433 Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the \'list\' parameter at /goform/SetVirtualServerCfg. -- Dec 7, 2023 n/a
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online