Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 174136 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2024-33595 Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through 2.0.5.4.1. -- Apr 29, 2024 n/a
CVE-2024-33596 Missing Authorization vulnerability in Five Star Plugins Five Star Restaurant Reservations.This issue affects Five Star Restaurant Reservations: from n/a through 2.6.16. -- Apr 29, 2024 n/a
CVE-2024-33597 Missing Authorization vulnerability in ProFaceOff SSU.This issue affects SSU: from n/a through 1.5.0. -- Apr 29, 2024 n/a
CVE-2024-33598 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Twinpictures Annual Archive allows Stored XSS.This issue affects Annual Archive: from n/a through 1.6.0. -- Apr 26, 2024 n/a
CVE-2024-33599 nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon\'s (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. -- Apr 26, 2024 n/a
CVE-2024-33600 nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon\'s (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. -- Apr 26, 2024 n/a
CVE-2024-33601 nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon\'s (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. -- Apr 26, 2024 n/a
CVE-2024-33602 nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon\'s (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. -- Apr 26, 2024 n/a
CVE-2024-33604 A reflected cross-site scripting (XSS) vulnerability exist in undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated -- May 8, 2024 n/a
CVE-2024-33608 When IPsec is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. -- May 8, 2024 n/a
CVE-2024-33612 An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. A successful exploit of this vulnerability can allow the attacker to cross a security boundary.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. -- May 8, 2024 n/a
CVE-2024-33615 A specially crafted Zip file containing path traversal characters can be imported to the CyberPower PowerPanel server, which allows file writing to the server outside the intended scope, and could allow an attacker to achieve remote code execution. -- May 16, 2024 n/a
CVE-2024-33625 CyberPower PowerPanel business application code contains a hard-coded JWT signing key. This could result in an attacker forging JWT tokens to bypass authentication. -- May 16, 2024 n/a
CVE-2024-33627 Server-Side Request Forgery (SSRF) vulnerability in Cusmin Absolutely Glamorous Custom Admin.This issue affects Absolutely Glamorous Custom Admin: from n/a through 7.2.2. -- Apr 29, 2024 n/a
CVE-2024-33628 Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in XforWooCommerce allows PHP Local File Inclusion.This issue affects XforWooCommerce: from n/a through 2.0.2. -- Jun 4, 2024 n/a
CVE-2024-33629 Server-Side Request Forgery (SSRF) vulnerability in Creative Motion Auto Featured Image (Auto Post Thumbnail).This issue affects Auto Featured Image (Auto Post Thumbnail): from n/a through 4.0.0. -- Apr 29, 2024 n/a
CVE-2024-33630 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Piotnet Piotnet Addons For Elementor allows Stored XSS.This issue affects Piotnet Addons For Elementor: from n/a through 2.4.26. -- Apr 29, 2024 n/a
CVE-2024-33631 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Piotnet Piotnet Addons For Elementor Pro allows Stored XSS.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17. -- Apr 29, 2024 n/a
CVE-2024-33632 Cross-Site Request Forgery (CSRF) vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17. -- Apr 29, 2024 n/a
CVE-2024-33633 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Piotnet Piotnet Addons For Elementor Pro allows Reflected XSS.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17. -- Apr 29, 2024 n/a
CVE-2024-33634 Server-Side Request Forgery (SSRF) vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17. -- Apr 29, 2024 n/a
CVE-2024-33635 Missing Authorization vulnerability in Piotnet Piotnet Addons For Elementor Pro.This issue affects Piotnet Addons For Elementor Pro: from n/a through 7.1.17. -- Apr 29, 2024 n/a
CVE-2024-33636 Missing Authorization vulnerability in Mahesh Vora WP Page Post Widget Clone.This issue affects WP Page Post Widget Clone: from n/a through 1.0.1. -- Apr 29, 2024 n/a
CVE-2024-33637 Insertion of Sensitive Information into Log File vulnerability in Solid Plugins Solid Affiliate.This issue affects Solid Affiliate: from n/a through 1.9.1. -- Apr 29, 2024 n/a
CVE-2024-33638 Cross-Site Request Forgery (CSRF) vulnerability in Brijesh Kothari Smart Maintenance Mode.This issue affects Smart Maintenance Mode: from n/a through 1.4.4. -- Apr 26, 2024 n/a
CVE-2024-33639 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in AccessAlly PopupAlly allows Stored XSS.This issue affects PopupAlly: from n/a through 2.1.1. -- Apr 26, 2024 n/a
CVE-2024-33640 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in LBell Pretty Google Calendar allows Stored XSS.This issue affects Pretty Google Calendar: from n/a through 1.7.2. -- Apr 29, 2024 n/a
CVE-2024-33641 Deserialization of Untrusted Data vulnerability in Team Yoast Custom field finder.This issue affects Custom field finder: from n/a through 0.3. -- Apr 29, 2024 n/a
CVE-2024-33642 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in EkoJR Advanced Post List allows Stored XSS.This issue affects Advanced Post List: from n/a through 0.5.6.1. -- Apr 26, 2024 n/a
CVE-2024-33643 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Kailey Lampert Advanced Most Recent Posts Mod allows Stored XSS.This issue affects Advanced Most Recent Posts Mod: from n/a through 1.6.5.2. -- Apr 29, 2024 n/a
CVE-2024-33644 Improper Control of Generation of Code (\'Code Injection\') vulnerability in WPCustomify Customify Site Library allows Code Injection.This issue affects Customify Site Library: from n/a through 0.0.9. -- May 17, 2024 n/a
CVE-2024-33645 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Eftakhairul Islam & Sirajus Salayhin Easy Set Favicon allows Reflected XSS.This issue affects Easy Set Favicon: from n/a through 1.1. -- Apr 29, 2024 n/a
CVE-2024-33646 Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Sticky Anything allows Cross-Site Scripting (XSS).This issue affects Sticky Anything: from n/a through 2.1.5. -- Apr 29, 2024 n/a
CVE-2024-33647 A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authenticated user to query items beyond the user\'s allowed projects. -- May 14, 2024 n/a
CVE-2024-33648 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in wzy Media Recencio Book Reviews allows Stored XSS.This issue affects Recencio Book Reviews: from n/a through 1.66.0. -- Apr 29, 2024 n/a
CVE-2024-33649 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WpOpal Opal Widgets For Elementor allows Stored XSS.This issue affects Opal Widgets For Elementor: from n/a through 1.6.9. -- Apr 29, 2024 n/a
CVE-2024-33650 Cross-Site Request Forgery (CSRF) vulnerability in Cryout Creations Serious Slider.This issue affects Serious Slider: from n/a through 1.2.4. -- Apr 26, 2024 n/a
CVE-2024-33651 Cross-Site Request Forgery (CSRF) vulnerability in Matthew Fries MF Gig Calendar.This issue affects MF Gig Calendar : from n/a through 1.2.1. -- Apr 26, 2024 n/a
CVE-2024-33652 Missing Authorization vulnerability in Real Big Plugins Client Dash.This issue affects Client Dash: from n/a through 2.2.1. -- Apr 29, 2024 n/a
CVE-2024-33655 The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst (which can be considered traffic amplification in some cases), aka the DNSBomb issue. -- May 6, 2024 n/a
CVE-2024-33661 Portainer before 2.20.0 allows redirects when the target is not index.yaml. -- Apr 26, 2024 n/a
CVE-2024-33663 python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217. -- Apr 26, 2024 n/a
CVE-2024-33664 python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a JWT bomb. This is similar to CVE-2024-21319. -- Apr 26, 2024 n/a
CVE-2024-33665 angular-translate through 2.19.1 allows XSS via a crafted key that is used by the translate directive. NOTE: the vendor indicates that there is no documentation indicating that a key is supposed to be safe against XSS attacks. -- Apr 26, 2024 n/a
CVE-2024-33666 An issue was discovered in Zammad before 6.3.0. Users with customer access to a ticket could have accessed time accounting details of this ticket via the API. This data should be available only to agents. -- Apr 26, 2024 n/a
CVE-2024-33667 An issue was discovered in Zammad before 6.3.0. An authenticated agent could perform a remote Denial of Service attack by calling an endpoint that accepts a generic method name, which was not properly sanitized against an allowlist. -- Apr 26, 2024 n/a
CVE-2024-33668 An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cache uses insecure, partially guessable FormIDs to identify content. An attacker could try to brute force them to upload malicious content to article drafts they have no access to. -- Apr 26, 2024 n/a
CVE-2024-33669 An issue was discovered in Passbolt Browser Extension before 4.6.2. It can send multiple requests to HaveIBeenPwned while a password is being typed, which results in an information leak. This allows an attacker capable of observing Passbolt\'s HTTPS queries to the Pwned Password API to more easily brute force passwords that are manually typed by the user. -- Apr 26, 2024 n/a
CVE-2024-33670 Passbolt API before 4.6.2 allows HTML injection in a URL parameter, resulting in custom content being displayed when a user visits the crafted URL. Although the injected content is not executed as JavaScript due to Content Security Policy (CSP) restrictions, it may still impact the appearance and user interaction of the page. -- Apr 26, 2024 n/a
CVE-2024-33671 An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. The Backup Exec Deduplication Multi-threaded Streaming Agent can be leveraged to perform arbitrary file deletion on protected files. -- Apr 26, 2024 n/a
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online