Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 179121 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2024-28855 ZITADEL, open source authentication management software, uses Go templates to render the login UI. Due to a improper use of the `text/template` instead of the `html/template` package, the Login UI did not sanitize input parameters prior to versions 2.47.3, 2.46.1, 2.45.1, 2.44.3, 2.43.9, 2.42.15, and 2.41.15. An attacker could create a malicious link, where he injected code which would be rendered as part of the login screen. While it was possible to inject HTML including JavaScript, the execution of such scripts would be prevented by the Content Security Policy. Versions 2.47.3, 2.46.1, 2.45.1, 2.44.3, 2.43.9, 2.42.15, and 2.41.15 contain a patch for this issue. No known workarounds are available. -- Mar 19, 2024 n/a
CVE-2024-28859 Symfony1 is a community fork of symfony 1.4 with DIC, form enhancements, latest Swiftmailer, better performance, composer compatible and PHP 8 support. Symfony 1 has a gadget chain due to vulnerable Swift Mailer dependency that would enable an attacker to get remote code execution if a developer unserialize user input in his project. This vulnerability present no direct threat but is a vector that will enable remote code execution if a developper deserialize user untrusted data. Symfony 1 depends on Swift Mailer which is bundled by default in vendor directory in the default installation since 1.3.0. Swift Mailer classes implement some `__destruct()` methods. These methods are called when php destroys the object in memory. However, it is possible to include any object type in `$this->_keys` to make PHP access to another array/object properties than intended by the developer. In particular, it is possible to abuse the array access which is triggered on foreach($this->_keys ...) for any class implementing ArrayAccess interface. This may allow an attacker to execute any PHP command which leads to remote code execution. This issue has been addressed in version 1.5.18. Users are advised to upgrade. There are no known workarounds for this vulnerability. -- Mar 17, 2024 n/a
CVE-2024-28860 Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium is vulnerable to chosen plaintext, key recovery, replay attacks by a man-in-the-middle attacker. These attacks are possible due to an ESP sequence number collision when multiple nodes are configured with the same key. Fixed versions of Cilium use unique keys for each IPsec tunnel established between nodes, resolving all of the above attacks. This vulnerability is fixed in 1.13.13, 1.14.9, and 1.15.3. -- Mar 28, 2024 n/a
CVE-2024-28861 Symfony 1 is a community-driven fork of the 1.x branch of Symfony, a PHP framework for web projects. Starting in version 1.1.0 and prior to version 1.5.19, Symfony 1 has a gadget chain due to dangerous deserialization in `sfNamespacedParameterHolder` class that would enable an attacker to get remote code execution if a developer deserializes user input in their project. Version 1.5.19 contains a patch for the issue. -- Mar 22, 2024 n/a
CVE-2024-28862 The Ruby One Time Password library (ROTP) is an open source library for generating and validating one time passwords. Affected versions had overly permissive default permissions. Users should patch to version 6.3.0. Users unable to patch may correct file permissions after installation. -- Mar 17, 2024 n/a
CVE-2024-28863 node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few seconds of running it using a path with too many sub-folders inside. Version 6.2.1 fixes this issue by preventing extraction in excessively deep sub-folders. -- Mar 21, 2024 n/a
CVE-2024-28864 SecureProps is a PHP library designed to simplify the encryption and decryption of property data in objects. A vulnerability in SecureProps version 1.2.0 and 1.2.1 involves a regex failing to detect tags during decryption of encrypted data. This occurs when the encrypted data has been encoded with `NullEncoder` and passed to `TagAwareCipher`, and contains special characters such as `\\n`. As a result, the decryption process is skipped since the tags are not detected. This causes the encrypted data to be returned in plain format. The vulnerability affects users who implement `TagAwareCipher` with any base cipher that has `NullEncoder` (not default). The patch for the issue has been released. Users are advised to update to version 1.2.2. As a workaround, one may use the default `Base64Encoder` with the base cipher decorated with `TagAwareCipher` to prevent special characters in the encrypted string from interfering with regex tag detection logic. This workaround is safe but may involve double encoding since `TagAwareCipher` uses `NullEncoder` by default. -- Mar 19, 2024 n/a
CVE-2024-28865 django-wiki is a wiki system for Django. Installations of django-wiki prior to version 0.10.1 are vulnerable to maliciously crafted article content that can cause severe use of server CPU through a regular expression loop. Version 0.10.1 fixes this issue. As a workaround, close off access to create and edit articles by anonymous users. -- Mar 19, 2024 n/a
CVE-2024-28866 GoCD is a continuous delivery server. GoCD versions from 19.4.0 to 23.5.0 (inclusive) are potentially vulnerable to a reflected cross-site scripting vulnerability on the loading page displayed while GoCD is starting, via abuse of a `redirect_to` query parameter with inadequate validation. Attackers could theoretically abuse the query parameter to steal session tokens or other values from the user\'s browser. In practice exploiting this to perform privileged actions is likely rather difficult to exploit because the target user would need to be triggered to open an attacker-crafted link in the period where the server is starting up (but not completely started), requiring chaining with a separate denial-of-service vulnerability. Additionally, GoCD server restarts invalidate earlier session tokens (i.e GoCD does not support persistent sessions), so a stolen session token would be unusable once the server has completed restart, and executed XSS would be done within a logged-out context. The issue is fixed in GoCD 24.1.0. As a workaround, it is technically possible in earlier GoCD versions to override the loading page with an earlier version which is not vulnerable, by starting GoCD with the Java system property override as either `-Dloading.page.resource.path=/loading_pages/default.loading.page.html` (simpler early version of loading page without GoCD introduction) or `-Dloading.page.resource.path=/does_not_exist.html` (to display a simple message with no interactivity). -- May 14, 2024 n/a
CVE-2024-28867 Swift Prometheus is a Swift client for the Prometheus monitoring system, supporting counters, gauges and histograms. In code which applies _un-sanitized string values into metric names or labels_, an attacker could make use of this and send a `?lang` query parameter containing newlines, `}` or similar characters which can lead to the attacker taking over the exported format -- including creating unbounded numbers of stored metrics, inflating server memory usage, or causing bogus metrics. This vulnerability is fixed in2.0.0-alpha.2. -- Apr 1, 2024 n/a
CVE-2024-28868 Umbraco is an ASP.NET content management system. Umbraco 10 prior to 10.8.4 with access to the native login screen is vulnerable to a possible user enumeration attack. This issue was fixed in version 10.8.5. As a workaround, one may disable the native login screen by exclusively using external logins. -- Mar 21, 2024 n/a
CVE-2024-28869 Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the Content-length request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of service. This vulnerability has been addressed in version 2.11.2 and 3.0.0-rc5. Users are advised to upgrade. For affected versions, this vulnerability can be mitigated by configuring the readTimeout option. -- Apr 15, 2024 n/a
CVE-2024-28870 Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community. When parsing an overly long SSH banner, Suricata can use excessive CPU resources, as well as cause excessive logging volume in alert records. This issue has been patched in versions 6.0.17 and 7.0.4. -- Mar 25, 2024 n/a
CVE-2024-28871 LibHTP is a security-aware parser for the HTTP protocol and the related bits and pieces. Version 0.5.46 may parse malformed request traffic, leading to excessive CPU usage. Version 0.5.47 contains a patch for the issue. No known workarounds are available. -- Mar 25, 2024 n/a
CVE-2024-28872 The TLS certificate validation code is flawed. An attacker can obtain a TLS certificate from the Stork server and use it to connect to the Stork agent. Once this connection is established with the valid certificate, the attacker can send malicious commands to a monitored service (Kea or BIND 9), possibly resulting in confidential data loss and/or denial of service. It should be noted that this vulnerability is not related to BIND 9 or Kea directly, and only customers using the Stork management tool are potentially affected. This issue affects Stork versions 0.15.0 through 1.15.0. -- Jul 11, 2024 n/a
CVE-2024-28877 MicroDicom DICOM Viewer is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. User interaction is required to exploit this vulnerability. -- Jun 13, 2024 n/a
CVE-2024-28878 IO-1020 Micro ELD downloads source code or an executable from an adjacent location and executes the code without sufficiently verifying the origin or integrity of the code. -- Apr 15, 2024 n/a
CVE-2024-28880 Path traversal vulnerability in MosP kintai kanri V4.6.6 and earlier allows a remote attacker who can log in to the product to obtain sensitive information of the product. -- May 28, 2024 n/a
CVE-2024-28882 OpenVPN from 2.6.0 through 2.6.10 in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session -- May 19, 2024 n/a
CVE-2024-28883 An origin validation vulnerability exists in BIG-IP APM browser network access VPN client for Windows, macOS and Linux which may allow an attacker to bypass F5 endpoint inspection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. -- May 8, 2024 n/a
CVE-2024-28886 OS command injection vulnerability exists in UTAU versions prior to v0.4.19. If a user of the product opens a crafted UTAU project file (.ust file), an arbitrary OS command may be executed. -- May 28, 2024 n/a
CVE-2024-28889 When an SSL profile with alert timeout is configured with a non-default value on a virtual server, undisclosed traffic along with conditions beyond the attacker\'s control can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. -- May 8, 2024 n/a
CVE-2024-28890 Forminator prior to 1.29.0 contains an unrestricted upload of file with dangerous type vulnerability. If this vulnerability is exploited, a remote attacker may obtain sensitive information by accessing files on the server, alter the site that uses the plugin, and cause a denial-of-service (DoS) condition. -- Apr 23, 2024 n/a
CVE-2024-28891 SQL injection vulnerability exists in the script Handler_CFG.ashx. -- Mar 21, 2024 n/a
CVE-2024-28893 Certain HP software packages (SoftPaqs) are potentially vulnerable to arbitrary code execution when the SoftPaq configuration file has been modified after extraction. HP has released updated software packages (SoftPaqs). -- May 1, 2024 n/a
CVE-2024-28894 Out-of-bounds read vulnerability caused by improper checking of the option length values in IPv6 headers exists in Cente middleware TCP/IP Network Series, which may allow an unauthenticated attacker to stop the device operations by sending a specially crafted packet. -- Apr 15, 2024 n/a
CVE-2024-28895 \'Yahoo! JAPAN\' App for Android v2.3.1 to v3.161.1 and \'Yahoo! JAPAN\' App for iOS v3.2.2 to v4.109.0 contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the WebView of \'Yahoo! JAPAN\' App via other app installed on the user\'s device. -- Apr 1, 2024 n/a
CVE-2024-28896 Secure Boot Security Feature Bypass Vulnerability -- Apr 9, 2024 n/a
CVE-2024-28897 Secure Boot Security Feature Bypass Vulnerability -- Apr 9, 2024 n/a
CVE-2024-28898 Secure Boot Security Feature Bypass Vulnerability -- Apr 9, 2024 n/a
CVE-2024-28899 Secure Boot Security Feature Bypass Vulnerability -- Jul 9, 2024 n/a
CVE-2024-28900 Windows Remote Access Connection Manager Information Disclosure Vulnerability -- Apr 9, 2024 n/a
CVE-2024-28901 Windows Remote Access Connection Manager Information Disclosure Vulnerability -- Apr 9, 2024 n/a
CVE-2024-28902 Windows Remote Access Connection Manager Information Disclosure Vulnerability -- Apr 9, 2024 n/a
CVE-2024-28903 Secure Boot Security Feature Bypass Vulnerability -- Apr 9, 2024 n/a
CVE-2024-28904 Microsoft Brokering File System Elevation of Privilege Vulnerability -- Apr 9, 2024 n/a
CVE-2024-28905 Microsoft Brokering File System Elevation of Privilege Vulnerability -- Apr 9, 2024 n/a
CVE-2024-28906 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability -- Apr 9, 2024 n/a
CVE-2024-28907 Microsoft Brokering File System Elevation of Privilege Vulnerability -- Apr 9, 2024 n/a
CVE-2024-28908 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability -- Apr 9, 2024 n/a
CVE-2024-28909 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability -- Apr 9, 2024 n/a
CVE-2024-28910 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability -- Apr 9, 2024 n/a
CVE-2024-28911 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability -- Apr 9, 2024 n/a
CVE-2024-28912 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability -- Apr 9, 2024 n/a
CVE-2024-28913 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability -- Apr 9, 2024 n/a
CVE-2024-28914 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability -- Apr 9, 2024 n/a
CVE-2024-28915 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability -- Apr 9, 2024 n/a
CVE-2024-28916 Xbox Gaming Services Elevation of Privilege Vulnerability -- Mar 21, 2024 n/a
CVE-2024-28917 Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability -- Apr 9, 2024 n/a
CVE-2024-28919 Secure Boot Security Feature Bypass Vulnerability -- Apr 9, 2024 n/a
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online