Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 177968 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2024-31866 Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can execute shell scripts or malicious code by overriding configuration like ZEPPELIN_INTP_CLASSPATH_OVERRIDES. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue. -- Apr 9, 2024 n/a
CVE-2024-31867 Improper Input Validation vulnerability in Apache Zeppelin. The attackers can execute malicious queries by setting improper configuration properties to LDAP search filter. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue. -- Apr 9, 2024 n/a
CVE-2024-31868 Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can modify helium.json and exposure XSS attacks to normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue. -- Apr 9, 2024 n/a
CVE-2024-31869 Airflow versions 2.7.0 through 2.8.4 have a vulnerability that allows an authenticated user to see sensitive provider configuration via the configuration UI page when non-sensitive-only was set as webserver.expose_config configuration (The celery provider is the only community provider currently that has sensitive configurations). You should migrate to Airflow 2.9 or change your expose_config configuration to False as a workaround. This is similar, but different to CVE-2023-46288 https://github.com/advisories/GHSA-9qqg-mh7c-chfq which concerned API, not UI configuration page. -- Apr 18, 2024 n/a
CVE-2024-31870 IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. This can be used by a malicious actor to gather information about users that can be targeted in further attacks. IBM X-Force ID: 287174. -- Jun 15, 2024 n/a
CVE-2024-31871 IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation. IBM X-Force ID: 287306. -- Apr 10, 2024 n/a
CVE-2024-31872 IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation. IBM X-Force ID: 287316. -- Apr 10, 2024 n/a
CVE-2024-31873 IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317. -- Apr 10, 2024 n/a
CVE-2024-31874 IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninitialized variables when deploying that could allow a local user to cause a denial of service. IBM X-Force ID: 287318. -- Apr 10, 2024 n/a
CVE-2024-31878 IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by a remote attacker. This vulnerability can be used by a malicious actor to gather information about SST users that can be targeted in further attacks. IBM X-Force ID: 287538. -- Jun 11, 2024 n/a
CVE-2024-31879 IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbitrary code leading to a denial of service of network ports on the system, caused by the deserialization of untrusted data. IBM X-Force ID: 287539. -- May 20, 2024 n/a
CVE-2024-31881 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. IBM X-Force ID: 287613. -- Jun 13, 2024 n/a
CVE-2024-31883 IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: 287615. -- Jun 27, 2024 n/a
CVE-2024-31887 IBM Security Verify Privilege 11.6.25 could allow an unauthenticated actor to obtain sensitive information from the SOAP API. IBM X-Force ID: 287651. -- Apr 16, 2024 n/a
CVE-2024-31889 IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 288136. -- May 31, 2024 n/a
CVE-2024-31890 IBM i 7.3, 7.4, and 7.5 product IBM TCP/IP Connectivity Utilities for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 288171. -- Jun 21, 2024 n/a
CVE-2024-31893 IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive calendar information using an expired access token. IBM X-Force ID: 288174. -- May 24, 2024 n/a
CVE-2024-31894 IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288175. -- May 24, 2024 n/a
CVE-2024-31895 IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288176. -- May 24, 2024 n/a
CVE-2024-31897 IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 288178. -- Jul 8, 2024 n/a
CVE-2024-31898 IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. IBM X-Force ID: 288182. -- Jul 1, 2024 n/a
CVE-2024-31902 IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 289234. -- Jul 1, 2024 n/a
CVE-2024-31904 IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 integration nodes could allow an authenticated user to cause a denial of service due to an uncaught exception. IBM X-Force ID: 289647. -- May 24, 2024 n/a
CVE-2024-31907 IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 289889. -- May 31, 2024 n/a
CVE-2024-31908 IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 289890. -- May 31, 2024 n/a
CVE-2024-31912 IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. IBM X-Force ID: 289894. -- Jul 1, 2024 n/a
CVE-2024-31916 IBM OpenBMC FW1050.00 through FW1050.10 BMCWeb HTTPS server component could disclose sensitive URI content to an unauthorized actor that bypasses authentication channels. IBM X-ForceID: 290026. -- Jun 27, 2024 n/a
CVE-2024-31919 IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is used. IBM X-Force ID: 290259. -- Jul 1, 2024 n/a
CVE-2024-31920 Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Currency per Product for WooCommerce.This issue affects Currency per Product for WooCommerce: from n/a through 1.6.0. -- Apr 15, 2024 n/a
CVE-2024-31921 Cross-Site Request Forgery (CSRF) vulnerability in Etoile Web Design Ultimate Product Catalogue.This issue affects Ultimate Product Catalogue: from n/a through 5.2.15. -- Apr 15, 2024 n/a
CVE-2024-31922 Cross-Site Request Forgery (CSRF) vulnerability in Anton Aleksandrov WordPress Hosting Benchmark tool.This issue affects WordPress Hosting Benchmark tool: from n/a through 1.3.6. -- Apr 15, 2024 n/a
CVE-2024-31923 Cross-Site Request Forgery (CSRF) vulnerability in PluginOps Feather Login Page.This issue affects Feather Login Page: from n/a through 1.1.5. -- Apr 15, 2024 n/a
CVE-2024-31924 Cross-Site Request Forgery (CSRF) vulnerability in Exactly WWW EWWW Image Optimizer.This issue affects EWWW Image Optimizer: from n/a through 7.2.3. -- Apr 10, 2024 n/a
CVE-2024-31925 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in FAKTOR VIER F4 Improvements allows Stored XSS.This issue affects F4 Improvements: from n/a through 1.8.0. -- Apr 11, 2024 n/a
CVE-2024-31926 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in BracketSpace Advanced Cron Manager – debug & control allows Stored XSS.This issue affects Advanced Cron Manager – debug & control: from n/a through 2.5.2. -- Apr 11, 2024 n/a
CVE-2024-31927 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Aminur Islam WP Login and Logout Redirect allows Stored XSS.This issue affects WP Login and Logout Redirect: from n/a through 1.2. -- Apr 11, 2024 n/a
CVE-2024-31928 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in WP Darko Top Bar allows Stored XSS.This issue affects Top Bar: from n/a through 3.0.5. -- Apr 11, 2024 n/a
CVE-2024-31929 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Polevaultweb Intagrate Lite allows Stored XSS.This issue affects Intagrate Lite: from n/a through 1.3.7. -- Apr 11, 2024 n/a
CVE-2024-31930 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd allows Stored XSS.This issue affects Save as PDF plugin by Pdfcrowd: from n/a through 3.2.1 . -- Apr 11, 2024 n/a
CVE-2024-31931 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Save as Image plugin by Pdfcrowd allows Stored XSS.This issue affects Save as Image plugin by Pdfcrowd: from n/a through 3.2.1 . -- Apr 11, 2024 n/a
CVE-2024-31932 Cross-Site Request Forgery (CSRF) vulnerability in CreativeThemes Blocksy Companion.This issue affects Blocksy Companion: from n/a through 2.0.28. -- Apr 11, 2024 n/a
CVE-2024-31933 Cross-Site Request Forgery (CSRF) vulnerability in Live Composer Team Page Builder: Live Composer.This issue affects Page Builder: Live Composer: from n/a through 1.5.35. -- Apr 15, 2024 n/a
CVE-2024-31934 Cross-Site Request Forgery (CSRF) vulnerability in Link Whisper Link Whisper Free.This issue affects Link Whisper Free: from n/a through 0.6.9. -- Apr 11, 2024 n/a
CVE-2024-31935 Cross-Site Request Forgery (CSRF) vulnerability in BracketSpace Simple Post Notes.This issue affects Simple Post Notes: from n/a through 1.7.6. -- Apr 11, 2024 n/a
CVE-2024-31936 Cross-Site Request Forgery (CSRF) vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a before 1.2.6. -- Apr 11, 2024 n/a
CVE-2024-31937 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Visitor Analytics TWIPLA (Visitor Analytics IO) allows Stored XSS.This issue affects TWIPLA (Visitor Analytics IO): from n/a through 1.2.0. -- Apr 11, 2024 n/a
CVE-2024-31938 Cross-Site Request Forgery (CSRF) vulnerability in Themeinwp NewsXpress.This issue affects NewsXpress: from n/a through 1.0.7. -- Apr 15, 2024 n/a
CVE-2024-31939 Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Import any XML or CSV File to WordPress.This issue affects Import any XML or CSV File to WordPress: from n/a through 3.7.3. -- Apr 11, 2024 n/a
CVE-2024-31940 Cross-Site Request Forgery (CSRF) vulnerability in RedNao Extra Product Options Builder for WooCommerce.This issue affects Extra Product Options Builder for WooCommerce: from n/a through 1.2.104. -- Apr 15, 2024 n/a
CVE-2024-31941 Cross-Site Request Forgery (CSRF) vulnerability in CodePeople CP Media Player.This issue affects CP Media Player: from n/a through 1.1.3. -- Apr 15, 2024 n/a
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online