Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 193735 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2024-44033 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in NicheAddons Primary Addon for Elementor allows Stored XSS.This issue affects Primary Addon for Elementor: from n/a through 1.5.7. -- Oct 6, 2024 n/a
CVE-2024-44034 Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in Martin Greenwood WPSPX allows PHP Local File Inclusion.This issue affects WPSPX: from n/a through 1.0.2. -- Oct 5, 2024 n/a
CVE-2024-44035 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in TemeGUM Gum Elementor Addon allows Stored XSS.This issue affects Gum Elementor Addon: from n/a through 1.3.7. -- Oct 6, 2024 n/a
CVE-2024-44036 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Pierre Lebedel Kodex Posts likes allows Stored XSS.This issue affects Kodex Posts likes: from n/a through 2.5.0. -- Oct 6, 2024 n/a
CVE-2024-44037 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in MagePeople Team Multipurpose Ticket Booking Manager allows Stored XSS.This issue affects Multipurpose Ticket Booking Manager: from n/a through 4.2.2. -- Oct 6, 2024 n/a
CVE-2024-44038 Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.9. -- Nov 1, 2024 n/a
CVE-2024-44039 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in WP Travel allows Stored XSS.This issue affects WP Travel: from n/a through 9.3.1. -- Oct 6, 2024 n/a
CVE-2024-44040 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Plainware ShiftController Employee Shift Scheduling allows Stored XSS.This issue affects ShiftController Employee Shift Scheduling: from n/a through 4.9.64. -- Oct 6, 2024 n/a
CVE-2024-44041 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Martin Gibson IdeaPush allows Stored XSS.This issue affects IdeaPush: from n/a through 8.66. -- Oct 6, 2024 n/a
CVE-2024-44042 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Fahad Mahmood WP Datepicker allows Stored XSS.This issue affects WP Datepicker: from n/a through 2.1.1. -- Oct 6, 2024 n/a
CVE-2024-44043 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in 10Web Photo Gallery by 10Web allows Stored XSS.This issue affects Photo Gallery by 10Web: from n/a through 1.8.27. -- Oct 6, 2024 n/a
CVE-2024-44045 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Kevon Adonis WP Abstracts allows Stored XSS.This issue affects WP Abstracts: from n/a through 2.6.5. -- Oct 6, 2024 n/a
CVE-2024-44046 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Themify Themify – WooCommerce Product Filter allows Stored XSS.This issue affects Themify – WooCommerce Product Filter: from n/a through 1.5.1. -- Oct 6, 2024 n/a
CVE-2024-44047 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in IDX Broker IMPress for IDX Broker allows Stored XSS.This issue affects IMPress for IDX Broker: from n/a through 3.2.2. -- Sep 17, 2024 n/a
CVE-2024-44048 Improper Limitation of a Pathname to a Restricted Directory (\'Path Traversal\') vulnerability in wpWax Product Carousel Slider & Grid Ultimate for WooCommerce allows PHP Local File Inclusion.This issue affects Product Carousel Slider & Grid Ultimate for WooCommerce: from n/a through 1.9.10. -- Sep 23, 2024 n/a
CVE-2024-44049 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in ThemeHunk Gutenberg Blocks – Unlimited blocks For Gutenberg allows Stored XSS.This issue affects Gutenberg Blocks – Unlimited blocks For Gutenberg: from n/a through 1.2.7. -- Sep 17, 2024 n/a
CVE-2024-44050 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in CryoutCreations Verbosa allows Stored XSS.This issue affects Verbosa: from n/a through 1.2.3. -- Sep 17, 2024 n/a
CVE-2024-44051 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Johan van der Wijk Content Blocks (Custom Post Widget) allows Stored XSS.This issue affects Content Blocks (Custom Post Widget): from n/a through 3.3.5. -- Sep 17, 2024 n/a
CVE-2024-44052 Missing Authorization vulnerability in HelloAsso allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HelloAsso: from n/a through 1.1.10. -- Nov 1, 2024 n/a
CVE-2024-44053 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Mohammad Arif Opor Ayam allows Reflected XSS.This issue affects Opor Ayam: from n/a through 1.8. -- Sep 16, 2024 n/a
CVE-2024-44054 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in CryoutCreations Fluida allows Stored XSS.This issue affects Fluida: from n/a through 1.8.8. -- Sep 16, 2024 n/a
CVE-2024-44056 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in CryoutCreations Mantra allows Stored XSS.This issue affects Mantra: from n/a through 3.3.2. -- Sep 16, 2024 n/a
CVE-2024-44057 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in CryoutCreations Nirvana allows Stored XSS.This issue affects Nirvana: from n/a through 1.6.3. -- Sep 16, 2024 n/a
CVE-2024-44058 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in CryoutCreations Parabola allows Stored XSS.This issue affects Parabola: from n/a through 2.4.1. -- Sep 16, 2024 n/a
CVE-2024-44059 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in MediaRon LLC Custom Query Blocks allows Stored XSS.This issue affects Custom Query Blocks: from n/a through 5.3.1. -- Sep 16, 2024 n/a
CVE-2024-44060 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Jennifer Hall Filmix allows Reflected XSS.This issue affects Filmix: from n/a through 1.1. -- Sep 16, 2024 n/a
CVE-2024-44061 : Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WPFactory EU/UK VAT Manager for WooCommerce allows Cross-Site Scripting (XSS).This issue affects EU/UK VAT Manager for WooCommerce: from n/a through 2.12.14. -- Oct 21, 2024 n/a
CVE-2024-44062 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field Template: from n/a through 2.6.5. -- Sep 16, 2024 n/a
CVE-2024-44063 Improper Neutralization of Input During Web Page Generation (XSS or \'Cross-site Scripting\') vulnerability in Happyforms allows Stored XSS.This issue affects Happyforms: from n/a through 1.26.0. -- Sep 16, 2024 n/a
CVE-2024-44064 Cross-Site Request Forgery (CSRF) vulnerability in LikeBtn Like Button Rating allows Cross-Site Scripting (XSS).This issue affects Like Button Rating: from n/a through 2.6.54. -- Sep 17, 2024 n/a
CVE-2024-44067 The T-Head XuanTie C910 CPU in the TH1520 SoC and the T-Head XuanTie C920 CPU in the SOPHON SG2042 have instructions that allow unprivileged attackers to write to arbitrary physical memory locations, aka GhostWrite. -- Aug 20, 2024 n/a
CVE-2024-44068 An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850,and W920. A Use-After-Free in the mobile processor leads to privilege escalation. -- Oct 10, 2024 n/a
CVE-2024-44069 Pi-hole before 6 allows unauthenticated admin/api.php?setTempUnit= calls to change the temperature units of the web dashboard. NOTE: the supplier reportedly does not consider the bug a security issue but the specific motivation for letting arbitrary persons change the value (Celsius, Fahrenheit, or Kelvin), seen by the device owner, is unclear. -- Aug 19, 2024 n/a
CVE-2024-44070 An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value. -- Aug 19, 2024 n/a
CVE-2024-44072 OS command injection vulnerability exists in BUFFALO wireless LAN routers and wireless LAN repeaters. If a user logs in to the management page and sends a specially crafted request to the affected product from the product\'s specific management page, an arbitrary OS command may be executed. -- Sep 10, 2024 n/a
CVE-2024-44073 The Miniscript (aka rust-miniscript) library before 12.2.0 for Rust allows stack consumption because it does not properly track tree depth. -- Aug 19, 2024 n/a
CVE-2024-44076 In Microcks before 1.10.0, the POST /api/import and POST /api/export endpoints allow non-administrator access. -- Aug 19, 2024 n/a
CVE-2024-44080 In Jitsi Meet before 2.0.9779, the functionality to share an image using giphy was implemented in an insecure way, resulting in clients loading GIFs from any arbitrary URL if a message from another participant contains a URL encoded in the expected format. -- Oct 29, 2024 n/a
CVE-2024-44081 In Jitsi Meet before 2.0.9779, the functionality to share a video file was implemented in an insecure way, resulting in clients loading videos from an arbitrary URL if a message from another participant contains a URL encoded in the expected format. -- Oct 29, 2024 n/a
CVE-2024-44082 In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data. The affected/fixed version details are: Ironic: <21.4.3, >=22.0.0 <23.0.2, >=23.1.0 <24.1.2, >=25.0.0 <26.0.1; Ironic-python-agent: <9.4.2, >=9.5.0 <9.7.1, >=9.8.0 <9.11.1, >=9.12.0 <9.13.1. -- Sep 6, 2024 n/a
CVE-2024-44083 ida64.dll in Hex-Rays IDA Pro through 8.4 crashes when there is a section that has many jumps linked, and the final jump corresponds to the payload from where the actual entry point will be invoked. NOTE: in many use cases, this is an inconvenience but not a security issue. -- Aug 19, 2024 n/a
CVE-2024-44085 ONLYOFFICE Docs before 8.1.0 allows XSS via a GeneratorFunction Object attack against a macro. This is related to use of an immediately-invoked function expression (IIFE) for a macro. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446 and CVE-2023-50883. -- Sep 10, 2024 n/a
CVE-2024-44087 A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6.0 (All versions), Automation License Manager V6.2 (All versions < V6.2 Upd3). Affected applications do not properly validate certain fields in incoming network packets on port 4410/tcp. This could allow an unauthenticated remote attacker to cause an integer overflow and crash of the application. This denial of service condition could prevent legitimate users from using subsequent products that rely on the affected application for license verification. -- Sep 10, 2024 n/a
CVE-2024-44092 In TBD of TBD, there is a possible LCS signing enforcement missing due to test/debugging code left in a production build. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. -- Sep 16, 2024 n/a
CVE-2024-44093 In ppmp_unprotect_buf of drm/code/drm_fw.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. -- Sep 16, 2024 n/a
CVE-2024-44094 In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. -- Sep 16, 2024 n/a
CVE-2024-44095 In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible corrupt memory due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. -- Sep 16, 2024 n/a
CVE-2024-44096 there is a possible arbitrary read due to an insecure default value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. -- Sep 16, 2024 n/a
CVE-2024-44097 According to the researcher: The TLS connections are encrypted against tampering or eavesdropping. However, the application does not validate the server certificate properly while initializing the TLS connection. This allows for a network attacker to intercept the connection and read the data. The attacker could the either send the client a malicious response, or forward the (possibly modified) data to the real server. -- Oct 4, 2024 n/a
CVE-2024-44098 In lwis_device_event_states_clear_locked of lwis_event.c, there is a possible privilege escalation due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. -- Oct 25, 2024 n/a
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online