Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 197953 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2024-13284 Cross-Site Request Forgery (CSRF) vulnerability in Drupal Gutenberg allows Cross Site Request Forgery.This issue affects Gutenberg: from 0.0.0 before 2.13.0, from 3.0.0 before 3.0.5. -- Jan 9, 2025 n/a
CVE-2024-13283 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Drupal Facets allows Cross-Site Scripting (XSS).This issue affects Facets: from 0.0.0 before 2.0.9. -- Jan 9, 2025 n/a
CVE-2024-13282 Incorrect Authorization vulnerability in Drupal Block permissions allows Forceful Browsing.This issue affects Block permissions: from 1.0.0 before 1.2.0. -- Jan 9, 2025 n/a
CVE-2024-13281 Incorrect Authorization vulnerability in Drupal Monster Menus allows Forceful Browsing.This issue affects Monster Menus: from 0.0.0 before 9.3.2. -- Jan 9, 2025 n/a
CVE-2024-13280 Insufficient Session Expiration vulnerability in Drupal Persistent Login allows Forceful Browsing.This issue affects Persistent Login: from 0.0.0 before 1.8.0, from 2.0.* before 2.2.2. -- Jan 9, 2025 n/a
CVE-2024-13279 Session Fixation vulnerability in Drupal Two-factor Authentication (TFA) allows Session Fixation.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.8.0. -- Jan 9, 2025 n/a
CVE-2024-13278 Incorrect Authorization vulnerability in Drupal Diff allows Functionality Misuse.This issue affects Diff: from 0.0.0 before 1.8.0. -- Jan 9, 2025 n/a
CVE-2024-13277 Incorrect Authorization vulnerability in Drupal Smart IP Ban allows Forceful Browsing.This issue affects Smart IP Ban: from 7.X-1.0 before 7.X-1.1. -- Jan 9, 2025 n/a
CVE-2024-13276 Insertion of Sensitive Information Into Sent Data vulnerability in Drupal File Entity (fieldable files) allows Forceful Browsing.This issue affects File Entity (fieldable files): from 7.X-* before 7.X-2.39. -- Jan 9, 2025 n/a
CVE-2024-13275 Access of Resource Using Incompatible Type (\'Type Confusion\') vulnerability in Drupal Security Kit allows HTTP DoS.This issue affects Security Kit: from 0.0.0 before 2.0.3. -- Jan 9, 2025 n/a
CVE-2024-13274 Improper Control of Interaction Frequency vulnerability in Drupal Open Social allows Functionality Misuse.This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5. -- Jan 9, 2025 n/a
CVE-2024-13273 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Drupal Open Social allows Cross-Site Scripting (XSS).This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5, from 13.0.0 before 13.0.0-alpha11. -- Jan 9, 2025 n/a
CVE-2024-13272 Insufficient Granularity of Access Control vulnerability in Drupal Paragraphs table allows Content Spoofing.This issue affects Paragraphs table: from 0.0.0 before 1.23.0, from 2.0.0 before 2.0.2. -- Jan 9, 2025 n/a
CVE-2024-13271 Incorrect Authorization vulnerability in Drupal Content Entity Clone allows Forceful Browsing.This issue affects Content Entity Clone: from 0.0.0 before 1.0.4. -- Jan 9, 2025 n/a
CVE-2024-13270 Incorrect Authorization vulnerability in Drupal Freelinking allows Forceful Browsing.This issue affects Freelinking: from 0.0.0 before 4.0.1. -- Jan 9, 2025 n/a
CVE-2024-13269 Insertion of Sensitive Information Into Sent Data vulnerability in Drupal Advanced Varnish allows Forceful Browsing.This issue affects Advanced Varnish: from 0.0.0 before 4.0.11. -- Jan 9, 2025 n/a
CVE-2024-13268 Improper Neutralization of Directives in Statically Saved Code (\'Static Code Injection\') vulnerability in Drupal Opigno allows PHP Local File Inclusion.This issue affects Opigno: from 7.X-1.0 before 7.X-1.23. -- Jan 9, 2025 n/a
CVE-2024-13267 Improper Neutralization of Directives in Statically Saved Code (\'Static Code Injection\') vulnerability in Drupal Opigno TinCan Question Type allows PHP Local File Inclusion.This issue affects Opigno TinCan Question Type: from 7.X-1.0 before 7.X-1.3. -- Jan 9, 2025 n/a
CVE-2024-13266 Incorrect Authorization vulnerability in Drupal Responsive and off-canvas menu allows Forceful Browsing.This issue affects Responsive and off-canvas menu: from 0.0.0 before 4.4.4. -- Jan 9, 2025 n/a
CVE-2024-13265 Improper Neutralization of Directives in Statically Saved Code (\'Static Code Injection\') vulnerability in Drupal Opigno Learning path allows PHP Local File Inclusion.This issue affects Opigno Learning path: from 0.0.0 before 3.1.2. -- Jan 9, 2025 n/a
CVE-2024-13264 Improper Neutralization of Directives in Statically Saved Code (\'Static Code Injection\') vulnerability in Drupal Opigno module allows PHP Local File Inclusion.This issue affects Opigno module: from 0.0.0 before 3.1.2. -- Jan 9, 2025 n/a
CVE-2024-13263 Improper Neutralization of Directives in Statically Saved Code (\'Static Code Injection\') vulnerability in Drupal Opigno group manager allows PHP Local File Inclusion.This issue affects Opigno group manager: from 0.0.0 before 3.1.1. -- Jan 9, 2025 n/a
CVE-2024-13262 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Drupal View Password allows Cross-Site Scripting (XSS).This issue affects View Password: from 0.0.0 before 6.0.4. -- Jan 9, 2025 n/a
CVE-2024-13261 Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia DAM allows Cross Site Request Forgery.This issue affects Acquia DAM: from 0.0.0 before 1.0.13, from 1.1.0 before 1.1.0-beta3. -- Jan 9, 2025 n/a
CVE-2024-13260 Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate queue importer allows Cross Site Request Forgery.This issue affects Migrate queue importer: from 0.0.0 before 2.1.1. -- Jan 9, 2025 n/a
CVE-2024-13259 Insertion of Sensitive Information Into Sent Data vulnerability in Drupal Image Sizes allows Forceful Browsing.This issue affects Image Sizes: from 0.0.0 before 3.0.2. -- Jan 9, 2025 n/a
CVE-2024-13258 Incorrect Authorization vulnerability in Drupal Drupal REST & JSON API Authentication allows Forceful Browsing.This issue affects Drupal REST & JSON API Authentication: from 0.0.0 before 2.0.13. -- Jan 9, 2025 n/a
CVE-2024-13257 Incorrect Authorization vulnerability in Drupal Commerce View Receipt allows Forceful Browsing.This issue affects Commerce View Receipt: from 0.0.0 before 1.0.3. -- Jan 9, 2025 n/a
CVE-2024-13256 Insufficient Granularity of Access Control vulnerability in Drupal Email Contact allows Forceful Browsing.This issue affects Email Contact: from 0.0.0 before 2.0.4. -- Jan 9, 2025 n/a
CVE-2024-13255 Exposure of Sensitive Information Through Data Queries vulnerability in Drupal RESTful Web Services allows Forceful Browsing.This issue affects RESTful Web Services: from 7.X-2.0 before 7.X-2.10. -- Jan 9, 2025 n/a
CVE-2024-13254 Insertion of Sensitive Information Into Sent Data vulnerability in Drupal REST Views allows Forceful Browsing.This issue affects REST Views: from 0.0.0 before 3.0.1. -- Jan 9, 2025 n/a
CVE-2024-13253 Incorrect Authorization vulnerability in Drupal Advanced PWA inc Push Notifications allows Forceful Browsing.This issue affects Advanced PWA inc Push Notifications: from 0.0.0 before 1.5.0. -- Jan 9, 2025 n/a
CVE-2024-13252 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Drupal TacJS allows Cross-Site Scripting (XSS).This issue affects TacJS: from 0.0.0 before 6.5.0. -- Jan 9, 2025 n/a
CVE-2024-13251 Incorrect Privilege Assignment vulnerability in Drupal Registration role allows Privilege Escalation.This issue affects Registration role: from 0.0.0 before 2.0.1. -- Jan 9, 2025 n/a
CVE-2024-13250 Cross-Site Request Forgery (CSRF) vulnerability in Drupal Drupal Symfony Mailer Lite allows Cross Site Request Forgery.This issue affects Drupal Symfony Mailer Lite: from 0.0.0 before 1.0.6. -- Jan 9, 2025 n/a
CVE-2024-13249 Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.This issue affects Node Access Rebuild Progressive: from 7.X-1.0 before 7.X-1.2. -- Jan 9, 2025 n/a
CVE-2024-13248 Incorrect Privilege Assignment vulnerability in Drupal Private content allows Target Influence via Framing.This issue affects Private content: from 0.0.0 before 2.1.0. -- Jan 9, 2025 n/a
CVE-2024-13247 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Drupal Coffee allows Cross-Site Scripting (XSS).This issue affects Coffee: from 0.0.0 before 1.4.0. -- Jan 9, 2025 n/a
CVE-2024-13246 Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.This issue affects Node Access Rebuild Progressive: from 0.0.0 before 2.0.2. -- Jan 9, 2025 n/a
CVE-2024-13245 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Drupal CKEditor 4 LTS - WYSIWYG HTML editor allows Cross-Site Scripting (XSS).This issue affects CKEditor 4 LTS - WYSIWYG HTML editor: from 1.0.0 before 1.0.1. -- Jan 9, 2025 n/a
CVE-2024-13244 Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate Tools allows Cross Site Request Forgery.This issue affects Migrate Tools: from 0.0.0 before 6.0.3. -- Jan 9, 2025 n/a
CVE-2024-13243 Missing Authorization vulnerability in Drupal Entity Delete Log allows Forceful Browsing.This issue affects Entity Delete Log: from 0.0.0 before 1.1.1. -- Jan 9, 2025 n/a
CVE-2024-13242 Exposed Dangerous Method or Function vulnerability in Drupal Swift Mailer allows Resource Location Spoofing.This issue affects Swift Mailer: *.*. -- Jan 9, 2025 n/a
CVE-2024-13241 Improper Authorization vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.0.5. -- Jan 9, 2025 n/a
CVE-2024-13240 Improper Access Control vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.05. -- Jan 9, 2025 n/a
CVE-2024-13239 Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.5.0. -- Jan 9, 2025 n/a
CVE-2024-13238 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Drupal Typogrify allows Cross-Site Scripting (XSS).This issue affects Typogrify: from 0.0.0 before 1.3.0. -- Jan 9, 2025 n/a
CVE-2024-13237 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Drupal File Entity (fieldable files) allows Cross-Site Scripting (XSS).This issue affects File Entity (fieldable files): from 7.X-* before 7.X-2.38. -- Jan 9, 2025 n/a
CVE-2024-13213 A vulnerability classified as problematic was found in SingMR HouseRent 1.0. This vulnerability affects unknown code of the file /toAdminUpdateHousePage?hID=30. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. -- Jan 9, 2025 n/a
CVE-2024-13212 A vulnerability classified as critical has been found in SingMR HouseRent 1.0. This affects the function singleUpload/upload of the file src/main/java/com/house/wym/controller/AddHouseController.java. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. -- Jan 9, 2025 n/a
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online