Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 104130 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2022-36880 The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message. MEDIUM Jul 27, 2022 n/a
CVE-2022-35861 pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. An attacker can craft a Python version string in .python-version to execute shims under their control. (Shims are executables that pass a command along to a specific version of pyenv. The version string is used to construct the path to the command, and there is no validation of whether the version specified is a valid version. Thus, relative path traversal can occur.) MEDIUM Jul 17, 2022 n/a
CVE-2022-35416 H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang cookie XSS. MEDIUM Jul 15, 2022 n/a
CVE-2022-35414 softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. MEDIUM Jul 11, 2022 n/a
CVE-2022-35403 Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with authentication.) MEDIUM Jul 13, 2022 n/a
CVE-2022-35228 SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted. This can be achieved only when a legitimate user accesses the application and a local compromise occurs, like sniffing or social engineering. On successful exploitation, the attacker can completely compromise the application. MEDIUM Jul 15, 2022 n/a
CVE-2022-35227 A vulnerability in SAP NW EP (WPC) - versions 7.30, 7.31, 7.40, 7.50, which does not sufficiently validate user-controlled input, allows a remote attacker to conduct a Cross-Site (XSS) scripting attack. A successful exploit could allow the attacker to execute arbitrary script code which could lead to stealing or modifying of authentication information of the user, such as data relating to his or her current session. MEDIUM Jul 13, 2022 n/a
CVE-2022-35225 SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. This leads to limited impact on confidentiality and integrity of data. MEDIUM Jul 13, 2022 n/a
CVE-2022-35224 SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This attack can be used to non-permanently deface or modify portal content. The execution of script content by a victim registered on the portal could compromise the confidentiality and integrity of victim?s web browser session. MEDIUM Jul 13, 2022 n/a
CVE-2022-35172 SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. MEDIUM Jul 13, 2022 n/a
CVE-2022-35171 When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below MEDIUM Jul 13, 2022 n/a
CVE-2022-35170 SAP NetWeaver Enterprise Portal does - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. This leads to limited impact on confidentiality and integrity of data. MEDIUM Jul 13, 2022 n/a
CVE-2022-35169 SAP BusinessObjects Business Intelligence Platform (LCM) - versions 420, 430, allows an attacker with an admin privilege to read and decrypt LCMBIAR file\'s password under certain conditions, enabling the attacker to modify the password or import the file into another system causing high impact on confidentiality but a limited impact on the availability and integrity of the application. MEDIUM Jul 13, 2022 n/a
CVE-2022-35168 Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker can perform a denial-of-service attack rendering the system temporarily inoperative. MEDIUM Jul 13, 2022 n/a
CVE-2022-34748 A vulnerability has been identified in Simcenter Femap (All versions < V2022.2). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17293) MEDIUM Jul 15, 2022 n/a
CVE-2022-34743 The AT commands of the USB port have an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect system availability. MEDIUM Jul 12, 2022 n/a
CVE-2022-34742 The system module has a read/write vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. MEDIUM Jul 12, 2022 n/a
CVE-2022-34739 The fingerprint module has a vulnerability of overflow in arithmetic addition. Successful exploitation of this vulnerability may result in the acquisition of data from unknown addresses in address mappings. MEDIUM Jul 12, 2022 n/a
CVE-2022-34738 The SystemUI module has a vulnerability in permission control. If this vulnerability is successfully exploited, users are unaware of the service running in the background. MEDIUM Jul 12, 2022 n/a
CVE-2022-34737 The application security module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may affect data integrity and confidentiality. MEDIUM Jul 12, 2022 n/a
CVE-2022-34663 A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). Affected devices are vulnerable to a web-based code injection attack via the console. An attacker could exploit this vulnerability to inject code into the web server and cause malicious behavior in legitimate users accessing certain web resources on the affected device. MEDIUM Jul 12, 2022 n/a
CVE-2022-34467 A vulnerability has been identified in Mendix Excel Importer Module (Mendix 8 compatible) (All versions < V9.2.2), Mendix Excel Importer Module (Mendix 9 compatible) (All versions < V10.1.2). The affected component is vulnerable to XML Entity Expansion Injection. An attacker may use this to compromise the availability of the affected component. MEDIUM Jul 12, 2022 n/a
CVE-2022-34465 A vulnerability has been identified in Parasolid V33.1 (All versions), Parasolid V34.0 (All versions < V34.0.250), Parasolid V34.1 (All versions < V34.1.233), Simcenter Femap (All versions). The affected application contains an out of bounds read past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15420) MEDIUM Jul 12, 2022 n/a
CVE-2022-34291 A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains a stack corruption vulnerability while parsing PCB files. An attacker could leverage this vulnerability to leak information in the context of the current process. (FG-VD-22-057, FG-VD-22-058, FG-VD-22-060) MEDIUM Jul 15, 2022 n/a
CVE-2022-34290 A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains a stack corruption vulnerability while parsing PCB files. An attacker could leverage this vulnerability to leak information in the context of the current process. (FG-VD-22-055) MEDIUM Jul 15, 2022 n/a
CVE-2022-34289 A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-054) MEDIUM Jul 15, 2022 n/a
CVE-2022-34288 A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. An attacker could leverage this vulnerability to leak information in the context of the current process. (FG-VD-22-053) MEDIUM Jul 15, 2022 n/a
CVE-2022-34287 A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains a stack corruption vulnerability while parsing PCB files. An attacker could leverage this vulnerability to leak information in the context of the current process. (FG-VD-22-052, FG-VD-22-056) MEDIUM Jul 15, 2022 n/a
CVE-2022-34286 A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-051) MEDIUM Jul 15, 2022 n/a
CVE-2022-34285 A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. An attacker could leverage this vulnerability to leak information in the context of the current process. (FG-VD-22-050) MEDIUM Jul 15, 2022 n/a
CVE-2022-34284 A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-049) MEDIUM Jul 15, 2022 n/a
CVE-2022-34283 A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. An attacker could leverage this vulnerability to leak information in the context of the current process. (FG-VD-22-048) MEDIUM Jul 15, 2022 n/a
CVE-2022-34282 A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. An attacker could leverage this vulnerability to leak information in the context of the current process. (FG-VD-22-047) MEDIUM Jul 15, 2022 n/a
CVE-2022-34281 A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. An attacker could leverage this vulnerability to execute code in the context of the current process. (FG-VD-22-046) MEDIUM Jul 15, 2022 n/a
CVE-2022-34280 A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. An attacker could leverage this vulnerability to execute code in the context of the current process. (FG-VD-22-045) MEDIUM Jul 15, 2022 n/a
CVE-2022-34279 A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. An attacker could leverage this vulnerability to execute code in the context of the current process. (FG-VD-22-044) MEDIUM Jul 15, 2022 n/a
CVE-2022-34278 A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-043) MEDIUM Jul 15, 2022 n/a
CVE-2022-34277 A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-042) MEDIUM Jul 15, 2022 n/a
CVE-2022-34276 A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-041) MEDIUM Jul 15, 2022 n/a
CVE-2022-34275 A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-040) MEDIUM Jul 15, 2022 n/a
CVE-2022-34274 A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-039) MEDIUM Jul 15, 2022 n/a
CVE-2022-34273 A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-038) MEDIUM Jul 15, 2022 n/a
CVE-2022-34272 A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. An attacker could leverage this vulnerability to execute code in the context of the current process. (FG-VD-22-037, FG-VD-22-059) MEDIUM Jul 15, 2022 n/a
CVE-2022-34094 Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via request_token.php. MEDIUM Jul 15, 2022 n/a
CVE-2022-34093 Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via access_token.php. MEDIUM Jul 15, 2022 n/a
CVE-2022-34092 Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via svg2img.php. MEDIUM Jul 15, 2022 n/a
CVE-2022-33911 An issue was discovered in Couchbase Server 7.x before 7.0.4. Field names are not redacted in logged validation messages for Analytics Service. An Unauthorized Actor may be able to obtain Sensitive Information. MEDIUM Jul 12, 2022 n/a
CVE-2022-33736 A vulnerability has been identified in Opcenter Quality V13.1 (All versions < V13.1.20220624), Opcenter Quality V13.2 (All versions < V13.2.20220624). The affected applications do not properly validate login information during authentication. This could lead to denial of service condition for existing users or allow unauthenticated remote attackers to successfully login without credentials. MEDIUM Jul 12, 2022 n/a
CVE-2022-33713 Implicit Intent hijacking vulnerability in Samsung Cloud prior to version 5.2.0 allows attacker to get sensitive information. MEDIUM Jul 12, 2022 n/a
CVE-2022-33712 Intent redirection vulnerability using implict intent in Camera prior to versions 12.0.01.64 ,12.0.3.23, 12.0.0.98, 12.0.6.11, 12.0.3.19 in Android S(12) allows attacker to get sensitive information. MEDIUM Jul 12, 2022 n/a
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online