Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 104130 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2022-33707 Improper identifier creation logic in Find My Mobile prior to version 7.2.24.12 allows attacker to identify the device. MEDIUM Jul 16, 2022 n/a
CVE-2022-33704 Improper validation vulnerability in ucmRetParcelable of KnoxSDK prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities. MEDIUM Jul 16, 2022 n/a
CVE-2022-33703 Improper validation vulnerability in CACertificateInfo prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities. MEDIUM Jul 16, 2022 n/a
CVE-2022-33695 Use of improper permission in InputManagerService prior to SMR Jul-2022 Release 1 allows unauthorized access to the service. MEDIUM Jul 15, 2022 n/a
CVE-2022-33642 Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30181, CVE-2022-33641, CVE-2022-33643, CVE-2022-33650, CVE-2022-33651, CVE-2022-33652, CVE-2022-33653, CVE-2022-33654, CVE-2022-33655, CVE-2022-33656, CVE-2022-33657, CVE-2022-33658, CVE-2022-33659, CVE-2022-33660, CVE-2022-33661, CVE-2022-33662, CVE-2022-33663, CVE-2022-33664, CVE-2022-33665, CVE-2022-33666, CVE-2022-33667, CVE-2022-33668, CVE-2022-33669, CVE-2022-33671, CVE-2022-33672, CVE-2022-33673, CVE-2022-33674, CVE-2022-33675, CVE-2022-33677. MEDIUM Jul 13, 2022 n/a
CVE-2022-33173 An algorithm-downgrade issue was discovered in Couchbase Server before 7.0.4. Analytics Remote Links may temporarily downgrade to non-TLS connection to determine the TLS port number, using SCRAM-SHA instead. MEDIUM Jul 12, 2022 n/a
CVE-2022-33157 The libconnect extension before 7.0.8 and 8.x before 8.1.0 for TYPO3 allows XSS. MEDIUM Jul 13, 2022 n/a
CVE-2022-33156 The matomo_integration (aka Matomo Integration) extension before 1.3.2 for TYPO3 allows XSS. MEDIUM Jul 13, 2022 n/a
CVE-2022-33138 A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). Affected devices do not perform authentication for several web API endpoints. This could allow an unauthenticated remote attacker to read and download data from the device. MEDIUM Jul 15, 2022 n/a
CVE-2022-33137 A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). The web session management of affected devices does not invalidate session ids in certain logout scenarios. This could allow an authenticated remote attacker to hijack other users\' sessions. MEDIUM Jul 15, 2022 n/a
CVE-2022-32434 EIPStackGroup OpENer v2.3.0 was discovered to contain a stack overflow via /bin/posix/src/ports/POSIX/OpENer+0x56073d. MEDIUM Jul 16, 2022 n/a
CVE-2022-32416 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_product. MEDIUM Jul 15, 2022 n/a
CVE-2022-32415 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/?p=products/view_product&id=. MEDIUM Jul 15, 2022 n/a
CVE-2022-32406 GtkRadiant v1.6.6 was discovered to contain a buffer overflow via the component q3map2. This vulnerability can cause a Denial of Service (DoS) via a crafted MAP file. MEDIUM Jul 15, 2022 n/a
CVE-2022-32317 The MPlayer Project v1.5 was discovered to contain a heap use-after-free resulting in a double free in the preinit function at libvo/vo_v4l2.c. This vulnerability can lead to a Denial of Service (DoS) via a crafted file. MEDIUM Jul 15, 2022 n/a
CVE-2022-32298 Toybox v0.8.7 was discovered to contain a NULL pointer dereference via the component httpd.c. This vulnerability can lead to a Denial of Service (DoS) via unspecified vectors. MEDIUM Jul 15, 2022 n/a
CVE-2022-32297 Piwigo v12.2.0 was discovered to contain SQL injection vulnerability via the Search function. MEDIUM Jul 15, 2022 n/a
CVE-2022-32249 Under special integration scenario of SAP Business one and SAP HANA - version 10.0, an attacker can exploit HANA cockpit?s data volume to gain access to highly sensitive information (e.g., high privileged account credentials) MEDIUM Jul 13, 2022 n/a
CVE-2022-32248 Due to missing input validation in the Manage Checkbooks component of SAP S/4HANA - version 101, 102, 103, 104, 105, 106, an attacker could insert or edit the value of an existing field in the database. This leads to an impact on the integrity of the data. MEDIUM Jul 13, 2022 n/a
CVE-2022-32247 SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the User inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. MEDIUM Jul 13, 2022 n/a
CVE-2022-32246 SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. On successful exploitation, the attacker can cause limited impact on confidentiality and integrity of the application MEDIUM Jul 13, 2022 n/a
CVE-2022-32114 An unrestricted file upload vulnerability in the Add New Assets function of Strapi v4.1.12 allows attackers to execute arbitrary code via a crafted file. MEDIUM Jul 14, 2022 n/a
CVE-2022-32096 Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via the component r_jwe_aesgcm_key_unwrap. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted JWE token. MEDIUM Jul 13, 2022 n/a
CVE-2022-31904 EGT-Kommunikationstechnik UG Mediacenter before v2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Online_Update.php. MEDIUM Jul 12, 2022 n/a
CVE-2022-31598 Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed operation. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. MEDIUM Jul 16, 2022 n/a
CVE-2022-31597 Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of privileges leading to low impact on confidentiality and integrity of the data. MEDIUM Jul 13, 2022 n/a
CVE-2022-31593 SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. MEDIUM Jul 16, 2022 n/a
CVE-2022-31592 The application SAP Enterprise Extension Defense Forces & Public Security - versions 605, 606, 616,617,618, 802, 803, 804, 805, 806, does not perform necessary authorization checks for an authenticated user over the network, resulting in escalation of privileges leading to a limited impact on confidentiality. MEDIUM Jul 16, 2022 n/a
CVE-2022-31591 SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a search path that contains an unquoted element. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service MEDIUM Jul 16, 2022 n/a
CVE-2022-31588 The zippies/testplatform repository through 2016-07-19 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. MEDIUM Jul 15, 2022 n/a
CVE-2022-31587 The yuriyouzhou/KG-fashion-chatbot repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. MEDIUM Jul 15, 2022 n/a
CVE-2022-31586 The unizar-30226-2019-06/ChangePop-Back repository through 2019-06-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. MEDIUM Jul 15, 2022 n/a
CVE-2022-31585 The umeshpatil-dev/Home__internet repository through 2020-08-28 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. MEDIUM Jul 15, 2022 n/a
CVE-2022-31584 The stonethree/s3label repository through 2019-08-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. MEDIUM Jul 15, 2022 n/a
CVE-2022-31583 The sravaniboinepelli/AutomatedQuizEval repository through 2020-04-27 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. MEDIUM Jul 15, 2022 n/a
CVE-2022-31582 The shaolo1/VideoServer repository through 2019-09-21 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. MEDIUM Jul 15, 2022 n/a
CVE-2022-31581 The scorelab/OpenMF repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. MEDIUM Jul 15, 2022 n/a
CVE-2022-31580 The sanojtharindu/caretakerr-api repository through 2021-05-17 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. MEDIUM Jul 15, 2022 n/a
CVE-2022-31579 The ralphjzhang/iasset repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. MEDIUM Jul 15, 2022 n/a
CVE-2022-31578 The piaoyunsoft/bt_lnmp repository through 2019-10-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. MEDIUM Jul 15, 2022 n/a
CVE-2022-31577 The longmaoteamtf/audio_aligner_app repository through 2020-01-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. MEDIUM Jul 15, 2022 n/a
CVE-2022-31576 The heidi-luong1109/shackerpanel repository through 2021-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. MEDIUM Jul 15, 2022 n/a
CVE-2022-31575 The duducosmos/livro_python repository through 2018-06-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. MEDIUM Jul 15, 2022 n/a
CVE-2022-31574 The deepaliupadhyay/RealEstate repository through 2018-11-30 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. MEDIUM Jul 15, 2022 n/a
CVE-2022-31573 The chainer/chainerrl-visualizer repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. MEDIUM Jul 15, 2022 n/a
CVE-2022-31572 The ceee-vip/cockybook repository through 2015-04-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. MEDIUM Jul 15, 2022 n/a
CVE-2022-31571 The akashtalole/python-flask-restful-api repository through 2019-09-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. MEDIUM Jul 15, 2022 n/a
CVE-2022-31569 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that no specific affected product had been identified. Notes: none. MEDIUM Jul 15, 2022 n/a
CVE-2022-31568 The Rexians/rex-web repository through 2022-06-05 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. MEDIUM Jul 15, 2022 n/a
CVE-2022-31567 The DSABenchmark/DSAB repository through 2.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. MEDIUM Jul 15, 2022 n/a
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online