Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 167607 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2022-34093 Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via access_token.php. MEDIUM Jul 15, 2022 n/a
CVE-2022-34092 Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via svg2img.php. MEDIUM Jul 15, 2022 n/a
CVE-2022-33911 An issue was discovered in Couchbase Server 7.x before 7.0.4. Field names are not redacted in logged validation messages for Analytics Service. An Unauthorized Actor may be able to obtain Sensitive Information. MEDIUM Jul 12, 2022 n/a
CVE-2022-33736 A vulnerability has been identified in Opcenter Quality V13.1 (All versions < V13.1.20220624), Opcenter Quality V13.2 (All versions < V13.2.20220624). The affected applications do not properly validate login information during authentication. This could lead to denial of service condition for existing users or allow unauthenticated remote attackers to successfully login without credentials. MEDIUM Jul 12, 2022 n/a
CVE-2022-33713 Implicit Intent hijacking vulnerability in Samsung Cloud prior to version 5.2.0 allows attacker to get sensitive information. MEDIUM Jul 12, 2022 n/a
CVE-2022-33712 Intent redirection vulnerability using implict intent in Camera prior to versions 12.0.01.64 ,12.0.3.23, 12.0.0.98, 12.0.6.11, 12.0.3.19 in Android S(12) allows attacker to get sensitive information. MEDIUM Jul 12, 2022 n/a
CVE-2022-33707 Improper identifier creation logic in Find My Mobile prior to version 7.2.24.12 allows attacker to identify the device. MEDIUM Jul 16, 2022 n/a
CVE-2022-33704 Improper validation vulnerability in ucmRetParcelable of KnoxSDK prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities. MEDIUM Jul 16, 2022 n/a
CVE-2022-33703 Improper validation vulnerability in CACertificateInfo prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities. MEDIUM Jul 16, 2022 n/a
CVE-2022-33695 Use of improper permission in InputManagerService prior to SMR Jul-2022 Release 1 allows unauthorized access to the service. MEDIUM Jul 15, 2022 n/a
CVE-2022-33678 Azure Site Recovery Remote Code Execution Vulnerability MEDIUM Jul 13, 2022 n/a
CVE-2022-33677 Azure Site Recovery Elevation of Privilege Vulnerability MEDIUM Jul 13, 2022 n/a
CVE-2022-33676 Azure Site Recovery Remote Code Execution Vulnerability MEDIUM Jul 13, 2022 n/a
CVE-2022-33675 Azure Site Recovery Elevation of Privilege Vulnerability MEDIUM Jul 13, 2022 n/a
CVE-2022-33674 Azure Site Recovery Elevation of Privilege Vulnerability MEDIUM Jul 13, 2022 n/a
CVE-2022-33673 Azure Site Recovery Elevation of Privilege Vulnerability MEDIUM Jul 13, 2022 n/a
CVE-2022-33672 Azure Site Recovery Elevation of Privilege Vulnerability MEDIUM Jul 13, 2022 n/a
CVE-2022-33671 Azure Site Recovery Elevation of Privilege Vulnerability MEDIUM Jul 13, 2022 n/a
CVE-2022-33669 Azure Site Recovery Elevation of Privilege Vulnerability MEDIUM Jul 13, 2022 n/a
CVE-2022-33668 Azure Site Recovery Elevation of Privilege Vulnerability MEDIUM Jul 13, 2022 n/a
CVE-2022-33667 Azure Site Recovery Elevation of Privilege Vulnerability MEDIUM Jul 13, 2022 n/a
CVE-2022-33666 Azure Site Recovery Elevation of Privilege Vulnerability MEDIUM Jul 13, 2022 n/a
CVE-2022-33665 Azure Site Recovery Elevation of Privilege Vulnerability MEDIUM Jul 13, 2022 n/a
CVE-2022-33664 Azure Site Recovery Elevation of Privilege Vulnerability MEDIUM Jul 13, 2022 n/a
CVE-2022-33663 Azure Site Recovery Elevation of Privilege Vulnerability MEDIUM Jul 13, 2022 n/a
CVE-2022-33662 Azure Site Recovery Elevation of Privilege Vulnerability MEDIUM Jul 13, 2022 n/a
CVE-2022-33661 Azure Site Recovery Elevation of Privilege Vulnerability MEDIUM Jul 13, 2022 n/a
CVE-2022-33660 Azure Site Recovery Elevation of Privilege Vulnerability MEDIUM Jul 13, 2022 n/a
CVE-2022-33659 Azure Site Recovery Elevation of Privilege Vulnerability MEDIUM Jul 13, 2022 n/a
CVE-2022-33658 Azure Site Recovery Elevation of Privilege Vulnerability MEDIUM Jul 13, 2022 n/a
CVE-2022-33657 Azure Site Recovery Elevation of Privilege Vulnerability MEDIUM Jul 13, 2022 n/a
CVE-2022-33656 Azure Site Recovery Elevation of Privilege Vulnerability MEDIUM Jul 13, 2022 n/a
CVE-2022-33655 Azure Site Recovery Elevation of Privilege Vulnerability MEDIUM Jul 13, 2022 n/a
CVE-2022-33654 Azure Site Recovery Elevation of Privilege Vulnerability MEDIUM Jul 13, 2022 n/a
CVE-2022-33653 Azure Site Recovery Elevation of Privilege Vulnerability MEDIUM Jul 13, 2022 n/a
CVE-2022-33652 Azure Site Recovery Elevation of Privilege Vulnerability MEDIUM Jul 13, 2022 n/a
CVE-2022-33651 Azure Site Recovery Elevation of Privilege Vulnerability MEDIUM Jul 13, 2022 n/a
CVE-2022-33650 Azure Site Recovery Elevation of Privilege Vulnerability MEDIUM Jul 13, 2022 n/a
CVE-2022-33644 Xbox Live Save Service Elevation of Privilege Vulnerability MEDIUM Jul 13, 2022 n/a
CVE-2022-33643 Azure Site Recovery Elevation of Privilege Vulnerability MEDIUM Jul 13, 2022 n/a
CVE-2022-33642 Azure Site Recovery Elevation of Privilege Vulnerability MEDIUM Jul 13, 2022 n/a
CVE-2022-33641 Azure Site Recovery Elevation of Privilege Vulnerability MEDIUM Jul 13, 2022 n/a
CVE-2022-33637 Microsoft Defender for Endpoint Tampering Vulnerability MEDIUM Jul 13, 2022 n/a
CVE-2022-33633 Skype for Business and Lync Remote Code Execution Vulnerability MEDIUM Jul 13, 2022 n/a
CVE-2022-33632 Microsoft Office Security Feature Bypass Vulnerability MEDIUM Jul 13, 2022 n/a
CVE-2022-33173 An algorithm-downgrade issue was discovered in Couchbase Server before 7.0.4. Analytics Remote Links may temporarily downgrade to non-TLS connection to determine the TLS port number, using SCRAM-SHA instead. MEDIUM Jul 12, 2022 n/a
CVE-2022-33157 The libconnect extension before 7.0.8 and 8.x before 8.1.0 for TYPO3 allows XSS. MEDIUM Jul 13, 2022 n/a
CVE-2022-33156 The matomo_integration (aka Matomo Integration) extension before 1.3.2 for TYPO3 allows XSS. MEDIUM Jul 13, 2022 n/a
CVE-2022-33138 A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). Affected devices do not perform authentication for several web API endpoints. This could allow an unauthenticated remote attacker to read and download data from the device. MEDIUM Jul 15, 2022 n/a
CVE-2022-33137 A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). The web session management of affected devices does not invalidate session ids in certain logout scenarios. This could allow an authenticated remote attacker to hijack other users\' sessions. MEDIUM Jul 15, 2022 n/a
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online