All customers except US A&D: to ensure that you can access all of your product downloads, you must log in to the Wind River Delivers portal https://delivers.windriver.com and visit the My Products page to force an initial sync of your product entitlement. Only after you’ve completed this step will you be able to access and download product content through the Artifacts, Registry, and Git interfaces. This also applies to users attempting to run the Wind River installer in maintenance or update mode or Linux installation updates at the command line.

Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 90207 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2022-23227 NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handle_import_user.php authentication. When combined with another flaw (CVE-2011-5325), it is possible to overwrite arbitrary files under the web root and achieve code execution as root. -- Jan 14, 2022 n/a
CVE-2022-23222 kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types. -- Jan 14, 2022 n/a
CVE-2022-23219 The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. -- Jan 14, 2022 n/a
CVE-2022-23218 The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. -- Jan 14, 2022 n/a
CVE-2022-23178 An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname and upassword fields. -- Jan 15, 2022 n/a
CVE-2022-23134 After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend. -- Jan 13, 2022 n/a
CVE-2022-23133 An authenticated user can create a hosts group from the configuration with XSS payload, which will be available for other users. When XSS is stored by an authenticated malicious actor and other users try to search for groups during new host creation, the XSS payload will fire and the actor can steal session cookies and perform session hijacking to impersonate users or take over their accounts. -- Jan 13, 2022 n/a
CVE-2022-23132 During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level -- Jan 13, 2022 n/a
CVE-2022-23131 In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified. Malicious unauthenticated actor may exploit this issue to escalate privileges and gain admin access to Zabbix Frontend. To perform the attack, SAML authentication is required to be enabled and the actor has to know the username of Zabbix user (or use the guest account, which is disabled by default). -- Jan 13, 2022 n/a
CVE-2022-23118 Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line `git` at an attacker-specified path on the controller, allowing attackers able to control agent processes to invoke arbitrary OS commands on the controller. -- Jan 13, 2022 n/a
CVE-2022-23117 Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller. -- Jan 13, 2022 n/a
CVE-2022-23116 Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method. -- Jan 13, 2022 n/a
CVE-2022-23115 Cross-site request forgery (CSRF) vulnerabilities in Jenkins batch task Plugin 1.19 and earlier allows attackers with Overall/Read access to retrieve logs, build or delete a batch task. -- Jan 13, 2022 n/a
CVE-2022-23114 Jenkins Publish Over SSH Plugin 1.22 and earlier stores password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. -- Jan 13, 2022 n/a
CVE-2022-23113 Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenkins controller files. -- Jan 13, 2022 n/a
CVE-2022-23112 A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials. -- Jan 13, 2022 n/a
CVE-2022-23111 A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials. -- Jan 13, 2022 n/a
CVE-2022-23110 Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission. -- Jan 13, 2022 n/a
CVE-2022-23109 Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault credentials in Pipeline build logs or in Pipeline step descriptions when Pipeline: Groovy Plugin 2.85 or later is installed. -- Jan 13, 2022 n/a
CVE-2022-23108 Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a badge, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. -- Jan 13, 2022 n/a
CVE-2022-23107 Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller file system. -- Jan 13, 2022 n/a
CVE-2022-23106 Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token. -- Jan 13, 2022 n/a
CVE-2022-23105 Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations. -- Jan 13, 2022 n/a
CVE-2022-23095 Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files. Unchecked input data from a crafted JPG file leads to memory corruption. An attacker can leverage this vulnerability to execute code in the context of the current process. -- Jan 15, 2022 n/a
CVE-2022-23094 Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6. -- Jan 16, 2022 n/a
CVE-2022-22991 A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP call. Addressed this vulnerability by disabling checks for internet connectivity using HTTP. -- Jan 14, 2022 n/a
CVE-2022-22990 A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. Addressed this vulnerability by changing access token validation logic and rewriting rule logic on PHP scripts. -- Jan 14, 2022 n/a
CVE-2022-22989 My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service. Addressed the vulnerability by adding defenses against stack overflow issues. -- Jan 14, 2022 n/a
CVE-2022-22988 File and directory permissions have been corrected to prevent unintended users from modifying or accessing resources. -- Jan 14, 2022 n/a
CVE-2022-22847 Formpipe Lasernet before 9.13.3 allows file inclusion in Client Web Services (either by an authenticated attacker, or in a configuration that does not require authentication). -- Jan 10, 2022 n/a
CVE-2022-22846 The dnslib package through 0.9.16 for Python does not verify that the ID value in a DNS reply matches an ID value in a query. -- Jan 10, 2022 n/a
CVE-2022-22845 QXIP SIPCAPTURE homer-app before 1.4.28 for HOMER 7.x has the same 167f0db2-f83e-4baa-9736-d56064a5b415 JWT secret key across different customers\' installations. -- Jan 10, 2022 n/a
CVE-2022-22844 tiffset: Global-buffer-overflow in _TIFFmemcpy, tif_unix.c -- Jan 10, 2022 n/a
CVE-2022-22836 CoreFTP Server before 727 allows directory traversal (for file creation) by an authenticated attacker via ../ in an HTTP PUT request. -- Jan 10, 2022 n/a
CVE-2022-22827 lib: Prevent more integer overflows MEDIUM Jan 9, 2022 n/a
CVE-2022-22826 lib: Prevent integer overflow at multiple places MEDIUM Jan 9, 2022 n/a
CVE-2022-22825 lib: Prevent integer overflow at multiple places MEDIUM Jan 9, 2022 n/a
CVE-2022-22824 lib: Prevent integer overflow at multiple places HIGH Jan 9, 2022 n/a
CVE-2022-22823 lib: Prevent integer overflow at multiple places HIGH Jan 9, 2022 n/a
CVE-2022-22822 lib: Prevent more integer overflows HIGH Jan 9, 2022 n/a
CVE-2022-22821 NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in which ../ Path Traversal may lead to deletion of any directory when admin privileges are available. -- Jan 10, 2022 n/a
CVE-2022-22817 Restrict builtins for ImageMath.eval() -- Jan 9, 2022 n/a
CVE-2022-22816 Fixed ImagePath.Path array handling -- Jan 9, 2022 n/a
CVE-2022-22815 Fixed ImagePath.Path array handling -- Jan 9, 2022 n/a
CVE-2022-22747 Crash when handling empty pkcs7 sequence -- Jan 14, 2022 n/a
CVE-2022-22707 In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes), as demonstrated by remote denial of service (daemon crash). MEDIUM Jan 6, 2022 n/a
CVE-2022-22704 The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration. HIGH Jan 6, 2022 n/a
CVE-2022-22702 PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when creating a part does not validate that requests can be made to local ports, allowing an authenticated user to carry out SSRF attacks and port enumeration. -- Jan 10, 2022 n/a
CVE-2022-22701 PartKeepr versions up to v1.4.0, loads attachments using a URL while creating a part and allows the use of the \'file://\' URI scheme, allowing an authenticated user to read local files. -- Jan 10, 2022 n/a
CVE-2022-22531 The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to run arbitrary script code, resulting in sensitive information being disclosed or modified. -- Jan 14, 2022 n/a
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online