Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 101888 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2022-34495 rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. -- Jun 26, 2022 n/a
CVE-2022-34494 rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. -- Jun 26, 2022 n/a
CVE-2022-34491 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-29969. Reason: This candidate is a duplicate of CVE-2022-29969. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2022-29969 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. -- Jun 25, 2022 n/a
CVE-2022-34328 PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=author_see request to index.php. MEDIUM Jun 23, 2022 n/a
CVE-2022-34305 In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability. MEDIUM Jun 23, 2022 n/a
CVE-2022-34300 In tinyexr 1.0.1, there is a heap-based buffer over-read in tinyexr::DecodePixelData. MEDIUM Jun 23, 2022 n/a
CVE-2022-34299 There is a heap-based buffer over-read in libdwarf 0.4.0. This issue is related to dwarf_global_formref_b. MEDIUM Jun 23, 2022 n/a
CVE-2022-34298 The NT auth module in OpenAM before 14.6.6 allows a replace Samba username attack. -- Jun 23, 2022 n/a
CVE-2022-34296 In Zalando Skipper before 0.13.218, a query predicate could be bypassed via a prepared request. -- Jun 23, 2022 n/a
CVE-2022-34295 totd before 1.5.3 does not properly randomize mesg IDs. -- Jun 23, 2022 n/a
CVE-2022-34213 Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. MEDIUM Jun 23, 2022 n/a
CVE-2022-34212 A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request to an attacker-specified URL. LOW Jun 23, 2022 n/a
CVE-2022-34211 A cross-site request forgery (CSRF) vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL. MEDIUM Jun 23, 2022 n/a
CVE-2022-34210 A missing permission check in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. MEDIUM Jun 23, 2022 n/a
CVE-2022-34209 A cross-site request forgery (CSRF) vulnerability in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers to connect to an attacker-specified URL. MEDIUM Jun 23, 2022 n/a
CVE-2022-34208 A missing permission check in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. MEDIUM Jun 23, 2022 n/a
CVE-2022-34207 A cross-site request forgery (CSRF) vulnerability in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers to connect to an attacker-specified URL. MEDIUM Jun 23, 2022 n/a
CVE-2022-34206 A missing permission check in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers with Overall/Read permission to send HTTP POST requests to an attacker-specified URL. MEDIUM Jun 23, 2022 n/a
CVE-2022-34205 A cross-site request forgery (CSRF) vulnerability in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers to send HTTP POST requests to an attacker-specified URL. MEDIUM Jun 23, 2022 n/a
CVE-2022-34204 A missing permission check in Jenkins EasyQA Plugin 1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server. MEDIUM Jun 23, 2022 n/a
CVE-2022-34203 A cross-site request forgery (CSRF) vulnerability in Jenkins EasyQA Plugin 1.0 and earlier allows attackers to connect to an attacker-specified HTTP server. MEDIUM Jun 23, 2022 n/a
CVE-2022-34202 Jenkins EasyQA Plugin 1.0 and earlier stores user passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. MEDIUM Jun 23, 2022 n/a
CVE-2022-34201 A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. MEDIUM Jun 23, 2022 n/a
CVE-2022-34200 A cross-site request forgery (CSRF) vulnerability in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers to connect to an attacker-specified URL. MEDIUM Jun 23, 2022 n/a
CVE-2022-34199 Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. MEDIUM Jun 23, 2022 n/a
CVE-2022-34198 Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier does not escape the name and description of Stash Branch parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. LOW Jun 23, 2022 n/a
CVE-2022-34197 Jenkins Sauce OnDemand Plugin 1.204 and earlier does not escape the name and description of Sauce Labs Browsers parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. LOW Jun 23, 2022 n/a
CVE-2022-34196 Jenkins REST List Parameter Plugin 1.5.2 and earlier does not escape the name and description of REST list parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. LOW Jun 23, 2022 n/a
CVE-2022-34195 Jenkins Repository Connector Plugin 2.2.0 and earlier does not escape the name and description of Maven Repository Artifact parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. LOW Jun 23, 2022 n/a
CVE-2022-34194 Jenkins Readonly Parameter Plugin 1.0.0 and earlier does not escape the name and description of Readonly String and Readonly Text parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. LOW Jun 23, 2022 n/a
CVE-2022-34193 Jenkins Package Version Plugin 1.0.1 and earlier does not escape the name of Package version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. LOW Jun 23, 2022 n/a
CVE-2022-34192 Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. LOW Jun 23, 2022 n/a
CVE-2022-34191 Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.77 and earlier does not escape the name of NetStorm Test parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. LOW Jun 23, 2022 n/a
CVE-2022-34190 Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. LOW Jun 23, 2022 n/a
CVE-2022-34189 Jenkins Image Tag Parameter Plugin 1.10 and earlier does not escape the name and description of Image Tag parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. LOW Jun 23, 2022 n/a
CVE-2022-34188 Jenkins Hidden Parameter Plugin 0.0.4 and earlier does not escape the name and description of Hidden Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. LOW Jun 23, 2022 n/a
CVE-2022-34187 Jenkins Filesystem List Parameter Plugin 0.0.7 and earlier does not escape the name and description of File system objects list parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. LOW Jun 23, 2022 n/a
CVE-2022-34186 Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and description of Moded Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. LOW Jun 23, 2022 n/a
CVE-2022-34185 Jenkins Date Parameter Plugin 0.0.4 and earlier does not escape the name and description of Date parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. LOW Jun 23, 2022 n/a
CVE-2022-34184 Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not escape the name and description of CRX Content Package Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. LOW Jun 23, 2022 n/a
CVE-2022-34183 Jenkins Agent Server Parameter Plugin 1.1 and earlier does not escape the name and description of Agent Server parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. LOW Jun 23, 2022 n/a
CVE-2022-34182 Jenkins Nested View Plugin 1.20 through 1.25 (both inclusive) does not escape search parameters, resulting in a reflected cross-site scripting (XSS) vulnerability. MEDIUM Jun 23, 2022 n/a
CVE-2022-34181 Jenkins xUnit Plugin 3.0.8 and earlier implements an agent-to-controller message that creates a user-specified directory if it doesn\'t exist, and parsing files inside it as test results, allowing attackers able to control agent processes to create an arbitrary directory on the Jenkins controller or to obtain test results from existing files in an attacker-specified directory. MEDIUM Jun 23, 2022 n/a
CVE-2022-34180 Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for unprotected status badge access, allowing attackers without any permissions to obtain the build status badge icon for any attacker-specified job and/or build. MEDIUM Jun 23, 2022 n/a
CVE-2022-34179 Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specifying a `style` query parameter that is used to choose a different SVG image style without restricting possible values, resulting in a relative path traversal vulnerability that allows attackers without Overall/Read permission to specify paths to other SVG images on the Jenkins controller file system. MEDIUM Jun 23, 2022 n/a
CVE-2022-34178 Jenkins Embeddable Build Status Plugin 2.0.3 allows specifying a \'link\' query parameter that build status badges will link to, without restricting possible values, resulting in a reflected cross-site scripting (XSS) vulnerability. MEDIUM Jun 23, 2022 n/a
CVE-2022-34177 Jenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and earlier archives files uploaded for `file` parameters for Pipeline `input` steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers able to configure Pipelines to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content. MEDIUM Jun 23, 2022 n/a
CVE-2022-34176 Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission. LOW Jun 23, 2022 n/a
CVE-2022-34175 Jenkins 2.335 through 2.355 (both inclusive) allows attackers in some cases to bypass a protection mechanism, thereby directly accessing some view fragments containing sensitive information, bypassing any permission checks in the corresponding view. MEDIUM Jun 23, 2022 n/a
CVE-2022-34174 In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm. MEDIUM Jun 23, 2022 n/a
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online