Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 101446 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2022-33114 Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinal_cms/system/dict/list. -- Jun 23, 2022 n/a
CVE-2022-33113 Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module. -- Jun 23, 2022 n/a
CVE-2022-33105 Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID. -- Jun 23, 2022 n/a
CVE-2022-33097 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/campus/campus_job. -- Jun 23, 2022 n/a
CVE-2022-33096 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/resume/index. -- Jun 23, 2022 n/a
CVE-2022-33095 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/jobfairol/resumelist. -- Jun 23, 2022 n/a
CVE-2022-33094 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/job/map. -- Jun 23, 2022 n/a
CVE-2022-33093 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the key parameter at /freelance/resume_list. -- Jun 23, 2022 n/a
CVE-2022-33092 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/job/index. -- Jun 23, 2022 n/a
CVE-2022-33070 Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. -- Jun 23, 2022 n/a
CVE-2022-33069 Ethereum Solidity v0.8.14 contains an assertion failure via SMTEncoder::indexOrMemberAssignment() at SMTEncoder.cpp. -- Jun 23, 2022 n/a
CVE-2022-33068 An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors. -- Jun 23, 2022 n/a
CVE-2022-33067 Lrzip v0.651 was discovered to contain multiple invalid arithmetic shifts via the functions get_magic in lrzip.c and Predictor::init in libzpaq/libzpaq.cpp. These vulnerabilities allow attackers to cause a Denial of Service via unspecified vectors. -- Jun 23, 2022 n/a
CVE-2022-33056 Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/schedules/manage_schedule.php. -- Jun 21, 2022 n/a
CVE-2022-33055 Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/trains/manage_train.php. -- Jun 21, 2022 n/a
CVE-2022-33049 Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/?page=user/manage_user. -- Jun 21, 2022 n/a
CVE-2022-33048 Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/reservations/view_details.php. -- Jun 21, 2022 n/a
CVE-2022-33034 LibreDWG v0.12.4.4608 was discovered to contain a stack overflow via the function copy_bytes at decode_r2007.c. -- Jun 23, 2022 n/a
CVE-2022-33033 LibreDWG v0.12.4.4608 was discovered to contain a double-free via the function dwg_read_file at dwg.c. -- Jun 23, 2022 n/a
CVE-2022-33032 LibreDWG v0.12.4.4608 was discovered to contain a heap-buffer-overflow via the function decode_preR13_section_hdr at decode_r11.c. -- Jun 23, 2022 n/a
CVE-2022-33028 LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function dwg_add_object at decode.c. -- Jun 23, 2022 n/a
CVE-2022-33027 LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function dwg_add_handleref at dwg.c. -- Jun 23, 2022 n/a
CVE-2022-33026 LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c. -- Jun 23, 2022 n/a
CVE-2022-33025 LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function decode_preR13_section at decode_r11.c. -- Jun 23, 2022 n/a
CVE-2022-33024 There is an Assertion `int decode_preR13_entities(BITCODE_RL, BITCODE_RL, unsigned int, BITCODE_RL, BITCODE_RL, Bit_Chain *, Dwg_Data *\' failed at dwg2dxf: decode.c:5801 in libredwg v0.12.4.4608. -- Jun 23, 2022 n/a
CVE-2022-33004 The Beginner package in PyPI v0.0.2 to v0.0.4 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. -- Jun 25, 2022 n/a
CVE-2022-33003 The watools package in PyPI v0.0.1 to v0.0.8 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. -- Jun 25, 2022 n/a
CVE-2022-33002 The KGExplore package in PyPI v0.1.1 to v0.1.2 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. -- Jun 25, 2022 n/a
CVE-2022-33001 The AAmiles package in PyPI v0.1.0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. -- Jun 25, 2022 n/a
CVE-2022-33000 The ML-Scanner package in PyPI v0.1.0 to v0.1.5 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. -- Jun 25, 2022 n/a
CVE-2022-32999 The cloudlabeling package in PyPI v0.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. -- Jun 25, 2022 n/a
CVE-2022-32998 The cryptoasset-data-downloader package in PyPI v1.0.0 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. -- Jun 25, 2022 n/a
CVE-2022-32997 The RootInteractive package in PyPI v0.0.5 to v0.0.19b0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. -- Jun 25, 2022 n/a
CVE-2022-32996 The django-navbar-client package of v0.9.50 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. -- Jun 25, 2022 n/a
CVE-2022-32992 Online Tours And Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the tname parameter at /admin/operations/tax.php. MEDIUM Jun 15, 2022 n/a
CVE-2022-32991 Web Based Quiz System v1.0 was discovered to contain a SQL injection vulnerability via the eid parameter at welcome.php. MEDIUM Jun 15, 2022 n/a
CVE-2022-32990 An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via a crafted XCF file, causing a Denial of Service (DoS). -- Jun 24, 2022 n/a
CVE-2022-32987 Multiple cross-site scripting (XSS) vulnerabilities in /bsms/?page=manage_account of Simple Bakery Shop Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username or Full Name fields. -- Jun 24, 2022 n/a
CVE-2022-32983 Knot Resolver through 5.5.1 may allow DNS cache poisoning when there is an attempt to limit forwarding actions by filters. -- Jun 21, 2022 n/a
CVE-2022-32981 An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers. -- Jun 10, 2022 n/a
CVE-2022-32978 There is an assertion failure in SingleComponentLSScan::ParseMCU in singlecomponentlsscan.cpp in libjpeg before 1.64 via an empty JPEG-LS scan. MEDIUM Jun 10, 2022 n/a
CVE-2022-32974 An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials. -- Jun 21, 2022 n/a
CVE-2022-32973 An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges. -- Jun 21, 2022 n/a
CVE-2022-32741 Attacker is able to determine if the provided username exists (and it\'s valid) using Request New Password feature, based on the response time. MEDIUM Jun 13, 2022 n/a
CVE-2022-32740 A reply to a forwarded email article by a 3rd party could unintensionally expose the email content to the ticket customer under certain circumstances. MEDIUM Jun 13, 2022 n/a
CVE-2022-32739 When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number. MEDIUM Jun 13, 2022 n/a
CVE-2022-32565 An issue was discovered in Couchbase Server before 7.0.4. The Backup Service log leaks unredacted usernames and document ids. MEDIUM Jun 14, 2022 n/a
CVE-2022-32564 An issue was discovered in Couchbase Server before 7.0.4. In couchbase-cli, server-eshell leaks the Cluster Manager cookie. MEDIUM Jun 14, 2022 n/a
CVE-2022-32563 An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, the admin credentials provided to the Admin REST API are ignored, resulting in privilege escalation for unauthenticated users. The Public REST API is not impacted by this issue. A workaround is to replace X.509 certificate based authentication with Username and Password authentication inside the bootstrap configuration. MEDIUM Jun 10, 2022 n/a
CVE-2022-32562 An issue was discovered in Couchbase Server before 7.0.4. Operations may succeed on a collection using stale RBAC permission. MEDIUM Jun 14, 2022 n/a
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online