Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 161425 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2024-26138 The XWiki licensor application, which manages and enforce application licenses for paid extensions, includes the document `Licenses.Code.LicenseJSON` that provides information for admins regarding active licenses. This document is public and thus exposes this information publicly. The information includes the instance\'s id as well as first and last name and email of the license owner. This is a leak of information that isn\'t supposed to be public. The instance id allows associating data on the active installs data with the concrete XWiki instance. Active installs assures that there\'s no way to find who\'s having a given UUID (referring to the instance id). Further, the information who the license owner is and information about the obtained licenses can be used for targeted phishing attacks. Also, while user information is normally public, email addresses might only be displayed obfuscated, depending on the configuration. This has been fixed in Application Licensing 1.24.2. There are no known workarounds besides upgrading. -- Feb 22, 2024 n/a
CVE-2024-26136 kedi ElectronCord is a bot management tool for Discord. Commit aaaeaf4e6c99893827b2eea4dd02f755e1e24041 exposes an account access token in the `config.json` file. Malicious actors could potentially exploit this vulnerability to gain unauthorized access to sensitive information or perform malicious actions on behalf of the repository owner. As of time of publication, it is unknown whether the owner of the repository has rotated the token or taken other mitigation steps aside from informing users of the situation. -- Feb 20, 2024 n/a
CVE-2024-26135 MeshCentral is a full computer management web site. Versions prior to 1.1.21 a cross-site websocket hijacking (CSWSH) vulnerability within the control.ashx endpoint. This component is the primary mechanism used within MeshCentral to perform administrative actions on the server. The vulnerability is exploitable when an attacker is able to convince a victim end-user to click on a malicious link to a page hosting an attacker-controlled site. The attacker can then originate a cross-site websocket connection using client-side JavaScript code to connect to `control.ashx` as the victim user within MeshCentral. Version 1.1.21 contains a patch for this issue. -- Feb 20, 2024 n/a
CVE-2024-26134 cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) (RFC 8949) serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Version 5.6.2 contains a patch for this issue. -- Feb 20, 2024 n/a
CVE-2024-26133 EventStoreDB (ESDB) is an operational database built to store events. A vulnerability has been identified in the projections subsystem in versions 20 prior to 20.10.6, 21 prior to 21.10.11, 22 prior to 22.10.5, and 23 prior to 23.10.1. Only database instances that use custom projections are affected by this vulnerability. User passwords may become accessible to those who have access to the chunk files on disk, and users who have read access to system streams. Only users in the `$admins` group can access system streams by default. ESDB 23.10.1, 22.10.5, 21.10.11, and 20.10.6 contain a patch for this issue. Users should upgrade EventStoreDB, reset the passwords for current and previous members of `$admins` and `$ops` groups, and, if a password was reused in any other system, reset it in those systems to a unique password to follow best practices. If an upgrade cannot be done immediately, reset the passwords for current and previous members of `$admins` and `$ops` groups. Avoid creating custom projections until the patch has been applied. -- Feb 22, 2024 n/a
CVE-2024-26132 Element Android is an Android Matrix Client. A third-party malicious application installed on the same phone can force Element Android, version 0.91.0 through 1.6.12, to share files stored under the `files` directory in the application\'s private data directory to an arbitrary room. The impact of the attack is reduced by the fact that the databases stored in this folder are encrypted. However, it contains some other potentially sensitive information, such as the FCM token. Forks of Element Android which have set `android:exported=false` in the `AndroidManifest.xml` file for the `IncomingShareActivity` activity are not impacted. This issue is fixed in Element Android 1.6.12. There is no known workaround to mitigate the issue. -- Feb 29, 2024 n/a
CVE-2024-26131 Element Android is an Android Matrix Client. Element Android version 1.4.3 through 1.6.10 is vulnerable to intent redirection, allowing a third-party malicious application to start any internal activity by passing some extra parameters. Possible impact includes making Element Android display an arbitrary web page, executing arbitrary JavaScript; bypassing PIN code protection; and account takeover by spawning a login screen to send credentials to an arbitrary home server. This issue is fixed in Element Android 1.6.12. There is no known workaround to mitigate the issue. -- Feb 29, 2024 n/a
CVE-2024-26130 cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised. -- Feb 22, 2024 n/a
CVE-2024-26129 PrestaShop is an open-source e-commerce platform. Starting in version 8.1.0 and prior to version 8.1.4, PrestaShop is vulnerable to path disclosure in a JavaScript variable. A patch is available in version 8.1.4. -- Feb 20, 2024 n/a
CVE-2024-26128 baserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the content management feature. Version 5.0.9 contains a fix for this vulnerability. -- Feb 23, 2024 n/a
CVE-2024-26016 A low privilege authenticated user could import an existing dashboard or chart that they do not have access to and then modify its metadata, thereby gaining ownership of the object. However, it\'s important to note that access to the analytical data of these charts and dashboards would still be subject to validation based on data access privileges. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.Users are recommended to upgrade to version 3.1.1, which fixes the issue. -- Feb 28, 2024 n/a
CVE-2024-25983 Insufficient checks in a web service made it possible to add comments to the comments block on another user\'s dashboard when it was not otherwise available (e.g., on their profile page). -- Feb 20, 2024 n/a
CVE-2024-25982 The link to update all installed language packs did not include the necessary token to prevent a CSRF risk. -- Feb 20, 2024 n/a
CVE-2024-25981 Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers. -- Feb 20, 2024 n/a
CVE-2024-25980 Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers. -- Feb 20, 2024 n/a
CVE-2024-25979 The URL parameters accepted by forum search were not limited to the allowed parameters. -- Feb 20, 2024 n/a
CVE-2024-25978 Insufficient file size checks resulted in a denial of service risk in the file picker\'s unzip functionality. -- Feb 20, 2024 n/a
CVE-2024-25974 The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting (XSS) vulnerability. It is possible to upload files within the Media Center of OpenOlat version 18.1.5 (or lower) as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing an XSS payload can be uploaded. After a successful upload the file can be shared with groups of users (including admins) who can be attacked with the JavaScript payload. -- Feb 21, 2024 n/a
CVE-2024-25973 The Frentix GmbH OpenOlat LMS is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities. An attacker with rights to create or edit groups can create a course with a name that contains an XSS payload. Furthermore, attackers with the permissions to create or rename a catalog (sub-category) can enter unfiltered input in the name field. In addition, attackers who are allowed to create curriculums can also enter unfiltered input in the name field. This allows an attacker to execute stored JavaScript code with the permissions of the victim in the context of the user\'s browser. -- Feb 21, 2024 n/a
CVE-2024-25941 The jail(2) system call has not limited a visiblity of allocated TTYs (the kern.ttys sysctl). This gives rise to an information leak about processes outside the current jail. Attacker can get information about TTYs allocated on the host or in other jails. Effectively, the information printed by pstat -t may be leaked. -- Feb 15, 2024 n/a
CVE-2024-25940 `bhyveload -h <host-path>` may be used to grant loader access to the <host-path> directory tree on the host. Affected versions of bhyveload(8) do not make any attempt to restrict loader\'s access to <host-path>, allowing the loader to read any file the host user has access to. In the bhyveload(8) model, the host supplies a userboot.so to boot with, but the loader scripts generally come from the guest image. A maliciously crafted script could be used to exfiltrate sensitive data from the host accessible to the user running bhyhveload(8), which is often the system root. -- Feb 15, 2024 n/a
CVE-2024-25932 Cross-Site Request Forgery (CSRF) vulnerability in Manish Kumar Agarwal Change Table Prefix.This issue affects Change Table Prefix: from n/a through 2.0. -- Feb 29, 2024 n/a
CVE-2024-25931 Cross-Site Request Forgery (CSRF) vulnerability in Heureka Group Heureka.This issue affects Heureka: from n/a through 1.0.8. -- Feb 29, 2024 n/a
CVE-2024-25930 Cross-Site Request Forgery (CSRF) vulnerability in Nuggethon Custom Order Statuses for WooCommerce.This issue affects Custom Order Statuses for WooCommerce: from n/a through 1.5.2. -- Feb 29, 2024 n/a
CVE-2024-25928 Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Sitepact.This issue affects Sitepact: from n/a through 1.0.5. -- Feb 23, 2024 n/a
CVE-2024-25927 Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Joel Starnes postMash – custom post order.This issue affects postMash – custom post order: from n/a through 1.2.0. -- Feb 28, 2024 n/a
CVE-2024-25925 Unrestricted Upload of File with Dangerous Type vulnerability in SYSBASICS WooCommerce Easy Checkout Field Editor, Fees & Discounts.This issue affects WooCommerce Easy Checkout Field Editor, Fees & Discounts: from n/a through 3.5.12. -- Feb 26, 2024 n/a
CVE-2024-25915 Server-Side Request Forgery (SSRF) vulnerability in Raaj Trambadia Pexels: Free Stock Photos.This issue affects Pexels: Free Stock Photos: from n/a through 1.2.2. -- Feb 23, 2024 n/a
CVE-2024-25914 Cross-Site Request Forgery (CSRF) vulnerability in Photoboxone SMTP Mail.This issue affects SMTP Mail: from n/a through 1.3.20. -- Feb 13, 2024 n/a
CVE-2024-25913 Unrestricted Upload of File with Dangerous Type vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2. -- Feb 26, 2024 n/a
CVE-2024-25910 Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2. -- Feb 28, 2024 n/a
CVE-2024-25909 Unrestricted Upload of File with Dangerous Type vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2. -- Feb 26, 2024 n/a
CVE-2024-25905 Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi Step Form.This issue affects Multi Step Form: from n/a through 1.7.18. -- Feb 21, 2024 n/a
CVE-2024-25904 Cross-Site Request Forgery (CSRF) vulnerability in David Stockl TinyMCE and TinyMCE Advanced Professsional Formats and Styles.This issue affects TinyMCE and TinyMCE Advanced Professsional Formats and Styles: from n/a through 1.1.2. -- Feb 21, 2024 n/a
CVE-2024-25902 Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in miniorange Malware Scanner.This issue affects Malware Scanner: from n/a through 4.7.2. -- Feb 28, 2024 n/a
CVE-2024-25898 A XSS vulnerability was found in the ChurchCRM v.5.5.0 functionality, edit your event, where malicious JS or HTML code can be inserted in the Event Sermon field in EventEditor.php. -- Feb 22, 2024 n/a
CVE-2024-25897 ChurchCRM 5.5.0 FRCatalog.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter. -- Feb 22, 2024 n/a
CVE-2024-25896 ChurchCRM 5.5.0 EventEditor.php is vulnerable to Blind SQL Injection (Time-based) via the EID POST parameter. -- Feb 22, 2024 n/a
CVE-2024-25895 A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 5.5.0 allows remote attackers to inject arbitrary web script or HTML via the type parameter of /EventAttendance.php -- Feb 22, 2024 n/a
CVE-2024-25894 ChurchCRM 5.5.0 /EventEditor.php is vulnerable to Blind SQL Injection (Time-based) via the EventCount POST parameter. -- Feb 22, 2024 n/a
CVE-2024-25893 ChurchCRM 5.5.0 FRCertificates.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter. -- Feb 22, 2024 n/a
CVE-2024-25892 ChurchCRM 5.5.0 ConfirmReport.php is vulnerable to Blind SQL Injection (Time-based) via the familyId GET parameter. -- Feb 22, 2024 n/a
CVE-2024-25891 ChurchCRM 5.5.0 FRBidSheets.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter. -- Feb 22, 2024 n/a
CVE-2024-25876 A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field. -- Feb 22, 2024 n/a
CVE-2024-25875 A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field. -- Feb 22, 2024 n/a
CVE-2024-25874 A cross-site scripting (XSS) vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field. -- Feb 22, 2024 n/a
CVE-2024-25873 Enhavo v0.13.1 was discovered to contain an HTML injection vulnerability in the Author text field under the Blockquote module. This vulnerability allows attackers to execute arbitrary code via a crafted payload. -- Feb 22, 2024 n/a
CVE-2024-25869 An Unrestricted File Upload vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via upload of a crafted php file in the settings.php component. -- Feb 29, 2024 n/a
CVE-2024-25868 A Cross Site Scripting (XSS) vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via the membershipType parameter in the add_type.php component. -- Feb 29, 2024 n/a
CVE-2024-25867 A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the membershipType and membershipAmount parameters in the add_type.php component. -- Feb 29, 2024 n/a
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online