Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 174136 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2024-36547 idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/vpsClass_deal.php?mudi=add -- Jun 4, 2024 n/a
CVE-2024-36472 In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource consumption or other impacts depending on the JavaScript code\'s behavior. -- May 28, 2024 n/a
CVE-2024-36470 In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 authentication bypass was possible in specific edge cases -- May 29, 2024 n/a
CVE-2024-36428 OrangeHRM 3.3.3 allows admin/viewProjects sortOrder SQL injection. -- May 28, 2024 n/a
CVE-2024-36427 The file-serving function in TARGIT Decision Suite 23.2.15007 allows authenticated attackers to read or write to server files via a crafted file request. This can allow code execution via a .xview file. -- May 29, 2024 n/a
CVE-2024-36426 In TARGIT Decision Suite 23.2.15007.0 before Autumn 2023, the session token is part of the URL and may be sent in a cleartext HTTP session. -- May 28, 2024 n/a
CVE-2024-36400 nano-id is a unique string ID generator for Rust. Affected versions of the nano-id crate incorrectly generated IDs using a reduced character set in the `nano_id::base62` and `nano_id::base58` functions. Specifically, the `base62` function used a character set of 32 symbols instead of the intended 62 symbols, and the `base58` function used a character set of 16 symbols instead of the intended 58 symbols. Additionally, the `nano_id::gen` macro is also affected when a custom character set that is not a power of 2 in size is specified. It should be noted that `nano_id::base64` is not affected by this vulnerability. This can result in a significant reduction in entropy, making the generated IDs predictable and vulnerable to brute-force attacks when the IDs are used in security-sensitive contexts such as session tokens or unique identifiers. The vulnerability is fixed in 0.4.0. -- Jun 4, 2024 n/a
CVE-2024-36399 Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser(). The users permission to add users to a project only get checked on the URL parameter project_id. If the user is authorized to add users to this project the request gets processed. The users permission for the POST BODY parameter project_id does not get checked again while processing. An attacker with the \'Project Manager\' on a single project may take over any other project. The vulnerability is fixed in 1.2.37. -- Jun 6, 2024 n/a
CVE-2024-36394 SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command (\'OS Command Injection\') -- Jun 6, 2024 n/a
CVE-2024-36393 SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') -- Jun 6, 2024 n/a
CVE-2024-36392 MileSight DeviceHub - CWE-79: Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') -- Jun 3, 2024 n/a
CVE-2024-36391 MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In-The-Middle Traffic -- Jun 3, 2024 n/a
CVE-2024-36390 MileSight DeviceHub - CWE-20 Improper Input Validation may allow Denial of Service -- Jun 3, 2024 n/a
CVE-2024-36389 MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values may allow Authentication Bypass -- Jun 3, 2024 n/a
CVE-2024-36388 MileSight DeviceHub - CWE-305 Missing Authentication for Critical Function -- Jun 3, 2024 n/a
CVE-2024-36384 Pointsharp Cryptshare Server before 7.0.0 has an XSS issue that is related to notification messages. -- May 28, 2024 n/a
CVE-2024-36383 An issue was discovered in Logpoint SAML Authentication before 6.0.3. An attacker can place a crafted filename in the state field of a SAML SSO-URL response, and the file corresponding to this filename will ultimately be deleted. This can lead to a SAML Authentication login outage. -- May 28, 2024 n/a
CVE-2024-36378 In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth tokens -- May 29, 2024 n/a
CVE-2024-36377 In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user permissions -- May 29, 2024 n/a
CVE-2024-36376 In JetBrains TeamCity before 2024.03.2 users could perform actions that should not be available to them based on their permissions -- May 29, 2024 n/a
CVE-2024-36375 In JetBrains TeamCity before 2024.03.2 technical information regarding TeamCity server could be exposed -- May 29, 2024 n/a
CVE-2024-36374 In JetBrains TeamCity before 2024.03.2 stored XSS via build step settings was possible -- May 29, 2024 n/a
CVE-2024-36373 In JetBrains TeamCity before 2024.03.2 several stored XSS in untrusted builds settings were possible -- May 29, 2024 n/a
CVE-2024-36372 In JetBrains TeamCity before 2023.05.6 reflected XSS on the subscriptions page was possible -- May 29, 2024 n/a
CVE-2024-36371 In JetBrains TeamCity before 2023.05.6, 2023.11.5 stored XSS in Commit status publisher was possible -- May 29, 2024 n/a
CVE-2024-36370 In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via OAuth connection settings was possible -- May 29, 2024 n/a
CVE-2024-36369 In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via issue tracker integration was possible -- May 29, 2024 n/a
CVE-2024-36368 In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 reflected XSS via OAuth provider configuration was possible -- May 29, 2024 n/a
CVE-2024-36367 In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 stored XSS via third-party reports was possible -- May 29, 2024 n/a
CVE-2024-36366 In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 an XSS could be executed via certain report grouping and filtering operations -- May 29, 2024 n/a
CVE-2024-36365 In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 a third-party agent could impersonate a cloud agent -- May 29, 2024 n/a
CVE-2024-36364 In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 improper access control in Pull Requests and Commit status publisher build features was possible -- May 29, 2024 n/a
CVE-2024-36363 In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 several Stored XSS in code inspection reports were possible -- May 29, 2024 n/a
CVE-2024-36362 In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 path traversal allowing to read files from server was possible -- May 29, 2024 n/a
CVE-2024-36361 Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would typically be no reason to allow untrusted callers. -- May 24, 2024 n/a
CVE-2024-36267 Path traversal vulnerability exists in Redmine DMSF Plugin versions prior to 3.1.4. If this vulnerability is exploited, a logged-in user may obtain or delete arbitrary files on the server (within the privilege of the Redmine process). -- May 30, 2024 n/a
CVE-2024-36255 Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to perform proper input validation on post actions which allows an attacker to run a playbook checklist task command as another user via creating and sharing a deceptive post action that unexpectedly runs a slash command in some arbitrary channel. -- May 28, 2024 n/a
CVE-2024-36246 Missing authorization vulnerability exists in Unifier and Unifier Cast Version.5.0 or later, and the patch 20240527 not applied. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be modified or deleted. -- May 31, 2024 n/a
CVE-2024-36241 Mattermost versions 9.5.x <= 9.5.3, 9.6.x <= 9.6.1 and 8.1.x <= 8.1.12 fail to enforce proper access controls which allows user to view arbitrary post contents via the /playbook add slash command -- May 28, 2024 n/a
CVE-2024-36129 The OpenTelemetry Collector offers a vendor-agnostic implementation on how to receive, process and export telemetry data. An unsafe decompression vulnerability allows unauthenticated attackers to crash the collector via excessive memory consumption. OTel Collector version 0.102.1 fixes this issue. It is also fixed in the confighttp module version 0.102.0 and configgrpc module version 0.102.1. -- Jun 6, 2024 n/a
CVE-2024-36128 Directus is a real-time API and App dashboard for managing SQL database content. Prior to 10.11.2, providing a non-numeric length value to the random string generation utility will create a memory issue breaking the capability to generate random strings platform wide. This creates a denial of service situation where logged in sessions can no longer be refreshed as sessions depend on the capability to generate a random session ID. This vulnerability is fixed in 10.11.2. -- Jun 3, 2024 n/a
CVE-2024-36127 apko is an apk-based OCI image builder. apko exposures HTTP basic auth credentials from repository and keyring URLs in log output. This vulnerability is fixed in v0.14.5. -- Jun 3, 2024 n/a
CVE-2024-36124 iq80 Snappy is a compression/decompression library. When uncompressing certain data, Snappy tries to read outside the bounds of the given byte arrays. Because Snappy uses the JDK class `sun.misc.Unsafe` to speed up memory access, no additional bounds checks are performed and this has similar security consequences as out-of-bounds access in C or C++, namely it can lead to non-deterministic behavior or crash the JVM. iq80 Snappy is not actively maintained anymore. As quick fix users can upgrade to version 0.5. -- Jun 3, 2024 n/a
CVE-2024-36123 Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page `MediaWiki:Tagline` has its contents used unescaped, so custom HTML (including Javascript) can be injected by someone with the ability to edit the MediaWiki namespace (typically those with the `editinterface` permission, or sysops). This vulnerability is fixed in 2.16.0. -- Jun 3, 2024 n/a
CVE-2024-36121 netty-incubator-codec-ohttp is the OHTTP implementation for netty. BoringSSLAEADContext keeps track of how many OHTTP responses have been sent and uses this sequence number to calculate the appropriate nonce to use with the encryption algorithm. Unfortunately, two separate errors combine which would allow an attacker to cause the sequence number to overflow and thus the nonce to repeat. -- Jun 4, 2024 n/a
CVE-2024-36120 javascript-deobfuscator removes common JavaScript obfuscation techniques. In affected versions crafted payloads targeting expression simplification can lead to code execution. This issue has been patched in version 1.1.0. Users are advised to update. Users unable to upgrade should disable the expression simplification feature. -- May 31, 2024 n/a
CVE-2024-36119 Statamic is a, Laravel + Git powered CMS designed for building websites. In affected versions users registering via the `user:register_form` tag will have their password confirmation stored in plain text in their user file. This only affects sites matching **all** of the following conditions: 1. Running Statamic versions between 5.3.0 and 5.6.1. (This version range represents only one calendar week), 2. Using the `user:register_form` tag. 3. Using file-based user accounts. (Does not affect users stored in a database.), 4. Has users that have registered during that time period. (Existing users are not affected.). Additionally passwords are only visible to users that have access to read user yaml files, typically developers of the application itself. This issue has been patched in version 5.6.2, however any users registered during that time period and using the affected version range will still have the the `password_confirmation` value in their yaml files. We recommend that affected users have their password reset. System administrators are advised to upgrade their deployments. There are no known workarounds for this vulnerability. Anyone who commits their files to a public git repo, may consider clearing the sensitive data from the git history as it is likely that passwords were uploaded. -- May 30, 2024 n/a
CVE-2024-36118 MeterSphere is a test management and interface testing tool. In affected versions users without workspace permissions can view functional test cases of other workspaces beyond their authority. This issue has been addressed in version 2.10.15-lts. Users of MeterSphere are advised to upgrade. There are no known workarounds for this vulnerability. -- May 30, 2024 n/a
CVE-2024-36114 Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. All decompressor implementations of Aircompressor (LZ4, LZO, Snappy, Zstandard) can crash the JVM for certain input, and in some cases also leak the content of other memory of the Java process (which could contain sensitive information). When decompressing certain data, the decompressors try to access memory outside the bounds of the given byte arrays or byte buffers. Because Aircompressor uses the JDK class `sun.misc.Unsafe` to speed up memory access, no additional bounds checks are performed and this has similar security consequences as out-of-bounds access in C or C++, namely it can lead to non-deterministic behavior or crash the JVM. Users should update to Aircompressor 0.27 or newer where these issues have been fixed. When decompressing data from untrusted users, this can be exploited for a denial-of-service attack by crashing the JVM, or to leak other sensitive information from the Java process. There are no known workarounds for this issue. -- May 30, 2024 n/a
CVE-2024-36112 Nautobot is a Network Source of Truth and Network Automation Platform. A user with permissions to view Dynamic Group records (`extras.view_dynamicgroup` permission) can use the Dynamic Group detail UI view (`/extras/dynamic-groups/<uuid>/`) and/or the members REST API view (`/api/extras/dynamic-groups/<uuid>/members/`) to list the objects that are members of a given Dynamic Group. In versions of Nautobot between 1.3.0 (where the Dynamic Groups feature was added) and 1.6.22 inclusive, and 2.0.0 through 2.2.4 inclusive, Nautobot fails to restrict these listings based on the member object permissions - for example a Dynamic Group of Device objects will list all Devices that it contains, regardless of the user\'s `dcim.view_device` permissions or lack thereof. This issue has been fixed in Nautobot versions 1.6.23 and 2.2.5. Users are advised to upgrade. This vulnerability can be partially mitigated by removing `extras.view_dynamicgroup` permission from users however a full fix will require upgrading. -- May 28, 2024 n/a
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online