Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 153204 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2023-48107 Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_has_slash function in the mz_os.c file. -- Nov 24, 2023 n/a
CVE-2023-48106 Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_resolve function in the mz_os.c file. -- Nov 22, 2023 n/a
CVE-2023-48105 An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasm_loader_prepare_bytecode function in core/iwasm/interpreter/wasm_loader.c. -- Nov 24, 2023 n/a
CVE-2023-48094 A cross-site scripting (XSS) vulnerability in CesiumJS v1.111 allows attackers to execute arbitrary code in the context of the victim\'s browser via sending a crafted payload to /container_files/public_html/doc/index.html. -- Nov 14, 2023 n/a
CVE-2023-48090 GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in extract_attributes media_tools/m3u8.c:329. -- Nov 20, 2023 n/a
CVE-2023-48089 xxl-job-admin 2.4.0 is vulnerable to Remote Code Execution (RCE) via /xxl-job-admin/jobcode/save. -- Nov 16, 2023 n/a
CVE-2023-48088 xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting (XSS) via /xxl-job-admin/joblog/logDetailPage. -- Nov 16, 2023 n/a
CVE-2023-48087 xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via /xxl-job-admin/joblog/clearLog and /xxl-job-admin/joblog/logDetailCat. -- Nov 16, 2023 n/a
CVE-2023-48078 SQL Injection vulnerability in add.php in Simple CRUD Functionality v1.0 allows attackers to run arbitrary SQL commands via the \'title\' parameter. -- Nov 17, 2023 n/a
CVE-2023-48068 DedeCMS v6.2 was discovered to contain a Cross-site Scripting (XSS) vulnerability via spec_add.php. -- Nov 13, 2023 n/a
CVE-2023-48063 An issue was discovered in dreamer_cms 4.1.3. There is a CSRF vulnerability that can delete a theme project via /admin/category/delete. -- Nov 13, 2023 n/a
CVE-2023-48060 Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/add -- Nov 13, 2023 n/a
CVE-2023-48058 Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/run -- Nov 13, 2023 n/a
CVE-2023-48056 PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications. -- Nov 16, 2023 n/a
CVE-2023-48055 SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. This vulnerability can lead to the disclosure of information and communications. -- Nov 16, 2023 n/a
CVE-2023-48054 Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack. -- Nov 16, 2023 n/a
CVE-2023-48053 Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications. -- Nov 16, 2023 n/a
CVE-2023-48052 Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack. -- Nov 16, 2023 n/a
CVE-2023-48051 An issue in /upydev/keygen.py in upydev v0.4.3 allows attackers to decrypt sensitive information via weak encryption padding. -- Nov 21, 2023 n/a
CVE-2023-48042 Cross Site Scripting (XSS) in Search filters in Prestashop Amazzing filter version up to version 3.2.5, allows remote attackers to inject arbitrary JavaScript code. -- Nov 28, 2023 n/a
CVE-2023-48039 GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in gf_mpd_parse_string media_tools/mpd.c:75. -- Nov 20, 2023 n/a
CVE-2023-48034 An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to both decrypt wireless keystrokes and inject arbitrary keystrokes via use of weak encryption. -- Nov 28, 2023 n/a
CVE-2023-48031 OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the comment function, an attacker can bypass security restrictions and upload a .bat file by manipulating the file\'s magic bytes to masquerade as an allowed type. This can enable the attacker to execute arbitrary code or establish a reverse shell, leading to unauthorized file writes or control over the victim\'s station via a crafted file upload operation. -- Nov 25, 2023 n/a
CVE-2023-48029 Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a malicious command into a table. This vulnerability is exploited when an administrator visits the user management section, exports the data to a CSV file, and then opens it, leading to the execution of the malicious payload on the administrator\'s computer. -- Nov 25, 2023 n/a
CVE-2023-48028 kodbox 1.46.01 has a security flaw that enables user enumeration. This problem is present on the login page, where an attacker can identify valid users based on varying response messages, potentially paving the way for a brute force attack. -- Nov 25, 2023 n/a
CVE-2023-48025 Liblisp through commit 4c65969 was discovered to contain a out-of-bounds-read vulnerability in unsigned get_length(lisp_cell_t * x) at eval.c -- Nov 25, 2023 n/a
CVE-2023-48024 Liblisp through commit 4c65969 was discovered to contain a use-after-free vulnerability in void hash_destroy(hash_table_t *h) at hash.c -- Nov 25, 2023 n/a
CVE-2023-48023 Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor\'s position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment -- Nov 28, 2023 n/a
CVE-2023-48022 Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor\'s position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment -- Nov 28, 2023 n/a
CVE-2023-48021 Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/update. -- Nov 14, 2023 n/a
CVE-2023-48020 Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/changeStatus. -- Nov 14, 2023 n/a
CVE-2023-48017 Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) via Add permissions to CSRF in Permission Management. -- Nov 25, 2023 n/a
CVE-2023-48014 GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflow via the hevc_parse_vps_extension function at /media_tools/av_parsers.c. -- Nov 16, 2023 n/a
CVE-2023-48013 GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free via the gf_filterpacket_del function at /gpac/src/filter_core/filter.c. -- Nov 16, 2023 n/a
CVE-2023-48011 GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-after-free via the flush_ref_samples function at /gpac/src/isomedia/movie_fragments.c. -- Nov 16, 2023 n/a
CVE-2023-47877 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Perfmatters allows Stored XSS.This issue affects Perfmatters: from n/a before 2.2.0. -- Nov 30, 2023 n/a
CVE-2023-47876 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Perfmatters allows Reflected XSS.This issue affects Perfmatters: from n/a through 2.1.6. -- Nov 30, 2023 n/a
CVE-2023-47875 Cross-Site Request Forgery (CSRF) vulnerability in Perfmatters allows Cross Site Request Forgery.This issue affects Perfmatters: from n/a through 2.1.6. -- Nov 30, 2023 n/a
CVE-2023-47872 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in gVectors Team wpForo Forum allows Stored XSS.This issue affects wpForo Forum: from n/a through 2.2.3. -- Nov 30, 2023 n/a
CVE-2023-47870 Cross-Site Request Forgery (CSRF), Missing Authorization vulnerability in gVectors Team wpForo Forum wpforo allows Cross Site Request Forgery, Accessing Functionality Not Properly Constrained by ACLs leading to forced all users log out.This issue affects wpForo Forum: from n/a through 2.2.6. -- Nov 30, 2023 n/a
CVE-2023-47865 Mattermost fails to check if hardened mode is enabled when overriding the username and/or the icon when posting a post. If settings allowed integrations to override the username and profile picture when posting, a member could also override the username and icon when making a post even if the Hardened Mode setting was enabled -- Nov 27, 2023 n/a
CVE-2023-47854 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Howard Ehrenberg Parallax Image allows Stored XSS.This issue affects Parallax Image: from n/a through 1.7.1. -- Nov 30, 2023 n/a
CVE-2023-47853 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in myCred myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin allows Stored XSS.This issue affects myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin: from n/a through 2.6.1. -- Nov 30, 2023 n/a
CVE-2023-47851 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Akhtarujjaman Shuvo Bootstrap Shortcodes Ultimate allows Stored XSS.This issue affects Bootstrap Shortcodes Ultimate: from n/a through 4.3.1. -- Nov 30, 2023 n/a
CVE-2023-47850 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles allows Stored XSS.This issue affects Community by PeepSo – Social Network, Membership, Registration, User Profiles: from n/a through 6.2.2.0. -- Nov 30, 2023 n/a
CVE-2023-47848 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Tainacan.Org Tainacan allows Reflected XSS.This issue affects Tainacan: from n/a through 0.20.4. -- Nov 30, 2023 n/a
CVE-2023-47844 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Lim Kai Yang Grab & Save allows Reflected XSS.This issue affects Grab & Save: from n/a through 1.0.4. -- Nov 30, 2023 n/a
CVE-2023-47839 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin <= 3.3.26 versions. -- Nov 28, 2023 n/a
CVE-2023-47835 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in ARI Soft ARI Stream Quiz – WordPress Quizzes Builder plugin <= 1.2.32 versions. -- Nov 28, 2023 n/a
CVE-2023-47834 Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in ExpressTech Quiz And Survey Master plugin <= 8.1.13 versions. -- Nov 28, 2023 n/a
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online