Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 104130 entries
IDDescriptionPriorityModified dateFixed Release
CVE-2022-35158 A vulnerability in the lua parser of TscanCode tsclua v2.15.01 allows attackers to cause a Denial of Service (DoS) via a crafted lua script. -- Aug 4, 2022 n/a
CVE-2022-35144 Renato v0.17.0 was discovered to contain a cross-site scripting (XSS) vulnerability. -- Aug 4, 2022 n/a
CVE-2022-35143 Renato v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks. -- Aug 4, 2022 n/a
CVE-2022-35142 An issue in Renato v0.17.0 allows attackers to cause a Denial of Service (DoS) via a crafted payload injected into the Search parameter. -- Aug 4, 2022 n/a
CVE-2022-35131 Joplin v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles. -- Jul 26, 2022 n/a
CVE-2022-35118 PyroCMS v3.9 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities. -- Aug 5, 2022 n/a
CVE-2022-34993 Totolink A3600R_Firmware V4.1.2cu.5182_B20201102 contains a hard code password for root in /etc/shadow.sample. -- Aug 4, 2022 n/a
CVE-2022-34992 Luadec v0.9.9 was discovered to contain a heap-buffer overflow via the function UnsetPending. -- Aug 4, 2022 n/a
CVE-2022-34991 Paymoney v3.3 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the first_name and last_name parameters. -- Jul 29, 2022 n/a
CVE-2022-34989 Fruits Bazar v1.0 was discovered to contain a SQL injection vulnerability via the recover_email parameter at user_password_recover.php. -- Jul 26, 2022 n/a
CVE-2022-34988 Inout Blockchain AltExchanger v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/js. -- Jul 28, 2022 n/a
CVE-2022-34983 The scu-captcha package in PyPI v0.0.1 to v0.0.4 included a code execution backdoor inserted by a third party. -- Jul 22, 2022 n/a
CVE-2022-34982 The eziod package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party. -- Jul 22, 2022 n/a
CVE-2022-34981 The PyCrowdTangle package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party. -- Jul 22, 2022 n/a
CVE-2022-34974 D-Link DIR810LA1_FW102B22 was discovered to contain a command injection vulnerability via the Ping_addr function. -- Aug 3, 2022 n/a
CVE-2022-34973 D-Link DIR820LA1_FW106B02 was discovered to contain a buffer overflow via the nextPage parameter at ping.ccp. -- Aug 3, 2022 n/a
CVE-2022-34972 So Filter Shop v3.x was discovered to contain multiple blind SQL injection vulnerabilities via the att_value_id , manu_value_id , opt_value_id , and subcate_value_id parameters at /index.php?route=extension/module/so_filter_shop_by/filter_data. HIGH Jul 6, 2022 n/a
CVE-2022-34971 An arbitrary file upload vulnerability in the Advertising Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary code via a crafted PHP file. -- Jul 27, 2022 n/a
CVE-2022-34970 Crow before v1.0+4 was discovered to contain a buffer overflow via the function qs_parse at query_string.h. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. -- Aug 4, 2022 n/a
CVE-2022-34969 PingCAP TiDB v6.1.0 was discovered to contain a NULL pointer dereference. -- Aug 3, 2022 n/a
CVE-2022-34968 An issue in the fetch_step function in Percona Server for MySQL v8.0.28-19 allows attackers to cause a Denial of Service (DoS) via a SQL query. -- Aug 3, 2022 n/a
CVE-2022-34967 The assertion `stmt->Dbc->FirstStmt\' failed in MonetDB Database Server v11.43.13. -- Aug 3, 2022 n/a
CVE-2022-34966 OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an HTML injection vulnerability via the location parameter at http://ip_address/:port/ossn/home. -- Jul 26, 2022 n/a
CVE-2022-34965 OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an arbitrary file upload vulnerability via the component /ossn/administrator/com_installer. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. -- Jul 25, 2022 n/a
CVE-2022-34964 OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the SitePages module. -- Jul 29, 2022 n/a
CVE-2022-34963 OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the News Feed module. -- Jul 29, 2022 n/a
CVE-2022-34962 OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Group Timeline module. -- Jul 25, 2022 n/a
CVE-2022-34961 OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Users Timeline module. -- Jul 29, 2022 n/a
CVE-2022-34956 Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_size parameter at load_data_for_groups.php. -- Aug 4, 2022 n/a
CVE-2022-34955 Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_size parameter at load_data_for_topusers.php. -- Aug 4, 2022 n/a
CVE-2022-34954 Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at invoiceprint.php. -- Aug 4, 2022 n/a
CVE-2022-34953 Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getOrderReport.php. -- Aug 5, 2022 n/a
CVE-2022-34952 Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at edituser.php. -- Aug 5, 2022 n/a
CVE-2022-34951 Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getsalereport.php. -- Aug 5, 2022 n/a
CVE-2022-34950 Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editproduct.php. -- Aug 4, 2022 n/a
CVE-2022-34949 Pharmacy Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the email or password parameter at login.php. -- Aug 4, 2022 n/a
CVE-2022-34948 Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editbrand.php. -- Aug 4, 2022 n/a
CVE-2022-34947 Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editcategory.php. -- Aug 4, 2022 n/a
CVE-2022-34946 Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getexpproduct.php. -- Aug 4, 2022 n/a
CVE-2022-34945 Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getproductreport.php. -- Aug 4, 2022 n/a
CVE-2022-34943 Laravel v5.1 was discovered to contain a remote code execution (RCE) vulnerability via the component ChanceGenerator in __call. -- Aug 3, 2022 n/a
CVE-2022-34937 Yuba u5cms v8.3.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component savepage.php. This vulnerability allows attackers to execute arbitrary code. -- Aug 3, 2022 n/a
CVE-2022-34928 JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via /system/user. -- Aug 6, 2022 n/a
CVE-2022-34927 MilkyTracker v1.03.00 was discovered to contain a stack overflow via the component LoaderXM::load. This vulnerability is triggered when the program is supplied a crafted XM module file. -- Aug 3, 2022 n/a
CVE-2022-34924 Lanling OA Landray Office Automation (OA) internal patch number #133383/#137780 contains an arbitrary file read vulnerability via the component /sys/ui/extend/varkind/custom.jsp. -- Aug 3, 2022 n/a
CVE-2022-34918 An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. HIGH Jul 5, 2022 n/a
CVE-2022-34914 Webswing before 22.1.3 allows X-Forwarded-For header injection. The client IP address is associated with a variable in the configuration page. The {clientIp} variable can be used as an application startup argument. The X-Forwarded-For header can be manipulated by a client to store an arbitrary value that is used to replace the clientIp variable (without sanitization). A client can thus inject multiple arguments into the session startup. Systems that do not use the clientIP variable in the configuration are not vulnerable. The vulnerability is fixed in these versions: 20.1.16, 20.2.19, 21.1.8, 21.2.12, and 22.1.3. MEDIUM Jul 8, 2022 n/a
CVE-2022-34913 ** DISPUTED ** md2roff 1.7 has a stack-based buffer overflow via a Markdown file containing a large number of consecutive characters to be processed. NOTE: the vendor\'s position is that the product is not intended for untrusted input. HIGH Jul 2, 2022 n/a
CVE-2022-34912 An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won\'t be escaped. MEDIUM Jul 2, 2022 n/a
CVE-2022-34911 An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to Welcome followed by the username, the username is not escaped: SpecialCreateAccount::successfulAction() calls ::showSuccessPage() with a message as second parameter, and OutputPage::setPageTitle() uses text(). MEDIUM Jul 2, 2022 n/a
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online