<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=112631&fmt=gif" />
s

CVE Database

Any person or party who is not a Wind River customer but wants to notify Wind River of security vulnerabilities affecting Wind River products is encouraged to send an email to security-alert@windriver.com. In order for Wind River to respond, the submitter's contact information must be included within the email. Customers are encouraged to use the dedicated Wind River online support mechanism.


Search CVEs

The common vulnerabilities and exposure(CVE) project maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID Description Priority Date
CVE-2018-9996 An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_template_value_parm, demangle_integral_value, and demangle_expression. -- 2018-04-10
CVE-2018-9995 TBK DVR4104 and DVR4216 devices allow remote attackers to bypass authentication via a Cookie: uid=admin header, as demonstrated by a device.rsp?opt=user&cmd=list request that provides credentials within JSON data in a response. -- 2018-04-10
CVE-2018-9993 YUNUCMS 1.0.7 has XSS via the content title on an admin/content/addcontent/cid/## page (aka a news center page). -- 2018-04-10
CVE-2018-9992 Frog CMS 0.9.5 has XSS via the name field of a new File or Directory on the admin/?/plugin/file_manager/browse/ screen. -- 2018-04-11
CVE-2018-9991 Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username parameter. -- 2018-04-11
CVE-2018-9989 ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input. -- 2018-04-10
CVE-2018-9988 ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input. -- 2018-04-10
CVE-2018-9985 The front page of MetInfo 6.0 allows XSS by sending a feedback message to an administrator. -- 2018-04-10
CVE-2018-9934 The reset-password feature in MetInfo 6.0 allows remote attackers to change arbitrary passwords via vectors involving a Host HTTP header that is modified to specify a web server under the attacker's control. -- 2018-04-10
CVE-2018-9928 Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 allows remote attackers to inject arbitrary web script or HTML via the webname or weburl parameter. -- 2018-04-10
CVE-2018-9927 An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a user account via index.php?m=member&f=index&v=add. -- 2018-04-10
CVE-2018-9926 An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add an admin account via index.php?m=core&f=power&v=add. -- 2018-04-10
CVE-2018-9925 An issue was discovered in idreamsoft iCMS through 7.0.7. XSS exists via the nickname field in an admincp.php?app=user&do=save&frame=iPHP request. -- 2018-04-10
CVE-2018-9924 An issue was discovered in idreamsoft iCMS through 7.0.7. SQL injection exists via the pid array parameter in an admincp.php?app=tag&do=save&frame=iPHP request. -- 2018-04-10
CVE-2018-9923 An issue was discovered in idreamsoft iCMS through 7.0.7. CSRF exists in admincp.php, as demonstrated by adding an article via an app=article&do=save&frame=iPHP request. -- 2018-04-10
CVE-2018-9922 An issue was discovered in idreamsoft iCMS through 7.0.7. Physical path leakage exists via an invalid nickname field that reveals a core/library/weixin.class.php pathname. -- 2018-04-10
CVE-2018-9918 libqpdf.a in QPDF through 8.0.2 mishandles certain expected dictionary key but found non-name object cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes. -- 2018-04-10
CVE-2018-9864 The WP Live Chat Support plugin before 8.0.06 for WordPress has stored XSS via the Name field. -- 2018-04-09
CVE-2018-9862 util.c in runV 1.0.0 for Docker mishandles a numeric username, which allows attackers to obtain root access by leveraging the presence of an initial numeric value on an /etc/passwd line, and then issuing a docker exec command with that value in the -u argument, a similar issue to CVE-2016-3697. -- 2018-04-09
CVE-2018-9860 An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. An off-by-one error when processing malformed TLS-CBC ciphertext could cause the receiving side to include in the HMAC computation exactly 64K bytes of data following the record buffer, aka an over-read. The MAC comparison will subsequently fail and the connection will be closed. This could be used for denial of service. No information leak occurs. -- 2018-04-12
CVE-2018-9857 PHP Scripts Mall Match Clone Script 1.0.4 has XSS via the search field to searchbyid.php (aka the View Search By Id screen). -- 2018-04-09
CVE-2018-9856 Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles implementation, as demonstrated by triggering a permission change via a /admin-document/@@share request. -- 2018-04-09
CVE-2018-9852 In Gxlcms QY v1.0.0713, LibLibActionHomeHitsAction.class.php allows remote attackers to read data from a database by embedding a FROM clause in a query string within a Home-Hits request, as demonstrated hy sid=user,password%20from%20mysql.user%23. -- 2018-04-07
CVE-2018-9851 In Gxlcms QY v1.0.0713, LibLibActionAdminTplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '|' instead of '/' as a directory separator, in conjunction with a .. sequence. -- 2018-04-07
CVE-2018-9850 In Gxlcms QY v1.0.0713, LibLibActionAdminDataAction.class.php allows remote attackers to delete any file via directory traversal sequences in the id parameter of an Admin-Data-del request. -- 2018-04-07