Fortinet FortiMail Buffer Overflow Vulnerability

Fortinet FortiMail is a set of e-mail security gateway products of the U.S. Fita Fortinet. The product provides e-mail security and data protection features. A buffer overflow vulnerability exists in Fortinet FortiMail, which stems from a buffer size miscalculation in multiple instances. An...

Google TensorFlow code issue vulnerability (CNVD-2021-48859)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A code issue vulnerability exists in Google TensorFlow 2.4.2, 2.3.3, 2.2.3, 2.1.4, which can be exploited by an attacker to cause dereferencing of null pointers...

QSAN Storage Manager Access Control Error Vulnerability (CNVD-2021-48979)

QSAN Storage Manager is a NAS operating system from Quantium Technologies Incorporated QSAN. An access control error vulnerability exists in FirmwareUpgrade in QSAN Storage Manager 3.3.1 and earlier versions. A remote attacker could exploit this vulnerability to reboot and disrupt the device...

WordPress WP Pro Real Estate 7 Plugin Cross-Site Scripting Vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL server set up a personal blog site.WordPress plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in WordPress WP P...

Apache Druid Privilege Permission and Access Control Issues Vulnerability

Apache Druid is the United States Apache Apache Foundation of a use of the Java language , written in column-oriented open source distributed database . Apache Druid has a security vulnerability that can be exploited by an attacker to read data from other sources e.g., the local file system using...

osTicket cross-site scripting vulnerability (CNVD-2021-48883)

osTicket is a widely used and trusted open source work order support ticket system. A cross-site scripting vulnerability exists in osTicket versions prior to 1.12.6. An attacker can exploit this vulnerability via the queue-name parameter in include/ajax.search.php...

LimeSurvey cross-site scripting vulnerability (CNVD-2021-48882)

limesurvey is an open source online questionnaire program with multiple functions such as questionnaire design, modification, release, recovery and statistics. A cross-site scripting vulnerability exists in LimeSurvey version 4.1.11+200316. An attacker can exploit this vulnerability by using the...

Google Android phNxpNciHal_ext.cc Information Disclosure Vulnerability

Google Android is a Linux-based open source operating system from the Google Open Handheld Consortium Google. An information disclosure vulnerability exists in Google Android phNxpNciHalext.cc. An attacker can exploit this vulnerability to obtain sensitive information...

Google Android iaxxx-codec.c elevation of privilege vulnerability

Google Android is a Linux-based open source operating system from the Google Open Handheld Consortium Google. Google Android iaxxx-codec.c suffers from an elevation of privilege vulnerability. An attacker can exploit this vulnerability to cause a local elevation of privilege...

Google Android phNxpNciHal_print_res_status elevation of privilege vulnerability

Google Android is a Linux-based open source operating system from the Google Open Handheld Consortium Google. An elevation of privilege vulnerability exists in Google Android phNxpNciHalprintresstatus. An attacker can exploit this vulnerability to cause a local elevation of privilege...

phpIPAM cross-site scripting vulnerability (CNVD-2021-45440)

phpIPAM is a PHP-based open source ip address management software. A reflected cross-site scripting vulnerability exists in phpIPAM version 1.4.3. The vulnerability can be exploited by an attacker to conduct a cross-site scripting attack via app/dashboard/widgets/ipcalc-result.php and...

White Shark System (WSS) SQL Injection Vulnerability

White Shark System WSS is a browser-based collaboration platform that integrates Project Management, Task Management, Work Management and Work Log Management. Project Management", "Task Management", "Work Management" and "Work Log Management". A SQL injection vulnerability exists in White Shark...

Textpattern Arbitrary File Upload Vulnerability

Textpattern is a free open source content management system based on PHP and MySQL. Textpattern has an arbitrary file upload vulnerability. An attacker can use the fileinsert function in include/txpfile.php to upload arbitrary files...

74CMS SQL Injection Vulnerability (CNVD-2021-43389)

74CMS is a talent recruitment system based on the second development of ThinkPHP framework. A SQL injection vulnerability exists in 74CMS version 3.2.0. An attacker can exploit this vulnerability to inject SQL statements via the x parameter of plus/ajaxstreet.php...

Unspecified Vulnerability in Samsung Galaxy Watch PlugIn

Samsung Galaxy Apps is a pre-installed application store program for Samsung mobile devices from Samsung South Korea. Galaxy Watch PlugIn 2.2.05.21033151 previously had a security vulnerability that could be exploited by an attacker to disclose the Wi-Fi password of a connection to a user's...

74CMS SQL Injection Vulnerability (CNVD-2021-43391)

74CMS is a talent recruitment system based on the second development of ThinkPHP framework. A SQL injection vulnerability exists in 74CMS version 3.2.0. An attacker can use this vulnerability to inject SQL statements via the key parameter of plus/ajaxstreet.php...

Google Android elevation of privilege vulnerability (CNVD-2021-43400)

Google Android is a Linux-based open source operating system from the Google Open Handheld Alliance Google. Google Android suffers from an elevation of privilege vulnerability. The vulnerability stems from a memory corruption due to double release in the memory management driver. An attacker coul...

Google Android elevation of privilege vulnerability (CNVD-2021-43397)

Google Android is a Linux-based open source operating system from the Google Open Handheld Consortium Google. Google Android suffers from an elevation of privilege vulnerability. The vulnerability stems from an out-of-bounds write due to uninitialized data in the memory management driver. An...

Unspecified vulnerability in BetterLinks WordPress plugin (CNVD-2021-44290)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in BetterLinks WordPress plugin versions prior to 2.0.4, which stems...

The vulnerability of Microsoft Windows Defender operating system allows a hacker to trigger a service failure.

The vulnerability of Microsoft Windows Defender operating system exists due to insufficient validation of input data. Exploiting this vulnerability can allow attackers to cause service failures...