1682 matches found
The vulnerability of Microsoft Windows Defender operating system allows a hacker to trigger a service failure.
The vulnerability of Microsoft Windows Defender operating system exists due to insufficient validation of input data. Exploiting this vulnerability can allow attackers to cause service failures...
Google Android elevation of privilege vulnerability (CNVD-2021-43400)
Google Android is a Linux-based open source operating system from the Google Open Handheld Alliance Google. Google Android suffers from an elevation of privilege vulnerability. The vulnerability stems from a memory corruption due to double release in the memory management driver. An attacker coul...
Information leakage vulnerability in Baisou Video HD APP
Baisou Video HD APP is a video player. Baisou Video HD APP has an information disclosure vulnerability. An attacker can exploit the vulnerability to backup the app and obtain sensitive information...
CVE-2021-20728
Improper access control vulnerability in goo blog App for Android ver.1.2.25 and earlier and for iOS ver.1.3.3 and earlier allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App...
Jira Server and Jira Data Center cross-site scripting vulnerability (CNVD-2021-44763)
Atlassian JIRA Server and Jira Server & Data Center are both products of Atlassian Australia.Atlassian JIRA Server is the server version of a defect tracking management system. The system is mainly used for tracking and managing all kinds of problems and defects in the workplace.Jira Server & Dat...
PT-2021-15137 · Google · Asylo
Name of the Vulnerable Software and Affected Versions: Asylo versions prior to 0.6.2 Description: An attacker can modify the address to point to trusted memory to overwrite arbitrary trusted memory. Recommendations: For Asylo versions prior to 0.6.2, update past 0.6.2 or apply the git commit...
Denial of Service Vulnerability in CENTUM VP DCS System
The CENTUM VP DCS system is a Shun Control configuration application. A denial of service vulnerability exists in the CENTUM VP DCS system. An attacker could exploit this vulnerability to cause a denial of service...
SQL Injection Vulnerability in Ricochet Cloud Group Live Code Generation System (CNVD-2021-41721)
RikerCloud live code management system is an open source, free, live code system that can be operated online to improve efficiency, get more resources and so on. A SQL injection vulnerability exists in the Ricochet Cloud Live Code Generation System, which can be exploited by attackers to obtain...
Microhome Software Technology (Hangzhou) Co., Ltd. website builder system suffers from an arbitrary file read vulnerability
Microsoft Technology Hangzhou Co., Ltd. is a professional ECM Collaboration Management Software and BPM Business Process Management Software R & D and solution provider. There is an arbitrary file reading vulnerability in the website building system of Microhome Software Technology Hangzhou Co. A...
ZenFone 4 Max (ZC520KL) suffers from an information disclosure vulnerability
ZenFone 4 Max ZC520KL is a smartphone. An information disclosure vulnerability exists in ZenFone 4 Max ZC520KL. An attacker can exploit the vulnerability to obtain sensitive information...
FFmpeg heap buffer overflow vulnerability (CNVD-2021-39759)
FFmpeg is a complete solution for recording, converting and streaming audio and video. A heap buffer overflow vulnerability exists in crossfadesamplesfltp in libavfilter/afafade.c in FFmpeg version 4.2. An attacker can exploit this vulnerability to cause memory corruption...
Google Chrome post-release reuse vulnerability (CNVD-2021-41140)
Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. A post-release reuse vulnerability in WebAuthentication in versions prior to Google Chrome 91.0.4472.77 can be exploited by a remote attacker to corrupt the rendere...
Shopizer Cross-Site Scripting Vulnerability
Shopizer is a Java open source e-commerce software. A stored cross-site scripting vulnerability exists in Shopizer versions prior to 2.17.0. A remote attacker can exploit this vulnerability to inject arbitrary Web script or HTML via the customername in various forms managed by the store...
The vulnerability of the “forward first” DNS server mode in Bind9, which allows a attacker to cause a service failure.
The “forward first” mode of the Bind9 DNS server has vulnerabilities due to insufficient validation of input data. Exploiting these vulnerabilities can allow a malicious actor to cause service failures...
Red Hat Wildfly Cross-Site Scripting Vulnerability
Red Hat Wildfly is the United States Red Hat Red Hat, Inc. of a lightweight JavaEE-based open source application server . A cross-site scripting vulnerability exists in Red Hat Wildfly versions prior to 23.0.2. An attacker can exploit this vulnerability by adding a payload to the name field to...
Cisco Small Business 命令注入漏洞
Cisco Small Business is a switch from the American company Cisco Cisco. An input validation error vulnerability exists in the Cisco Small Business product, which results from an incorrect validation provided to the user. An attacker could exploit this vulnerability to perform command injection fo...
node-mpv formatting string error vulnerability
node-mpv is a Node.js based MPV player module. A security vulnerability exists in mpv version 0.33.0 and earlier versions, which can be exploited by an attacker to achieve code execution via a crafted m3u playlist file...
Weak Password Vulnerability in Huawei Technologies S5700 Series Switches
Founded in 1987, Huawei Technologies Co., Ltd. is a leading global provider of ICT information and communications infrastructure and smart terminals. A weak password vulnerability exists in the S5700 series switches of Huawei Technologies Co. that can be exploited by attackers to obtain sensitive...
Google TensorFlow SparseDenseCwiseMul Heap Out-of-Bounds Access Vulnerability
Google TensorFlow is an end-to-end open source machine learning platform. A heap out-of-bounds access vulnerability exists in Google TensorFlow SparseDenseCwiseMul. An attacker can exploit the vulnerability by passing an invalid parameter to "tf.raw\u ops.backpropinput" to write outside the...
GNU LibreDWG Memory Leak Vulnerability
LibreDWG is a free C library for reading and writing DWG files. GNU LibreDWG version 0.10 in dwgdecodeeed ... /... A memory leak vulnerability exists in /src/decode.c:3638. An attacker could cause a memory leak by exploiting this vulnerability via specially crafted input...