Siemens SIMOTICS CONNECT 400 Denial of Service Vulnerability (CNVD-2021-28705)

SIMOTICS CONNECT 400 is a connector and sensor box mounted on a low-voltage motor that provides analysis data for the MindSphere application SIDRIVE IQ Fleet. A denial of service vulnerability exists in the Siemens SIMOTICS CONNECT 400. The vulnerability is due to the DNS domain record...

INSMA Wifi Mini Spy 1080P HD Security IP Camera Cross-Site Request Forgery Vulnerability

INSMA Wifi Mini Spy 1080P HD Security IP Camera is a camera from INSMA USA. The INSMA Wifi Mini Spy 1080P HD Security IP Camera version 1.9.7 B suffers from a cross-site request forgery vulnerability that can be exploited by an attacker to access the web via all fields...

Remote Command Execution Vulnerability in the Console of Chianxin Tianrong Terminal Security Management System

Chianxin Tianrong Terminal Security Management System is an integrated terminal security product solution for government and enterprise organizations. The product integrates anti-virus, terminal security control, terminal access, terminal audit, peripheral control, EDR and other functions, is...

Rust integer overflow vulnerability (CNVD-2021-28296)

Rust is a systems programming language characterized by fast operation, the ability to prevent segmentation errors, and thread-safety. An integer overflow vulnerability exists in the Zip implementation of the standard library in versions of Rust prior to 1.52.0. An attacker can exploit this...

Learnsite Remote Elevation of Privilege Vulnerability

Learnsite is an information technology classroom learning platform. A remote elevation of privilege vulnerability exists in the JudgIsAdmin function in /Manager/index.aspx in Learnsite version 1.2.5.0. An attacker can exploit this vulnerability by modifying the first letter of the user cookie key...

ASUS BMC Firmware Security Feature Issue Vulnerability (CNVD-2021-36011)

ASUS BMC Firmware is a firmware from Asus China. The ASUS BMC Firmware suffers from a security signature issue vulnerability that stems from a buffer overflow vulnerability due to the Radius configuration function failing to validate the length of a user-entered string. A remote attacker could...

The vulnerabilities of the crypto/x509 libraries and the golang.org/x/crypto/cryptobyte library in the Go programming language allow attackers to induce a service failure.

The vulnerability of the crypto/x509 libraries and golang.org/x/crypto/cryptobyte programming language is related to errors in the certificate validation process. Exploiting this vulnerability allows an attacker to cause service interruptions...

Google Android QuickContactActivity.java Information Disclosure Vulnerability

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An information disclosure vulnerability exists in Google Android QuickContactActivity.java. An attacker can exploit this vulnerability to obtain sensitive informati...

Python Bleach 跨站脚本漏洞

Python Bleach is a Python based HTML cleanup library. Python Bleach suffers from a cross-site scripting vulnerability that can be exploited by an attacker to trigger cross-site scripting in order to run JavaScript code in the context of a website...

FreeBSD Injection Vulnerability

FreeBSD is a set of Unix-like operating systems from the Freebsd Foundation. FreeBSD suffers from an injection vulnerability that can be exploited by an attacker to cause the driver to misinterpret portions of the payload of a large package as separate packages...

Mangroves has a flawed logic vulnerability

Mangroves is an intelligent vehicle monitoring system. Mangroves is vulnerable to a logic flaw. An attacker can exploit the vulnerability to bypass authenticated login by constructing a cookie message...

Weak password vulnerability in SRG1210W

The SRG1210W is a high performance enterprise router. The SRG1210W suffers from a weak password vulnerability. An attacker could exploit this vulnerability to obtain sensitive information...

Weak password vulnerability in Huawei Technologies Ltd Secoway USG2160BSR

The Secoway USG2160BSR is a firewall from Huawei Technologies Co. A weak password vulnerability exists in the Huawei Technologies Ltd Secoway USG2160BSR, which can be exploited by attackers to obtain sensitive information...

Microsoft Visual Studio Code Code Injection Vulnerability

Microsoft Visual Studio Code is an open source code editor from Microsoft USA. A code injection vulnerability in Microsoft Visual Studio Code unofficial C/C++ Advanced Lint extension prior to version 1.9.0 can be exploited by an attacker to execute arbitrary binaries when a user opens a carefully...

Tibco Software TIBCO Software FTL 安全漏洞

Tibco Software TIBCO Software FTL is an application-to-application messaging system from TIBCO Software USA. A security vulnerability exists in TIBCO Software FTL, which can be exploited by an attacker to insert malicious software...

Weak Password Vulnerability in TL-WR841HP of P&L Technology Ltd.

The TL-WR841HP is a 300Mbps, high power wireless router. A weak password vulnerability exists in the P&T TL-WR841HP, which can be exploited by an attacker to obtain sensitive information...

NetApp Cloud Manager Arbitrary File Overwrite Vulnerability

NetApp Cloud Manager is a centralized system for viewing and managing local and cloud storage with support for hybrid, multi-cloud providers and accounts. An arbitrary file overwrite vulnerability exists in NetApp Cloud Manager prior to version 3.9.4. A remote attacker could exploit this...

Foxit PhantomPDF 缓冲区错误漏洞

Foxit PhantomPDF is China's Foxit Foxit company a PDF document reader. Foxit PhantomPDF has a remote code execution vulnerability that can be exploited by an attacker to execute code in the context of the current process...

OurPHP suffers from an arbitrary file deletion vulnerability (CNVD-2021-24983)

OurPHP is an enterprise e-commerce marketing website building system. OurPHP has an arbitrary file deletion vulnerability, which can be exploited by attackers to delete any file under the server...

Xen 安全漏洞

Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. Xen has a security vulnerability that can be...