Kronos WebTA SQL Injection Vulnerability

Kronos WebTA is an attendance system. Kronos WebTA suffers from a SQL injection vulnerability. An attacker can exploit this vulnerability to read sensitive data from the database...

Adobe Creative Cloud Desktop Application Backlink Vulnerability

Adobe Creative Cloud Desktop Application is a suite of applications for managing applications and services in the Creative Cloud Membership Management Center from Adobe USA. The program supports synchronizing and sharing files, managing fonts, and accessing asset libraries for commercial...

BIGCAdvancedToken Digital Error Vulnerability

BIGCAdvancedToken is an Ether-based digital currency. An integer overflow vulnerability exists in the 'mintToken' function in the smart contract implementation of BIGCAdvancedToken. An attacker can exploit this vulnerability to set the balance of any user to an arbitrary value...

Command Execution Vulnerability in Media Mate

Media Mate is a media center similar to Plex. Media Mate has a command execution vulnerability that can be exploited by an attacker to execute a malicious exe file...

OpenClinic GA Cross-Site Scripting Vulnerability

OpenClinic GA is an open source hospital information management system. The system supports financial management, clinical management and laboratory management and other functions. A cross-site scripting vulnerability exists in OpenClinic GA version 5.09.02 and 5.89.05b, which stems from the lack...

Unspecified Vulnerability in CloudBees Jenkins HP ALM Quality Center Plugin

Cloudbees Jenkins Hudson Labs is the United States CloudBees Cloudbees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . A security vulnerability exists in...

Unspecified Vulnerability in Red Hat OpenShift Service Mesh istio-rhel8-operator

Red Hat OpenShift Service Mesh is a suite of platforms for connecting, managing, and monitoring microservices-based applications from Red Hat, U.S.A. istio-rhel8-operator is one of the programs used to manage the Istio control plane installation. A security vulnerability exists in...

Atlassian Jira Server-Side Request Forgery Vulnerability

Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace. A server-side request forgery vulnerability exists in Atlassian Jira versions prior to 8.7.0. A remote attacker can exploit this...

Squid Denial of Service Vulnerability (CNVD-2021-36603)

Squid is a suite of proxy server and web caching server software. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. A security vulnerability exists in version 5.x of Squid prior to 5.0.3. An attacker can exploit this vulnerability to...

Multiple VMware Products Competitive Conditions Issue Vulnerability

VMware ESXi is a server virtualization platform that can be installed directly on physical servers, VMware Workstation is a set of virtual machine software, and VMware Fusion is a set of virtual machine software designed to run Windows applications on Macs. VMware Fusion is a suite of virtual...

Haxx curl information disclosure vulnerability (CNVD-2021-40506)

HAXX Haxx curl is a set of file transfer tools from the Swedish company Haxx that work at the command line using URL syntax. The tool supports file uploads and downloads and includes a libcurl client-side URL transfer library for program development. An information disclosure vulnerability exists...

GitLab gitlab-vscode-extension injection vulnerability

GitLab gitlab-vscode-extension is a VSCode code editor extension for Gitlab from GitLab USA. A security vulnerability exists in GitLab gitlab-vscode-extension version v2.2.0. An attacker can exploit the vulnerability to execute code on a user's system...

Memory Corruption Vulnerability in WPS Office International Edition (CNVD-2020-44418)

WPS Office is the software of Zhuhai Kingsoft Office Software Co., Ltd, which can realize the text, table, presentation and many other functions commonly used in office software. A memory corruption vulnerability exists in the international version of WPS Office, which can be exploited by attacke...

Nordaaker Convos Password Management Vulnerability

Nordaaker Convos is a Norwegian company Nordaaker's Web browser-based open source multi-user chat application . A security vulnerability exists in the Core/Settings.pm and Util.pm files in Nordaaker Convos versions prior to 4.20. The vulnerability stems from a poorly designed or implemented probl...

CVE-2020-8618

An attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients...

CVE-2020-7512

A CWE-1103: Use of Platform-Dependent Third Party Components with vulnerabilities vulnerability exists in Easergy T300 Firmware version 1.5.2 and older which could allow an attacker to exploit the component...

Linux kernel Linux scheduler logic flaw vulnerability

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the U.S. Linux scheduler is one of the process scheduling applications. A security vulnerability exists in Linux scheduler in Linux kernel. An attacker can exploit the vulnerability to...

Cisco 809 Industrial ISRs, 829 Industrial ISRs, and Cisco CGR1000 IOS Software Trust Management Issue Vulnerabilities

Cisco 1000 Series Connected Grid Routers CGR1000 is a 1000 Series Internet Grid Router from Cisco. A trust management issue exists in the virtual console authentication of the IOS Software in Cisco 809 Industrial ISRs, 829 Industrial ISRs, and Cisco CGR1000. The vulnerability stems from the...

Google Android Framework Privilege Bypass Vulnerability (CNVD-2020-46321)

Android is a Linux-based open source operating system from Google and the Open Handheld Alliance OHA, of which Framework is a component of the Android framework. A security vulnerability exists in Framework in Android version 10. An attacker can exploit the vulnerability to elevate privileges...

Google Android Kernel Airbrush Resource Management Error Vulnerability

Android is a Linux-based open source operating system from Google and the Open Handset Alliance OHA, of which Kernel Airbrush is a kernel image processing plug-in. The Google Android Kernel Airbrush resource management error vulnerability can be exploited by an attacker to elevate privileges...