CVE-2011-2923

foomatic-rip filter, all versions, used insecurely creates temporary files for storage of PostScript data by rendering the data when the debug mode was enabled. This flaw may be exploited by a local attacker to conduct symlink attacks by overwriting arbitrary files accessible with the privileges ...

F5 BIG-IP Denial of Service Vulnerability (CNVD-2019-41641)

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A security vulnerability exists in F5 BIG-IP versions 14.0.0 through 14.1.0.1. An attacker could exploit the vulnerability to...

JetBrains YouTrack Input Validation Error Vulnerability

JetBrains YouTrack is a browser-based bug tracking and project management software from the Czech company JetBrains. The software features bug tracking, creating workflows and monitoring project progress. An input validation error vulnerability exists in JetBrains YouTrack. An attacker could...

kernel: Memory leak in sit_init_net() in net/ipv6/sit.c

A flaw was found in the way the sitinitnet function in the Linux kernel handled resource cleanup on errors. This flaw allows an attacker to use the error conditions to crash the system...

Online Store System Cross-Site Scripting Vulnerability (CNVD-2019-40113)

Online Store System is an e-commerce system. A cross-site scripting vulnerability exists in Online Store System v1.0. The vulnerability stems from a lack of proper validation of client-side data in the web application. An attacker can exploit this vulnerability to execute client-side code...

File Upload Vulnerability in PowerCreator CMS

PowerCreator is a software development and product manufacturing company for the global audio and video industry. A file upload vulnerability exists in PowerCreator CMS, which can be exploited by an attacker to gain control of the web server...

Cloud Research Network Technology Co., Ltd. website building system has a logic flaw vulnerability

Cloud Research Network Technology Co., Ltd. is a company dedicated to optimizing employment methods with Internet thinking and guiding employment services with a big data platform. There is a logic flaw vulnerability in the website building system of Cloud Research Network Technology Co., Ltd,...

Google Android Information Disclosure Vulnerability (CNVD-2019-36433)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. Google Android 10 suffers from an information disclosure vulnerability. The vulnerability stems from an out-of-bounds read problem in libxaac in Android caused by a...

USN-4140-1: Firefox vulnerability

It was discovered that no user notification was given when pointer lock is enabled. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to hijack the mouse pointer and confuse users...

Information Leakage Vulnerability in Monarch LinkWorks Collaboration Platform

Ltd. is a digital construction platform service provider based on "end+cloud+big data" products/services, providing value-added services such as industrial big data and industrial new finance. An information leakage vulnerability exists in the Dream Dragon LinkWorks collaboration platform. An...

Libav Buffer Overflow Vulnerability (CNVD-2019-35787)

Libav is Libav team's set of cross-platform audio and video can be recorded, converted solution, which includes a libavcodec encoder. A buffer overflow vulnerability exists in the subtitle decoder in Libav version 12.3, which can be exploited by an attacker to cause, among other things, a buffer...

WordPress wps-hide-login plugin security bypass vulnerability (CNVD-2019-30732)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. wps-hide-login is a hide-login plugin that is used in it. A security vulnerability exists in WordPress wps-hide-login plugi...

Google Android Media Framework Denial of Service Vulnerability (CNVD-2019-40055)

Android is a Linux-based open source operating system from Google and the Open Handset Alliance OHA in the U.S. Media Framework is one of the multimedia development frameworks. A denial of service vulnerability exists in Media framework in Android. An attacker can exploit this vulnerability to...

Google Android Media Framework Code Execution Vulnerability (CNVD-2019-40845)

Android is a Linux-based open source operating system from Google and the Open Handset Alliance OHA in the U.S. Media Framework is one of the multimedia development frameworks. A code execution vulnerability exists in Media framework in Android. An attacker can exploit this vulnerability to execu...

Google Android power lifting vulnerability (CNVD-2019-37968)

Android is a Linux-based open source operating system from Google and the Open Handheld Alliance OHA. Google Android suffers from an elevation of privilege vulnerability. An attacker can exploit this vulnerability to elevate privileges...

Autodesk Design Review Code Issue Vulnerability

Autodesk Design Review ADR is a suite of AutoCAD drafting software assistance software from Autodesk. The software supports viewing, marking, measuring, printing and tracking changes to 2D and 3D design files. A code issue vulnerability exists in Autodesk Design Review. An attacker could exploit...

Windows Graphics Component Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise a user’s system. There are multiple ways an attacker could exploit...

CVE-2019-12725

Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters. Recent assessments:...

HTTP Unauthorized Brute Force Attempt

A remote attacker can exploit this vulnerability by using HTTP brute force attempt. These attacks are aimed to cause the server to crash or become unresponsive...

Cross-site scripting vulnerability in multiple F5 products (CNVD-2019-32053)

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A cross-site scripting vulnerability exists in multiple F5 products. An attacker can exploit the vulnerability to execute...