Lucene search
K

3349 matches found

CNVD
CNVD
added 2021/06/07 12:0 a.m.19 views

Arbitrary File Read Vulnerability in Flash Flood Monitoring and Early Warning System of Chengdu Wanjiang Gangli Technology Co.

Founded in 2007, Chengdu Wanjiang Gangli Technology Co., Ltd. is positioned as a full chain service provider of water technology under the framework of artificial intelligence. There is an arbitrary file read vulnerability in the flash flood monitoring and warning system of Chengdu Wanjiang Gangl...

6.9AI score
Exploits0
CNVD
CNVD
added 2021/06/04 12:0 a.m.5 views

YzmCMS Server-Side Request Forgery Vulnerability

YzmCMS is a lightweight open source content management system based on PHP+Mysql architecture developed by Yuan Zhimeng alone. YzmCMS 5.8 version of the back-end collection management server-side request forgery vulnerability, an attacker can use the vulnerability to read any file...

7.5CVSS6.6AI score0.01317EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/06/03 12:0 a.m.3 views

YzmCMS 代码问题漏洞

YzmCMS is a lightweight open source content management system based on PHP+Mysql architecture developed by Yuan Zhimeng alone. YzmCMS 5.8 version of the back-end collection management server-side request forgery vulnerability, an attacker can use the vulnerability to read any file...

7.5CVSS5.7AI score0.01317EPSS
Exploits1References1
CVE
CVE
added 2021/06/01 9:50 a.m.44 views

CVE-2021-33184

Synology Download Station (task management component) is affected by CVE-2021-33184. The vulnerability is a Server-Side Request Forgery (SSRF) that can be exploited by remote authenticated users to read arbitrary files via unspecified vectors. Affected versions are before 3.8.15-3563. The connect...

7.7CVSS7AI score0.01EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2021/06/01 12:0 a.m.3 views

ofcms v1.1.4 backend existence of arbitrary file reading vulnerability

OFCMS is a content management system developed based on java technology. OFCMS v1.1.4 there are arbitrary file reading vulnerabilities in the background, the vulnerability stems from the program fails to properly validate the user data, remote attackers can use the vulnerability to read the...

7.3AI score
Exploits0
CNVD
CNVD
added 2021/05/31 12:0 a.m.1 views

Microhome Software Technology (Hangzhou) Co., Ltd. website builder system suffers from an arbitrary file read vulnerability

Microsoft Technology Hangzhou Co., Ltd. is a professional ECM Collaboration Management Software and BPM Business Process Management Software R & D and solution provider. There is an arbitrary file reading vulnerability in the website building system of Microhome Software Technology Hangzhou Co. A...

7AI score
Exploits0
CNVD
CNVD
added 2021/05/24 12:0 a.m.6 views

Plone server-side request forgery vulnerability (CNVD-2021-37196)

Plone is an open source content management system CMS built on the Zope application server. A server-side request forgery vulnerability exists in Plone 5.2.4 and earlier versions. An authenticated remote attacker can exploit this vulnerability to read a line in a file...

4.3CVSS6.5AI score0.00992EPSS
Exploits0References1
CNVD
CNVD
added 2021/05/17 12:0 a.m.2 views

Station Master CMS has arbitrary file reading vulnerability

Station Helpers CMS is a CMS open source system dedicated to creating a full-featured ... Station Helpers CMS has an arbitrary file read vulnerability that can be exploited by attackers to obtain sensitive information...

6.9AI score
Exploits0
CNVD
CNVD
added 2021/05/14 12:0 a.m.4 views

Chamilo XML External Entity Injection Vulnerability

Chamilo is a learning management system focused on ease of use and accessibility. Chamilo version 1.11.14 suffers from an XML external entity injection vulnerability. The vulnerability stems from reading XML data without disabling the ability to load external entities in admin/userimport.php, whi...

6.5CVSS7AI score0.01922EPSS
Exploits1References1
CNVD
CNVD
added 2021/05/14 12:0 a.m.9 views

Adobe After Effects Out-of-Bounds Read Vulnerability (CNVD-2021-34733)

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. An out-of-bounds read vulnerability exists in Adobe After Effects 18.1 and...

4.3CVSS6.5AI score0.01669EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2021/05/14 12:0 a.m.35 views

Debian DLA-2658-1 : redmine security update

Several issues were found in Redmine, a project management web application, which could lead to cross-site scripting, information disclosure, and reading arbitrary files from the server. For Debian 9 stretch, these problems have been fixed in version 3.3.1-4+deb9u4. We recommend that you upgrade...

9.8CVSS6.3AI score0.01737EPSS
Exploits0References13
CNNVD
CNNVD
added 2021/05/13 12:0 a.m.3 views

Chamilo 信息泄露漏洞

Chamilo is a learning management system focused on ease of use and accessibility. Chamilo version 1.11.14 suffers from an XML external entity injection vulnerability. The vulnerability stems from reading XML data without disabling the ability to load external entities in admin/userimport.php, whi...

6.5CVSS5.8AI score0.01922EPSS
Exploits1References4
CVE
CVE
added 2021/05/07 3:52 a.m.43 views

CVE-2021-32093

CVE-2021-32093 affects NSA Emissary 5.9.0. The issue resides in the ConfigFileAction component, where an authenticated user can read arbitrary files via the ConfigName parameter, resulting in information disclosure. The connected documents corroborate the vulnerability description across multiple...

6.5CVSS6.3AI score0.01019EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2021/05/04 8:22 p.m.29 views

CVE-2020-36332

A flaw was found in libwebp. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability...

7.5CVSS8.2AI score0.01966EPSS
Exploits0References3
NVD
NVD
added 2021/04/26 7:15 p.m.17 views

CVE-2021-31784

An out-of-bounds write vulnerability exists in the file-reading procedure in Open Design Alliance Drawings SDK before 2021.6 on all supported by ODA platforms in static configuration. This can allow attackers to cause a crash, potentially enabling a denial of service attack Crash, Exit, or Restar...

7.8CVSS0.00852EPSS
Exploits0References2
OSV
OSV
added 2021/04/26 7:15 p.m.2 views

CVE-2021-31784

An out-of-bounds write vulnerability exists in the file-reading procedure in Open Design Alliance Drawings SDK before 2021.6 on all supported by ODA platforms in static configuration. This can allow attackers to cause a crash, potentially enabling a denial of service attack Crash, Exit, or Restar...

7.8CVSS5.9AI score0.00852EPSS
Exploits0References2
Apple
Apple
added 2021/04/26 12:0 a.m.124 views

About the security content of Security Update 2021-002 Catalina

About the security content of Security Update 2021-002 Catalina This document describes the security content of Security Update 2021-002 Catalina. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has...

10CVSS9.7AI score0.68531EPSS
Exploits9References1Affected Software1
CNVD
CNVD
added 2021/04/25 12:0 a.m.2 views

XML Entity Injection Vulnerability in Oracle WebLogic Server

Oracle WebLogic Server is an Oracle Oracle application service middleware for cloud and traditional environments, which provides a modern lightweight development platform that supports the entire lifecycle management of applications from development to production and simplifies application...

6.8AI score
Exploits0
CNVD
CNVD
added 2021/04/21 12:0 a.m.4 views

Arbitrary file reading vulnerability exists in Saida Technology's CloudVision video conferencing terminal

Anhui Saida Technology Co., Ltd. focuses on intelligent cloud video industry, based on the network of communication carriers, using a new generation of information technology to create a "cloud video application engine", focusing on big data application platforms, intelligent terminal product...

6.9AI score
Exploits0
Vulnrichment
Vulnrichment
added 2021/04/20 11:55 a.m.12 views

CVE-2021-20023

SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host...

5.1AI score0.51407EPSS
Exploits0References1
Rows per page
Query Builder