196 matches found
iText command injection vulnerability
iText is an open source library for creating and manipulating PDF files in Java. It is written by Bruno Lowagie, Paulo Soares and others. iText in the version before 7.1.17 there is a command injection vulnerability, the vulnerability stems from the user input construct to execute the command...
Bus Pass Management System Information Disclosure Vulnerability
Bus Pass Management System is a bus pass management system. v1.0 of Bus Pass Management System is vulnerable to information disclosure, which stems from a configuration error in the network system or product during operation. The vulnerability can be exploited by an attacker to view the applicati...
StackStorm Injection Vulnerability
StackStorm is an event-driven automation platform. The platform is used for automated remediation, security response, troubleshooting and program deployment, etc. An injection vulnerability exists in StackStorm, which stems from the failure of a network system or product to properly filter specia...
UpdateStar HD-Network Real-time Monitoring System Path Traversal Vulnerability
UpdateStar HD-Network Real-time Monitoring System is a high-definition network real-time monitoring system from UpdateStar, a German company. updateStar HD-Network Real-time Monitoring System in version 2.0 is vulnerable to path traversal vulnerability, which stems from the failure of a network...
Fortinet Meru AP Code Injection Vulnerability
Fortinet Meru Ap is a wireless access point from Fortinet, Inc. Fortinet Meru AP is vulnerable to code injection in versions 8.6.1 and 8.5.5 and below. The vulnerability stems from a failure of the network system or product to properly filter special elements in code segments constructed from...
IBM Db2 Access Control Error Vulnerability
IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from an Access Control Error vulnerability that originates when a networked system or...
Crafter CMS Expression Injection Vulnerability
Crafter CMS is an open source content management system CMS for digital experience applications.An expression injection vulnerability exists in Crafter CMS, which stems from the failure of a network system or product to properly filter special elements in code segments constructed from external...
IBM Cognos Analytics Access Control Error Vulnerability
IBM Cognos Analytics is a suite of business intelligence software from IBM Corporation. The software includes reports, dashboards, and scorecards, and can help companies adjust their decisions by analyzing content such as key factors and key people.IBM Cognos Analytics has an access control error...
Dell EMC Streaming Data Platform code issue vulnerability
A code issue vulnerability exists in Dell EMC Streaming Data Platform, a Dell platform for real-time ingestion, storage, and analysis of continuous streaming data, which is caused by a design or implementation error in the code development process of a network system or product. improper design o...
Elecom Edwrc Operating System OS Command Injection Vulnerability
The Elecom Edwrc is a series of routers from Elecom Japan. The Elecom Edwrc suffers from an operating system command injection vulnerability that originates from a network system or product not properly filtering specific elements of the data entered externally to the ELECOM router during the...
Dell EMC Streaming Data Platform 代码问题漏洞
A code issue vulnerability exists in Dell EMC Streaming Data Platform, a Dell platform for real-time ingestion, storage, and analysis of continuous streaming data, which is caused by a design or implementation error in the code development process of a network system or product. improper design o...
Apache APISIX Command Injection Vulnerability
Apache Apisix is a cloud-native microservices API gateway service from the Apache Foundation. The software is based on OpenResty and etcd and features dynamic routing and plugin hot-loading for API management in a microservice architecture. Apache APISIX has a security vulnerability that stems fr...
WordPress Insert Pages License Issue Vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An authorization issue vulnerability exists in the WordPress Insert Pages plugin in versions prior to 3.7.0,...
Adobe Experience Manager Access Control Error Vulnerability
Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications, and forms. The solution supports mobile content management, marketing and sales campaign management, and multi-site management, etc. Adobe Experience Manager in versio...
Cloudflare OctoRPKI 资源管理错误漏洞
Cloudflare OctoRPKI is an RPKI toolkit for the Cloudflare platform from cloudflare USA. Cloudflare OctoRPKI has a security vulnerability that originates from an improperly designed or implemented code development process for a network system or product...
Microsoft Azure Information Disclosure Vulnerability (CNVD-2021-93636)
Microsoft Azure is an open, enterprise-class cloud computing platform from Microsoft Corporation USA. The vulnerability stems from a configuration and other errors in the network system or product during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive...
Microsoft Azure Sphere Data Forgery Issue Vulnerability
Microsoft Azure Sphere, a Microsoft appliance used to provide security in cloud environments, is vulnerable to a data forgery issue. The vulnerability stems from a network system or product that does not adequately verify the origin or authenticity of data. An attacker could use the falsified dat...
Microsoft Azure Information Disclosure Vulnerability (CNVD-2021-93637)
Microsoft Azure is a set of open, enterprise-grade cloud computing platforms from the U.S.-based Microsoft. An information disclosure vulnerability exists in Microsoft Azure RTOS. The vulnerability stems from errors such as configuration during operation of a networked system or product. An...
Microsoft 3D Viewer remote code execution vulnerability
A code injection vulnerability exists in Microsoft 3D Viewer, a simplified and fast graphics editing application from Microsoft Corporation USA. The vulnerability stems from the process of constructing code segments from external input data that is not properly filtered by the network system or...
Microsoft Azure Real Time Operating System 信息泄露漏洞
Microsoft Azure is an open, enterprise-class cloud computing platform from Microsoft Corporation USA. The vulnerability stems from a configuration and other errors in the network system or product during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive...