IBM WebSphere Application Server Cross-Site Scripting Vulnerability (CNVD-2024-45435)

IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. A cross-site scripting vulnerability exists in IBM...

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2024-42452)

Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to read a subset of accessible data...

Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

Microsoft SQL Server Remote Code Execution Vulnerability (CNVD-2024-38795)

Microsoft SQL Server is the United States Microsoft Microsoft company's set of applications in the Microsoft Windows system under the large commercial database system. A remote code execution vulnerability exists in Microsoft SQL Server, which can be exploited by an attacker to execute arbitrary...

Google Chrome Code Execution Vulnerability (CNVD-2024-38575)

Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in versions of Google Chrome prior to 128.0.6613.138, which is due to type obfuscation in V8. An attacker can exploit this vulnerability to execute arbitrary code on the system...

FIWARE Keyrock Encryption Problem Vulnerability (CNVD-2024-37462)

FIWARE Keyrock is a FIWARE open source component responsible for identity management. A cryptographic vulnerability exists in FIWARE Keyrock 8.4 and earlier versions, which stems from the predictability of the algorithm used to create password reset tokens, and can be exploited by an attacker to...

Google Android elevation of privilege vulnerability (CNVD-2024-37970)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to a logic error in the code in ensureSetPipAspectRatioQuotaTracker of ActivityClientController.java. An attacker can exploit this vulnerability to...

Google Android Denial of Service Vulnerability (CNVD-2024-37967)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a denial of service vulnerability due to a logic error in the shouldWrite code in OwnersData.java. An attacker can exploit this vulnerability to cause a denial of service...

Huawei EMUI and Huawei HarmonyOS Code Execution Vulnerability

Huawei EMUI and Huawei HarmonyOS are both products of the Chinese company Huawei Huawei.Huawei EMUI is a mobile operating system based on Android development.Huawei HarmonyOS is an operating system. Provides a full-scenario distributed operating system based on a microkernel. Huawei EMUI and Huaw...

Unspecified Vulnerability in SyroTech SY-GPON-1110-WDONT

The SyroTech SY-GPON-1110-WDONT is a wireless router from SyroTech. A security vulnerability exists in the SyroTech SY-GPON-1110-WDONT that stems from improper implementation of a password policy. An attacker can exploit this vulnerability to launch further attacks on the system...

Apache CloudStack Security Bypass Vulnerability (CNVD-2024-33812)

Apache CloudStack is a suite of Infrastructure as a Service IaaS cloud computing platforms from the Apache Foundation in the United States. The platform is primarily used to deploy and manage large networks of virtual machines. A security bypass vulnerability exists in Apache CloudStack that stem...

Apache Linkis Code Issue Vulnerability

Apache Linkis is a middleware product of the U.S. Apache Apache Foundation, which can establish an effective connection between upper-tier applications and the underlying data engine. Apache Linkis 1.6.0 before the version of the code problem vulnerability, the vulnerability stems from the data...

Google Android elevation of privilege vulnerability (CNVD-2024-45231)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability caused by out-of-bounds writes in multiple functions of MessageQueueBase.h. The vulnerability can be exploited by an attacker to escalate privileges. An...

Google Android Framework elevation of privilege vulnerability (CNVD-2024-37974)

Google Android is a Linux-based open source operating system from Google. An elevation of privilege vulnerability exists in Google Android Framework due to an error in a framework component that can be exploited by an attacker to gain elevated privileges on the system...

Mozilla Firefox for Android Elevation of Privilege Vulnerability

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox for Android suffers from an elevation of privilege vulnerability that is caused by an immediate interaction with a privilege prompt. An attacker can exploit the vulnerability to gain...

D-Link DAP-2622 Buffer Overflow Vulnerability (CNVD-2024-32554)

The D-Link DAP-2622 is a wireless router from China-based AUO D-Link. The D-Link DAP-2622 suffers from a buffer overflow vulnerability that can be exploited by an attacker to execute code in the root context...

Dell Client Platform Authorization Issues Vulnerability

Dell Client platforms are a client platform from Dell USA. The Dell Client Platform suffers from an authorization issue vulnerability that stems from the presence of incorrect authorization, which can be exploited by an attacker to bypass BIOS authorization and modify settings in the BIOS...

pgAdmin Cross-Site Scripting Vulnerability

pgAdmin is an open source management and development platform for the open source database PostgreSQL. A cross-site scripting vulnerability exists in pgAdmin 8.5 and earlier versions, which stems from a cross-site scripting vulnerability in the /settings/store endpoint that responds to a json loa...

TOTOLINK X5000R ipsecPsk Parameter Code Execution Vulnerability

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. The TOTOLINK X5000R suffers from a code execution vulnerability that stems from the ipsecPsk parameter of cstecgi.cgi failing to properly filter the special elements of constructed snippets. An attacker could exploit this...

Siemens Solid Edge Heap Buffer Overflow Vulnerability (CNVD-2024-23110)

Siemens Solid Edge is a 3D CAD software from Siemens Germany. The software can be used for part design, assembly design, sheet metal design, welding design and other industries. Siemens Solid Edge suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to execute co...