Google Chrome Code Execution Vulnerability (CNVD-2024-38575)

Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in versions of Google Chrome prior to 128.0.6613.138, which is due to type obfuscation in V8. An attacker can exploit this vulnerability to execute arbitrary code on the system...

Google Android elevation of privilege vulnerability (CNVD-2024-45227)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which is due to a race condition in DevmemIntPFNotify in device memserver.c. An attacker can exploit this vulnerability to escalate privileges...

The vulnerability of the ssh_css component in the Linux operating system’s kernel, related to the assignment of NULL pointers, allows an attacker to trigger a service failure.

The vulnerability of the sshcss component in the Linux operating system’s kernel is related to the assignment of a null pointer. Exploiting this vulnerability can allow an attacker to cause a service failure...

Microsoft SQL Server Remote Code Execution Vulnerability (CNVD-2024-38795)

Microsoft SQL Server is the United States Microsoft Microsoft company's set of applications in the Microsoft Windows system under the large commercial database system. A remote code execution vulnerability exists in Microsoft SQL Server, which can be exploited by an attacker to execute arbitrary...

Adobe Audition 缓冲区错误漏洞

Adobe Audition is a set of multi-track editing tools from the American company Audobee Adobe. The product mainly uses a comprehensive toolset that includes multi-track, waveform and spectral display to mix, edit and create audio content. A security vulnerability exists in Adobe Audition, which ca...

Adobe Audition AVI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Audition. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of AVI...

Cross Site Scripting (XSS)

github.com/alwindoss/akademy is vulnerable to Cross Site Scripting XSS. The vulnerability is caused due to a missing validation and sanitization within cmd/akademy/handler/handlers.go. An attacker can manipulate the argument emailAddress leading to cross site scripting...

FIWARE Keyrock Encryption Problem Vulnerability (CNVD-2024-37462)

FIWARE Keyrock is a FIWARE open source component responsible for identity management. A cryptographic vulnerability exists in FIWARE Keyrock 8.4 and earlier versions, which stems from the predictability of the algorithm used to create password reset tokens, and can be exploited by an attacker to...

Warehouse Inventory System Cross-Site Request Forgery Vulnerability (CNVD-2024-38215)

Warehouse Inventory System is a Warehouse Inventory Management System by Siamon Hasan Personal Developer. A cross-site request forgery vulnerability exists in Warehouse Inventory System v2.0, which stems from the deleteproduct.php component not adequately verifying that a request comes from a...

Rockwell Automation ThinManager ThinServer Arbitrary File Creation Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Rockwell Automation ThinManager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

Google Android elevation of privilege vulnerability (CNVD-2024-37970)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to a logic error in the code in ensureSetPipAspectRatioQuotaTracker of ActivityClientController.java. An attacker can exploit this vulnerability to...

Google Android Denial of Service Vulnerability (CNVD-2024-37967)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a denial of service vulnerability due to a logic error in the shouldWrite code in OwnersData.java. An attacker can exploit this vulnerability to cause a denial of service...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a null pointer dereference vulnerability that originates from a null pointer dereference. An attacker can exploit this vulnerability to conduct furthe...

Adobe Dimension out-of-bounds write vulnerability (CNVD-2024-35995)

Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. An out-of-bounds write vulnerability exists in Adobe Dimension version 3.4.11 and earlier versions, which can be exploited by an attacker to execute arbitrary code in the context o...

Unspecified Vulnerability in Adobe Acrobat Reader (CNVD-2024-39290)

Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDF. Adobe Acrobat Reader has a security vulnerability that can be exploited by an attacker to execute arbitrary code in the current user's environment...

Adobe Dimension GLB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

Microsoft Windows 10 WinREUpdateInstaller_2401B_amd64 Link Following Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

Huawei EMUI and Huawei HarmonyOS Code Execution Vulnerability

Huawei EMUI and Huawei HarmonyOS are both products of the Chinese company Huawei Huawei.Huawei EMUI is a mobile operating system based on Android development.Huawei HarmonyOS is an operating system. Provides a full-scenario distributed operating system based on a microkernel. Huawei EMUI and Huaw...

Huawei EMUI和Huawei HarmonyOS 安全漏洞

Huawei EMUI and Huawei HarmonyOS are both products of the Chinese company Huawei Huawei.Huawei EMUI is a mobile operating system based on Android development.Huawei HarmonyOS is an operating system. Provides a full-scenario distributed operating system based on a microkernel. Huawei EMUI and Huaw...

(0Day) oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The specific flaw exists within the parsing of STK command PDUs. The issue...