188 matches found
D-Link DAP-2622 Buffer Overflow Vulnerability (CNVD-2024-32559)
The D-Link DAP-2622 is a wireless access point Access Point device from China's D-Link. The D-Link DAP-2622 suffers from a buffer overflow vulnerability that can be exploited by an attacker to execute code in the root context...
Mozilla Firefox and Thunderbird Code Execution Vulnerability (CNVD-2024-34597)
Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. A code execution vulnerability exists in Mozilla Firefox and Thunderbird, which is caused by a memory corruption in NSS. An attacker could exploit this...
Siemens Solid Edge Out-of-Bounds Read Vulnerability (CNVD-2024-23522)
Siemens Solid Edge is a 3D CAD software from Siemens Germany. The software can be used for part design, assembly design, sheet metal design, welding design and other industries. Siemens Solid Edge suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute cod...
Siemens PS/IGES Parasolid Translator component out-of-bounds read vulnerability (CNVD-2024-24528)
Parasolild Translators is a single-format translator toolkit for high-speed end-to-end translation between Parasolid and several industry formats such as STEP or IGES. An out-of-bounds read vulnerability exists in the Siemens PS/IGES Parasolid Translator component, which can be exploited by an...
Dell DM5500 Code Issues Vulnerabilities
The Dell DM5500 is an integrated solution from Dell, Inc. It provides industry-leading deduplication, data protection solutions and multi-cloud capabilities. A code issue vulnerability exists in Dell DM5500 version 5.15.0.0 and earlier, which stems from an application containing an insecure...
Exploit for Deserialization of Untrusted Data in Torrentpier
CVE-2024-1651 This CVE was discovered by Carlos Bello from the...
PT-2024-2993
The vulnerable software is CrushFTP, a managed file transfer vendor. The vulnerability affects all versions before 10.7.1 and 11.1.0 on all platforms, allowing unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrati...
Google Chrome post-release reuse vulnerability (CNVD-2024-29289)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a post-release reuse vulnerability that can be exploited by an attacker to execute arbitrary code on a system...
Siemens Simcenter Femap Memory Corruption Vulnerability
Simcenter Femap is an advanced simulation application for creating, editing and checking finite element models of complex products or systems. A memory corruption vulnerability exists in Siemens Simcenter Femap, which can be exploited by an attacker to execute code in the context of the current...
CVE-2023-6553 Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution
The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote...
CVE-2023-2186
On Triangle MicroWorks' SCADA Data Gateway version = v5.01.03, an unauthenticated attacker can send a specially crafted broadcast message including format string characters to the SCADA Data Gateway to perform unrestricted memory reads.An unauthenticated user can use this format string...
CVE-2023-27406
A vulnerability has been identified in Tecnomatix Plant Simulation All versions V2201.0006. The affected application is vulnerable to stack-based buffer while parsing specially crafted SPP files. An attacker could leverage this vulnerability to execute code in the context of the current process...
CVE-2023-24988
A vulnerability has been identified in Tecnomatix Plant Simulation All versions V2201.0006. The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the...
Exploit for OS Command Injection in Hikvision Ds-2Cd2026G2-Iu\/Sl_Firmware
CVE-2021-36260 Check whether the Sleep command is e...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
Log4J CVE-2021-44...
BusyBox Resource Management Error Vulnerability (CNVD-2021-88216)
BusyBox is a set of applications containing several linux commands and tools by Denis Vlasenko, a Ukrainian personal developer. A resource management error vulnerability exists in Busybox's awk applet, which can be exploited by an attacker to execute code while processing a specially crafted awk...
Siemens JT2Go and Teamcenter Visualization out-of-bounds write vulnerability (CNVD-2021-51453)
Siemens Jt2go is a JT file viewer.Siemens Teamcenter Visualization is a software that provides teamwork capabilities for designing 2D and 3D scenarios. An out-of-bounds write vulnerability exists in Siemens JT2Go versions prior to 13.2 and Teamcenter Visualization versions prior to 13.2. The...
Command Execution Vulnerability in HkCMS
HKCMS is an open source content management system developed on the basis of Thinkphp 5.0 framework, using an independent grouping approach. HkCMS suffers from a command execution vulnerability that can be exploited by attackers to gain control of the server...
Command Execution Vulnerability in CPE-WiFi of Beijing Grimaldi Technology Co.
Ltd. is a high-tech enterprise specializing in the design, development, manufacturing and marketing services of optical transmission and integrated access equipment for edge network. Ltd. CPE-WiFi has a command execution vulnerability that can be exploited by attackers to execute system commands...
Samsung Email application authorization issue vulnerability
Samsung Email application is a cell phone application from Samsung South Korea. It provides the function of sending and receiving e-mail. A security vulnerability exists in the Samsung Email application version, which can be exploited by an attacker to intercept the provider at the time of...