CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNVD•added 2020/03/20 12:0 a.m.•1 views

Schneider Electric Limited Zelio Soft 2 installer suffers from a dll hijacking vulnerability

Zelio Soft 2 is a programming software for small intelligent controllers. A dll hijacking vulnerability exists in Zelio Soft 2 by Schneider Electric Ltd. that can be exploited by an attacker to load a malicious dll and execute malicious code...

CNVD•added 2020/03/12 12:0 a.m.•2 views

YzmCMS 'url' Cross-Site Scripting Vulnerability

YzmCMS is a lightweight open source content management system based on PHP + Mysql architecture,YzmCMS can run on Linux, Windows, MacOSX, Solaris and other platforms. YzmCMS 'url' cross-site scripting vulnerability. The vulnerability is due to the application/link/controller/link.class.php file...

6.8AI score

ThreatPost•added 2020/03/10 9:58 p.m.•86 views

Critical Bugs in Rockwell, Johnson Controls ICS Gear

Security vulnerabilities that require very little skill to exploit have been discovered in industrial control systems ICS gear from Rockwell Automation and Johnson Controls, which anchor a flurry of bug disclosures impacting critical infrastructure. First, a set of critical vulnerabilities in...

10CVSS7.6AI score0.04226EPSS

Exploits0References7

CNVD•added 2020/03/10 12:0 a.m.•1 views

Kingsoft Wordmaster has a dll hijacking vulnerability

Kingsoft Wordsmith is a translation and foreign language learning software developed by Zhuhai Kingsoft Office Software Co. A dll hijacking vulnerability exists in the Kingsoft wordmaster installer. An attacker can exploit the vulnerability to load a malicious dll and execute malicious code...

CNVD•added 2020/03/10 12:0 a.m.•1 views

Racer Live Companion installer suffers from dll hijacking vulnerability

Racer Live Companion is a live broadcasting aid based on Racer Open. There is a dll hijacking vulnerability in the installer of Racer Live Companion. Attackers can use the vulnerability to load malicious dll and execute malicious code...

NVD•added 2020/02/18 4:15 p.m.•14 views

CVE-2020-7450

In FreeBSD 12.1-STABLE before r357213, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r357214, and 11.3-RELEASE before 11.3-RELEASE-p6, URL handling in libfetch with URLs containing username and/or password components is vulnerable to a heap buffer...

9.8CVSS10AI score0.02433EPSS

Prion•added 2020/02/18 4:15 p.m.•18 views

Heap overflow

7.5CVSS9.8AI score0.02433EPSS

Exploits0References1Affected Software1

Cvelist•added 2020/02/18 3:26 p.m.•19 views

CVE-2020-7450

9.9AI score0.02433EPSS

AlpineLinux•added 2020/02/18 3:26 p.m.•34 views

CVE-2020-7450

9.8CVSS10AI score0.02433EPSS

OSV•added 2020/02/09 7:13 p.m.•5 views

MGASA-2020-0080 Updated qtbase5 packages fix security vulnerabilities

Updated qtbase5 packages fix security vulnerabilities: QPluginLoader in Qt versions 5.0.0 through 5.13.2 would search for certain plugins first on the current working directory of the application, which allows an attacker that can place files in the file system and influence the working directory...

7.3CVSS6.5AI score0.00568EPSS

Exploits1References4

FreeBSD•added 2020/01/28 12:0 a.m.•32 views

FreeBSD -- libfetch buffer overflow

Problem Description: A programming error allows an attacker who can specify a URL with a username and/or password components to overflow libfetch3 buffers. Impact: An attacker in control of the URL to be fetched possibly via HTTP redirect may cause a heap buffer overflow, resulting in program...

9.8CVSS3.6AI score0.02433EPSS

NVD•added 2019/12/26 7:15 p.m.•15 views

CVE-2019-19398

M5 lite 10 with versions of 8.0.0.182C00 have an insufficient input validation vulnerability. Due to the input validation logic is incorrect, an attacker can exploit this vulnerability to modify the memory of the device by doing a series of operations. Successful exploit may lead to malicious cod...

9.8CVSS9.6AI score0.01431EPSS

Prion•added 2019/12/26 7:15 p.m.•11 views

Input validation

7.5CVSS9.5AI score0.01431EPSS

Exploits0References1Affected Software1

CVE•added 2019/12/26 6:24 p.m.•79 views

CVE-2019-19398

The CVE-2019-19398 entry relates to Huawei M5 lite 10 devices, specifically version 8.0.0.182(C00). The root cause is insufficient input validation in the device’s software, allowing an attacker to modify memory through a sequence of operations, with the potential to execute malicious code. Publi...

9.8CVSS9.4AI score0.01431EPSS

Exploits0References1Affected Software1

2345 Viewer is vulnerable to dll hijacking.

2345 Picture Viewer is a powerful picture browsing and management software promoted by Shanghai 2,3,4,5 Network Technology Co. It fully supports browsing, management and editing of all major image formats. There is a dll hijacking vulnerability in 2345 Photo King, which can be exploited by...

2345 Website Navigation Desktop Edition is vulnerable to dll hijacking.

2345 Website Navigation Desktop Edition is a desktop navigation and management tool promoted by Shanghai 2-3-4-5 Network Technology Co. It has the functions of one-click quick access to 2345, quick creation of mini-notes, desktop calendar and so on. There is a dll hijacking vulnerability in...

2345 PDF Reader suffers from DLL hijacking vulnerability

2345 PDF Reader is a PDF file viewer software. 2345 PDF Reader has a DLL hijacking vulnerability, which can be exploited by attackers to load a malicious dll and execute malicious code...

DLL Hijacking Vulnerability in Weinview EasyConverter

Weinview EasyConverter is a tool to convert event logs and data sampling records to files. Weinview EasyConverter suffers from a DLL hijacking vulnerability that can be exploited by attackers to execute malicious code...

7.2AI score

DLL Hijacking Vulnerability in Weinview EasyBuilder Pro

EasyBuilder Pro is a screen editing software from Valiant Technology. A DLL hijacking vulnerability exists in Weinview EasyBuilder Pro, which can be exploited by attackers to execute malicious code...