CVE-2020-21595

libde265 v1.0.4 contains a heap buffer overflow in the mcluma function, which can be exploited via a crafted a file...

CVE-2021-29986

A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. Note: This issue only affected Linux operating systems. Other operating systems are unaffected. This vulnerability affects Thunderbird 78.13, Thunderbird 91, Firefox ESR 78.13, and...

Hackers Steal Over $600 Million Worth of Cryptocurrencies from Poly Network

Hackers have siphoned $611 million worth of cryptocurrencies from a blockchain-based financial network in what's believed to be one of the largest heists targeting the digital asset industry, putting it ahead of breaches targeting exchanges Coincheck and Mt. Gox in recent years. Poly Network, a...

Arbitrary file reading vulnerability in qimengcms

qimengcms is a content management system. qimengcms has an arbitrary file read vulnerability that can be exploited by attackers to obtain sensitive information...

BlackCat CMS Cross-Site Scripting Vulnerability (CNVD-2021-51429)

Blackcat Cms is a Php-based content management system from the Blackcat team. A cross-site scripting vulnerability exists in BlackCat CMS version 1.3.6, which can be exploited by an authenticated attacker to execute arbitrary web script or HTML via a crafted payload with the "Add Page" parameter...

djvulibre has an out-of-bounds read vulnerability

djvulibre is a Web-centric format for distributing documents and images. An out-of-bounds read vulnerability exists in djvulibre, which can be exploited by an attacker to obtain sensitive information...

Google Android System Information Disclosure Vulnerability (CNVD-2021-52333)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An information disclosure vulnerability exists in the System component of Google Android versions 8.1, 9, 10, and 11, which can be exploited by an attacker to obtai...

GitLab CE HTML Injection Vulnerability

GitLab is an open source application developed using Ruby on Rails that implements a self-hosted Git project repository that can be accessed through a web interface for public and private projects.GitLab EE is the GitLab Enterprise Edition and GitLab CE is the GitLab Community Edition. GitLab CE...

Apache Jena Fuseki Cross-Site Scripting Vulnerability

Apache Jena Fuseki is a SPARQL server from the Apache Foundation USA. It can run as an operating system service, as a Java Web application WAR file, and as a standalone server. A cross-site scripting vulnerability exists in Apache Jena Fuseki versions 2.0.0 through 4.0.0, which can be exploited b...

Plone Cross-Site Scripting Vulnerability (CNVD-2021-46652)

Plone is an open source content management system CMS built on the Zope application server. Plone suffers from a cross-site scripting vulnerability in versions 5.0 through 5.2.4 that stems from the fact that if a contributor creates a folder with a SCRIPT tag in the description field, the editor ...

Google Android getEndItemSliceAction Information Disclosure Vulnerability

Google Android is a Linux-based open source operating system from the Google Open Handheld Consortium Google. An information disclosure vulnerability exists in Google Android getEndItemSliceAction. An attacker can exploit this vulnerability to cause information disclosure...

Google Android onLoadFailed elevation of privilege vulnerability

Google Android is a Linux-based open source operating system of the Google Open Handheld Consortium Google. An elevation of privilege vulnerability exists in Google Android onLoadFailed. An attacker can exploit this vulnerability to cause a local elevation of privilege...

TrendNet TW100-S4W1CA Cross-Site Request Forgery Vulnerability

The TrendNet TW100-S4W1CA is a four-port broadband router. A cross-site request forgery vulnerability exists in the TrendNet TW100-S4W1CA version 2.3.32. The vulnerability stems from a lack of proper session control. An attacker could exploit the vulnerability to make unauthorized changes to the...

The vulnerability of the TRUNCATE function implementation in the IBM DB2 database management system allows a hacker to trigger a service failure.

The vulnerability of the TRUNCATE function implementation in the IBM DB2 database management system is related to incorrect validation of input data. Exploiting this vulnerability could allow an attacker to cause service interruptions using the SELECT query operator...

SAP NetWeaver Application Server Cross-Site Scripting Vulnerability (CNVD-2021-47713)

SAP NetWeaver Application Server is an application server from SAP, Germany. A cross-site scripting vulnerability exists in SAP NetWeaver Application Server, which can be exploited by an attacker to launch a cross-site scripting attack...

YXcms has a directory traversal vulnerability

YXcms is a PHP and MySQL based enterprise building content management system CMS. A directory traversal vulnerability exists in YXcms. An exploiter can use this vulnerability to traverse files on the server to obtain sensitive information...

Microsoft SharePoint Server Remote Code Execution Vulnerability (CNVD-C-2021-142456)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A remote code executi...

The vulnerability of the Linux operating system’s kernel, which allows a hacker to increase their privileges

The vulnerability of the Linux operating system’s kernel is related to incorrect initialization of process identifiers. Exploiting this vulnerability can allow an attacker to increase their privileges...

Google Android p2p_pd.c elevation of privilege vulnerability

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. Google Android p2ppd.c suffers from an elevation of privilege vulnerability. An attacker can exploit this vulnerability to escalate privileges...

Google Android WifiScanModeActivity.java Elevation of Privilege Vulnerability

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. Google Android WifiScanModeActivity.java suffers from an elevation of privilege vulnerability. An attacker can exploit this vulnerability to escalate privileges...