195539 matches found
Sante DICOM Viewer Pro 安全漏洞
Santesoft Sante DICOM Viewer Pro is a powerful viewer, anonymizer, converter and PACS client from Santesoft Cyprus. Works with DICOM files of all models and manufacturers. A security vulnerability exists in Sante DICOM Viewer Pro, which stems from a lack of proper validation of user-supplied data...
Cisco IP Phone 安全漏洞
The Cisco IP Phone is a hardware device from the American company Cisco, Inc. IP Phone that provides calling capabilities. A security vulnerability exists in the Cisco IP Phone that stems from a lack of authentication to a specific endpoint, which could allow an unauthenticated remote attacker to...
WordPress Plugin No-Bot Registration 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
WordPress plugin Gutenberg Blocks by Kadence Blocks 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in th...
s::can moni::tools SQL Injection Vulnerability
s::can moni::tools is a platform from s::can for managing a virtually unlimited number of sites, online probes, analyzers, and parameters. A SQL injection vulnerability exists in s::can moni::tools version 4.6.3, which originates from the ability to send a specially crafted SQL query to the serve...
GitLab Access Control Error Vulnerability
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. GitLab suffers from an Access Control Error vulnerability that stems from the...
stereoscope path traversal vulnerability
stereoscope is a library for working with container image contents, layer file trees, and compressed file trees. A path traversal vulnerability exists in stereoscope versions prior to 0.0.1, which stems from an attempt by Stereoscope to unarchive content that will result in writing to a path...
Google Chromecast Security Breach
Google Chromecast is a technology from the American company Google Google. It allows you to stream your favorite entertainment and apps from your phone, tablet or laptop directly to your TV or speakers. Google Chromecast has a security vulnerability that stems from the presence of a code executio...
Microsoft ASP.NET Core Security Vulnerability
Microsoft ASP.NET Core is a framework of cross-platform open source framework from Microsoft. The framework is used to build cloud-based applications such as Web applications, Internet of Things applications, and mobile backends. A security vulnerability exists in Microsoft ASP.NET Core. An...
Microsoft Windows Codecs Library Security Vulnerability
The Microsoft Windows Codecs Library is a library of features for the Microsoft Windows system from Microsoft Corporation. A security vulnerability exists in the Microsoft Windows Codecs Library. An attacker can exploit this vulnerability to remotely execute code. The following products and...
Diebold Nixdorf Vynamic View Console Code Issue Vulnerability
The Diebold Nixdorf Vynamic View Console is a system from Diebold Nixdorf that allows remote changes to all PC-based devices via Intel Active Management Technology AMT BIOS management. A security vulnerability exists in Diebold Nixdorf Vynamic View Console v.5.3.1 and prior versions, which...
Microsoft Service Fabric 安全漏洞
Microsoft Service Fabric is a set of distributed system platform from Microsoft. The platform is primarily used for packaging, deploying, and managing microservices and containers. A security vulnerability exists in Microsoft Service Fabric. An attacker could exploit this vulnerability to obtain...
WordPress plugin qubotchat 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
WordPress plugin ReviewX 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress Plugin WooFramework Tweaks 输入验证错误漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation error...
GitLab 资源管理错误漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. GitLab suffers from a Resource Management Error vulnerability that stems from ...
NFine Rapid Development Platform 安全漏洞
NFine Rapid Development Platform is a C language based, very fast WEB + ORM framework for NFine individual developers. A security vulnerability exists in NFine Rapid Development Platform, which stems from systemManage/Organize/GetTreeGridJson?search=false&nd=1681813520783&rows=10000&page=1&...
Kubernetes ingress-nginx 安全漏洞
Kubernetes ingress-nginx is the entry controller for Cloud Native Computing Foundation's Kubernetes, using NGINX as a reverse proxy and load balancer. A security vulnerability exists in Kubernetes ingress-nginx. An attacker can exploit this vulnerability to obtain the credentials of the...
Trust Wallet Core 安全特征问题漏洞
Trust Wallet Core is an open source, cross-platform, mobile-centric library from Trust Wallet, Inc. A security vulnerability exists in Trust Wallet Core versions prior to 3.1.1, Trust Wallet browser extension prior to 0.0.183, which stems from mt19937 Mersenne Twister uses a single 32-bit value a...
SolarWinds Database Performance Analyzer 路径遍历漏洞
SolarWinds Database Performance Analyzer is a set of database performance analyzers from SolarWinds Inc. in the United States. The product is used for SQL query performance monitoring, analysis and tuning, etc. A security vulnerability exists in SolarWinds Database Performance Analyzer version...
Spring Framework 安全漏洞
Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications. Spring Boot has a security vulnerability that stems from a security bypass using wildcard pattern matching...
WordPress plugin Stylish Cost Calculator Premium 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
Apache Linkis 代码问题漏洞
Apache Linkis is a library of the U.S. Apache Apache Foundation. Helps to easily connect various backend compute/storage engines. A code execution vulnerability exists in Apache Linkis 1.3.1 and earlier versions, which stems from a lack of valid filtered parameters, and can be exploited by an...
VISAM VBASE 代码问题漏洞
VISAM VBASE is a data acquisition and monitoring system from VISAM Germany. A code issue vulnerability exists in VISAM VBASE Automation Base versions prior to 11.7.5 that stems from the presence of an information leak...
多款Tenda产品 命令注入漏洞
Tenda CP7 and others are a smart camera from Tenda China. Tenda has a security vulnerability that stems from the susceptibility of certain products to command injection attacks, the following products and versions are affected: Tenda CP7 Tenda CP7 V11.10.00.2211041403 and prior versions, Tenda CP...
Microsoft SQL Server 安全漏洞
Microsoft ODBC Driver is a driver from Microsoft. It allows applications to access data in a database management system DBMS using SQL as the standard for accessing data. A security vulnerability exists in Microsoft SQL Server. The following products and editions are affected:Microsoft SQL Server...
Siemens Teamcenter Visualization 和 JT2Go 缓冲区错误漏洞
Siemens Teamcenter Visualization is a software that provides team collaboration capabilities for designing 2D and 3D scenes. Siemens JT2GO is a JT file viewer. Siemens Teamcenter Visualization and JT2Go are vulnerable to a heap buffer overflow vulnerability that could be exploited by an attacker ...
Open vSwitch 缓冲区错误漏洞
Open vSwitch is an open source virtual switch. Open vSwitch suffers from a buffer error vulnerability that stems from allowing an attacker to achieve integer underflow in its specific TLV...
WordPress plugin SMSA Shipping for WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
FFmpeg 代码问题漏洞
FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. FFmpeg has a code issue vulnerability that stems from the vp3decodeframe function in its libavcodec/vp3.c file that does not reasonably check the return result of the avmalloc function, whi...
Apple iOS 安全漏洞
Apple iOS is a set of operating systems developed for mobile devices by the American company Apple. A security vulnerability exists in Apple iOS and macOS. No information about this vulnerability is available at this time, so stay tuned to CNNVD or the manufacturer's bulletin...
Proofpoint Enterprise Protection 跨站脚本漏洞
Proofpoint Enterprise Protection is an application from Proofpoint USA. It provides functionality to protect e-mail. A security vulnerability exists in Proofpoint Enterprise Protection PPS/PoD version 8.19.0 and prior versions, which stems from the Administrator Smart Search feature containing a...
AMI MegaRAC 安全漏洞
AMI MegaRAC is a family of service processor products from AMI. Complete out-of-band or unlit remote management of computer systems independent of operating system state or location is available to troubleshoot computers and ensure service continuity. A security vulnerability exists in AMI MegaRA...
FusionAuth 路径遍历漏洞
FusionAuth is FusionAuth open source a best-of-breed authentication solution built for developers. A security vulnerability exists in versions prior to FusionAuth 1.41.3 that stems from allowing files outside of the application root directory to be viewed or retrieved using HTTP requests...
OpenKM 安全漏洞
OpenKM is a document management system from OpenKM Spain. The system provides features such as version control, file history and file sharing. A security vulnerability exists in OpenKM versions prior to 6.3.11, which originates from an unknown function getFileExtension in the...
VMware Workspace ONE Assist 跨站脚本漏洞
VMware Workspace ONE Assist is a real-time remote support solution from VMware, Inc. Allows VMware Workspace ONE UEM administrators to remotely access and troubleshoot devices in real-time while respecting end-user privacy. A security vulnerability exists in VMware Workspace ONE Assist prior to...
Palantir 日志信息泄露漏洞
Palantir is a data platform from US-based Palantir that reimagines how people use data by removing the barriers between back-end data management and front-end data analysis. A security vulnerability exists in Palantir Foundry Magritte plugin osisoft-pi-web-connector prior to version 0.44.0, which...
Apache Spark 注入漏洞
Apache Spark, a large-scale data processing engine from the Apache Foundation that supports acyclic data streaming and in-memory computing, is vulnerable to injection. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in a user's web browser...
Gitea 参数注入漏洞
Gitea is a lightweight Go-based git service developed by the Gitea community. A security vulnerability exists in versions of Gitea prior to 1.17.3, which stems from its failure to clean up and escape references in the git backend resulting in incorrectly handled arguments to git commands...
Apache Airflow 代码问题漏洞
Apache Airflow is an open source platform for creating, managing, and monitoring workflows from the Apache Foundation. Apache Airflow 2.4.1 and earlier versions have a code issue vulnerability that stems from the failure of deactivated users to prevent authenticated users from continuing to use t...
Bento4 安全漏洞
Bento4 is an open source C++ library for reading and writing MP4 files. A denial of service vulnerability exists in Bento4 version 1.6.0-639, which stems from excessive memory consumption in the AP4Array ::EnsureCapacity function in Core/Ap4Array.h. The vulnerability can be exploited to cause a...
Google TensorFlow 安全漏洞
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google, Inc. in the United States. Google TensorFlow suffers from a security vulnerability that stems from FractionalMaxPoolGrad validating its inputs by asserting a failure instead of returning an error. T...
Microsoft .NET Framework 安全漏洞
Microsoft .NET Framework is a comprehensive and consistent programming model from Microsoft Corporation USA and a development platform. The platform includes the C and Visual Basic programming languages, a public language runtime library, and an extensive class library. A security vulnerability...
FPT G-97RG6M和FPT G-97RG3 操作系统命令注入漏洞
The FPT G-97RG6M and FPT G-97RG3 are both modems from FPT Vietnam. An operating system command injection vulnerability exists in the FPT G-97RG6M version R4.2.98.035, and the G-97RG3 version R4.2.43.078, which stems from vulnerability to remote command execution in the ping function...
libmodbus 缓冲区错误漏洞
libmodbus is a library written in C that can send/receive data according to the Modbus protocol. A security vulnerability exists in libmodbus, which stems from a heap-based buffer overflow flaw found in the function modbusreply in src/modbus.c. The vulnerability is caused by a heap-based buffer...
Patlite 缓冲区错误漏洞
Patlite is a network monitoring indicator from Patlite Japan. It is used to detect network anomalies with instant notification by light, sound and email. A buffer error vulnerability exists in Patlite versions 1.45 and earlier, which stems from the fact that it allows an attacker to implement a...
WordPress plugin Sharebar 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. versions of the WordPress Sharebar plugin prior to 1.4.1 are vulnerable to cross-site request...
IBM App Connect Enterprise 信任管理问题漏洞
IBM App Connect Enterprise is an operating system from IBM Corporation of the U.S.A. IBM App Connect Enterprise combines existing industry-trusted IBM Integration Bus technology with IBM App Connect Professional and new cloud-native technologies to IBM App Connect Enterprise combines existing...
OpenSSL 缓冲区错误漏洞
OpenSSL is an open source Openssl team's general-purpose cryptographic library capable of implementing Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. The product supports multiple encryption algorithms, including symmetric ciphers, hashing algorithms, secure hashing...
Dell BSAFE Micro Edition Suite 缓冲区错误漏洞
Dell BSAFE Micro Edition Suite is a development kit that provides encryption, certificate, and transport layer security for c/c applications, devices, and systems.Dell BSAFE Micro Edition Suite is vulnerable to a buffer overflow vulnerability that could be exploited by remote attackers to submit ...