195539 matches found
Tor 信息泄露漏洞
Tor is a network of virtual tunnels. It allows individuals and groups to increase their privacy and security on the Internet. An information disclosure vulnerability exists in Tor. An attacker could forge RELAYEND or RELAYRESOLVED to end a stream bypassing expected access controls...
Cesanta MJS 缓冲区错误漏洞
Cesanta MJS is an embedded JavaScript engine for C/C++, designed for resource-constrained microcontrollers. A stack overflow vulnerability exists in parseunary in Cesanta MJS version 1.20.1. An attacker can exploit this vulnerability via specially crafted files to cause a denial of service...
http4s 路径遍历漏洞
Http4s is an open source for Scala streaming HTTP server . Http4s has a path traversal vulnerability that can be exploited by an attacker to obtain sensitive information...
Huawei ESE620X vESS 缓冲区错误漏洞
Huawei ESE620X vESS is a virtual enterprise service controller from Huawei, China. A security vulnerability exists in ESE620X vESS, which is caused by an out-of-bounds read in a function that handles internal messages. An attacker could use this vulnerability to send a constructed exception messa...
Google TensorFlow 缓冲区错误漏洞
Google TensorFlow is an end-to-end open source machine learning platform. A security vulnerability exists in tf.rawops.SparseSplit in Google TensorFlow. A locally authenticated attacker can exploit this vulnerability to cause a denial of service condition...
Istio 授权问题漏洞
Istio is a set of open platforms for connecting, managing, and securing microservices. Istio is vulnerable to an authorization issue. An attacker could use this vulnerability to bypass the program's authorization service...
Google Android 输入验证错误漏洞
Android is a Linux-based open source operating system developed by Google Inc. and the Open Handheld Alliance OHA. an elevation of privilege vulnerability exists in Google Android sqlite3.c. An attacker could exploit this vulnerability to escalate privileges...
PHPMailer 代码问题漏洞
PHPMailer is a PHP class library for sending emails. PHPMailer is vulnerable to a code issue that allows object injection via addAttachment with a UNC pathname via Phar deserialization. No details of the vulnerability are currently available...
Red Hat Resteasy 跨站脚本漏洞
Red Hat Resteasy is the United States Red Hat Red Hat, a JAX-RS a Java programming language API specification implementation. A cross-site scripting vulnerability exists in Red Hat RESTEasy. An attacker can exploit the vulnerability to launch a reflected XSS attack...
Cisco Jabber for Windows 输入验证错误漏洞
Cisco Jabber is a web conferencing and instant messaging application that allows users to send messages over the Extensible Messaging and Status Protocol XMPP. A code execution vulnerability exists in Cisco Jabber, which is caused by incorrect validation of message content. An attacker can send...
Sass Node-sass Trust Management Issues Vulnerability
Sass Node-sass is a C++-based codebase from the Gogo Sass team that supports Node interaction with LibSass. A security vulnerability exists in node-sass 2.0.0 to 4.14.1, which stems from certificate validation being disabled...
SolidInvoice 安全漏洞
SolidInvoice is an open-source invoice processing application developed by SolidInvoice. Versions of SolidInvoice prior to 2.3.17 contained a security vulnerability. This vulnerability stemmed from API tokens being stored in the apitokens database table in plain text, which could allow attackers...
openSIS Classic 安全漏洞
openSIS Classic is an easy-to-use student information system developed under Open Solutions for Education. It is used to organize student information and school-related operations, thereby improving the efficiency of K-12, trade schools, and higher education school systems. Version 9.3 of openSIS...
Duck Site 安全漏洞
Duck Site is a website content management tool open source by the Duck Organization. Versions of Duck Site prior to 1.0.1 contained security vulnerabilities. These vulnerabilities stemmed from improper deployment of workflow condition checks, which could allow attacker-controlled pull request cod...
tmp 输入验证错误漏洞
“tmp” is a temporary file and directory creator developed by KARASZI István as a Node.js tool. Version 0.2.6 of “tmp” contains a vulnerability related to input validation. This vulnerability arises from the “assertPath” guard, which only rejects string values that contain the substring “..”. When...
Thai Palliative SQL注入漏洞
Thai Palliative is a modified version of the PHP framework developed by DAMASAC KKU. Versions of Thai Palliative 3.0 and earlier have a SQL injection vulnerability. This vulnerability arises from the lack of cleaning or parameterization of the idFormMain parameter and the id parameter, which may...
MariaDB Server 命令注入漏洞
MariaDB Server is an open-source relational database system developed by MariaDB. Versions 10.6.1 to 10.6.26, 10.11.1 to 10.11.17, 11.4.1 to 11.4.11, 11.8.1 to 11.8.7, and 12.3.1 of MariaDB Server have a vulnerability related to operating system command injection. This vulnerability arises from...
Keras 路径遍历漏洞
Keras is an open-source deep learning framework developed by Keras. Versions of Keras prior to 3.14.0 contained a path traversal vulnerability. This vulnerability stemmed from a path traversal issue in the archive extraction tool. The functions filtersafetarinfos and filtersafezipinfos used to...
ImageMagick 缓冲区错误漏洞
ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It allows for reading, converting, and writing images in various formats. Versions of ImageMagick prior to 6.9.13-48 and 7.1.2-23 contained a buffer error vulnerability. This vulnerability could be...
ImageMagick 信息泄露漏洞
ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 6.9.13-48 and 7.1.2-23 contained a vulnerability related to information leakage. This vulnerability stemm...
ImageMagick 竞争条件问题漏洞
ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It allows for reading, converting, and writing images in various formats. Versions of ImageMagick prior to 6.9.13-48 and 7.1.2-23 contained a race condition vulnerability. This vulnerability stemme...
ImageMagick 缓冲区错误漏洞
ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 6.9.13-47 and 7.1.2-22 contained a buffer error vulnerability. This vulnerability occurred when malicious...
Palo Alto Networks PAN-OS 安全漏洞
Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall devices. There is a security vulnerability in Palo Alto Networks PAN-OS, which stems from privilege escalation. This vulnerability may allow authenticated administrators with access through the comma...
Dulwich 资源管理错误漏洞
Dulwich is a Python-based Git repository management interface developed by Jelmer Vernooij. Versions of Dulwich prior to 1.2.5 contained a resource management vulnerability. This vulnerability stemmed from the allocation of memory based on the destsize parameter when handling special thin package...
Russh 输入验证错误漏洞
Russh is a Rust SSH client and server library developed by Eugene as a personal project. In versions of Russh from 0.34.0-beta.1 to 0.61.0, there was an input validation vulnerability. This vulnerability stemmed from lax implementation of SSH identifier string rules. The server-side identifier...
Russh 授权问题漏洞
Russh is a Rust SSH client and server library developed by Eugene as a personal project. In versions of Russh from 0.34.0-beta.1 to 0.61.0, there was an authorization vulnerability. This vulnerability stemmed from the server authentication path not separating the internal authentication state whe...
OpenVM 输入验证错误漏洞
OpenVM is an open-source, high-performance, and modularized zkVM framework designed for customization and scalability. Prior to OpenVM 1.6.0, there was a vulnerability related to input validation errors. This vulnerability stemmed from the tryhonestpairingcheck function in the openvm-pairing...
Fission 安全漏洞
Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.25.0 contained security vulnerabilities. These vulnerabilities stemmed from a lack of inclusion of CAPSYSTIME in the capability checks during PodSpec security validation. As a result, tenan...
Fission 安全漏洞
Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.24.0 contained security vulnerabilities. These vulnerabilities stemmed from tenants with permissions to execute privileged/allowed-privileged/hazardous containers, under the account with hi...
Lenovo Android Application 安全漏洞
Lenovo Android Application is an application developed by Lenovo Corporation, designed for managing Lenovo devices. There is a security vulnerability in Lenovo Android Application, which stems from websites accessed via the built-in browser potentially overwriting system clipboard contents...
Migration assessment 安全漏洞
Migration assessment is an open-source tool developed by KubeV2V for evaluating and providing migration recommendations for VMware environments. There is a security vulnerability in Migration assessment. This vulnerability stems from the /api/v1/sources/id/image-url endpoint, where improper acces...
Jenkins 安全漏洞
Jenkins is an open-source application developed by Jenkins Project. The open-source automation server Jenkins offers hundreds of plugins to support building, deploying, and automating any project. Jenkins versions 2.567 and earlier, as well as LTS 2.555.2 and earlier, have security vulnerabilitie...
NSA Ghidra 参数注入漏洞
NSA Ghidra is an open-source reverse-engineering tool developed by the National Security Agency National Security Agency of the United States. Prior to version 12.1 of NSA Ghidra, there was a parameter injection vulnerability. This vulnerability stemmed from improper escaping of the ‘cmd.exe’...
QNAP license center 路径遍历漏洞
QNAP Systems License Center is a licensing management system operated by QNAP Systems, a company based in Taiwan, China. Versions of QNAP Systems License Center prior to 1.9.56 contained a path traversal vulnerability. This vulnerability allows local attackers to use administrative accounts to...
ESP-IDF 缓冲区错误漏洞
ESP-IDF is an open-source development framework for Espressif’s SoCs, supported on Windows, Linux, and macOS. Versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1 of ESP-IDF contain buffer overflow vulnerabilities. These vulnerabilities stem from an out-of-bounds read issue in the DHCP server option...
QNAP file station 缓冲区错误漏洞
QNAP Systems File Station 5 is a file management system developed by QNAP Systems, a company based in Taiwan, China. QNAP Systems File Station 5 has a security vulnerability that stems from a buffer overflow issue. This vulnerability could allow remote attackers to modify memory or cause processe...
VMware Spring for Apache Kafka 安全漏洞
VMware Spring for Apache Kafka is a Kafka messaging integration framework developed by VMware, Inc. Vulnerabilities exist in versions 4.0.0 and earlier, as well as versions 3.3.0 and earlier, 3.2.0 and earlier, 2.9.0 and earlier, and 2.8.0 and earlier of VMware Spring for Apache Kafka. The...
Umbraco 跨站脚本漏洞
Umbraco is an open-source content management system CMS written in C by the Danish company Umbraco. Versions of Umbraco from 14.0.0 to 17.4.0 had a cross-site scripting vulnerability. This vulnerability allowed authenticated users to inject HTML into input fields, with improperly encoded output i...
ImageMagick 安全漏洞
ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 7.1.2-25 contained security vulnerabilities. These vulnerabilities stemmed from specially crafted...
QNAP qumagie 信息泄露漏洞
QNAP Systems QuMagie is a QTS photo management application developed by QNAP Systems. There is a security vulnerability in QNAP Systems QuMagie, which stems from lack of authorization. This vulnerability may allow remote attackers to access unauthorized data or perform unauthorized operations. Th...
WordPress plugin Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among...
Microsoft Exchange Server 服务端请求伪造漏洞
Microsoft Exchange Server is a email service program provided by the American company Microsoft. It offers features such as email access, storage, forwarding, voicemail handling, and email filtering. There are code vulnerabilities in Microsoft Exchange Server. Attackers can exploit these...
OpenSSL 安全漏洞
OpenSSL is an open-source encryption library developed by the OpenSSL team, capable of implementing Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure hash...
Microsoft Azure Stack Edge 跨站脚本漏洞
Microsoft Azure Stack Edge is a Azure-hosted device by Microsoft that integrates Azure computing, storage, and intelligent features at the edge. Microsoft Azure Stack Edge has a cross-site scripting vulnerability. Attackers can exploit this vulnerability to perform phishing attacks...
Microsoft Windows Attestation 输入验证错误漏洞
Microsoft Windows Attestation is an open-source device certification service based on TPM hardware trust roots, developed by Microsoft in the United States. Microsoft Windows Attestation has a security vulnerability that stems from a violation of trust boundaries, which may allow authorized...
Adobe CAI Content Credentials 资源管理错误漏洞
Adobe CAI Content Credentials is a content trust marking system provided by Adobe Inc., which offers capabilities for authenticating digital content sources and tracking its editing history. The Adobe CAI Content Credentials version [email protected] and versions prior to c2pa-v0.80.1 have a resourc...
Adobe CAI Content Credentials 资源管理错误漏洞
Adobe CAI Content Credentials is a content trust marking system provided by Adobe Inc., which offers capabilities for authenticating digital content sources and tracking its editing history. The Adobe CAI Content Credentials version [email protected] and versions prior to c2pa-v0.80.1 have a resourc...
Adobe Acrobat Reader 资源管理错误漏洞
Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. in the United States. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30365, 26.001.21651, and earlier versions have a resource management vulnerability that ste...
Microsoft Bing 处理逻辑错误漏洞
Microsoft Bing is a web search engine developed by Microsoft Corporation in the United States. There are security vulnerabilities in Microsoft Bing. Attackers exploit these vulnerabilities to carry out phishing attacks...