195539 matches found
EventSource 信息泄露漏洞
EventSource is a pure JavaScript implementation of the EventSource client. An information disclosure vulnerability exists in versions of EventSource prior to 2.0.2, which originates from exposing sensitive information to an unauthorized Actor...
Microsoft Office 安全特征问题漏洞
Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. Commonly used components of this product include Word, Excel, Access, Powerpoint, FrontPage, and others. A security feature issue vulnerability exists in Microsoft Office. The following products an...
Fortinet FortiIsolator 安全漏洞
Fortinet FortiIsolator is a Fortinet USA application that provides remote security isolation capabilities for browsers. The application adds additional advanced threat protection capabilities to the Fortinet Security Fabric and protects business-critical data from sophisticated threats on the Web...
Red Lion DA50N 数据伪造问题漏洞
The Red Lion DA50N is a series of secure edge network gateways from Red Lion, U.S.A. The Red Lion DA50N is vulnerable to a data forgery issue that stems from the possibility that an authorized user could install a maliciously modified package file when updating the device via the Web UI, and that...
Red Lion DA50N 安全漏洞
Red Lion DA50N is a series of secure edge network gateways from Red Lion, U.S.A. A security vulnerability exists in the Red Lion DA50N that could be exploited by an attacker to gain access to stored credentials and thereby gain access to protected resources...
jc21 Nginx Proxy Manager 跨站脚本漏洞
jc21 Nginx Proxy Manager is a graphical user interface for managing Nginx servers. jc21 Nginx Proxy Manager versions prior to 2.9.17 contain a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could...
pgAdmin 代码问题漏洞
pgAdmin is an open source management and development platform for the open source database PostgreSQL. A security vulnerability exists in pgAdmin 4 versions prior to 6.7, which stems from the software's inability to validate the path of a file uploaded by a user, resulting in a path traversal...
FreeTAKServer 访问控制错误漏洞
FreeTAKServer is an open source lightweight server from the FreeTAKTeam team. It is used to connect to TAK clients. FreeTAKServer suffers from an access control error vulnerability, which stems from the fact that Endpoint/ManageRoute/postRoute can be accessed without authentication, and can be...
Yokogawa Exaopc 权限许可和访问控制问题漏洞
Yokogawa Electric is a server of Yokogawa Electric Yokogawa, a Japanese company. A security vulnerability exists in Yokogawa Electric. The vulnerability stems from the "Long-term Data Archive Package" service creating named pipes with incorrect ACL configurations. The following products and...
phpMyAdmin 信息泄露漏洞
phpMyAdmin is a free, web-based MySQL database management tool from the Phpmyadmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A security vulnerability exists in phpMyAdmin 5.1.1 and prio...
Sourceforge mbsync 缓冲区错误漏洞
Sourceforge mbsync is an application from the Sourceforge community in the United States. It provides synchronization of remote IMAP mailboxes with local maildir-style mailboxes. Sourceforge mbsync suffers from a buffer error vulnerability that stems from the fact that due to insufficient handlin...
Snapd 输入验证错误漏洞
Snapd is an open source, cross-platform package management tool. snapd is vulnerable to an input validation error that could be exploited to allow snap to escape strict snap restrictions by injecting arbitrary AppArmor policy rules through misformatted content interfaces and layout statements...
urijs 安全漏洞
urijs is a Javascript URL mutation library. A security vulnerability exists in urijs prior to 1.19.8, which stems from a user control key bypassing authorization...
Git 安全漏洞
Git is a free, open source distributed version control system. Git has a security vulnerability that stems from the fact that the --mirror documentation for Git up to 2.35.1 makes no mention of the availability of deleted content, a.k.a. the "GitBleed" problem. This could pose a security risk if...
Superjson 代码注入漏洞
superjson is a superset that securely serializes JavaScript expressions to Json. A code injection vulnerability exists in superjson that allows inputs to run arbitrary code on any server using superjson inputs without prior validation or knowledge. The only requirement is that the server implemen...
Publify 代码问题漏洞
Publify is a simple but full-featured web publishing software. A code issue vulnerability exists in Publify that stems from a business logic error in the product. The following products and versions are affected: Publify versions prior to 9.2.7...
Radareorg Radare2 缓冲区错误漏洞
radare2 is a set of libraries and tools for working with binary files. radareorg Radare2 suffers from a buffer overflow vulnerability that stems from the product's failure to effectively determine memory boundaries, which could be exploited by an attacker to cause a buffer overflow...
Fleet 授权问题漏洞
Fleet is a suite of host monitoring platforms. fleet suffers from an authorization issue vulnerability that stems from a limited ability to spoof SAML authentication with missing user authentication. No detailed vulnerability details are currently available...
Printchaser 安全漏洞
Printchaser is a solution from Informer Technologies that enables companies to sense and track the dangers of unauthorized information outflow by applying print log management and monitoring as well as inserting watermarks into printouts from office PCs. Printchaser has a security vulnerability...
Microsoft Windows Common Log File System Driver 信息泄露漏洞
The Microsoft Windows Common Log File System Driver is Microsoft's Common Log File System CLFS API that provides a high-performance, general-purpose log file subsystem that can be used by specialized client applications and shared by multiple clients to optimize logging and access. access. An...
Markdown To Pdf 输入验证错误漏洞
Markdown To Pdf is a simple and crackable Cli tool from the individual developer Simon Hanisch in Germany. It is used to convert Markdown to pdf. An input validation error vulnerability exists in Markdown To Pdf, which stems from the product's use of gray-matter to parse front-end content when th...
Prestashop SQL注入漏洞
Prestashop is a set of open source e-commerce solutions from the United States Prestashop. The solution provides multiple payment methods, SMS alerts and product image scaling and other features. PrestaShop 1.7.8.2 before the version of the SQL injection vulnerability , the vulnerability stems fr...
WordPress SQL注入漏洞
WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. The WordPress Secure Copy Content Protection and Content Locking plugin has a SQL injection vulnerabili...
D-Link DIR-809 缓冲区错误漏洞
A buffer error vulnerability exists in the D-Link DIR-809, a dual-band router from D-Link China. The vulnerability stems from the failure of the sub80046EB4 function in the product/formSetPortTr link to effectively determine data boundaries. An attacker could cause a buffer overflow resulting in ...
IBM Planning Analytics 注入漏洞
IBM Planning Analytics is a business planning and analysis solution from IBM Corporation. The solution supports automated execution of business planning, budgeting, and analysis processes.IBM Planning Analytics has a security vulnerability that stems from incorrect validation of csv file content...
Hyperledger Fabric 代码问题漏洞
Hyperledger Fabric is an enterprise licensed distributed ledger framework. It is used to develop solutions and applications. A code issue vulnerability exists in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0, which can be exploited by an attacker by constructing a message with a payload of zero and...
Cisco Firepower Threat Defense 安全漏洞
Cisco Firepower Threat Defense FTD is a suite of unified software from Cisco that provides next-generation firewall services. A security vulnerability exists in Cisco Firepower Threat Defense FTD and Cisco Adaptive Security Appliances Software ASA Software that stems from invalid access control. ...
Intel HAXM 资源管理错误漏洞
Intel HAXM Intel Hardware Accelerated Execution Manager is a cross-platform hardware-assisted virtualization engine hypervisor from Intel Corporation that is widely used as a gas pedal for Android Emulator and QEMU. Intel HAXM suffers from a resource management error vulnerability, which arises...
Cisco Expressway Series和Cisco TelePresence Video Communication Server 数据伪造问题漏洞
Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS are both products of Cisco, Inc.Cisco Expressway Series is software for accessing devices outside the firewall. The software provides simple, highly secure access for users outside the firewall, helping telecommuters wo...
Bento4 缓冲区错误漏洞
Bento4 is an open source C library for reading and writing MP4 files. Bento4 suffers from a heap buffer overflow vulnerability, which stems from a lack of proper boundary checking in the AP4StdcFileByteStream :: ReadPartial component of /StdC/Ap4StdCFileByteStream.cpp. An attacker could exploit...
Rust 跨站脚本漏洞
Rust is a general-purpose, compiled programming language from the Mozilla Foundation.A cross-site scripting vulnerability exists in ammonia prior to Mozilla Rust 3.1.0, which can be exploited by attackers to inject malicious scripts into web pages...
Adobe After Effects 输入验证错误漏洞
Adobe After Effects "AE" is a graphics and video processing software from Adobe for organizations involved in design and video special effects, including television stations, animation production companies, personal post-production studios, and multimedia studios. Effects 18.2.1 and earlier...
Oracle Database Server 输入验证错误漏洞
Oracle Database Server is an object-a relational database management system that provides an open, comprehensive, and integrated approach to information management. A security vulnerability exists in the Database Vault component of Oracle Database Server version 12.2.0.1, 19c. An attacker could...
Joomla! CMS 输入验证错误漏洞
is a set of forum components used in the Joomla! content management system. Joomla! is vulnerable to an input validation error in versions 2.5.0 to 3.9.27, which can be exploited by attackers to cause corruption in the usergroups table...
Moodle 操作系统命令注入漏洞
Moodle is a learning platform designed to provide educators, administrators, and learners with a system for creating personalized learning environments. A command execution vulnerability exists in an older version of the Spell Checker plugin that is included by default in Moodle version 3.10. An...
Open Design Alliance Drawings SDK 缓冲区错误漏洞
Open Design Alliance Drawings SDK is a software development kit for drawing design applications from Open Design Alliance, USA. The SDK provides access to .dwg and .dgn data through a convenient, object-oriented API, a C++ API, support for repairing files, and support for . An out-of-bounds read...
WordPress 插件 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A security vulnerability exists in the Smooth Scroll Page...
Tenancy multi-tenant 输入验证错误漏洞
Tenancy multi-tenant is an open source multi-domain controller. Tenancy multi-tenant suffers from an open redirection vulnerability that can be exploited by an attacker to redirect a user's site to any other site using a specially crafted URL...
FFmpeg 缓冲区错误漏洞
FFmpeg is a set of open source computer programs that can be used to record, convert digital audio and video to streams under the LGPL or GPL license. A buffer overflow vulnerability exists in the filteredges function in libavfilter/vfyadif.c in FFmpeg version 4.2. An attacker could exploit this...
SOURCEFORGE Adminer 跨站脚本漏洞
SOURCEFORGE Adminer is an application from the American SOURCEFORGE community. Provides database management in a single PHP file. A security vulnerability exists in Adminer versions 4.6.1 through 4.8.0, which stems from Adminer's use of the pdo extension to communicate with the database, and...
fluidsynth 资源管理错误漏洞
fluidsynth is an application system. for generating audio by reading and processing MIDI events from MIDI input devices using SoundFont. A resource management error vulnerability exists in fluidsynth, which stems from use after a free conflict was discovered, and may be triggered when loading an...
NVIDIA GPU Display Driver 安全漏洞
NVIDIA GPU Display Driver is an American NVIDIA driver for interactive support of graphics card display modules in operating systems. A security vulnerability exists in the NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver branch, which stems from the use of reference counting...
Apache Solr 代码问题漏洞
Apache Solr is a standalone enterprise-class search application server. The Apache Solr server-side request forgery vulnerability can be exploited by an attacker to gain access to an intranet by constructing a request containing a malicious URL...
Microsoft Word 代码注入漏洞
Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Word, which can be exploited by an attacker to execute arbitrary code on a system with the victim's privileges...
Aruba Instant Access Point 跨站脚本漏洞
Aruba Access Points is a wireless network from Aruba USA. It provides Internet access. A security vulnerability exists in Aruba Instant Access Points that allows arbitrary commands to be executed remotely. The following products and versions are affected: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and...
keycloak 安全漏洞
Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in keycloak that could allow an attacker to access the contents of the directory in which keycloak is stored...
Freebsd FreeBSD Competitive Conditions Problem Vulnerability
FreeBSD is a Unix-like operating system from the Freebsd Foundation. FreeBSD has a security vulnerability that can be exploited by an attacker to bypass restrictions via jail remove Unkilled Processes of FreeBSD to escalate his privileges...
GNOME Evolution Data Forgery Issue Vulnerability
GNOME Evolution is a suite of email client programs for the Gnome desktop environment for Linux. The program provides Email, calendar, meeting scheduling, contact management, and other features. A data forgery issue vulnerability exists in GNOME Evolution through 3.38.3, which stems from Evolutio...
TP-Link Tapo C110 格式化字符串错误漏洞
The TP-Link Tapo C110 is an indoor network camera produced by TP-Link Corporation. The TP-Link Tapo C110 v2 has a vulnerability related to formatted string handling. This vulnerability stems from improper processing of user control inputs in the ONVIF service. It is possible for authenticated...
Google Chrome 资源管理错误漏洞
Google Chrome is a cross-platform web browser developed by Google. It is primarily used for accessing web pages, running web applications, and providing various extended features. There is a resource management vulnerability in Google Chrome, which stems from improper handling of references after...