195539 matches found
ruby-git 代码注入漏洞
ruby-git is a Ruby library. It can be used to create, read, and manipulate Git repositories by wrapping system calls into git binaries. A security vulnerability exists in ruby-git v1.13.0 and earlier versions that could allow an authenticated, remote attacker to execute arbitrary ruby code by...
多款Panasonic产品跨站请求伪造漏洞
The Panasonic VCC-HD5600P, among others, is a surveillance camera from Panasonic Corporation Panasonic of Japan. A cross-site request forgery vulnerability exists in multiple Panasonic products, versions 1.02-05 and 2.03-0x, which stems from vulnerability to cross-site request forgery attacks. An...
Fortinet FortiPortal 跨站脚本漏洞
Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi and FortiAP product lines, available as a virtual machine for MSPs. attacker could exploit the vulnerability to execute stored cross-site scripting by sending...
memos 访问控制错误漏洞
memos is an open source hosted memo center with knowledge management and social features. An access control error vulnerability exists in versions prior to memos 0.9.1, which can be exploited by an attacker to edit and delete all other user shortcuts...
studygolang 跨站脚本漏洞
studygolang is a Go language Chinese network studygolang open source . studygolang has a security vulnerability , the vulnerability stems from an unknown part of the file static/js/topics.js , the operation of the parameter contentHtml leads to cross-site scripting...
Beijing Zed-3 Technologies VoIP simpliclty 跨站脚本漏洞
Beijing Zed-3 Technologies VoIP simpliclty is a web portal of Beijing Zed-3 Technologies Beijing, China. A security vulnerability exists in VoIP simplilty ASG version 8.5.0.17807 20181130-16:12, which stems from the presence of cross-site scripting attacks XSS...
Microsoft Office Visio 安全漏洞
Microsoft Office is a suite of office software developed by Microsoft Corporation based on the Windows operating system. Microsoft Office Visio is vulnerable to remote code execution. An attacker could exploit the vulnerability to execute code on the target host...
WordPress plugin Easy Digital Downloads 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A CSV injection vulnerabili...
Mz Automation Libiec61850 路径遍历漏洞
Mz Automation Libiec61850 is an open source library for the IEC 61850 protocol from Mz Automation. A path traversal vulnerability exists in Mz Automation Libiec61850 version 1.4 and earlier, which stems from unknown code in the src/mms/isomms/client/mmsclientfiles.c file of the MMS File Services...
Intel Processors 安全漏洞
Intel Processors are American Intel Corporation's provide for interpreting computer instructions and processing data in computer software. A security vulnerability exists in Intel Processors, no information about this vulnerability is available at this time, please stay tuned to CNNVD or the...
Microsoft Word 安全漏洞
Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. An information disclosure vulnerability exists in Microsoft Word, which can be exploited by attackers to obtain sensitive information...
Xen 安全漏洞
Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports migration at runtime to ensure uptime and avoid downtime.Guest is an application product. Xen...
Apache Kylin 操作系统命令注入漏洞
Apache Kylin is the United States Apache Apache Foundation of an open source distributed analytical data warehouse . The product mainly provides Hadoop/Spark on top of the SQL query interface and multidimensional analysis OLAP and other functions. Kylin suffers from an operating system command...
VMware vCenter Server 代码问题漏洞
VMware vCenter Server is a suite of server and virtualization management software from VMware. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructures. A security vulnerability exists in VMware...
Huawei HarmonyOS 缓冲区错误漏洞
Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a microkernel-based distributed operating system. The Huawei HarmonyOS mptcp module is vulnerable to an out-of-bounds read vulnerability, which could be exploited to modify program information to enable root...
Nasm 缓冲区错误漏洞
Nasm is an open source programming tool software. A buffer overflow vulnerability exists in Nasm v2.16, which stems from the inclusion of a stack overflow in the Ndisasm component. No detailed vulnerability details are provided at this time...
Express XSS Sanitizer 安全漏洞
Express XSS Sanitizer is a personal development by AhmedAdelFahim to clean user input data in req.body, req.query, req.headers and req.params to prevent cross-site scripting XSS attacks. express XSS Sanitizer A prototype contamination vulnerability exists in versions prior to 1.1.3, which stems...
Apache InLong 代码问题漏洞
Apache InLong is the U.S. Apache Apache Foundation's one-stop massive data integration framework. Provides automated, secure and reliable data transfer capabilities. A deserialization vulnerability exists in Apache InLong versions prior to 1.3.0, which arises from unsafe deserialization of...
Slims9 Bulian 跨站脚本漏洞
Slims9 Bulian is a free and open source software from the Indonesian Slims community. It is used for library resource management e.g. books, journals, digital files and other library materials and management. A security vulnerability exists in Slims9 Bulian version v9.4.2, which can be exploited ...
Flux2 资源管理错误漏洞
Flux2 is a tool from the Cloud Native Computing Foundation that keeps Kubernetes clusters synchronized with their configuration sources. A resource management error vulnerability exists in Flux2 versions prior to v0.0.17 through v0.32.0 and helm-controller versions prior to v0.0.4 through v0.23.0...
H3C B5 Mini 缓冲区错误漏洞
The H3C B5 Mini is a full gigabit wireless router from China's Xinhua San H3C. A security vulnerability exists in the H3C B5 Mini V100R005 version, which stems from a stack overflow issue in the EditBasicSSID method...
RIELLO UPS NetMan 代码问题漏洞
RIELLO UPS NetMan is a network adapter from RIELLO UPS, Italy. A code issue vulnerability exists in RIELLO UPS NetMan. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the manufacturer's bulletin...
OpenZeppelin 安全漏洞
OpenZeppelin is a software application. A standard for secure blockchain applications. A security vulnerability exists in OpenZeppelin Contracts 4.1.0 and earlier versions, which stems from the function ECDSA.recover and vulnerability to a type of signature extensibility...
Automated Beer Parlour Billing System SQL注入漏洞
Automated Beer Parlour Billing System is an automated hotel beer billing system by the individual developer Senior Walter. A security vulnerability exists in Automated Beer Parlour Billing System. An attacker could exploit the vulnerability by manipulating the parameter username to cause an sql...
WordPress plugin Transposh WordPress Translation 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
Adobe InDesign 缓冲区错误漏洞
Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. Adobe InDesign suffers from a buffer overflow vulnerability that stems from being affected by a heap-based buffer overflow vulnerability that could lead to the execution of arbitrary code in the...
Microweber 安全漏洞
Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A security vulnerability exists in Microweber versions prior to 1.2.20, which can be...
BookWyrm 跨站脚本漏洞
BookWyrm is a social reading platform. A cross-site scripting vulnerability exists in BookWyrm versions prior to 0.4.1, which stems from not properly cleaning up the html presented to the user, and is exploited by an attacker to perform cross-site scripting attacks...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google, Inc. Google Android is vulnerable to an information disclosure vulnerability caused by a lack of The vulnerability is caused by a lack of permission checking in the getSubscriptionProperty of SubscriptionController.java. An...
Diffy 安全漏洞
Diffy is a simple distinction in Ruby by Sam Goldstein, a personal developer. Diffy suffers from a security vulnerability that stems from the fact that the function that calls the diff utility in Diffy 3.4.1 does not properly handle double quotes in filenames when running in a Windows environment...
OFFIS DCMTK 路径遍历漏洞
OFFIS DCMTK is a collection of libraries and applications from OFFIS Germany that implement most of the DICOM standards. Software for inspecting, building and converting DICOM image files, processing offline media, sending and receiving images over a network connection, and demonstrating image...
BitTorrent uTorrent 缓冲区错误漏洞
BitTorrent uTorrent is a suite of BitTorrent client software written in C++ by BitTorrent Inc. in the United States. A security vulnerability exists in BitTorrent uTorrent, which can be exploited by an attacker to remotely launch an attack, due to a memory corruption caused by certain malicious...
Adobe InCopy 缓冲区错误漏洞
Adobe InCopy is a text editing software for creative writing from Adobe, USA. Adobe InCopy suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...
Illumina Local Run Manager 代码注入漏洞
Illumina Local Run Manager is an integrated solution from Illumina, Inc. Illumina Local Run Manager is vulnerable to code injection, which could be exploited by attackers to remotely upload and execute code at the operating system level...
SPIP 代码注入漏洞
SPIP is a Web-based content publishing system used primarily for online collaboration. A remote code execution vulnerability exists in versions of SPIP prior to 3.2.8, which are primarily used for online collaboration. The vulnerability stems from the oups parameter of /ecrire not properly...
Google Android 加密问题漏洞
Google Android is a Linux-based open-source operating system from the U.S. company Google Android has an encryption vulnerability that can be exploited by attackers to cause local information leakage without additional execution privileges...
git-pull-or-clone 参数注入漏洞
git-pull-or-clone is used to ensure that a git repository exists on disk and is up-to-date. A parameter injection vulnerability exists in git-pull-or-clone versions prior to 2.0.2, which can be exploited to cause arbitrary command injection...
Cisco Firepower Threat Defense 安全漏洞
Cisco Firepower Threat Defense is a suite of unified software from Cisco that provides next-generation firewall services.Cisco Firepower Threat Defense Software is vulnerable to an input validation error that could be exploited by an authenticated local attacker to inject XML into the command...
NVIDIA Jetson 缓冲区错误漏洞
NVIDIA Jetson is an embedded system development module from NVIDIA. The NVIDIA Jetson Linux Driver Package suffers from a buffer error vulnerability that stems from insufficient validation of untrusted data, which could be exploited by a local attacker to cause a memory buffer overflow that could...
NVIDIA Jetson 缓冲区错误漏洞
NVIDIA Jetson is an embedded system development module from NVIDIA Corporation. A buffer error vulnerability exists in the NVIDIA Jetson Linux Driver Package, which could be exploited by a local attacker to cause a memory buffer overflow that could lead to code execution, loss of integrity, limit...
Xiaomi Mi App Store 输入验证错误漏洞
A security vulnerability exists in Xiaomi Mi App Store, an app store of Xiaomi, a Chinese company. The vulnerability is due to the Xiaomi App Store not verifying the validity of incoming data, which could be exploited by an attacker to cause the app store to automatically download and install app...
FormaLms SQL注入漏洞
formalms a learning management system. Used to build around the specific needs of corporate training. formalms versions prior to v.1.4.3 contain a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker could exploit this...
FANUC ROBOGUIDE 安全漏洞
FANUC ROBOGUIDE is a robot simulation software from FANUC, Japan. FANUC ROBOGUIDE v9.40083.00.05 and previous versions have an elevation of privilege vulnerability. The vulnerability stems from the fact that the affected product is vulnerable to misconfigured binaries, and an attacker with...
Django SQL注入漏洞
Django is the Django Foundation's set of open source web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system, etc. Django version 2.2.28 before version 2.2, version 3.2.13 before version 3.2, and version 4.0.4 before...
jc21 Nginx Proxy Manager 跨站脚本漏洞
jc21 Nginx Proxy Manager is a graphical user interface for managing Nginx servers. jc21 Nginx Proxy Manager versions prior to 2.9.17 contain a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could...
Red Hat Keycloak 跨站脚本漏洞
Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A cross-site scripting vulnerability exists in Red Hat Keycloak that stems from a lack of validation of POST request parameters...
WordPress plugin 跨站脚本漏洞
WordPress is a set of blogging platform developed by Wordpress Foundation using PHP language. WordPress plugin is a WordPress application plugin. WordPress Sync QCloud COS plugin version prior to 2.0.1 contains a cross-site scripting vulnerability that stems from the plugin's failure to escape so...
WordPress plugin 输入验证错误漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Page Builder KingComposer plugin version...
Alist 跨站脚本漏洞
Alist is a file listing program with multi-storage support by a Chinese Xhofe individual developer. A security vulnerability exists in Alist v2.1.0 and below. An attacker can exploit /i/:data/ipa.plist...
mruby 代码问题漏洞
mruby is a lightweight implementation of the Ruby language. mruby suffers from a buffer overflow vulnerability that stems from the presence of null pointer dereference in mruby, which could be exploited by an attacker to crash the mruby interpreter, thereby impacting system availability...