195539 matches found
Schneider Electric Easergy P5 和 P3 输入验证错误漏洞
The Schneider Electric Easergy P5 and Schneider Electric Easergy P3 are both products of the French company Schneider Electric.The Schneider Electric Easergy P5 is a protective relay for demanding medium voltage applications. The Schneider Electric Easergy P3 is an easy-to-use protective relay. A...
WordPress plugin Gallery 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
Jenkins Plugin EasyQA 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plug-ins to support building, deploying, and automating any project. Jenkins EasyQA Plugin 1.0 and earlier versions are vulnerable to cross-site...
Adobe Bridge 缓冲区错误漏洞
Adobe Bridge is a file viewer from Adobe. Adobe Bridge is vulnerable to an out-of-bounds write vulnerability that could be exploited to execute arbitrary code in the context of the current user...
WordPress plugin WP Simple Adsense Insertion 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress WP Simple Adsense Insertion plugin prior to version 2.1 is vulnerable to cross-site request...
CSCMS Music Portal System SQL注入漏洞
CSCMS Music Portal System is a diversified content management system of China Chong Sheng Network Technology CSCMS Company. CSCMS Music Portal System suffers from a SQL injection vulnerability that originates from the lack of validation of the id parameter of /admin.php/pic/admin/type/save for...
wasm3缓冲区错误漏洞
wasm3 is the fastest WebAssembly interpreter and the most versatile runtime. A security vulnerability exists in wasm3 version 0.5.0, which stems from a heap overflow discovered via the component /wabt/bin/poc.wasm...
Cisco Common Services Platform Collector 跨站脚本漏洞
Cisco Common Services Platform Collector is a common services platform data collector from Cisco USA. The product analyzes network performance and identifies risks and vulnerabilities by polling basic inventory and configuration data from Cisco devices.Cisco Common Services Platform Collector is...
Moodle 安全漏洞
Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. a security vulnerability exists in Moodle, which stems from the description user field failing to hide when set to hidden. No details o...
Progress Software WhatsUp Gold 代码问题漏洞
Progress Software WhatsUp Gold is a network monitoring software from Progress Software, Inc. It is used to monitor the entire network infrastructure as well as applications, configurations and network traffic. A security vulnerability in Progress Software WhatsUp Gold versions 21.0.0 through 21.1...
Microweber 跨站脚本漏洞
Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A security vulnerability exists in Microweber versions prior to 1.2.16, which can be...
networkd-dispatcher 安全漏洞
networkd-dispatcher is a scheduler daemon for systemd-networkd connection state changes by an individual developer at clayton craft in the United States. A security vulnerability exists in networkd-dispatcher versions 1.0 - 2.1 due to a race condition between a discovered script and a running...
Shopware 跨站请求伪造漏洞
A cross-site request forgery vulnerability exists in versions of Shopware prior to 5.7.9, which stems from vulnerability to cross-site request forgery CSRF token authentication failures. An attacker could exploit this vulnerability to be subject to a cross-site request forgery CSRF attack...
NVIDIA Jetson 输入验证错误漏洞
NVIDIA Jetson is an embedded system development module from NVIDIA Corporation. An input validation error vulnerability exists in the NVIDIA Jetson Linux Driver Package, which stems from insufficient validation of untrustworthy data and can be exploited by a local attacker with elevated privilege...
Kubernetes ingress-nginx 输入验证错误漏洞
Kubernetes ingress-nginx is the entry controller for Cloud Native Computing Foundation's Kubernetes, using NGINX as a reverse proxy and load balancer. A security vulnerability exists in Kubernetes ingress-nginx. No information about the vulnerability is available at this time, so please stay tune...
Cisco Unified Communications Manager 代码问题漏洞
Cisco Unified Communications Manager is a call processing component of Cisco's Unified Communications System. The component provides a scalable, distributable, and highly available call processing solution for enterprise IP telephony. Unified Communications Manager Session Management Edition is t...
Oracle Enterprise Manager Base Platform 输入验证错误漏洞
Oracle Virtualization and Oracle VM VirtualBox are both products of Oracle Corporation.Oracle Virtualization is a suite of virtualization solutions. The product is used to unify the management of the entire hardware and software system from the application to the disk, can be virtualized from the...
Microsoft Power BI 安全漏洞
Microsoft Power BI is an interactive data visualization software from Microsoft USA that focuses on business intelligence. It is part of the Microsoft Power Platform. A spoofing vulnerability exists in Microsoft Power BI. An attacker can exploit this vulnerability to conduct spoofing attacks...
rtl_433 缓冲区错误漏洞
The rtl433 is a general purpose data receiver from the personal developer Benjamin Larsson. A program used to decode radio transmissions from devices in the Ism band and other frequencies. A security vulnerability exists in rtl433 that allows an attacker to trigger a denial of service DoS via a...
Google Chrome 安全漏洞
Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome, which is caused by the window.showSaveFilePicker function that parses and returns environment variable values to the user when passing environment variables, which can be exploited by an attacker to...
Sophos UTM 日志信息泄露漏洞
Sophos UTM is a next-generation firewall. a security vulnerability existed prior to Sophos UTM 9.710, which stems from the fact that Confd log files contain SHA512crypt password hashes for local users including the root user with insecure access rights, which can be exploited by attackers to...
Atlassian Fisheye和Crucible 安全漏洞
Atlassian Fisheye is a suite of source code deep viewing software.Atlassian Crucible is a suite of code review tools. Atlassian Fisheye and Crucible are vulnerable to a brute force vulnerability due to a failure to check whether a user has exceeded their maximum failed login limit. An attacker...
Yokogawa Exaopc 代码问题漏洞
Yokogawa Electric is a server of Yokogawa Electric Yokogawa, a Japanese company. A security vulnerability exists in Yokogawa Electric. The vulnerability stems from an unsafe DLL loading issue. The following products and versions are affected: CENTUM CS 3000 versions R3.08.10 through R3.09.00,...
Microsoft Exchange Server 代码注入漏洞
Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides email access, storage, forwarding, voicemail, email filtering and screening, and other features. A code injection vulnerability exists in Microsoft Exchange Server. The followin...
Atlassian Jira 代码注入漏洞
Atlassian Jira is a defect tracking management system from Atlassian Australia. The system is used to track and manage all types of issues and defects in the workplace. A security vulnerability exists in Atlassian Jira Server and Data Center that could allow a remote attacker with system...
Microsoft Paint 3D 代码注入漏洞
Microsoft Paint 3D is a remote code execution vulnerability that can be exploited by attackers to execute arbitrary code on the system...
Google Android 权限许可和访问控制问题漏洞
Google Android is a Linux-based open source operating system from Google, Inc. An elevation of privilege vulnerability exists in Google Android, which originates in NotificationStackScrollLayout.java. NotificationStackScrollLayout has a method to bypass factory reset protection. An attacker could...
WordPress SQL注入漏洞
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers.A SQL injection vulnerability exists in versions of the WordPress TI WooCommerce Wishlist plugin prior to 1.40.1, which stem...
ImageMagick 缓冲区错误漏洞
ImageMagick is a set of open-source image processing software from the American company ImageMagick. The software can read, convert or write images in a variety of formats. ImageMagick has a security vulnerability that can be exploited by an attacker to trigger a buffer overflow in ImageMagick vi...
WordPress plugin Duplicate Page or Post 安全漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the WordPress plugin Duplicate Page or Post, which stems from the plugin's...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in Google Chrome Animation, which can be exploited by an attacker to execute arbitrary code on a system or cause a denial of service condition...
WordPress plugin 跨站请求伪造漏洞
WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. WordPress NextScripts:Social Networks Auto-Poster plugin is vulnerable to cross-site request forgery in versions prior to 4.3.25. The vulnerability stems from the fact that there is no CSRF check...
Microsoft Office 代码注入漏洞
Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. Commonly used components of this product include Word, Excel, Access, Powerpoint, FrontPage, and so on. A code injection vulnerability exists in Microsoft Office. The following products and version...
Apple macOS High Sierra 安全漏洞
A security vulnerability exists in Apple macOS High Sierra, a specialized operating system developed by Apple for Mac computers. macOS High Sierra is caused by a problem with handling contact sharing. An attacker could exploit this vulnerability to cause unexpected data sharing...
AbanteCart 跨站脚本漏洞
AbanteCart is a PHP-based e-commerce platform. AbanteCart 1.3.2 previously had a security vulnerability that could be exploited by attackers to conduct DOM-based XSS attacks...
WBCE CMS SQL注入漏洞
WBCE CMS is an open source content management system CMS based on PHP and MySQL. A SQL injection vulnerability exists in wbce cms, which stems from the vulnerability of wbce cms to improper neutralization of special elements used in SQL commands...
Fortinet FortiWeb 缓冲区错误漏洞
Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. A buffer overflow vulnerability exists that...
Mozilla Firefox 权限许可和访问控制问题漏洞
Mozilla Firefox, an open source Web browser from the Mozilla Foundation, is vulnerable to an input validation error in Mozilla Firefox ESR that results from a parameter URL containing spaces that is not properly escaped when invoking a protocol handler for an external protocol. A remote attacker...
Google Android 资源管理错误漏洞
Google Android is a Linux-based open source operating system from Google. An elevation of privilege vulnerability exists in the Google Android Kernel. The vulnerability stems from an out-of-bounds write in periodicioworkfunc in lwisperiodicio.c due to reuse after release. An attacker can exploit...
Facade Ignition for Laravel 安全漏洞
Facade Ignition for Laravel is a customizable error page from Facade Belgium that runs in the Laravel web framework. A security vulnerability exists in Facade Ignition for Laravel, which stems from the product's fix variable names feature that does not add effective access control...
Siemens Nucleus 安全漏洞
Siemens Nucleus ReadyStart is a bundled solution from Siemens Germany. It is used to accelerate the fast start-up of complete systems and provides a rich board-level support package Bsp. A security vulnerability exists in Siemens Nucleus ReadyStart, which stems from the total length of the UDP...
NLnet Labs Routinator 安全漏洞
NLnet Labs Routinator is an RPKI Resource Public Key Infrastructure validator written in Rust from Stichting NLnet Stichting Nlnet Labs in the Netherlands. NLnet Labs Routinator prior suffers from a security vulnerability that stems from the lack of an effective trust management mechanism in a...
GitLab 信息泄露漏洞
GitLab is a self-hosted Git version control system project repository application developed in Ruby on Rails by GitLab, Inc. GitLab CE/EE is vulnerable to an information disclosure vulnerability that stems from the fact that project exports can reveal external webhook token values, which can be...
Adobe Premiere Elements 缓冲区错误漏洞
Adobe Premiere Elements is a video editing software application from Adobe. Adobe Premiere Elements 2021 build 19.0 and earlier versions are vulnerable to a memory buffer out-of-bounds access vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...
Microsoft Windows Storage Spaces Controller 权限许可和访问控制问题漏洞
Microsoft Windows Storage Spaces Controller is an essential driver for providing storage space functionality from Microsoft Corporation USA. A vulnerability exists in Microsoft Windows Storage Spaces Controller with privilege permission and access control issues. The following products and editio...
Xiuno BBS 跨站脚本漏洞
Xiuno BBS is an open source forum program based on PHP and MySQL. Xiuno BBS suffers from a cross-site scripting vulnerability that originates from the failure of the product/admin/?setting-base.htm page to properly handle data in the sitename field. An attacker can execute client-side code via th...
Moodle 信息泄露漏洞
Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. An information disclosure vulnerability exists in Moodle that stems from insufficient escaping of LaTeX leading codes. A remote...
fig2dev 缓冲区错误漏洞
fig2dev is used to convert .fig files to various graphics languages and formats. A stack buffer overflow vulnerability exists in the bezierspline function in genepic.c in fig2dev version 3.2.7b. No detailed vulnerability details are currently available...
WordPress 插件跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress Per page, which stems from a lack of proper...
Apache Dubbo 代码问题漏洞
Apache Dubbo is the United States Apache Apache Foundation of a lightweight Java-based RPC Remote Procedure Call framework. It provides interface-based remote calling, fault tolerance and load balancing, and automated service registration and discovery. A security vulnerability exists in Apache...