195539 matches found
Spring Security 授权问题漏洞
Spring Security is a security framework developed by Spring OpenSource that includes authentication and authorization features. Vulnerabilities related to authorization exist in versions 5.7.0 to 5.7.24, 5.8.0 to 5.8.26, 6.3.0 to 6.3.17, 6.4.0 to 6.4.17, and 6.5.0 to 6.5.10 of Spring Security...
VMware Spring for Apache Kafka 代码问题漏洞
VMware Spring for Apache Kafka is a Kafka messaging integration framework developed by VMware, Inc. Versions of VMware Spring for Apache Kafka prior to 4.0.0, as well as versions 3.3.0 and earlier, 3.2.0 and earlier, 2.9.0 and earlier, and 2.8.0 and earlier, contain code vulnerabilities. These...
Lenovo ThinkPad 缓冲区错误漏洞
The Lenovo ThinkPad is a portable computer by the company Lenovo. The Lenovo ThinkPad has a buffer error vulnerability, which stems from an out-of-bounds write issue in the BIOS. This vulnerability may allow privileged local users to execute code in the system management mode...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the improper handling of file backend mounting by the erofs file system. This issue may allow I/O...
tmux 缓冲区错误漏洞
tmux is an open-source terminal multiplexer developed by tmux. Versions of tmux 3.6a and earlier contained a buffer error vulnerability. This vulnerability stemmed from the imagefree function in image.c, which allowed reusing memory after it had been freed, potentially leading to local attacks...
Adobe Acrobat Reader 资源管理错误漏洞
Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. in the United States. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30365, 26.001.21651, and earlier versions have a resource management vulnerability that ste...
SAP Business Objects 安全漏洞
SAP Business Objects is a business intelligence suite developed by the German company SAP. There is a security vulnerability in SAP Business Objects, which allows unauthorized attackers to access certain endpoints and thereby disclose sensitive information...
Adobe Acrobat Reader 资源管理错误漏洞
Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. in the United States. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30365, 26.001.21651, and earlier versions have a resource management vulnerability. This...
GPAC MP4Box 代码问题漏洞
GPAC MP4Box is a open-source multimedia packager from GPAC. It is primarily used for processing ISOBMF files such as MP4 and 3GP, but it can also be used for importing/exporting media from container files like AVI, MPG, MKV, and MPEG-2 TS. Version 2.4 of GPAC MP4Box has a code vulnerability cause...
Tenda W3 安全漏洞
The Tenda W3 is a wireless access point device produced by the Chinese company Tenda. Version 1.0.0.32204 of the Tenda W3 Wireless Router contains a security vulnerability. This vulnerability stems from an stack overflow in the wlradio parameter within the formwrlSSIDget function, which could all...
Microsoft Windows Cryptographic Services 授权问题漏洞
Microsoft Windows Cryptographic Services are encryption services provided by Microsoft Corporation. There is an authorization issue vulnerability in Microsoft Windows Cryptographic Services. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions ar...
Microsoft Remote Desktop Client 安全漏洞
Microsoft Remote Desktop Client is a remote desktop client developed by Microsoft Corporation. There are security vulnerabilities present in Microsoft Remote Desktop Client. Attackers can exploit these vulnerabilities to execute code. The following products and versions are affected: Windows 10...
Netcad E-İmar SQL注入漏洞
Netcad E-İmar is a GIS-based urban planning information query platform developed by the Turkish company Netcad. Versions of Netcad E-İmar from 2.10.1.0 to 3.0.2 contained a SQL injection vulnerability. This vulnerability stemmed from improper handling of special elements within SQL commands, whic...
Tenda O3 安全漏洞
The Tenda O3 is an outdoor wireless bridge produced by the Chinese company Tenda. The Tenda O3v3 1.0.0.5 version contains a security vulnerability. This vulnerability stems from a stack overflow issue in the savelistdata parameter of the formSetCfm function, which could allow attackers to cause...
OpenSSL 加密问题漏洞
OpenSSL is an open-source encryption library developed by the OpenSSL team that enables the implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure has...
OpenSSL 安全漏洞
OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...
Adobe Acrobat Reader 缓冲区错误漏洞
Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30365, 26.001.21651, and earlier versions have a buffer error vulnerability. This vulnerability stems from...
Microsoft Windows NTLM 日志信息泄露漏洞
Microsoft Windows is an operating system used on personal devices by the American company Microsoft. Microsoft Windows NTLM has a vulnerability that allows for information leakage. Attackers can exploit this vulnerability to obtain sensitive information. The following products and versions are...
Dell/Alienware Purchased Apps 后置链接漏洞
Dell/Alienware Purchased Apps is a pre-installed software management tool developed by the American company Dell. Versions of Dell/Alienware Purchased Apps prior to 1.1.32.0 contained a backlink vulnerability. This vulnerability stemmed from improper link resolution before file access, which coul...
Schneider Electric Data Center Expert 代码问题漏洞
Schneider Electric Data Center Expert is a data monitoring software developed by Schneider Electric, a multinational technology company. Schneider Electric Data Center Expert has a code vulnerability caused by improper restrictions on XML external entity references. This vulnerability could allow...
Apptha Slider Gallery SQL注入漏洞
Apptha Slider Gallery is a website image carousel and gallery display plugin provided by Apptha Corporation. Version 1.0 of Apptha Slider Gallery has a SQL injection vulnerability. This vulnerability stems from insufficient cleaning of the albid parameter, which may allow unauthenticated attacker...
FreeSWITCH 授权问题漏洞
FreeSWITCH is a free and open-source communication software developed by Anthony Minessale, an individual developer from the United States. This software can be used to create audio, video, and short message-based products and applications. Prior to FreeSWITCH version 1.11.1, there was an...
Microsoft Windows 权限许可和访问控制问题漏洞
Microsoft Windows is an operating system used by personal devices by the American company Microsoft. There is a access control vulnerability in Microsoft Windows. Attackers can exploit this vulnerability to bypass certain features. The following products and versions are affected: Windows 11...
SEMCMS 访问控制错误漏洞
SEMCMS is an open-source content management system CMS for foreign trade websites that supports multiple languages. Version SEMCMS 5.0 has a access control vulnerability, which stems from an unauthorized access vulnerability in the SEMCMScopy.php file...
lldpd 缓冲区错误漏洞
LLDPD is a daemon capable of receiving and sending LLDP frames. Versions of LLDPD prior to 1.0.22 contained a buffer error vulnerability. This vulnerability stemmed from an error in the memmove byte count calculation by the lldpddecode function when stripping the 802.1Q VLAN tag, which could lead...
Adobe Dreamweaver Desktop 访问控制错误漏洞
Adobe Dreamweaver Desktop is a web design and development software provided by Adobe, a company based in America. Versions of Adobe Dreamweaver Desktop starting from 21.7 and earlier contain an access control vulnerability. This vulnerability stems from improper access control mechanisms, which m...
Adobe Experience Manager Forms 跨站脚本漏洞
Adobe Experience Manager Forms is a form content management solution developed by Adobe, a company based in America. This product includes features for form creation, management, publishing, as well as communication management, document security, and integration analysis. The Adobe Experience...
NETGEAR 多款产品输入验证错误漏洞
NETGEAR is a router product from the American company NETGEAR. It is a hardware device used to connect two or more networks, acting as a gateway between them. Several NETGEAR products have a vulnerability related to input validation. This vulnerability allows attackers to intercept and tamper wit...
Tenda W15E 安全漏洞
The Tenda W15E is a wireless router produced by the Chinese company Tenda. The version 15.11.0.10 of the Tenda W15E contains a security vulnerability. This vulnerability stems from a buffer overflow in the picName parameter of the formDelwebAuthPic function, which could allow attackers to cause...
Dolibarr ERP CRM 安全漏洞
Dolibarr ERP CRM is an open-source enterprise and sales management system developed by Dolibarr. Versions of Dolibarr ERP CRM prior to 23.0.2 contain security vulnerabilities. These vulnerabilities stem from unauthorized permissions granted to unknown functions in the...
Adobe InDesign Desktop 缓冲区错误漏洞
Adobe InDesign Desktop is a professional desktop publishing and design software, primarily used for page layout, graphic design, and publishing in print and digital media. There is a security vulnerability in Adobe InDesign Desktop. This vulnerability stems from an improper validation of the read...
WordPress plugin Single Personal Message SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blogs on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed to...
Adobe Acrobat Reader 输入验证错误漏洞
Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. in the United States. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30365, 26.001.21651, and earlier versions have a vulnerability related to input validation...
Dell iDRAC Tools 后置链接漏洞
Dell iDRAC Tools are a series of tools developed by the American company Dell for managing and maintaining Dell servers. Versions of Dell iDRAC Tools prior to 11.4.1.0 contained a post-link vulnerability, which stemmed from improper link resolution before file access. This vulnerability could all...
Tenda W15E 安全漏洞
The Tenda W15E is a wireless router produced by the Chinese company Tenda. The version 15.11.0.10 of the Tenda W15E contains a security vulnerability. This vulnerability stems from a buffer overflow in the webAuthWhiteID parameter within the formModifyWebAuthWhiteUser function, which could allow...
Adobe Acrobat Reader 资源管理错误漏洞
Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. in the United States. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30365, 26.001.21651, and earlier versions have a resource management vulnerability. This...
Microsoft Windows 安全漏洞
Microsoft Windows is an operating system used on personal devices by the American company Microsoft. There are security vulnerabilities in Microsoft Windows, which stem from SecureBoot bypasses. These vulnerabilities could allow attackers with administrative privileges or those capable of modifyi...
WordPress plugin PICA Photo Gallery SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...
MongoDB Server 安全漏洞
MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which stems from the...
TYPO3 CMS SQL注入漏洞
TYPO3 CMS is a content management system developed under the TYPO3 open source framework. Versions of TYPO3 CMS from 14.0.0 to 14.3.3 contain SQL injection vulnerabilities. These vulnerabilities stem from backend users who have database table writing privileges and can directly create, update, or...
Tenda G0 安全漏洞
Tenda G0 is a router produced by the Chinese company Tenda. The version 15.11.0.5 of Tenda G0 contains a security vulnerability. This vulnerability stems from multiple stack overflows in the enable, level, and module parameters of the formSetDebugCfgr function. It may allow attackers to cause...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...
gpac 缓冲区错误漏洞
GPAC MP4Box is a open-source multimedia packager developed by GPAC. It is primarily used for processing ISOBMF files such as MP4 and 3GP, but it can also be used for importing/exporting media from container files like AVI, MPG, MKV, and MPEG-2 TS. Version 2.4 of GPAC MP4Box contains a security...
Adobe Acrobat Reader 资源管理错误漏洞
Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. in the United States. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30365, 26.001.21651, and earlier versions have a resource management vulnerability. This...
Microsoft Remote Desktop Client 竞争条件问题漏洞
Microsoft Remote Desktop Client is a remote desktop client developed by Microsoft Corporation. The Microsoft Remote Desktop Client has vulnerabilities related to race conditions. The following products and versions are affected: Windows 10 Version 1809 for 32-bit systems, Windows 10 Version 1809...
Evoluted PHP Directory Listing Script 跨站脚本漏洞
Evoluted PHP Directory Listing Script is a PHP-based directory indexing and file browsing script developed by the British company Evoluted. Versions of Evoluted PHP Directory Listing Script 4.0.5 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from the dir...
Tenda W20E 安全漏洞
The Tenda W20E is a router produced by the Chinese company Tenda. The version 15.11.0.6 of the Tenda W20E contains a security vulnerability. This vulnerability stems from a buffer overflow in the webAuthWhiteUserInfo parameter within the formAddWebAuthWhiteUser function. It is possible for...
Siemens多款产品 代码问题漏洞
Siemens SIPROTEC 5 6MD84, among others, are relay devices produced by the German company Siemens. Several Siemens products have code vulnerabilities. These vulnerabilities stem from allowing authenticated users to upload arbitrary files via the DIGSI 5 protocol, which may lead to denial of servic...
Microsoft Dynamics 365 安全漏洞
Microsoft Dynamics 365 is a ERP business solution developed by the American company Microsoft, designed for multinational enterprises. It is used for financial management, production management, and business intelligence management, among other purposes. There are security vulnerabilities in...