195539 matches found
Tenda AC18 安全漏洞
Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 suffers from a buffer overflow vulnerability that stems from the formSetDeviceName function that allows an attacker to implement a buffer...
WBCE CMS 安全漏洞
WBCE CMS is an open source content management system CMS based on PHP and MySQL. WBCE CMS suffers from an Access Control Error vulnerability that stems from the increaseattempts function in the wbce/framework/class.login.php file in its Header Handler component not appropriately restricting too...
Hyperledger Fabric 资源管理错误漏洞
Hyperledger Fabric is an enterprise licensed distributed ledger framework. It is used to develop solutions and applications. A security vulnerability exists in Hyperledger Fabric version 2.3 that stems from the fact that it allows an attacker to cause a denial of service by repeatedly sending a...
Intel Processors 输入验证错误漏洞
Intel Processors are American Intel Corporation's provide for interpreting computer instructions and processing data in computer software. A security vulnerability exists in Intel Processors, no information about this vulnerability is available at this time, please stay tuned to CNNVD or the...
Microsoft Word 安全漏洞
Microsoft Word is a word processing software in the Office suite of the American Microsoft Microsoft. An information disclosure vulnerability exists in Microsoft Word, which can be exploited by attackers to obtain sensitive information...
WordPress plugin Import any XML or CSV File to WordPress 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. The WordPress plugin Import any XML or CSV File to...
Employee Record Management System 跨站脚本漏洞
PHPGurukul Phpgurukul Employee Record Management System is an Employee Record Management System from PHPGurukul, Inc. A cross-site scripting vulnerability exists in Employee Record Management System version 1.2, which stems from a cross-site scripting issue in editempprofile.php...
Adobe Commerce 输入验证错误漏洞
Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. Adobe Commerce has an input validation error vulnerability that stems from incorrect input validation. An authenticated attacker can trigger an insecure...
Palo Alto Networks PAN-OS 安全漏洞
Palo Alto Networks PAN-OS is a next-generation firewall software from Palo Alto Networks, USA. A security vulnerability exists in Palo Alto Networks PAN-OS versions prior to 8.1.24 in the 8.1 series of releases, which stems from an authentication bypass vulnerability in the web interface that...
SAP Commerce 输入验证错误漏洞
SAP Commerce is a set of cloud-based e-commerce platform from Germany's SAP. This product supports sales management, marketing management, order management and operations management. An input validation error vulnerability exists in SAP Commerce versions 1905, 2005, 2105, 2011, and 2205, which ca...
Veritas NetBackup 代码问题漏洞
Veritas NetBackup is a storage service used by Veritas, Inc. to provide backup and recovery capabilities for enterprise environments. Veritas NetBackup 10.0.0.1 and previous versions are vulnerable to XML external entity injection, which stems from the fact that the DiscoveryService service does...
Cisco IOS XE Software 安全漏洞
Cisco IOS XE Software is an operating system from Cisco, Inc. A single operating system for enterprise wired and wireless access, aggregation, core and WAN, Cisco IOS XE reduces business and network complexity. A security vulnerability exists in Cisco IOS XE Software IPv6 VPN. An attacker...
TYPO3 安全漏洞
TYPO3 is a free and open source content management system framework CMS/CMF from the TYPO3 Association in Switzerland. A security vulnerability exists in TYPO3. An attacker exploited the vulnerability to distinguish between existing and non-existing user accounts by observing the response time...
Siemens Parasolid 缓冲区错误漏洞
Parasolid is a 3D geometric modeling tool that supports a variety of techniques, including solid modeling, direct editing, and free-form/sheet modeling.Simcenter Femap is an advanced simulation application for creating, editing, and examining finite element models of complex products or...
Jenkins Plugin CollabNet 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
RIELLO UPS NetMan 安全漏洞
RIELLO UPS NetMan is a network adapter from RIELLO UPS, Italy. A security vulnerability exists in RIELLO UPS NetMan. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the manufacturer's bulletin...
Apache Traffic Server 输入验证错误漏洞
Apache Traffic Server ATS or TS is a high-performance, modular HTTP proxy and caching server, similar to Nginx and Squid. Traffic Server was originally a commercial product of Inktomi, a company acquired by Yahoo in 2003, and in August 2009 Yahoo contributed the source code to the In August 2009...
NVIDIA vGPU Software 安全漏洞
NVIDIA vGPU Software is a management software from NVIDIA that is used to provide GPU capabilities to virtual machines. The software supports multiple virtual machines to access the host's GPU, providing graphics performance and application compatibility for virtual machines. A security...
NVIDIA vGPU Software 资源管理错误漏洞
NVIDIA vGPU Software is a management software from NVIDIA that is used to provide GPU capabilities to virtual machines. NVIDIA vGPU Software suffers from a Resource Management Error vulnerability that originates from double freeing certain resources, which can be exploited by an attacker to cause...
IBM DataPower Gateway 代码问题漏洞
IBM DataPower Gateway is a set of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interface API, web, service-oriented architecture SOA, B2B and cloud workloads. The platform protects, integrates and optimizes access across channels...
Jenkins Repository Connector Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Jenkins Git client Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Pegasystem Pega 安全漏洞
Pegasystem Pega is a Java-based business process management tool from the U.S. company Pegasystem. It is used to build enterprise applications. A security vulnerability exists in Pegasystem Pega that stems from a password authentication bypass vulnerability in local accounts that can be used to...
convert-svg 代码注入漏洞
convert-svg is open source series of open source software for converting SVG format files to other formats. A security vulnerability exists in versions of convert-svg prior to 0.6.3, which stems from the use of specially crafted SVG files that can read arbitrary files from the file system and the...
FreeType 缓冲区错误漏洞
FreeType is an open source font rendering library written in the C language. A security vulnerability exists in ftbench.c in FreeType Demo Programs version 2.12.1 and earlier versions, which can be exploited by an attacker to cause a heap-based buffer overflow...
Smarty 代码注入漏洞
Smarty is a PHP-based template engine that helps to separate the representation HTML/CSS from the application logic. A code injection vulnerability exists in Smarty versions 3.1.x prior to 3.1.45 and 4.1.x prior to 4.1.1, which can be exploited by a remote attacker to send a specially crafted...
Bender ebee 充电控制器 命令注入漏洞
The ebee is a charge controller from Bender. The Bender ebee Charge Controller suffers from a command injection vulnerability that stems from easy command injection via the web interface. An authenticated attacker could enter shell commands in certain input fields. The following products and...
Kubernetes ingress-nginx 输入验证错误漏洞
Kubernetes ingress-nginx is the entry controller for Cloud Native Computing Foundation's Kubernetes, using NGINX as a reverse proxy and load balancer. A security vulnerability exists in Kubernetes ingress-nginx. No information about the vulnerability is available at this time, so please stay tune...
Cisco SD-WAN vManage Software 安全漏洞
Cisco SD-WAN vManage Software is a management software for SD-WAN Software Defined Wide Area Network solutions from Cisco. A security vulnerability exists in Cisco SD-WAN vManage Software that originates when a low-privileged user executes a file that is exploited by the root user when running...
Microsoft Windows 输入验证错误漏洞
Microsoft Windows is a suite of operating systems used by Microsoft Corporation USA for personal devices. An input validation error vulnerability exists in Microsoft Windows Fax Compose Form. The following products and versions are affected: Windows 7 for x64-based Systems Service Pack 1,Windows...
Microsoft Power BI 安全漏洞
Microsoft Power BI is an interactive data visualization software from Microsoft USA that focuses on business intelligence. It is part of the Microsoft Power Platform. A spoofing vulnerability exists in Microsoft Power BI. An attacker can exploit this vulnerability to conduct spoofing attacks...
GitLab Community Edition和GitLab Enterprise Edition 信息泄露漏洞
GitLab Enterprise Edition is a content management system.GitLab Community Edition is a community edition of GitLab by GitLab, Inc. An information disclosure vulnerability exists in GitLab Community Edition CE and Enterprise Edition EE due to a lack of filtering in error messages. When the include...
Joomla! 路径遍历漏洞
A path traversal vulnerability exists in Joomla! versions 3.0.0 through 3.10.6 and 4.0.0 through 4.1.0, which stems from a failure of a web system or product to properly filter special elements in a resource or file path, and can be exploited by remote attackers to send specially crafted .zip...
Spatie Laravel Media Library Pro 代码问题漏洞
Spatie Laravel Media Library Pro is a UI component for laravel-medialibrary from Spatie Belgium. A security vulnerability exists in Spatie Laravel Media Library Pro 2.1.6, no information about the vulnerability is available at this time, please stay tuned to CNNVD or vendor announcements...
Gitea 授权问题漏洞
Gitea is a project to set up a self-hosted Git service. Gitea suffers from an authorization error vulnerability that stems from PAM authentication when building and configuring Gitea, which skips checking authorization altogether and can be exploited by attackers to log into expired accounts and...
Microsoft Windows CD-ROM Driver 权限许可和访问控制问题漏洞
Microsoft Windows is a CD-ROM driver from Microsoft Corporation, and an elevation of privilege vulnerability exists in the Microsoft Windows CD-ROM Driver, which could be exploited by attackers to execute arbitrary code with elevated privileges...
ImageMagick 缓冲区错误漏洞
ImageMagick is a set of open-source image processing software from the American company ImageMagick. The software can read, convert or write images in a variety of formats. ImageMagick has a security vulnerability that can be exploited by an attacker to trigger a buffer overflow in ImageMagick vi...
pcf2bdf 安全漏洞
Pcf2bdf is a font decompiler by the Japanese individual developer Nayuta Taga. It is used to convert X fonts from a portable compiled format to a bitmap distribution format. A buffer error vulnerability exists in pcf2bdf, which allows an attacker to trigger an unsafe memory access via a specially...
Microsoft SharePoint 授权问题漏洞
Microsoft SharePoint is an enterprise business collaboration platform from Microsoft Corporation USA. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and...
Sensio Labs Twig 代码代码注入漏洞
Sensio Labs Twig is a PHP template engine from the French company Sensio Labs that supports custom tags and filters and the creation of DSLs. Sensio Labs Twig is vulnerable to injection, which can be exploited by attackers to run arbitrary PHP functions...
Google Tensorflow 代码问题漏洞
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow has a code issue vulnerability that stems from the simplifyBroadcast function in the MLIR-TFRT infrastructure in TensorFlow being prone to segmentation errors. No detailed...
Fortinet FortiExtender 操作系统命令注入漏洞
Fortinet FortiExtender is a wireless WAN extender appliance from Fortinet, Inc. A command injection vulnerability exists in Fortinet FortiExtender, which can be exploited by an authenticated attacker to execute privileged shell commands via CLI commands...
ZEIT Next.js 资源管理错误漏洞
ZEIT Next.js is an open source web application framework from ZEIT based on Vue.js, Node.js, Webpack and Babel.js. Next.js suffers from a security vulnerability that could allow bad actors to trigger a denial of service attack against anyone using the i18n feature...
phpIPAM SQL注入漏洞
phpIPAM is an open source PHP and MySQL based IP address management application IPAM. A SQL injection vulnerability exists in PhpIPAM v1.4.4, which originates from an authenticated administrator user being able to insert SQL statements in the subnet parameter when searching for subnets via...
Rust actix-web crate 缓冲区错误漏洞
Rust actix-web crate is a Rust web framework. mozilla Rust actix-web crate memory corruption vulnerability can be exploited by attackers to cause memory corruption...
Dolibarr 跨站脚本漏洞
Dolibarr is a modern software package that helps manage your organization's active applications. a cross-site scripting vulnerability exists in Dolibarr prior to 14.0.3, which stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit this...
Adobe Premiere Pro 缓冲区错误漏洞
Adobe Premiere Pro is a non-linear video editing software developed by Adobe, which is widely used in the professional production of movies, TV and web videos, providing a full-process solution from clip editing to finished output. An out-of-bounds read vulnerability exists in Adobe Premiere Pro,...
Piwigo SQL注入漏洞
Piwigo is a set of Web-based open source image library software. Piwigo v11.5 contains a security vulnerability in /admin/batchmanagerglobal.php in which the parameter pwgtoken is not sufficiently escaped and filtered. No details of the vulnerability are available at this time...
Google TensorFlow 输入验证错误漏洞
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from an input validation error vulnerability that stems from the fact that TensorFlow allows tensors to have a large number of dimensions, each of which can be adjusted...
Google TensorFlow 数字错误漏洞
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A numeric error vulnerability exists in versions of Google TensorFlow prior to 2.7.0, which stems from the fact that AllToAll in TensorFlow performs division by zero when inferring code. No details of t...