131102 matches found
Tenda AC1206 Buffer Overflow Vulnerability
Tenda AC1206 is a wireless pass-through gigabit router from Tenda, China. tenda AC1206 V15.03.06.23 is vulnerable to a buffer overflow vulnerability caused by improper boundary checking of the fromAddressNat function. An attacker could exploit this vulnerability to overflow the buffer and execute...
QEMU Resource Management Error Vulnerability (CNVD-2022-84160)
QEMU Quick Emulator is a set of emulation processor software by Fabrice Bellard, a French personal developer. A denial of service vulnerability exists in versions prior to QEMU 7.0.0, which stems from EHCI's failure to verify that the buffer pointer overlaps with its MMIO region when transferring...
Lychee Cross-Site Scripting Vulnerability
Lychee is a beautiful and easy to use photo management system open sourced by The Lychee Organisation. Lychee has a cross-site scripting vulnerability, and no details of the vulnerability are available...
Linux kernel has unspecified vulnerabilities (CNVD-2022-21492)
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel has a security vulnerability that can be exploited by local users to gain unauthorized access to certain data...
Linux kernel buffer overflow vulnerability (CNVD-2021-92971)
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel 5.15.2 and earlier versions have a security vulnerability that can be exploited by an attacker who can introduce a specially crafted device to trigger an out-of-bounds write via a specially...
libde265 Stack Buffer Overflow Vulnerability (CNVD-2021-78433)
libde265 is an open source implementation of the h.265 video codec. libde265 version 1.0.4 contains a stack buffer overflow vulnerability in the putqpelfallback function. An attacker can exploit the vulnerability to cause a denial of service via specially crafted files...
Adobe Premiere Elements Memory Out-of-Bounds Access Vulnerability (NVD-C-2021-277709)
Adobe Premiere Elements is a video editing software application. 2021 build 19.0 and earlier versions of Adobe Premiere Elements contain a memory out-of-bounds access vulnerability that could be exploited by attackers to execute arbitrary code...
Mozilla Thunderbird Permissions and Access Control Issues Vulnerability
Mozilla Thunderbird is an open source email client. Mozilla Thunderbird is vulnerable to permission permission and access control issues, which stem from the way Mozilla maintenance services are installed on the Windows operating system. No detailed vulnerability details are currently available...
Multiple SQL Injection Vulnerabilities in mccart.xls Bitrix Module
Multiple SQL injection vulnerabilities exist in the mccart.xls Bitrix module. Multiple SQL injection vulnerabilities exist in the Bitrix module due to the "xlsprofile" HTTP GET parameter passed to the "/bitrix/admin/mcartxlsimport.php" script; the "/bitrix/admin/mcartxlsimport.php" script; the...
Arbitrary File Read Vulnerability in Yonghong One-Stop Big Data BI Platform of Beijing Yonghong Business Intelligence Technology Co.
Yonghong One-Stop Big Data BI Platform is a one-stop big data analysis platform. Beijing Yonghong Business Intelligence Technology Co., Ltd. Yonghong One-Stop Big Data BI Platform suffers from an arbitrary file read vulnerability, which can be exploited by attackers to obtain sensitive informatio...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2023-65501)
Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server version 8.0.33 and prior versions, which can be exploited by attackers to cause MySQL Server to hang or crash frequently and repeatedly...
Adobe Photoshop out-of-bounds read vulnerability (CNVD-2023-13727)
Adobe Photoshop is a set of image processing software from Adobe. Adobe Photoshop has an out-of-bounds read vulnerability that can be exploited by attackers to cause sensitive memory leaks...
Delta Electronics DIAScreen Buffer Overflow Vulnerability (CNVD-2023-08070)
A buffer overflow vulnerability exists in Delta Electronics DIAScreen 1.2.1.23 and prior versions, which is caused by an improperly restricted operation in memory. The vulnerability is caused by an improperly restricted operation in memory, resulting in a buffer overflow that can be exploited to...
Adobe ColdFusion input validation error vulnerability
Adobe ColdFusion is a rapid application development platform from Adobe, which includes an integrated development environment and scripting language. Adobe ColdFusion is vulnerable to an input validation error that could be exploited by an attacker to cause arbitrary file system reads...
LibreNMS Command Injection Vulnerability (CNVD-2022-91160)
LibreNMS is a PHP and MySQL based open source network monitoring system from the LibreNMS community. LibreNMS v22.3.0 contains a command injection vulnerability that stems from the failure of the serviceip, hostname and serviceparam parameters to properly filter the construct command special...
Microsoft Windows Push Notifications Elevation of Privilege Vulnerability
Microsoft Windows Push Notifications is a push notification service from Microsoft Corporation USA. It provides a reliable way to deliver new updates.Microsoft Windows Push Notifications suffers from an elevation of privilege vulnerability. The vulnerability stems from improper handling of...
Tp-link Tapo C200 Command Injection Vulnerability
A command injection vulnerability exists in Tp-link Tapo C200 1.1.15 and previous firmware versions, which is caused by the presence of a uhttpd binary file that runs as root by default and lacks filtering and escaping. An unauthenticated attacker could use this vulnerability to execute system...
WordPress WOOF plugin cross-site scripting vulnerability
WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. WordPress WOOF plugin has a cross-site scripting vulnerability in versions prior to 1.2.6.3, which stems from the lack of escaping of woofredrawelements and can be exploited by attackers to...
Google Tensorflow code issue vulnerability (CNVD-2022-09866)
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow has a code issue vulnerability that stems from the simplifyBroadcast function in the MLIR-TFRT infrastructure in TensorFlow being prone to segmentation errors. No detailed...
Gallagher Command Centre Server incorrect certificate validation vulnerability
Gallagher Command Centre Server is a management system used by Gallagher New Zealand to monitor and manage infrastructure in buildings.Gallagher Command Centre Server has a security vulnerability that stems from incorrect certificate validation in the SMTP client, which could be exploited by an...
Apache HTTP Server Remote Vulnerability
Apache HTTP Server is the United States Apache Apache Software Foundation of an open source web server . A remote vulnerability exists in Apache HTTP Server. An attacker can exploit the vulnerability to perform unauthorized operations...
CS-Cart administration section file upload vulnerability
CS-Cart is a PHP and MySQL based e-commerce software system developed by CS-Cart team. The system supports third-party software extensions, customized promotional strategies, product filtering definitions, etc. The administration section is one of the management components. A file upload...
Python Tablib Arbitrary Command Execution Vulnerability
Tablib is a Python library related to tabular format data that allows importing, exporting, and managing tabular format data. An arbitrary command execution vulnerability exists in Python Tablib version 0.11.4, which allows an attacker to execute arbitrary script code in the context of an affecte...
Apache Tika Remote Code Execution Vulnerability
Apache Tika is the United States Apache Apache Software Foundation, an integrated POI using Java programs to provide read and write Microsoft Office format documents open-source library, Pdfbox read and create PDF documents pure Java class library and for text extraction work provides a unified...
Potrace de-zero error vulnerability
potrace is a set of bitmap image processing tools developed by software developer Peter Selinger. The tool offers the ability to add smoothing effects, free scaling of images, and more. A divide-by-zero error vulnerability exists in potrace bitmap.h. A remote attacker can exploit this vulnerabili...
SQL Injection Vulnerability in DedeCMS of Shanghai Zhuozhuo Network Technology Company Limited (CNVD-2024-13237)
DedeCMS is the most well-known PHP open source website management system, but also the use of the most users of the PHP class CMS system. Shanghai Zhuozhuo Network Technology Co., Ltd. DedeCMS SQL injection vulnerability, attackers can use the vulnerability to obtain database sensitive informatio...
IBM AIX Denial of Service Vulnerability (CNVD-2023-00810)
IBM AIX is an open standards-based UNIX operating system developed by International Business Machines IBM for the IBM Power architecture. IBM AIX suffers from a denial-of-service vulnerability that can be exploited by unprivileged local attackers to cause a denial of service...
Google TensorFlow MirrorPadGrad buffer overflow vulnerability
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A buffer overflow vulnerability exists in Google TensorFlow, which originates from the "MirrorPadGrad" input "paddings" is too large, an attacker can use this vulnerability to cause a heap memory...
Apache UIMA path traversal vulnerability
Apache UIMA is a component-based software architecture from the Apache Foundation. A path traversal vulnerability exists in Apache UIMA 3.3.0 and earlier, which stems from relative path traversal and can be exploited to create files outside of a specified destination directory using carefully...
OpenSSL Remote Code Execution Vulnerability (CNVD-2022-73348)
OpenSSL is a powerful, commercial-grade, full-featured open source toolkit for the Transport Layer Security TLS protocol, a protocol implementation based on the Full Strength Common Cryptographic Library used to protect communications on computer networks from eavesdropping and widely used by...
Linux kernel access control error vulnerability (CNVD-2022-74085)
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel is vulnerable to an access control error. A remote attacker could retrieve sensitive information by connecting to a Web-based management interface and requesting URLs...
Moodle Cross-Site Scripting Vulnerability (CNVD-2022-54914)
Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. a cross-site scripting vulnerability exists in the LTI module of Moodle, which stems from a lack of data validation filtering of...
Agile Point SQL Injection Vulnerability
Agile Point is Agile Point's solution for automating business processes and workflows and building custom applications, portals and SaaS solutions. Agile Point suffers from a SQL injection vulnerability. The vulnerability stems from the lack of validation of the EncodedData parameter in the...
Ruijie Networks RG-EG Series Routers SQL Injection Vulnerability (CNVD-2022-66402)
Ruijie RG-EG series gateway EG350 is a Ruijie gateway product. sql injection vulnerability exists in RG-EG series gateway EG350 alarmService.php, which allows remote attackers to submit special SQL requests to manipulate the database and obtain sensitive information or execute arbitrary code. cod...
Unauthorized Access Vulnerability in Atlassian System dashboard-Jira
Atlassian Jira is a defect tracking management system from Atlassian. The system is mainly used to track and manage all types of issues and defects in the workplace. An unauthorized access vulnerability exists in Atlassian System dashboard-Jira, which can be exploited by an attacker to obtain...
WordPress Member Hero plugin code injection vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...
D-Link DIR850 ET850-1.08TRb03 has an unspecified vulnerability
D-Link DIR850 ET850-1.08TRb03 is a router from DLink.A security vulnerability exists in the D-Link DIR850 ET850-1.08TRb03, which stems from the fact that the DLink DIR850 ET850-1.08TRb03 is subject to incorrect access control via URL redirection to an untrusted site vulnerability. No detailed...
Linux kernel denial-of-service vulnerability (CNVD-2022-69195)
Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel versions prior to 5.16.10 are vulnerable due to a failure to properly validate interface OS descriptor requests in the USB gadget subsystem. A local attacker could exploit this vulnerabilit...
Google Android Buffer Overflow Vulnerability (CNVD-2022-47682)
Google Android is a Linux-based open source operating system from Google, Inc. A buffer overflow vulnerability exists in Google Android, which originates in GKIgetbuf in gkibuffer.cc. Due to a heap buffer overflow, an out-of-bounds write may exist, and an attacker could use this vulnerability to...
Linux kernel memory overwrite vulnerability
The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A memory overwrite vulnerability exists in aspeedlpcctrlmmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in Linux kernel...
fig2dev stack buffer overflow vulnerability
fig2dev is used to convert .fig files to various graphics languages and formats. A stack buffer overflow vulnerability exists in the readtextobject function in read.c in fig2dev version 3.2.7b. No detailed vulnerability details are currently available...
Liferay Portal and Liferay DXP code issue vulnerability
Liferay Portal and Liferay DXP are both products of Liferay, a J2EE-based portal solution that uses EJB and JMS technologies and serves as a web publishing and shared workspace, enterprise collaboration platform, social network, etc. Liferay DXP is a digital experience collaboration platform...
Vinades NukeViet CMS SQL Injection Vulnerability
Vinades NukeViet CMS is an open source content management system CMS from Vinades Vietnam.Vinades NukeViet CMS is vulnerable to SQL injection, which originates from the topicsid parameter of the product modules/news/admin/addtotopics.php page Fails to filter input special characters, and an...
Linux kernel code issue vulnerability (CNVD-2024-06235)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A code issue vulnerability exists in the Linux kernel that stems from vhostnewmsg in drivers/vhost/vhost.c failing to properly initialize memory in messages passed between a...
Apache Tomcat Open Redirect Vulnerability (CNVD-2023-80565)
Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server. The program implements the Servlet and JavaServer Page JSP support. An open redirection vulnerability exists in Apache Tomcat, which stems from the FORM authentication feature not handling target...
Nacos Jraft Hessian Deserialization Vulnerability
Nacos is an acronym for Dynamic Naming and Configuration Service, a dynamic service discovery, configuration management and service management platform that makes it easier to build cloud-native applications. A deserialization vulnerability exists in Nacos Jraft Hessian, which can be exploited by...
Shenzhen Greenlink Technology Co., Ltd DH2100 has a logic flaw vulnerability
DH2100 is a private cloud product that focuses on simplicity and ease of use. Ltd. DH2100 has a logic flaw vulnerability, which can be exploited by attackers to obtain sensitive information...
Linux kernel information disclosure vulnerability (CNVD-2022-14701)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from an information disclosure vulnerability that originates in the Linux kernel's TIPC protocol subsystem due to uninitialized memory that sends TIPC...
WordPress Crisp Live Chat plugin cross-site scripting vulnerability
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Crisp Live Chat plugin, which stems from a...
Microsoft Exchange Server Remote Code Execution Vulnerability (CNVD-2021-90307)
Microsoft Exchange Server is a set of email service programs from Microsoft Corporation USA. Microsoft Exchange Server is a remote code execution vulnerability that can be exploited by attackers to remotely execute arbitrary code on the server by sending specially crafted malicious data to the...