131102 matches found
OpenSSL Remote Code Execution Vulnerability (CNVD-2022-73348)
OpenSSL is a powerful, commercial-grade, full-featured open source toolkit for the Transport Layer Security TLS protocol, a protocol implementation based on the Full Strength Common Cryptographic Library used to protect communications on computer networks from eavesdropping and widely used by...
Linux kernel access control error vulnerability (CNVD-2022-74085)
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel is vulnerable to an access control error. A remote attacker could retrieve sensitive information by connecting to a Web-based management interface and requesting URLs...
Fortinet FortiOS Denial of Service Vulnerability
Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform from Fortinet, Inc. Fortinet FortiOS has a denial-of-service vulnerability that originates from the ability to force a NULL pointer to be dereferenced through the SSL VPN Portal, which can be...
Moodle Cross-Site Scripting Vulnerability (CNVD-2022-54914)
Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. a cross-site scripting vulnerability exists in the LTI module of Moodle, which stems from a lack of data validation filtering of...
Agile Point SQL Injection Vulnerability
Agile Point is Agile Point's solution for automating business processes and workflows and building custom applications, portals and SaaS solutions. Agile Point suffers from a SQL injection vulnerability. The vulnerability stems from the lack of validation of the EncodedData parameter in the...
Ruijie Networks RG-EG Series Routers SQL Injection Vulnerability (CNVD-2022-66402)
Ruijie RG-EG series gateway EG350 is a Ruijie gateway product. sql injection vulnerability exists in RG-EG series gateway EG350 alarmService.php, which allows remote attackers to submit special SQL requests to manipulate the database and obtain sensitive information or execute arbitrary code. cod...
Unauthorized Access Vulnerability in Atlassian System dashboard-Jira
Atlassian Jira is a defect tracking management system from Atlassian. The system is mainly used to track and manage all types of issues and defects in the workplace. An unauthorized access vulnerability exists in Atlassian System dashboard-Jira, which can be exploited by an attacker to obtain...
Fastjson Remote Code Execution Vulnerability (CNVD-2022-40233)
Fastjson is an open source JSON parsing library , it can parse JSON format strings , support for Java Bean serialized to JSON strings , you can also deserialize from JSON strings to JavaBean. Fastjson has a remote code execution vulnerability that can be exploited by an attacker to bypass the...
Linux kernel denial-of-service vulnerability (CNVD-2022-69195)
Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel versions prior to 5.16.10 are vulnerable due to a failure to properly validate interface OS descriptor requests in the USB gadget subsystem. A local attacker could exploit this vulnerabilit...
Google Android Buffer Overflow Vulnerability (CNVD-2022-47682)
Google Android is a Linux-based open source operating system from Google, Inc. A buffer overflow vulnerability exists in Google Android, which originates in GKIgetbuf in gkibuffer.cc. Due to a heap buffer overflow, an out-of-bounds write may exist, and an attacker could use this vulnerability to...
cve-search has an unspecified vulnerability
Cve-Search is a tool that performs local searches for known vulnerabilities. It is used for searching, indexing, correlating and managing software vulnerabilities. cve-search versions prior to 4.1.0 have a security vulnerability that stems from lib/DatabaseLayer.py allowing regular expression...
Linux kernel memory overwrite vulnerability
The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A memory overwrite vulnerability exists in aspeedlpcctrlmmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in Linux kernel...
Liferay Portal and Liferay DXP code issue vulnerability
Liferay Portal and Liferay DXP are both products of Liferay, a J2EE-based portal solution that uses EJB and JMS technologies and serves as a web publishing and shared workspace, enterprise collaboration platform, social network, etc. Liferay DXP is a digital experience collaboration platform...
Vinades NukeViet CMS SQL Injection Vulnerability
Vinades NukeViet CMS is an open source content management system CMS from Vinades Vietnam.Vinades NukeViet CMS is vulnerable to SQL injection, which originates from the topicsid parameter of the product modules/news/admin/addtotopics.php page Fails to filter input special characters, and an...
Apache HTTP Server Authentication Bypass Vulnerability
Apache HTTP Server is the United States Apache Apache Software Foundation of an open source web server . An authentication bypass vulnerability exists in Apache HTTP Server. An attacker can exploit the vulnerability to bypass the authentication mechanism and perform unauthorized operations...
Zeta Components Mail Remote Code Execution Vulnerability
Zeta Components is a high-quality , general-purpose application development library based on PHP 5 implementation . A remote code execution vulnerability exists in the Zeta Components Mail library version 1.8.1 and earlier, which can be exploited by an attacker to execute arbitrary code on a serv...
Symantec Messaging Gateway Remote Code Execution Vulnerability (CNVD-2017-28446)
Symantec Messaging Gateway is a suite of anti-spam, anti-virus, advanced content filtering and data leakage protection technologies from Symantec. A remote code execution vulnerability exists in Symantec Messaging Gateway versions prior to 10.6.3-267. A remote attacker could exploit this...
Netgear Multiple Device Authentication Bypass Vulnerability
Netgear is a global leader in enterprise networking solutions and a champion of digital home networking applications. An authentication bypass vulnerability exists in several Netgear devices, which can be exploited by an attacker to launch a command injection attack by passing an input command li...
ASUSWRT Backdoor Command Execution Vulnerability
ASUSWRT is the ASUS router firmware. In ASUS WRT versions 3.0.0.4.3761071, 3.0.0.376.2524-g0013f52, infosvr's common.c fails to properly check the requested MAC address, which could allow a remote attacker to send a NETCMDIDMANUCMD packet to UDP port 9999, by sending a packet to UDP port 9999, an...
Linux kernel code issue vulnerability (CNVD-2024-06235)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A code issue vulnerability exists in the Linux kernel that stems from vhostnewmsg in drivers/vhost/vhost.c failing to properly initialize memory in messages passed between a...
Nacos Jraft Hessian Deserialization Vulnerability
Nacos is an acronym for Dynamic Naming and Configuration Service, a dynamic service discovery, configuration management and service management platform that makes it easier to build cloud-native applications. A deserialization vulnerability exists in Nacos Jraft Hessian, which can be exploited by...
Shenzhen Greenlink Technology Co., Ltd DH2100 has a logic flaw vulnerability
DH2100 is a private cloud product that focuses on simplicity and ease of use. Ltd. DH2100 has a logic flaw vulnerability, which can be exploited by attackers to obtain sensitive information...
Microsoft Exchange Server Remote Code Execution Vulnerability (CNVD-2021-90307)
Microsoft Exchange Server is a set of email service programs from Microsoft Corporation USA. Microsoft Exchange Server is a remote code execution vulnerability that can be exploited by attackers to remotely execute arbitrary code on the server by sending specially crafted malicious data to the...
Adobe Premiere Elements memory buffer out-of-bounds access vulnerability
Adobe Premiere Elements is a video editing software application from Adobe. Adobe Premiere Elements 2021 build 19.0 and earlier versions are vulnerable to a memory buffer out-of-bounds access vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...
Mgetty Buffer Overflow Vulnerability
Mgetty is a getty replacement program for data and fax operations. A buffer overflow vulnerability exists in the faxrec.c file in versions of Mgetty prior to 1.2.1, which stems from a failure of the program to filter the 'mailto' in the 'faxnotifymail' function. parameter in the 'faxnotifymail'...
Ulterius Directory Traversal Vulnerability
Ulterius is a set of remote control management tools. A directory traversal vulnerability exists in the 'Process' function of the RemoteTaskServer/WebServer/HttpServer.cs file in versions of Ulterius prior to 1.9.5.0. An attacker can exploit this vulnerability to download files...
ISC BIND Security Bypass Vulnerability (CNVD-2017-12537)
BIND is an open source implementation of the DNS Domain Name System protocol that contains all the software needed to query and respond to domain names. It is the most widely used type of DNS server on the Internet. A security bypass vulnerability exists in ISC BIND. An attacker can exploit this...
Remote Code Execution Vulnerability in Electronic Document Security Management System of Beijing Yisaitong Technology Development Co.
Electronic document security management system referred to as: CDG is an electronic document security protection software, the system utilizes the driver layer transparent encryption technology, through the encryption and protection of electronic documents, to prevent the internal staff leakage a...
Fortinet FortiPortal Cross-Site Scripting Vulnerability
Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi and FortiAP product lines, available as a virtual machine for MSPs. attacker could exploit the vulnerability to execute stored cross-site scripting by sending...
File Upload Vulnerability in Intelligent Park Comprehensive Management Platform of Zhejiang Dahua Technology Co.(CNVD-2023-03860)
Zhejiang Dahua Technology Co., Ltd. is a video-centered intelligent IOT solution provider and operation service provider. A file upload vulnerability exists in the integrated management platform of Zhejiang Dahua Technology Co., Ltd. that can be exploited by an attacker to gain server privileges...
NdkAdvancedCustomizationFields Server-Side Request Forgery Vulnerability
NdkAdvancedCustomizationFields is an advanced customization field from Ndk. A server-side request forgery vulnerability exists in NdkAdvancedCustomizationFields 3.5.0 and prior versions, which stems from rotateimg.php failing to properly validate user input. An attacker could use this vulnerabili...
Apache MINA Deserialization Vulnerability
Apache MINA is the United States Apache Apache Foundation of a web application framework. The product is mainly used to develop high-performance and highly scalable web applications. Apache MINA 2.9.1 and earlier versions suffer from a deserialization vulnerability that stems from the use of Java...
Atlassian Bitbucket Server和Data Center命令执行漏洞
Atlassian Bitbucket Server is a Git code hosting solution from Atlassian Australia. The solution is capable of managing and reviewing code with features such as diff views, JIRA integration, and build integration.A command execution vulnerability exists in Atlassian Bitbucket Server and Data...
Oracle MySQL Input Validation Error Vulnerability (CNVD-2022-88288)
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. An input validation error vulnerability exists in Oracle MySQL, which can be exploited by an attacker to cause certain unauthorized update, insert, o...
Tenda AC15 Command Injection Vulnerability
The Tenda AC15 is a wireless router from the Chinese company Tenda. The Tenda AC15 has a security vulnerability that can be exploited by an attacker to cause unconditional arbitrary command execution in conjunction with CVE-2021-44971...
Attendance and Payroll System SQL注入漏洞(CNVD-2022-33143)
Attendance and Payroll System is a PHP/MySQLi source code attendance and payroll system by oretnom23 individual developers. version v1.0 of Attendance and Payroll System is vulnerable to SQL injection, which originates from the component adminovertime delete.php lacks validation of external input...
WordPress plugin Caldera Forms cross-site scripting vulnerability
WordPress is a blogging platform developed using the PHP language. cross-site scripting vulnerability exists in versions prior to WordPress plugin Caldera Forms 1.9.7. The vulnerability stems from the plugin's failure to validate and escape cf-api parameters before outputting them back to the...
Linux kernel elevation of privilege vulnerability (CNVD-2022-69197)
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel is vulnerable due to a post-release use in the implementation of the RDMA communication manager listener code. By sending a carefully crafted request, an attacker could exploit this...
Google Chrome Animation Code Execution Vulnerability
Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in Google Chrome Animation, which can be exploited by an attacker to execute arbitrary code on a system or cause a denial of service condition...
Unauthorized Access Vulnerability in HP LaserJet MFP M426fdw Printer
Hewlett-Packard HP is one of the information technology IT companies, founded in 1939 1. Headquartered in Palo Alto, California, USA. Hewlett-Packard has three business groups: Information Products Group, Printing and Imaging Systems Group and Enterprise Computer Professional Services Group. An...
Blueimp jQuery-File-Upload Arbitrary File Upload Vulnerability
Blueimp jQuery-File-Upload is a multi-language file upload tool that includes file selection, file drag and drop, progress bar display and image preview. An arbitrary file upload vulnerability exists in Blueimp jQuery-File-Upload 9.22.0 and earlier versions, which can be exploited by remote...
Apache Syncope Remote Code Execution Vulnerability (CNVD-2018-18784)
Apache Syncope is the United States Apache Apache Software Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration and more. Apache Syncope uses XSLT to export report data to various formats...
Flexense Sync Breeze Enterprise Buffer Overflow Vulnerability
Flexense Sync Breeze Enterprise is a set of file synchronization tools from Flexense Canada. The tool has features such as file management and data synchronization. A buffer overflow vulnerability exists in Flexense Sync Breeze Enterprise version 10.0.28. A remote attacker could exploit this...
Denial of service vulnerability in several Siemens industrial products (CNVD-2017-06151)
SIMATIC CP, SIMATIC RF600, SCALANCE W700, etc. are industrial automation products of Siemens, Germany. A denial of service vulnerability exists in several Siemens industrial devices. Allows an attacker to launch a denial of service attack via specially crafted PROFINET DCP packets sent on the loc...
Oracle VM VirtualBox Remote Vulnerability
Oracle Virtualization Oracle VirtualBox is a virtual machine component of Oracle's virtualization solution. A security vulnerability exists in the GUI subcomponent of the Oracle VM VirtualBox component in Oracle Virtualization. An attacker could exploit this vulnerability to compromise the...
Core Remote Elevation of Privilege Vulnerability
Joomla! is a PHP-based open source content management system CMS. Can be used to build commercial Web sites , personal blogs , information management systems , Web services , etc. , but also for secondary development to expand the scope of use . A remote elevation of privilege vulnerability exist...
CloudBees Jenkins CI and LTS Scripting Vulnerabilities
CloudBees Jenkins CI formerly known as Hudson Labs is a set of Java-based continuous integration tools from CloudBees, Inc. LTS Long-Term Support is a long-supported version of CloudBees Jenkins CI. A security vulnerability exists in the Combination filter Groovy script in CloudBees Jenkins CI...
Multiple Vulnerabilities in VLC Media Player
VLC Media Player is a popular multimedia playback program. VLC Media Player contains multiple unspecified vulnerabilities that could be exploited by attackers to construct malicious files that could be parsed by users, which could crash the application or execute code...
Ollama Unauthorized Access Vulnerability
Ollama is an open source Large Language Model LLM runtime environment and toolset designed to help developers easily deploy, manage, and use models e.g., DeepSeek, etc.. Ollama suffers from an unauthorized access vulnerability, which is due to the fact that Ollama is not set up with authenticatio...
Apache Struts Directory Traversal Vulnerability
Apache Struts is the United States Apache Apache Foundation, an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2. Apache Struts suffers from a directory...