131102 matches found
Google Android elevation of privilege vulnerability (CNVD-2023-26072)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that is caused by insecure deserialization when running ChooseTypeAndAccountActivity.java. An attacker can exploit the vulnerability to gain elevated...
BDCOM 1704-WGL Information Disclosure Vulnerability
The BDCOM 1704-WGL is a router from BDCOM China. An information disclosure vulnerability exists in the BDCOM 1704-WGL version 2.0.6314, which originates from the file /param.file.tgz in the component Backup File Handler, which is not sufficiently protected for sensitive information and can be...
Apache MINA Deserialization Vulnerability
Apache MINA is the United States Apache Apache Foundation of a web application framework. The product is mainly used to develop high-performance and highly scalable web applications. Apache MINA 2.9.1 and earlier versions suffer from a deserialization vulnerability that stems from the use of Java...
Linux kernel resource management error vulnerability (CNVD-2022-69188)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A resource management error vulnerability exists in Linux kernel version 5.19.12 and earlier versions, which stems from the presence of a race condition in...
Zimbra File Upload Vulnerability
Zimbra Collaboration aka ZCS versions 8.8.15 and 9.0 are vulnerable to a file upload vulnerability that stems from a lack of valid authentication of uploaded files by the application. An authenticated attacker with administrator privileges could exploit the vulnerability to be able to upload...
Portainer code issue vulnerability
A code issue vulnerability exists in Portainer Agent, a lightweight user management interface for managing Docker environments and Docker hosts, which stems from the product's failure to associate Portainer instances with past time. An attacker could exploit the vulnerability to cause the API...
Linux kernel denial-of-service vulnerability (CNVD-2022-68576)
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel is vulnerable to a denial-of-service vulnerability caused by a flaw in the sctpmakestrresetreq function in net/sctp/smmakechunk. A locally authenticated attacker can exploit this flaw to cau...
Samba Access Control Error Vulnerability
Samba is a standard Windows interoperability suite for Linux and Unix. Samba is vulnerable to an access control error that could be exploited by an attacker to retrieve plaintext passwords sent over the network...
Google Chrome WebView improperly implemented vulnerability (CNVD-2021-84807)
Chrome is a web browsing tool developed by Google. versions prior to Google Chrome 95.0.4638.54 are vulnerable to a WebView misimplementation. An attacker could exploit this vulnerability to leak cross-domain data through a crafted application...
Adobe Captivate 2019 Elevation of Privilege Vulnerability
Adobe Captivate 2019 is a tool that allows us to quickly create and produce interactive content in html. An elevation of privilege vulnerability exists in Adobe Captivate 2019 11.5.5 and earlier versions. The vulnerability stems from creating temporary files in a directory with incorrect...
Linux kernel denial-of-service vulnerability (CNVD-2021-60517)
Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable due to an out-of-bounds access to xdrsetpagebase in net/sunrpc/xdr.c. By executing many NFS 4.2 READPLUS operations, a remote attacker could exploit this vulnerability to atta...
Apache HTTP Server Authorization Issues Vulnerability
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server is vulnerable to an authorization issue. The vulnerability stems from modsession detecting the expiration time ...
Apache HTTP Server Denial of Service Vulnerability (CNVD-2018-06535)
Apache HTTP Server is the United States Apache Apache Software Foundation, an open source web server. The server is fast, reliable and can be expanded through a simple API. A security vulnerability exists in Apache HTTP Server that stems from the program's failure to properly destroy HTTP/2...
Converse.js User Simulation Vulnerability
Converse.js is a free, open source XMPP chat client that runs in your browser. A security vulnerability exists in versions 0.8.0 through 1.0.6 and 2.0.0 through 2.0.4 of Converse.js due to the program's failure to properly implement "XEP-0280: Message Carbons". A remote attacker could exploit thi...
Exim Configuration File Path Elevation of Privilege Vulnerability
Exim is an open source messaging agent MTA developed by the University of Cambridge in the UK that runs on Unix systems and is responsible for routing, forwarding and delivering mail. A security vulnerability exists in Exim that stems from an error in the program's handling of environment variabl...
Microsoft Excel Resource Management Error Vulnerability
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A security vulnerability exists in Microsoft Excel, which can be exploited by an attacker to remotely execute code...
Command Execution Vulnerability in NBR6205-E of Beijing StarNet Ruijie Network Technology Co. Ltd (CNVD-2024-07921)
The NBR6205-E is a router product. A command execution vulnerability exists in the NBR6205-E of Beijing StarNet Ruijie Network Technology Co. that can be exploited by an attacker to gain server privileges...
Unauthorized access vulnerability in SuperMap iServer of Beijing SuperMap Software Co. Ltd (CNVD-2023-61163)
SuperMap iServer is a cloud GIS application server based on high-performance cross-platform GIS kernel. An unauthorized access vulnerability exists in SuperMap iServer of Beijing SuperMap Software Co. Ltd, which can be exploited by attackers to obtain sensitive information...
Google Chrome Web Audio API component buffer overflow vulnerability
Google Chrome is a web browser from Google, Inc. A buffer overflow vulnerability exists in versions prior to Google Chrome 111.0.5563.64, which stems from a boundary error in the Web Audio API component when handling untrusted input. A remote attacker could exploit this vulnerability to cause hea...
IBM Cloud Pak for Multicloud Management Monitoring has an unspecified vulnerability (CNVD-2023-08052)
IBM Cloud Pak for Multicloud Management is an application from International Business Machines IBM, Inc. used to manage the default functionality of multi-cloud environments. a security vulnerability exists in IBM Cloud Pak for Multicloud Management Monitoring version 2.0, version 2.3. An attacke...
Linux kernel elevation of privilege vulnerability (CNVD-2022-81493)
Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable to an elevation of privilege vulnerability that stems from the existence of memory reuse after release. An attacker could exploit this vulnerability to escalate privileges...
Fortinet FortiOS Denial of Service Vulnerability
Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform from Fortinet, Inc. Fortinet FortiOS has a denial-of-service vulnerability that originates from the ability to force a NULL pointer to be dereferenced through the SSL VPN Portal, which can be...
Red Lion DA50N has an unspecified vulnerability
The Red Lion DA50N is a series of secure edge network gateways from Red Lion, U.S.A. A security vulnerability exists in the Red Lion DA50N that could be exploited by an attacker to elevate to root access using the su command...
Joomla! path traversal vulnerability (CNVD-2022-64100)
A path traversal vulnerability exists in Joomla! versions 3.0.0 through 3.10.6 and 4.0.0 through 4.1.0, which stems from a failure of a web system or product to properly filter special elements in a resource or file path, and can be exploited by remote attackers to send specially crafted .zip...
Pluxml Code Injection Vulnerability
Pluxml is a free and open source content management system that does not require a database to work. A remote code execution vulnerability exists in Pluxml version v5.8.7, which can be exploited by an attacker to execute arbitrary code by inserting carefully crafted PHP code into a static page...
Umbraco Password Reset Vulnerability
Umbraco is a Danish company Umbraco C written in open source content management system CMS. The Umbraco CMS suffers from a password reset vulnerability that stems from a lack of an effective trust management mechanism in a web-based system or product. An attacker could exploit the vulnerability t...
CKEditor cross-site scripting vulnerability (CNVD-2021-92475)
CKEditor is an open source, web-based text editor. CKEditor suffers from a cross-site scripting vulnerability, which stems from the product's failure to effectively filter special characters in input data. An attacker can execute client-side code through this vulnerability...
Google Android Elevation of Privilege Vulnerability (CNVD-2021-80273)
Google Android is a Linux-based open-source operating system from the US company Google. Google Android has an elevation of privilege vulnerability that can be exploited by attackers to escalate privileges...
Apache Jena XML External Entity Injection Vulnerability
Apache Jena is the United States Apache Apache Foundation of a Java Semantic Web framework. Used to build semantic Web and linked data applications. Apache Jena in versions prior to 4.1.0 there is an XML external entity injection vulnerability , the vulnerability stems from the network system or...
Linux kernel denial-of-service vulnerability (CNVD-2021-60513)
Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable due to a failure to properly set the connection order flaw in fs/nfs/nfs4client.c. A remote attacker could exploit this flaw to cause a mount hang and result in a denial of...
Linux kernel security bypass vulnerability (CNVD-2021-60525)
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel has a security vulnerability that can be exploited by an attacker to control bypass restrictions in order to escalate his privileges on the host system...
Adobe After Effects Out-of-Bounds Writing Vulnerability (CNVD-2021-54341)
Adobe After Effects "AE" is a graphics and video processing software from Adobe for organizations involved in design and video special effects, including television stations, animation production companies, personal post-production studios, and multimedia studios. Effects 18.2.1 and earlier...
Apache Tika Command Injection Vulnerability
Apache Tika can leverage existing parsing libraries to detect and extract metadata and structured content from documents in different formats e.g., HTML, PDF, Doc. A command injection vulnerability exists in Apache Tika versions 1.7 through 1.17. An attacker can send a specially crafted header to...
MariaDB and Percona XtraDB Cluster Denial of Service Vulnerability
MariaDB is a free and open source database management system developed by Monty Program Ab, Inc. and the MariaDB Foundation, Inc. and a forked version of MySQL using the Maria storage engine.Percona XtraDB Cluster is a package for creating MySQL clusters. A security vulnerability exists in the...
CloudBees Jenkins Blue Ocean Plugin Security Bypass Vulnerability
CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . A...
Sophos Web Appliance Command Injection Vulnerability
Sophos Web Appliance is a web security gateway solution. An input validation vulnerability in the MgrReport.php file in the web management interface of the Sophos Web Appliance could be exploited by an attacker to submit a special request to inject a system command and execute it...
libgit2 Denial of Service Vulnerability
libgit2 is a portable, pure C implementation of the Git development package , as a reentrant link library with a solid API , libgit2 allows you to use any language to write Git applications . A denial of service vulnerability exists in libgit2. An attacker can exploit this vulnerability to crash...
Cisco Firepower Management Center Console Local File Inclusion Vulnerability
Cisco Firepower Management Center is a new generation of firewall management center software from the U.S. company Cisco Cisco. A local file inclusion vulnerability exists in Cisco Firepower Threat Management Console, which can be exploited by an attacker to obtain sensitive system information...
Moxa EDR-G903 Memory Disclosure Vulnerability
Moxa EDR-G903 is a suite of Moxa's all-in-one firewall/VPN security router products. A security vulnerability exists in Moxa EDR-G903 V3.4.11 and earlier versions. A remote attacker can exploit the vulnerability to cause a memory leak...
CloudBees Jenkins CI and Jenkins LTS Information Disclosure Vulnerability
CloudBees Jenkins CI formerly known as Hudson Labs is a Java-based continuous integration tool from CloudBees, Inc. It is mainly used to monitor ongoing software releases/testing projects and a number of timed tasks.LTS Long-Term Support is a long-supported version of CloudBees Jenkins CI is a...
Merethis Centreon 'getStats.php' Remote Command Execution Vulnerability
Merethis Centreon is an open source IT monitoring software from Merethis France that needs to be paired with Nagios to manage Nagios via the web web and to enable monitoring of networks, operating systems and applications via third-party components. A remote command execution vulnerability exists...
Fortinet FortiPortal Cross-Site Scripting Vulnerability
Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi and FortiAP product lines, available as a virtual machine for MSPs. attacker could exploit the vulnerability to execute stored cross-site scripting by sending...
Logic Flaw Vulnerability in Intelligent IOT Comprehensive Management Platform of Zhejiang Dahua Technology Co.(CNVD-2023-04211)
Zhejiang Dahua Technology Co., Ltd. is the world's leading video-centered intelligent IOT solution provider and operation service provider. A logic flaw vulnerability exists in the Intelligent IOT Integrated Management Platform of Zhejiang Dahua Technology Co. Ltd, which can be exploited by an...
WordPress Beautiful Cookie Consent Banner plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. Cross-site scripting...
Unspecified vulnerability in Linux kernel (CNVD-2022-70572)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a security vulnerability that originates from an affected function intrcallback in file drivers/net/usb/r8152.c, which results in logging of too much...
Zimbra Collaboration Suite Remote Code Execution Vulnerability
Zimbra Collaboration Suite ZCS is an open source collaborative office suite. The product includes WebMail, Calendar, Address Book, etc. A security vulnerability exists in Zimbra Collaboration Suite ZCS versions 8.8.15 and 9.0, which stems from a lack of valid authentication of uploaded files by t...
Linux kernel resource management error vulnerability (CNVD-2022-69191)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A resource management error vulnerability exists in Linux kernel 5.19.10 and earlier versions, which stems from a confusion in the instruction responsible for freeing memory in...
Oracle Solaris Denial of Service Vulnerability (CNVD-2022-54629)
Oracle Solaris is a set of UNIX operating systems from Oracle. A denial of service vulnerability exists in the Filesystem component of Oracle Solaris 11. An attacker could exploit this vulnerability to corrupt Oracle Solaris, which could result in unauthorized updates, insertions, or deletions of...
Google TensorFlow Input Validation Error Vulnerability (CVE-2022-29192)
Google TensorFlow, an end-to-end open source platform for machine learning from Google, Inc. is vulnerable to an input validation error in versions prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4, which originates in tf.rawops QuantizeAndDequantizeV4Grad does not fully validate the input parameters and c...
Hikvision iVMS-A100 has a command execution vulnerability
Hikvision iVMS-A100 is an integrated alarm video management platform that implements multiple functions such as alarm management, video review, preview playback, storage and download, alarm linkage, remote control, information forwarding, business management, and value-added services. iVMS-A100 i...