Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2021/11/05 12:0 a.m.•54 views

Linux kernel array index out-of-bounds vulnerability

Linux kernel is a computer operating system kernel written in C and assembly language, POSIX-compliant, and distributed under the GNU General Public License. detachcapictr function in drivers/isdn/capi/kcapi.c in versions of Linux kernel prior to 5.14.15 is vulnerable to array index out-of-bounds...

5.5CVSS3.9AI score0.00669EPSS
Exploits1References1
CNVD
CNVD
•added 2021/09/01 12:0 a.m.•54 views

Google Chrome WebRTC code execution vulnerability

Google Chrome is a web browser from Google, Inc. A code execution vulnerability exists in Google Chrome WebRTC. The vulnerability is caused by post-release use in WebRTC. A remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service...

8.8CVSS4.7AI score0.02798EPSS
Exploits0References1
CNVD
CNVD
•added 2018/09/14 12:0 a.m.•54 views

Apache Syncope Remote Code Execution Vulnerability (CNVD-2018-18784)

Apache Syncope is the United States Apache Apache Software Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration and more. Apache Syncope uses XSLT to export report data to various formats...

7.2CVSS6.9AI score0.18024EPSS
Exploits4References1
CNVD
CNVD
•added 2018/06/13 12:0 a.m.•54 views

Microsoft Windows HIDParser Elevation of Privilege Vulnerability

Microsoft Windows 10 and others are a series of operating systems released by Microsoft Corporation in the U.S. Microsoft Windows 10 is a set of operating systems for personal computers.Windows Server 2016 is a set of server operating systems.HIDParser is one of the HID HIDParser is one of the HI...

7CVSS8AI score0.01089EPSS
Exploits0References1
CNVD
CNVD
•added 2018/01/29 12:0 a.m.•54 views

MariaDB and Percona XtraDB Cluster Denial of Service Vulnerability

MariaDB is a free and open source database management system developed by Monty Program Ab, Inc. and the MariaDB Foundation, Inc. and a forked version of MySQL using the Maria storage engine.Percona XtraDB Cluster is a package for creating MySQL clusters. A security vulnerability exists in the...

8.8CVSS6.8AI score0.03287EPSS
Exploits0References1
CNVD
CNVD
•added 2017/11/14 12:0 a.m.•54 views

Zeta Components Mail Remote Code Execution Vulnerability

Zeta Components is a high-quality , general-purpose application development library based on PHP 5 implementation . A remote code execution vulnerability exists in the Zeta Components Mail library version 1.8.1 and earlier, which can be exploited by an attacker to execute arbitrary code on a serv...

8.1CVSS8.7AI score0.10652EPSS
Exploits3References1
CNVD
CNVD
•added 2017/09/25 12:0 a.m.•54 views

WordPress ZipArchive and PclZip Component Directory Traversal Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports in PHP and MySQL servers to set up a personal blog site . ZipArchive and PclZip components are among the compression/decompression components . A directory traversal...

7.5CVSS8.1AI score0.13385EPSS
Exploits1References1
CNVD
CNVD
•added 2016/12/15 12:0 a.m.•54 views

MCabber Security Bypass Vulnerability

MCabber is a small XMPP Jabber console client. A security bypass vulnerability exists in MCabber that could allow an attacker to perform a man-in-the-middle attack or emulate a trusted server...

7.4CVSS6.8AI score0.04512EPSS
Exploits2References1
CNVD
CNVD
•added 2016/10/12 12:0 a.m.•54 views

libgit2 Denial of Service Vulnerability

libgit2 is a portable, pure C implementation of the Git development package , as a reentrant link library with a solid API , libgit2 allows you to use any language to write Git applications . A denial of service vulnerability exists in libgit2. An attacker can exploit this vulnerability to crash...

5.5CVSS5.7AI score0.01837EPSS
Exploits0References1
CNVD
CNVD
•added 2015/11/26 12:0 a.m.•54 views

Multiple NVIDIA GPU Graphics Driver Integer Overflow Vulnerabilities

NVIDIA GPU graphics driver R340, R352, and R358 on Windows and R304, R340, and R358 on Linux are graphics processor GPU drivers from NVIDIA. An integer overflow vulnerability exists in the kernel mode driver for several NVIDIA GPU graphics card drivers, which arises from the program failing to...

6.6CVSS6.8AI score0.00396EPSS
Exploits0References1
CNVD
CNVD
•added 2023/10/13 12:0 a.m.•53 views

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

Microsoft WDAC OLE DB provider for SQL Server is an API from Microsoft Corporation USA that allows access to data from a variety of sources in a unified way. A remote code execution vulnerability exists in Microsoft WDAC OLE DB provider for SQL Server, which can be exploited by an attacker to...

8.8CVSS8.4AI score0.01738EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/21 12:0 a.m.•53 views

IBM Aspera Faspex Deserialization Vulnerability

IBM Aspera is an IBM FASP protocol-based fast file transfer and streaming solution from International Business Machines IBM. IBM Aspera Faspex version 4.4.2 Patch Level 1 and prior versions contain a deserialization vulnerability that stems from a YAML deserialization flaw. An attacker could use...

9.8CVSS6.3AI score0.99968EPSS
Exploits5References1
CNVD
CNVD
•added 2022/11/24 12:0 a.m.•53 views

NdkAdvancedCustomizationFields Server-Side Request Forgery Vulnerability

NdkAdvancedCustomizationFields is an advanced customization field from Ndk. A server-side request forgery vulnerability exists in NdkAdvancedCustomizationFields 3.5.0 and prior versions, which stems from rotateimg.php failing to properly validate user input. An attacker could use this vulnerabili...

9.1CVSS3.7AI score0.00812EPSS
Exploits1References1
CNVD
CNVD
•added 2022/11/24 12:0 a.m.•53 views

ZTE MF286R SQL Injection Vulnerability

The ZTE MF286R is a wireless router from ZTE Corporation China.A SQL injection vulnerability exists in previous versions of the ZTE MF286R mf286rb07, which stems from insufficient validation of the input parameters of the phonebook interface. An authenticated attacker could use this vulnerability...

8.8CVSS4.4AI score0.26542EPSS
Exploits1References1
CNVD
CNVD
•added 2022/10/25 12:0 a.m.•53 views

Hospital Management System Cross-Site Scripting Vulnerability (CNVD-2022-72088)

Hospital Management System HMS is a computer system that helps manage healthcare-related information and helps healthcare providers do their jobs efficiently. hospital Management System v4.0 is vulnerable to a cross-site scripting vulnerability that originates in the add-patient. php file, severa...

5.4CVSS1.2AI score0.00447EPSS
Exploits1References1
CNVD
CNVD
•added 2022/10/25 12:0 a.m.•53 views

LibTIFF Buffer Overflow Vulnerability (CNVD-2022-72096)

LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. The library contains a number of command-line tools for handling TIFF files.LibTIFF version 4.4.0 is vulnerable to a buffer overflow vulnerability, which stems from the existence of multiple heap buffer overflows th...

7.7CVSS1.7AI score0.00485EPSS
Exploits1References1
CNVD
CNVD
•added 2022/10/21 12:0 a.m.•53 views

Linux kernel resource management error vulnerability (CNVD-2022-74087)

Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable to a memory misreference vulnerability that results from a mix-up in the program's instructions responsible for freeing memory. An attacker could exploit the vulnerability to...

2.9AI score0.0045EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2022/06/14 12:0 a.m.•53 views

Apache containerd resource management error vulnerability

Apache containerd is a container daemon of the Apache Foundation. The process is responsible for controlling the full cycle of containers on the host according to the RunC OCI specification. Apache containerd is vulnerable to a resource management error that results from not properly controlling...

2.1CVSS2.5AI score0.00377EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2022/03/25 12:0 a.m.•53 views

Linux kernel information disclosure vulnerability (CNVD-2022-79426)

Linux kernel is the kernel used by the Linux Foundation's open-source operating system Linux.KVM is one of the kernel-based virtual machines. Linux kernel suffers from an information disclosure vulnerability that arises from errors in configuration and other errors in the operation of a networked...

5.5CVSS6.1AI score0.00465EPSS
Exploits1References1
CNVD
CNVD
•added 2022/03/08 12:0 a.m.•53 views

Linux kernel has unspecified vulnerabilities (CNVD-2022-20170)

Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel 5.16.12 and earlier versions have a security vulnerability that stems from an untrusted length parameter that leads to an EVTTRANSACTION buffer overflow. No details of the vulnerability are...

7.8CVSS4AI score0.00432EPSS
Exploits0References1
CNVD
CNVD
•added 2022/02/18 12:0 a.m.•53 views

Linux kernel code execution vulnerability (CNVD-2022-69194)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel 5.16.10 and earlier versions have a security vulnerability that could be exploited by attackers to execute arbitrary code on the system...

7.8CVSS5.3AI score0.01054EPSS
Exploits1References1
CNVD
CNVD
•added 2022/01/26 12:0 a.m.•53 views

Oracle MySQL Cluster Input Validation Error Vulnerability (CNVD-2022-07913)

Oracle MySQL Cluster is a write-scalable, real-time, ACID-compliant transactional database developed by Oracle Corporation. Oracle MySQL Cluster 7.4.34, 7.5.24, 7.6.20, 8.0.27 and earlier versions are vulnerable to an input validation error. An attacker could use this vulnerability to corrupt or...

6.3CVSS4.5AI score0.02518EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/09 12:0 a.m.•53 views

Apostrophe CMS Cross-Site Scripting Vulnerability

Apostrophe CMS is a fully functional open source CMS built using Node.js, designed to enhance organization by combining contextual editing and headless architecture in a full-stack JS environment.Apostrophe CMS = cross-site scripting vulnerability, which originates in Apostrophe CMS versions...

5.4CVSS0.5AI score0.00483EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/23 12:0 a.m.•53 views

CASAP Automated Enrollment SQL Injection Vulnerability (CNVD-2021-57785)

CASAP Automated Enrollment is an automated enrollment system for the CASAP organization. The goal of this project is to provide CASAP with an automated enrollment system to streamline the school's processes and make them more effective, efficient and easily retrievable. SourceCodester Alumni...

9.8CVSS3.2AI score0.01517EPSS
Exploits1References1
CNVD
CNVD
•added 2021/06/19 12:0 a.m.•53 views

SQL Injection Vulnerability in Huatian Power OA Office System

Huatian Power OA8000 system is a collaborative office software developed by Dalian Huatian Software Co. The Huatian Power OA8000 system suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information...

7.7AI score
Exploits0
CNVD
CNVD
•added 2021/06/09 12:0 a.m.•53 views

Weak Password Vulnerability in 3Com-OfficeConnect ADSL Wireless 11g Firewall Router

Founded in 1979, 3Com is a U.S. equipment provider of security products, integrated voice appliances, and data networking solutions for businesses of all sizes. A weak password vulnerability exists in the 3Com-OfficeConnect ADSL Wireless 11g Firewall Router, which can be exploited by attackers to...

7.1AI score
Exploits0
CNVD
CNVD
•added 2018/09/14 12:0 a.m.•53 views

Mgetty Command Injection Vulnerability (CNVD-2019-03439)

Mgetty is a getty replacement program for data and fax operations. A command injection vulnerability exists in Mgetty versions prior to 1.2.1, which stems from the 'doactivate' function failing to properly filter shell metacharacters in the fax/faxq-helper.c file, which can be exploited by an...

7.8CVSS8AI score0.01323EPSS
Exploits2References1
CNVD
CNVD
•added 2017/11/14 12:0 a.m.•53 views

Ulterius Directory Traversal Vulnerability

Ulterius is a set of remote control management tools. A directory traversal vulnerability exists in the 'Process' function of the RemoteTaskServer/WebServer/HttpServer.cs file in versions of Ulterius prior to 1.9.5.0. An attacker can exploit this vulnerability to download files...

7.5CVSS6.9AI score0.91496EPSS
Exploits6References1
CNVD
CNVD
•added 2016/08/16 12:0 a.m.•53 views

Ruby on Rails Active Record SQL Injection Vulnerability (CNVD-2016-06338)

Ruby on Rails Rails is the Rails core team to develop and maintain a set of open source Web application framework based on the Ruby language , which is separated from the United States 37signals, Inc. project management tools Basecamp. Active Record is one of the domain modeling patterns . A SQL...

7.5CVSS7.9AI score0.03903EPSS
Exploits0References1
CNVD
CNVD
•added 2016/07/19 12:0 a.m.•53 views

Apache HTTP Server suffers from httpoxy remote proxy infection vulnerability

Apache HTTP Server is the United States Apache Apache Software Foundation, an open source web server. The server is fast, reliable and can be expanded through a simple API. httpoxy is a set of vulnerabilities that affect application code running in a CGI environment. The vulnerabilities exist...

8.1CVSS9.3AI score0.55724EPSS
Exploits0References1
CNVD
CNVD
•added 2015/02/03 12:0 a.m.•53 views

Roundcube Webmail Cross-Site Scripting Vulnerability (CNVD-2015-00913)

RoundCube Webmail is a browser-based, multi-language IMAP client. Roundcube Webmail suffers from a cross-site scripting vulnerability due to the program failing to properly filter user-supplied input. An attacker could exploit this vulnerability to execute arbitrary script code or steal...

4.3CVSS6.8AI score0.03279EPSS
Exploits2References1
CNVD
CNVD
•added 2024/03/14 12:0 a.m.•52 views

PHPEMS deserialization vulnerability (CNVD-2024-13536)

PHPEMS is a PHP online mock exam system. PHPEMS has a deserialization vulnerability, the vulnerability arises because there is a function index in app/weixin/controller/index.api.php, which can be exploited by an attacker to cause deserialization via the parameter picurl...

9.8CVSS6.8AI score0.00741EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/22 12:0 a.m.•52 views

Command Execution Vulnerability in Ivanti Connect Secure at Inventec Software Technology (Beijing) Co.

Ivanti Connect Secure is a seamless, cost-effective SSL VPN solution for remote and mobile users. A command execution vulnerability exists in Ivanti Connect Secure by Inwanzi Software Technology Beijing Co. that can be exploited by an attacker to execute arbitrary commands...

9.1CVSS7.8AI score0.99999EPSS
Exploits18
CNVD
CNVD
•added 2024/01/05 12:0 a.m.•52 views

Linux kernel code execution vulnerability (CNVD-2024-14767)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel. The vulnerability is due to the aoecmdcfgpkts function in the Linux kernel's ATA over Ethernet AoE driver incorrectly...

7CVSS7AI score0.0041EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/15 12:0 a.m.•52 views

PHP buffer overflow vulnerability (CNVD-2023-64640)

A Hospital Management System HMS is a computerized system that helps manage healthcare-related information and helps healthcare providers do their jobs effectively. A SQL injection vulnerability exists in Hospital Management System version V1.0, which stems from the application's inability to...

9.8CVSS7.8AI score0.08003EPSS
Exploits3References1
CNVD
CNVD
•added 2023/03/16 12:0 a.m.•52 views

Microsoft Windows Bluetooth Service Code Execution Vulnerability

Microsoft Windows Bluetooth Service is a Bluetooth driver from Microsoft USA. A security vulnerability exists in Microsoft Windows Bluetooth Service. An attacker could exploit this vulnerability to cause remote code execution...

8.8CVSS9.1AI score0.03217EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/13 12:0 a.m.•52 views

Google Chrome Crash reporting component buffer overflow vulnerability

Google Chrome is a web browser from Google, Inc. A buffer overflow vulnerability exists in versions prior to Google Chrome 111.0.5563.64, which stems from a boundary error in the Crash reporting component when handling untrusted input. A remote attacker could exploit this vulnerability to obtain...

6.5CVSS2.6AI score0.00524EPSS
Exploits0References1
CNVD
CNVD
•added 2023/01/30 12:0 a.m.•52 views

Linux kernel denial-of-service vulnerability (CNVD-2023-05410)

Linux kernel, the kernel used by the Linux Foundation's open source operating system Linux, is vulnerable to a denial-of-service attack in versions of Linux kernel prior to 6.1.6. In affected versions of the Linux kernel, a NULL pointer dereference error in the flow control subsystem allows an...

5.5CVSS4.3AI score0.00964EPSS
Exploits1References1
CNVD
CNVD
•added 2023/01/13 12:0 a.m.•52 views

Microsoft Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability

Microsoft Windows is a windowed operating system developed by Microsoft Corporation in the United States. An elevation of privilege vulnerability exists in Microsoft Windows Malicious Software Removal Tool. An attacker can exploit this vulnerability to gain elevation of privilege...

6.3CVSS6.4AI score0.00378EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/24 12:0 a.m.•52 views

Hitachi Energy PCM600 Information Disclosure Vulnerability

The Hitachi Energy PCM600 is a simplified management tool for protection and control relays from Hitachi, Japan. An information disclosure vulnerability exists in Hitachi Energy PCM600. The vulnerability stems from where IED credentials are stored in the PCM600 database in plaintext format. An...

7.1CVSS5.6AI score0.00146EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/09 12:0 a.m.•52 views

Linux kernel hid-roccat.c resource management error vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A resource management error vulnerability exists in Linux kernel version 5.19.12 and prior versions, which stems from a contention condition in roccatreportevent in...

4.7CVSS6.4AI score0.00205EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/08 12:0 a.m.•52 views

Microsoft Exchange Server Elevation of Privilege Vulnerability (CNVD-2022-67837)

Microsoft Exchange Server is a popular mail service program developed by Microsoft. Microsoft Exchange Server is vulnerable to an elevation of privilege vulnerability, which can be exploited by remote attackers to submit special requests that can obtain sensitive information or elevate privileges...

8.8CVSS4.5AI score0.99945EPSS
Exploits9References1
CNVD
CNVD
•added 2022/08/18 12:0 a.m.•52 views

Apple OS Out-of-Bounds Write Vulnerability

iOS is a mobile operating system developed by Apple Inc. iPadOS full name: iPad Operating System is a family of mobile operating systems developed by Apple Inc. based on iOS. mac OS is a set of operating systems developed by Apple to run on the Macintosh series of computers. Apple iOS, iPadOS, an...

7.8CVSS8.4AI score0.03259EPSS
Exploits0References1
CNVD
CNVD
•added 2022/08/18 12:0 a.m.•52 views

Google Android Information Disclosure Vulnerability (CNVD-2022-61744)

Google Android is a Linux-based open source operating system from Google, Inc. Google Android is vulnerable to an information disclosure vulnerability caused by a missing permission check in the handleramdump function in pixelloader.c. The vulnerability can be exploited to obtain sensitive...

4.4CVSS1.9AI score0.00103EPSS
Exploits0References1
CNVD
CNVD
•added 2022/08/12 12:0 a.m.•52 views

Adobe Acrobat Reader Input Validation Error Vulnerability

Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDF. An input validation error vulnerability exists in Adobe Acrobat Reader that stems from improper input validation and can be exploited by an attacker to cause a memor...

5.5CVSS6AI score0.04055EPSS
Exploits0References1
CNVD
CNVD
•added 2022/05/07 12:0 a.m.•52 views

F5 BIG-IP iControl SOAP Directory Traversal Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A directory traversal vulnerability exists in F5 BIG-IP iControl SOAP, which can be exploited by an attacker to send a crafted...

4.3CVSS4.7AI score0.01469EPSS
Exploits0References1
CNVD
CNVD
•added 2022/03/15 12:0 a.m.•52 views

Linux Kernel VirtIO Bluetooth driver denial of service vulnerability

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A denial of service vulnerability exists in the Linux Kernel VirtIO Bluetooth driver, which is caused by a memory leak in the VirtIO Bluetooth driver memory leak in driver/Bluetooth/VirtIObt.c. A local...

5.5CVSS3.4AI score0.00317EPSS
Exploits0References1
CNVD
CNVD
•added 2022/02/08 12:0 a.m.•52 views

Insyde InsydeH2O Buffer Overflow Vulnerability (CNVD-2022-10285)

Insyde InsydeH2O is a C source from Insyde Software Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the legacy BIOS Basic Input/Output System. Operating System H2O UEFI firmware suffers from a buffer overflow vulnerability that stems from the SWSMI...

8.2CVSS2.6AI score0.00327EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/18 12:0 a.m.•52 views

mruby code issue vulnerability

mruby is a lightweight implementation of the Ruby language. A denial of service vulnerability exists in mruby that stems from a null pointer dereference in the software, which can be exploited by an attacker to trigger a denial of service...

7.5CVSS7.2AI score0.00963EPSS
Exploits1References1
CNVD
CNVD
•added 2021/08/10 12:0 a.m.•53 views

Linux kernel security bypass vulnerability (CNVD-2021-60520)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel has a security vulnerability that can be exploited by attackers to defeat the ASLR protection mechanism...

3.3CVSS3.1AI score0.00328EPSS
Exploits0References1
Total number of security vulnerabilities5000