131102 matches found
Linux kernel array index out-of-bounds vulnerability
Linux kernel is a computer operating system kernel written in C and assembly language, POSIX-compliant, and distributed under the GNU General Public License. detachcapictr function in drivers/isdn/capi/kcapi.c in versions of Linux kernel prior to 5.14.15 is vulnerable to array index out-of-bounds...
Google Chrome WebRTC code execution vulnerability
Google Chrome is a web browser from Google, Inc. A code execution vulnerability exists in Google Chrome WebRTC. The vulnerability is caused by post-release use in WebRTC. A remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service...
Apache Syncope Remote Code Execution Vulnerability (CNVD-2018-18784)
Apache Syncope is the United States Apache Apache Software Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration and more. Apache Syncope uses XSLT to export report data to various formats...
Microsoft Windows HIDParser Elevation of Privilege Vulnerability
Microsoft Windows 10 and others are a series of operating systems released by Microsoft Corporation in the U.S. Microsoft Windows 10 is a set of operating systems for personal computers.Windows Server 2016 is a set of server operating systems.HIDParser is one of the HID HIDParser is one of the HI...
MariaDB and Percona XtraDB Cluster Denial of Service Vulnerability
MariaDB is a free and open source database management system developed by Monty Program Ab, Inc. and the MariaDB Foundation, Inc. and a forked version of MySQL using the Maria storage engine.Percona XtraDB Cluster is a package for creating MySQL clusters. A security vulnerability exists in the...
Zeta Components Mail Remote Code Execution Vulnerability
Zeta Components is a high-quality , general-purpose application development library based on PHP 5 implementation . A remote code execution vulnerability exists in the Zeta Components Mail library version 1.8.1 and earlier, which can be exploited by an attacker to execute arbitrary code on a serv...
WordPress ZipArchive and PclZip Component Directory Traversal Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports in PHP and MySQL servers to set up a personal blog site . ZipArchive and PclZip components are among the compression/decompression components . A directory traversal...
MCabber Security Bypass Vulnerability
MCabber is a small XMPP Jabber console client. A security bypass vulnerability exists in MCabber that could allow an attacker to perform a man-in-the-middle attack or emulate a trusted server...
libgit2 Denial of Service Vulnerability
libgit2 is a portable, pure C implementation of the Git development package , as a reentrant link library with a solid API , libgit2 allows you to use any language to write Git applications . A denial of service vulnerability exists in libgit2. An attacker can exploit this vulnerability to crash...
Multiple NVIDIA GPU Graphics Driver Integer Overflow Vulnerabilities
NVIDIA GPU graphics driver R340, R352, and R358 on Windows and R304, R340, and R358 on Linux are graphics processor GPU drivers from NVIDIA. An integer overflow vulnerability exists in the kernel mode driver for several NVIDIA GPU graphics card drivers, which arises from the program failing to...
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
Microsoft WDAC OLE DB provider for SQL Server is an API from Microsoft Corporation USA that allows access to data from a variety of sources in a unified way. A remote code execution vulnerability exists in Microsoft WDAC OLE DB provider for SQL Server, which can be exploited by an attacker to...
IBM Aspera Faspex Deserialization Vulnerability
IBM Aspera is an IBM FASP protocol-based fast file transfer and streaming solution from International Business Machines IBM. IBM Aspera Faspex version 4.4.2 Patch Level 1 and prior versions contain a deserialization vulnerability that stems from a YAML deserialization flaw. An attacker could use...
NdkAdvancedCustomizationFields Server-Side Request Forgery Vulnerability
NdkAdvancedCustomizationFields is an advanced customization field from Ndk. A server-side request forgery vulnerability exists in NdkAdvancedCustomizationFields 3.5.0 and prior versions, which stems from rotateimg.php failing to properly validate user input. An attacker could use this vulnerabili...
ZTE MF286R SQL Injection Vulnerability
The ZTE MF286R is a wireless router from ZTE Corporation China.A SQL injection vulnerability exists in previous versions of the ZTE MF286R mf286rb07, which stems from insufficient validation of the input parameters of the phonebook interface. An authenticated attacker could use this vulnerability...
Hospital Management System Cross-Site Scripting Vulnerability (CNVD-2022-72088)
Hospital Management System HMS is a computer system that helps manage healthcare-related information and helps healthcare providers do their jobs efficiently. hospital Management System v4.0 is vulnerable to a cross-site scripting vulnerability that originates in the add-patient. php file, severa...
LibTIFF Buffer Overflow Vulnerability (CNVD-2022-72096)
LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. The library contains a number of command-line tools for handling TIFF files.LibTIFF version 4.4.0 is vulnerable to a buffer overflow vulnerability, which stems from the existence of multiple heap buffer overflows th...
Linux kernel resource management error vulnerability (CNVD-2022-74087)
Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable to a memory misreference vulnerability that results from a mix-up in the program's instructions responsible for freeing memory. An attacker could exploit the vulnerability to...
Apache containerd resource management error vulnerability
Apache containerd is a container daemon of the Apache Foundation. The process is responsible for controlling the full cycle of containers on the host according to the RunC OCI specification. Apache containerd is vulnerable to a resource management error that results from not properly controlling...
Linux kernel information disclosure vulnerability (CNVD-2022-79426)
Linux kernel is the kernel used by the Linux Foundation's open-source operating system Linux.KVM is one of the kernel-based virtual machines. Linux kernel suffers from an information disclosure vulnerability that arises from errors in configuration and other errors in the operation of a networked...
Linux kernel has unspecified vulnerabilities (CNVD-2022-20170)
Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel 5.16.12 and earlier versions have a security vulnerability that stems from an untrusted length parameter that leads to an EVTTRANSACTION buffer overflow. No details of the vulnerability are...
Linux kernel code execution vulnerability (CNVD-2022-69194)
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel 5.16.10 and earlier versions have a security vulnerability that could be exploited by attackers to execute arbitrary code on the system...
Oracle MySQL Cluster Input Validation Error Vulnerability (CNVD-2022-07913)
Oracle MySQL Cluster is a write-scalable, real-time, ACID-compliant transactional database developed by Oracle Corporation. Oracle MySQL Cluster 7.4.34, 7.5.24, 7.6.20, 8.0.27 and earlier versions are vulnerable to an input validation error. An attacker could use this vulnerability to corrupt or...
Apostrophe CMS Cross-Site Scripting Vulnerability
Apostrophe CMS is a fully functional open source CMS built using Node.js, designed to enhance organization by combining contextual editing and headless architecture in a full-stack JS environment.Apostrophe CMS = cross-site scripting vulnerability, which originates in Apostrophe CMS versions...
CASAP Automated Enrollment SQL Injection Vulnerability (CNVD-2021-57785)
CASAP Automated Enrollment is an automated enrollment system for the CASAP organization. The goal of this project is to provide CASAP with an automated enrollment system to streamline the school's processes and make them more effective, efficient and easily retrievable. SourceCodester Alumni...
SQL Injection Vulnerability in Huatian Power OA Office System
Huatian Power OA8000 system is a collaborative office software developed by Dalian Huatian Software Co. The Huatian Power OA8000 system suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information...
Weak Password Vulnerability in 3Com-OfficeConnect ADSL Wireless 11g Firewall Router
Founded in 1979, 3Com is a U.S. equipment provider of security products, integrated voice appliances, and data networking solutions for businesses of all sizes. A weak password vulnerability exists in the 3Com-OfficeConnect ADSL Wireless 11g Firewall Router, which can be exploited by attackers to...
Mgetty Command Injection Vulnerability (CNVD-2019-03439)
Mgetty is a getty replacement program for data and fax operations. A command injection vulnerability exists in Mgetty versions prior to 1.2.1, which stems from the 'doactivate' function failing to properly filter shell metacharacters in the fax/faxq-helper.c file, which can be exploited by an...
Ulterius Directory Traversal Vulnerability
Ulterius is a set of remote control management tools. A directory traversal vulnerability exists in the 'Process' function of the RemoteTaskServer/WebServer/HttpServer.cs file in versions of Ulterius prior to 1.9.5.0. An attacker can exploit this vulnerability to download files...
Ruby on Rails Active Record SQL Injection Vulnerability (CNVD-2016-06338)
Ruby on Rails Rails is the Rails core team to develop and maintain a set of open source Web application framework based on the Ruby language , which is separated from the United States 37signals, Inc. project management tools Basecamp. Active Record is one of the domain modeling patterns . A SQL...
Apache HTTP Server suffers from httpoxy remote proxy infection vulnerability
Apache HTTP Server is the United States Apache Apache Software Foundation, an open source web server. The server is fast, reliable and can be expanded through a simple API. httpoxy is a set of vulnerabilities that affect application code running in a CGI environment. The vulnerabilities exist...
Roundcube Webmail Cross-Site Scripting Vulnerability (CNVD-2015-00913)
RoundCube Webmail is a browser-based, multi-language IMAP client. Roundcube Webmail suffers from a cross-site scripting vulnerability due to the program failing to properly filter user-supplied input. An attacker could exploit this vulnerability to execute arbitrary script code or steal...
PHPEMS deserialization vulnerability (CNVD-2024-13536)
PHPEMS is a PHP online mock exam system. PHPEMS has a deserialization vulnerability, the vulnerability arises because there is a function index in app/weixin/controller/index.api.php, which can be exploited by an attacker to cause deserialization via the parameter picurl...
Command Execution Vulnerability in Ivanti Connect Secure at Inventec Software Technology (Beijing) Co.
Ivanti Connect Secure is a seamless, cost-effective SSL VPN solution for remote and mobile users. A command execution vulnerability exists in Ivanti Connect Secure by Inwanzi Software Technology Beijing Co. that can be exploited by an attacker to execute arbitrary commands...
Linux kernel code execution vulnerability (CNVD-2024-14767)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel. The vulnerability is due to the aoecmdcfgpkts function in the Linux kernel's ATA over Ethernet AoE driver incorrectly...
PHP buffer overflow vulnerability (CNVD-2023-64640)
A Hospital Management System HMS is a computerized system that helps manage healthcare-related information and helps healthcare providers do their jobs effectively. A SQL injection vulnerability exists in Hospital Management System version V1.0, which stems from the application's inability to...
Microsoft Windows Bluetooth Service Code Execution Vulnerability
Microsoft Windows Bluetooth Service is a Bluetooth driver from Microsoft USA. A security vulnerability exists in Microsoft Windows Bluetooth Service. An attacker could exploit this vulnerability to cause remote code execution...
Google Chrome Crash reporting component buffer overflow vulnerability
Google Chrome is a web browser from Google, Inc. A buffer overflow vulnerability exists in versions prior to Google Chrome 111.0.5563.64, which stems from a boundary error in the Crash reporting component when handling untrusted input. A remote attacker could exploit this vulnerability to obtain...
Linux kernel denial-of-service vulnerability (CNVD-2023-05410)
Linux kernel, the kernel used by the Linux Foundation's open source operating system Linux, is vulnerable to a denial-of-service attack in versions of Linux kernel prior to 6.1.6. In affected versions of the Linux kernel, a NULL pointer dereference error in the flow control subsystem allows an...
Microsoft Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability
Microsoft Windows is a windowed operating system developed by Microsoft Corporation in the United States. An elevation of privilege vulnerability exists in Microsoft Windows Malicious Software Removal Tool. An attacker can exploit this vulnerability to gain elevation of privilege...
Hitachi Energy PCM600 Information Disclosure Vulnerability
The Hitachi Energy PCM600 is a simplified management tool for protection and control relays from Hitachi, Japan. An information disclosure vulnerability exists in Hitachi Energy PCM600. The vulnerability stems from where IED credentials are stored in the PCM600 database in plaintext format. An...
Linux kernel hid-roccat.c resource management error vulnerability
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A resource management error vulnerability exists in Linux kernel version 5.19.12 and prior versions, which stems from a contention condition in roccatreportevent in...
Microsoft Exchange Server Elevation of Privilege Vulnerability (CNVD-2022-67837)
Microsoft Exchange Server is a popular mail service program developed by Microsoft. Microsoft Exchange Server is vulnerable to an elevation of privilege vulnerability, which can be exploited by remote attackers to submit special requests that can obtain sensitive information or elevate privileges...
Apple OS Out-of-Bounds Write Vulnerability
iOS is a mobile operating system developed by Apple Inc. iPadOS full name: iPad Operating System is a family of mobile operating systems developed by Apple Inc. based on iOS. mac OS is a set of operating systems developed by Apple to run on the Macintosh series of computers. Apple iOS, iPadOS, an...
Google Android Information Disclosure Vulnerability (CNVD-2022-61744)
Google Android is a Linux-based open source operating system from Google, Inc. Google Android is vulnerable to an information disclosure vulnerability caused by a missing permission check in the handleramdump function in pixelloader.c. The vulnerability can be exploited to obtain sensitive...
Adobe Acrobat Reader Input Validation Error Vulnerability
Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDF. An input validation error vulnerability exists in Adobe Acrobat Reader that stems from improper input validation and can be exploited by an attacker to cause a memor...
F5 BIG-IP iControl SOAP Directory Traversal Vulnerability
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. A directory traversal vulnerability exists in F5 BIG-IP iControl SOAP, which can be exploited by an attacker to send a crafted...
Linux Kernel VirtIO Bluetooth driver denial of service vulnerability
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A denial of service vulnerability exists in the Linux Kernel VirtIO Bluetooth driver, which is caused by a memory leak in the VirtIO Bluetooth driver memory leak in driver/Bluetooth/VirtIObt.c. A local...
Insyde InsydeH2O Buffer Overflow Vulnerability (CNVD-2022-10285)
Insyde InsydeH2O is a C source from Insyde Software Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the legacy BIOS Basic Input/Output System. Operating System H2O UEFI firmware suffers from a buffer overflow vulnerability that stems from the SWSMI...
mruby code issue vulnerability
mruby is a lightweight implementation of the Ruby language. A denial of service vulnerability exists in mruby that stems from a null pointer dereference in the software, which can be exploited by an attacker to trigger a denial of service...
Linux kernel security bypass vulnerability (CNVD-2021-60520)
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel has a security vulnerability that can be exploited by attackers to defeat the ASLR protection mechanism...