131102 matches found
Oracle MySQL Cluster Input Validation Error Vulnerability (CNVD-2022-07912)
Oracle MySQL Cluster is a write-scalable, real-time, ACID-compliant transactional database developed by Oracle Corporation. Oracle MySQL Cluster 7.4.34, 7.5.24, 7.6.20, 8.0.27 and earlier versions are vulnerable to an input validation error. An attacker could use this vulnerability to corrupt or...
Mozilla Rust has an unspecified vulnerability (CNVD-2022-03124)
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. version 0.9.7 before Rust sha2 crate 0.9.8 contains a security vulnerability in which the hash of a long message may be incorrect when the AVX2-accelerated backend is used. No details of the vulnerability are...
Linux kernel memory overwrite vulnerability
The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A memory overwrite vulnerability exists in aspeedlpcctrlmmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in Linux kernel...
Liferay Portal and Liferay DXP code issue vulnerability
Liferay Portal and Liferay DXP are both products of Liferay, a J2EE-based portal solution that uses EJB and JMS technologies and serves as a web publishing and shared workspace, enterprise collaboration platform, social network, etc. Liferay DXP is a digital experience collaboration platform...
Vinades NukeViet CMS SQL Injection Vulnerability
Vinades NukeViet CMS is an open source content management system CMS from Vinades Vietnam.Vinades NukeViet CMS is vulnerable to SQL injection, which originates from the topicsid parameter of the product modules/news/admin/addtotopics.php page Fails to filter input special characters, and an...
Mgetty Buffer Overflow Vulnerability
Mgetty is a getty replacement program for data and fax operations. A buffer overflow vulnerability exists in the faxrec.c file in versions of Mgetty prior to 1.2.1, which stems from a failure of the program to filter the 'mailto' in the 'faxnotifymail' function. parameter in the 'faxnotifymail'...
Apache Syncope Remote Code Execution Vulnerability (CNVD-2018-18784)
Apache Syncope is the United States Apache Apache Software Foundation's set of open source digital identity management system for use in enterprise environments. The system supports identity management, role configuration and more. Apache Syncope uses XSLT to export report data to various formats...
Symantec Messaging Gateway Remote Code Execution Vulnerability (CNVD-2017-28446)
Symantec Messaging Gateway is a suite of anti-spam, anti-virus, advanced content filtering and data leakage protection technologies from Symantec. A remote code execution vulnerability exists in Symantec Messaging Gateway versions prior to 10.6.3-267. A remote attacker could exploit this...
ISC BIND Security Bypass Vulnerability (CNVD-2017-12537)
BIND is an open source implementation of the DNS Domain Name System protocol that contains all the software needed to query and respond to domain names. It is the most widely used type of DNS server on the Internet. A security bypass vulnerability exists in ISC BIND. An attacker can exploit this...
Cairo 'cairo-png.c' Integer Overflow Vulnerability
Cairo is a cross-platform open source vector graphics library , it supports in multiple contexts to do 2D drawing , and provides high-quality display and printout . An integer overflow vulnerability exists in Cairo 'cairo-png.c'. An attacker may exploit this issue to crash the affected applicatio...
Libass Arbitrary Code Execution Vulnerability
libass is a lightweight library of functions for rendering subtitles in ASS/SSA format. An arbitrary code execution vulnerability exists in Libass, which can be exploited by a remote attacker to execute arbitrary code...
Multiple Vulnerabilities in OpenStack Object Storage
OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration in collaboration with Rackspace in the U.S. OpenStack Object Storage a.k.a. Swift is one of these programs used to storage project for storing permanent static data. A security...
Google Android Stagefright Integer Overflow Vulnerability
Stagefright is a media playback service for Android. Stagefright for Google Android suffers from an integer overflow vulnerability when malformed media files are present, which can be exploited by an attacker to execute arbitrary code on an affected device...
ASUSWRT Backdoor Command Execution Vulnerability
ASUSWRT is the ASUS router firmware. In ASUS WRT versions 3.0.0.4.3761071, 3.0.0.376.2524-g0013f52, infosvr's common.c fails to properly check the requested MAC address, which could allow a remote attacker to send a NETCMDIDMANUCMD packet to UDP port 9999, by sending a packet to UDP port 9999, an...
Ollama Unauthorized Access Vulnerability
Ollama is an open source Large Language Model LLM runtime environment and toolset designed to help developers easily deploy, manage, and use models e.g., DeepSeek, etc.. Ollama suffers from an unauthorized access vulnerability, which is due to the fact that Ollama is not set up with authenticatio...
Linux kernel code issue vulnerability (CNVD-2024-06235)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A code issue vulnerability exists in the Linux kernel that stems from vhostnewmsg in drivers/vhost/vhost.c failing to properly initialize memory in messages passed between a...
cURL SOCKS5 Heap Overflow Vulnerability
cURL is a network data transfer project. Usually when we say cURL, we mean the cURL command line tool. cURL's underlying use is the libcurl library. A heap overflow vulnerability exists in cURL SOCKS5, which can be exploited by an attacker to construct a malicious hostname and cause code executio...
Samba Information Disclosure Vulnerability (CNVD-2023-64644)
Samba is the standard Windows interoperability program suite for Linux and Unix. Samba suffers from an information disclosure vulnerability. The vulnerability stems from Samba returning the path to the real server-side share at this point, as well as returning the server-side path to the result o...
Nacos Jraft Hessian Deserialization Vulnerability
Nacos is an acronym for Dynamic Naming and Configuration Service, a dynamic service discovery, configuration management and service management platform that makes it easier to build cloud-native applications. A deserialization vulnerability exists in Nacos Jraft Hessian, which can be exploited by...
Google Android elevation of privilege vulnerability (CNVD-2023-55366)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that stems from improper privilege management in the onNullBinding of the CallScreeningServiceHelper.java component, which can be exploited by an attacker ...
Unspecified Vulnerability in AVEVA Edge
AVEVA Edge is a highly scalable and flexible HMI/SCADA software from AVEVA Software UK. A security vulnerability exists in AVEVA Edge 2020 R2 and prior versions that can be exploited by an attacker to potentially compromise the confidentiality, availability or integrity of the system. Details of...
Amasty Blog Create Post Function Cross-Site Scripting Vulnerability
Amasty Blog is a website page extension for Amasty, Inc. A cross-site scripting vulnerability exists in the Amasty Blog Pro 2.10.3 and 2.10.4 plug-ins, which can be exploited by attackers to inject cross-site code and launch XSS attacks...
Online Leave Management System SQL Injection Vulnerability (CNVD-2022-80690)
Online Leave Management System is an online leave management system. version v1.0 of Online Leave Management System has a security vulnerability that originated through the component /admin/?page=user/manageuser&id= found to contain a SQL injection vulnerability. No detailed vulnerability details...
ZoneMinder Cross-Site Scripting Vulnerability (CNVD-2022-68293)
ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, etc. ZoneMinder has a cross-site scripting vulnerability, which stems from a lack of input validation and can be exploited by attackers to execute code...
Linux kernel resource management error vulnerability (CNVD-2022-69191)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A resource management error vulnerability exists in Linux kernel 5.19.10 and earlier versions, which stems from a confusion in the instruction responsible for freeing memory in...
Shenzhen Greenlink Technology Co., Ltd DH2100 has a logic flaw vulnerability
DH2100 is a private cloud product that focuses on simplicity and ease of use. Ltd. DH2100 has a logic flaw vulnerability, which can be exploited by attackers to obtain sensitive information...
Samsung CACertificateInfo Elevation of Privilege Vulnerability
Samsung CACertificateInfo is a system component of Samsung Samsung mobile devices.An elevation of privilege vulnerability exists in Samsung CACertificateInfo, which stems from faulty authentication logic in CACertificateInfo. An attacker could exploit this vulnerability to initiate certain...
Joomla! path traversal vulnerability (CNVD-2022-64100)
A path traversal vulnerability exists in Joomla! versions 3.0.0 through 3.10.6 and 4.0.0 through 4.1.0, which stems from a failure of a web system or product to properly filter special elements in a resource or file path, and can be exploited by remote attackers to send specially crafted .zip...
Subrion CMS Cross-Site Scripting Vulnerability (CNVD-2022-20163)
Subrion CMS is a PHP-based content management system CMS from the Subrion team. The system can be integrated into websites and supports multiple extension plugins, etc. A security vulnerability exists in Subrion CMS 4.2.1, which can be exploited by attackers via the configuration panel...
Linux kernel elevation of privilege vulnerability (CNVD-2022-69197)
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel is vulnerable due to a post-release use in the implementation of the RDMA communication manager listener code. By sending a carefully crafted request, an attacker could exploit this...
Google Tensorflow has an unspecified vulnerability (CNVD-2022-09902)
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A security vulnerability exists in Google TensorFlow that could be exploited to trigger a denial of service by changing the SavedModel on disk...
Samba Access Control Error Vulnerability
Samba is a standard Windows interoperability suite for Linux and Unix. Samba is vulnerable to an access control error that could be exploited by an attacker to retrieve plaintext passwords sent over the network...
Microsoft Exchange Server Remote Code Execution Vulnerability (CNVD-2021-90307)
Microsoft Exchange Server is a set of email service programs from Microsoft Corporation USA. Microsoft Exchange Server is a remote code execution vulnerability that can be exploited by attackers to remotely execute arbitrary code on the server by sending specially crafted malicious data to the...
Sourcecodester Alumni Management System SQL Injection Vulnerability
Sourcecodester Alumni Management System is a Php, Mysql-based alumni management system from Sourcecodester, Inc. SourceCodester Alumni Management System version 1.0 is vulnerable to SQL injection, which allows remote attacker can exploit this vulnerability to execute arbitrary SQL statements via...
Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A code injection...
Advantech BB-ESWGP506-2SFP-T Hardcoded Vulnerability
The Advantech BB-ESWGP506-2SFP-T is an application from CHAAdvantech that provides an intelligent electric bus management system. A hard-coded vulnerability in the Advantech BB-ESWGP506-2SFP-T allows remote attackers to exploit the vulnerability to submit a special request, gain unauthorized acce...
Red Hat WildFly IIOP OpenJDK Subsystem Unauthorized Operation Vulnerability
Red Hat Wildfly formerly known as JBoss Application Server is the United States Red Hat Red Hat a JavaEE-based open source application server. IIOP OpenJDK subsystem is one of the Java-based subsystem. A security vulnerability exists in the IIOP OpenJDK subsystem in Red Hat WildFly versions prior...
ROOT Remote Code Execution Vulnerability
ROOT is a data processing system written in C++. The system can query databases in parallel on workstations or clusters of multi-core machines. rootd daemon is one of the daemons. A remote code execution vulnerability exists in the rootd daemon in ROOT 6.9.03 and earlier. An attacker can exploit...
Flexense Sync Breeze Enterprise Buffer Overflow Vulnerability
Flexense Sync Breeze Enterprise is a set of file synchronization tools from Flexense Canada. The tool has features such as file management and data synchronization. A buffer overflow vulnerability exists in Flexense Sync Breeze Enterprise version 10.0.28. A remote attacker could exploit this...
Movim User Simulation Vulnerability
Movim is a social networking platform written in PHP and HTML5 based on the XMPP standard protocol. A security vulnerability exists in Movim versions 0.8 through 0.10. The vulnerability exists because the program fails to properly implement "XEP-0280: Message Carbons". A remote attacker can explo...
Apache HTTP Server suffers from httpoxy remote proxy infection vulnerability
Apache HTTP Server is the United States Apache Apache Software Foundation, an open source web server. The server is fast, reliable and can be expanded through a simple API. httpoxy is a set of vulnerabilities that affect application code running in a CGI environment. The vulnerabilities exist...
Infinite Automation Mango Automation Arbitrary Command Execution Vulnerability
Infinite Automation Mango Automation is the United States Infinite Automation Systems, Inc. of a set of open source Web-based SCADA data acquisition and supervisory control, HMI and automation software. Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430, has an arbitrary...
cups-filters remove_bad_chars function arbitrary command execution vulnerability
CUPS is a Universal Unix Printing System, a cross-platform printing solution for Unix environments, based on the Internet Printing Protocol, providing most PostScript and raster printer services. A security vulnerability exists in the removebadchars function in cups-filters utils/cups-browsed.c,...
Microsoft SQL Server Native Client Remote Code Execution Vulnerability (CNVD-2025-02468)
Microsoft SQL Server is the United States Microsoft Microsoft company's set of applications in the Microsoft Windows system under the large commercial database system. A remote code execution vulnerability exists in Microsoft SQL Server Native Client, which can be exploited by an attacker to...
Microsoft SQL Server Native Client Remote Code Execution Vulnerability (CNVD-2025-02462)
Microsoft SQL Server is the United States Microsoft Microsoft company's set of applications in the Microsoft Windows system under the large commercial database system. A remote code execution vulnerability exists in Microsoft SQL Server Native Client, which can be exploited by an attacker to...
Remote Code Execution Vulnerability in Electronic Document Security Management System of Beijing Yisaitong Technology Development Co.
Electronic document security management system referred to as: CDG is an electronic document security protection software, the system utilizes the driver layer transparent encryption technology, through the encryption and protection of electronic documents, to prevent the internal staff leakage a...
Siemens Parasolid and Solid Edge SE2022 out-of-bounds read vulnerability
Siemens Parasolid is a geometric modeling kernel from Siemens, a German company. Siemens Solid Edge is a 3D CAD software from Siemens, a German company. The software can be used in industries such as part design, assembly design, sheet metal design, welding design, etc. An out-of-bounds read...
BDCOM 1704-WGL Information Disclosure Vulnerability
The BDCOM 1704-WGL is a router from BDCOM China. An information disclosure vulnerability exists in the BDCOM 1704-WGL version 2.0.6314, which originates from the file /param.file.tgz in the component Backup File Handler, which is not sufficiently protected for sensitive information and can be...
Mozilla Firefox Injection Vulnerability (CNVD-2023-03055)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from an injection vulnerability that stems from a failure to execute the Unsafe-Hashes CSP directive. An attacker could exploit this vulnerability to inject executable script...
File Upload Vulnerability in Intelligent Park Comprehensive Management Platform of Zhejiang Dahua Technology Co.(CNVD-2023-03860)
Zhejiang Dahua Technology Co., Ltd. is a video-centered intelligent IOT solution provider and operation service provider. A file upload vulnerability exists in the integrated management platform of Zhejiang Dahua Technology Co., Ltd. that can be exploited by an attacker to gain server privileges...