131102 matches found
Google Chrome WebRTC Module Memory Misreference Vulnerability
Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in the Google Chrome WebRTC module, which stems from a confusion in the instructions responsible for freeing memory in the WebRTC module. An attacker can exploit this vulnerability to execu...
Microsoft SharePoint Server Remote Code Execution Vulnerability (CNVD-2024-11162)
Microsoft SharePoint Server is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A remote code...
Microsoft Hyper-V Remote Code Execution Vulnerability (CNVD-2024-11160)
Microsoft Hyper-V is an application from Microsoft Corporation USA. A system hypervisor virtualization technology that enables desktop virtualization. A remote code execution vulnerability exists in Microsoft Hyper-V, which can be exploited by an attacker to execute arbitrary code on a system...
Command Execution Vulnerability in Agile Controller of Huawei Technologies Co.
Agile Controller is an automation controller for a variety of industrial application scenarios. A command execution vulnerability exists in Agile Controller from Huawei Technologies, which can be exploited by an attacker to gain server privileges...
Linux kernel ntfs_set_ea out-of-bounds read vulnerability
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. An out-of-bounds read vulnerability exists in versions of Linux kernel prior to 6.2, which stems from the ntfs3 subsystem failing to check for correctness during a disk read, a...
Fortinet FortiOS SSLVPN Remote Code Execution Vulnerability
Fortinet FortiOS is a security operating system from Fortinet, a US-based company dedicated to the FortiGate network security platform. The system provides users with a variety of security features such as firewall, anti-virus, VPN, Web content filtering and anti-spam.Fortinet FortiOS SSLVPN remo...
XWiki Platform Information Disclosure Vulnerability
XWiki Platform is the French company XWiki's set of Wiki platform for creating Web collaboration applications. The XWiki Platform suffers from an information disclosure vulnerability that originates from the fact that when using XWiki's "Reset forgotten password" feature, passwords are stored in...
Cross-site scripting vulnerability in Import Files function of multiple Siemens products
Siemens Desigo PX is a building automation control system from Siemens, a German company. A cross-site scripting vulnerability exists in several Siemens products. The vulnerability stems from an incorrect neutralization of input during web page generation in the Import Files function of the...
Strapi SQL Injection Vulnerability
Strapi is an open source content management system CMS. versions of Strapi prior to 3.6.10 and 4.0.0 and later, and prior to 4.1.10, contain a SQL injection vulnerability that stems from its incorrect handling of hidden attributes in admin API responses. An attacker could exploit the vulnerabilit...
Adobe InDesign Heap Buffer Overflow Vulnerability (CNVD-2022-79412)
Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. Adobe InDesign suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...
Adobe Illustrator out-of-bounds read vulnerability (CNVD-2023-07320)
Adobe Illustrator is a software released by Adobe Systems, Inc. for graphics production. An out-of-bounds read vulnerability exists in Adobe Illustrator, which can be exploited by attackers to bypass mitigations such as ASLR and cause sensitive memory leaks...
SAP Business Objects Data Forgery Issue Vulnerability
SAP Business Objects is a business intelligence suite from SAP Germany. A security vulnerability exists in SAP Business Objects version 420 that stems from inadequate input validation. An attacker exploits the vulnerability to submit a malicious request...
Zabbix Frontend Cross-Site Scripting Vulnerability (CNVD-2022-56704)
Zabbix Frontend is a monitoring software front-end tool from the American company Zabbix. A cross-site scripting vulnerability exists in Zabbix Frontend, which can be exploited by an authenticated attacker to create a link to a discovery page with reflected Javascript code and send it to other...
Multiple Dahua Products Denial of Service Vulnerabilities
Dahua IPC-HFW2XXX is a series of IP cameras, Dahua IPC-HDBW2XXX is a series of cameras, Dahua ASI7XXXX is a series of face recognition access controllers, and Dahua IPC-HFW2XXX is a series of IP cameras. A denial of service vulnerability exists in several Dahua products, which could be exploited ...
ImpressCMS path traversal vulnerability
ImpressCMS is a MySQL-based, modular content management system CMS. The system includes modules for press releases, forums, and photo albums. ImpressCMS is vulnerable to a path traversal vulnerability that can be exploited by an authenticated attacker to delete arbitrary files on the system by...
Braintree sanitize-url cross-site scripting vulnerability
Braintree sanitize-url is an open source URL cleanup from Braintree, Inc. A cross-site scripting vulnerability exists in versions prior to Braintree sanitize-url 6.0.0, which stems from a lack of user-supplied data and output data validation filtering in the sanitizeUrl function. An attacker coul...
IBM Spectrum Copy Data Management Cross-Site Scripting Vulnerability (CNVD-2022-84077)
IBM Spectrum Copy Data Management is an implementation of International Business Machines Corporation IBM to modernize, simplify, and automate data center copy management processes.A cross-site scripting vulnerability exists in IBM Spectrum Copy Data Management versions 2.2.0.0 inclusive through...
Linux kernel authorization issue vulnerability
Linux kernel is the kernel used by the Linux Foundation's open-source operating system Linux. Linux kernel is vulnerable to a security flaw that stems from a problem with the software's permissions restrictions. The vulnerability can be exploited by an attacker to bypass the restrictions of the...
Apache Pluto Cross-Site Scripting Vulnerability (CNVD-2022-02488)
Apache Pluto is a runtime environment for a set of Portlet containers from the Apache Foundation.Apache Pluto in version 3.1.0 has a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied and output data in the first name and last name fields. An...
Command Execution Vulnerability in Sunflower Lite Edition
Sunflower is a free all-in-one remote control management tool software that integrates remote control of computer and cell phone, remote desktop connection, remote boot, remote management, and intranet penetration support. A command execution vulnerability exists in Sunflower Lite, which can be...
DBeaver XML External Entity Injection Vulnerability
DBeaver is a free multi-platform database tool for developers, Sql programmers, database administrators and analysts from the DBeaver team in the U.S. An XML external entity injection vulnerability exists in DBeaver, which stems from a web-based system or product that does not set the correct...
Linux kernel denial-of-service vulnerability (CNVD-2021-93367)
Linux kernel is a computer operating system kernel written in C and assembly language, POSIX-compliant, and distributed under the GNU General Public License. Linux kernel 5.15.2 and earlier versions contain a security vulnerability that can be exploited by attackers to cause a denial of service...
Google TensorFlow has an unspecified vulnerability (CNVD-2021-92550)
Google TensorFlow is an end-to-end open source platform for machine learning from Google Google, Inc. A security vulnerability exists in versions prior to Google TensorFlow 2.7.0, which stems from an overflow problem in TensorFlow when calculating the output size in the tf.range kernel. No detail...
Beijing Tongda Zhicheng Technology Co., Ltd. Heart Tongda OA has file upload vulnerability (CNVD-2021-86805)
Xin Tongda OA is an OA office tool equipped with AI artificial intelligence. Beijing Tongda Zhicheng Technology Co. Xin Tongda OA has a file upload vulnerability, which can be exploited by attackers to gain control of the server...
Google TensorFlow buffer overflow vulnerability (CNVD-2021-64539)
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A security vulnerability exists in Google TensorFlow, which could be exploited by an attacker to bind a reference to a null pointer in all operations of type tf.rawops.MatrixSetDiagV to cause undefined...
File Upload Vulnerability in UFIDA Nccloud (CNVD-2021-52060)
NC Cloud is a large enterprise digitalization platform launched by UFIDA. A file upload vulnerability exists in UFIDA Nccloud, which can be exploited by an attacker to upload a webshell and gain server privileges...
Arbitrary File Read Vulnerability in C-Lodop Print Services System
C-Lodop Print Service System is a cloud printing software. An arbitrary file read vulnerability exists in C-Lodop Print Service System, which can be exploited by attackers to obtain sensitive information...
Minecraft remote code execution vulnerability
Minecraft My World is a sandbox game by Mojang of Sweden. a security vulnerability existed before Minecraft 1.16.1.7, which stems from the BDew BdLib library allowing remote code execution to deserialize untrusted data in ObjectInputStream. No detailed vulnerability details are currently availabl...
APT-Repository Signature Bypass Vulnerability
APT-Repository is an installation package management library for Linux. APT-Repository suffers from a signature bypass vulnerability that stems from a memory allocation failure during apt-get upgrade, which can be exploited by an attacker to bypass security restrictions and perform unauthorized...
Ruby on Rails Action View Cross-Site Scripting Vulnerability
Ruby on Rails Rails is a set of open source web application frameworks based on the Ruby language developed and maintained by the Rails core team, which was spun off from Basecamp, a project management tool from 37signals in the U.S.A. David Heinamer Hansen's Action View is one of the code...
Unspecified Vulnerability in Multiple Apple Products (CNVD-2026-17912)
Apple Safari is a web browser that is the default browser that comes with the Mac OS X and iOS operating systems.Apple iOS is a suite of operating systems developed for mobile devices.Apple iPadOS is a suite of operating systems for the iPad tablet computer. A security vulnerability exists in...
CampCodes Online Shopping Portal /my-account.php File SQL Injection Vulnerability
CampCodes Online Shopping Portal is an online shopping portal from CampCodes, Inc. CampCodes Online Shopping Portal suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter Name in the file /my-account.php. An attacker...
Kingdee CloudStar ERP suffers from deserialization vulnerability
Kingdee Cloudstar is a cloud-based enterprise resource management ERP software that provides integrated solutions for financial management, supply chain management, and business process management. A deserialization vulnerability exists in Kingdee CloudStar ERP, which can be exploited by attacker...
Adobe Dimension Out-of-Bounds Read Vulnerability (CNVD-2023-9821890)
Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. An out-of-bounds read vulnerability exists in Adobe Dimension 3.4.10 and earlier versions, which can be exploited by an attacker to cause a sensitive memory leak...
Apache Tomcat Denial of Service Vulnerability (CNVD-2023-42970)
Apache Tomcat is the United States Apache Apache Foundation, a lightweight Web application server. Apache Tomcat suffers from a denial of service vulnerability that stems from not properly handling incoming error messages, which can be exploited by an attacker to cause a denial of service...
Microsoft Office Visio Remote Code Execution Vulnerability (CNVD-2023-18289)
Microsoft Office is a suite of office software based on the Windows operating system developed by Microsoft. A remote code execution vulnerability exists in Microsoft Office Visio. An attacker could exploit this vulnerability to execute code on the target host...
Microsoft 3D Builder Remote Code Execution Vulnerability (CNVD-2023-04324)
Microsoft 3D Builder, a tool for creating models and 3D printing from Microsoft USA, has a security vulnerability. No details of the vulnerability are currently available...
Silverstripe framework cross-site scripting vulnerability
Silverstripe framework is an application from Silverstripe New Zealand. Empowering powerful digital teams by creating a platform for digital change. silverstripe framework 4.10.0 and previous versions contain a cross-site scripting vulnerability that stems from the use of jQuery 1.7.2, which is...
Apache SOAP authentication error vulnerability
Apache SOAP is used as a client-side library by the Apache Foundation to invoke SOAP services available elsewhere, and as a server-side tool to implement SOAP-accessible services. an authentication error vulnerability exists in Apache SOAP, which stems from the fact that RPCRouterServlet can be...
Jenkins Pipeline SCM API for Blue Ocean Plugin Unauthorized Access Vulnerability
Blue Ocean plugin is an aggregation tool designed for Jenkins Pipeline and of course compatible with free style projects. It graphically visualizes the pipeline process and makes the pipeline more intuitive. Unauthorized access vulnerability in Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25....
Google Chrome V8 Code Execution Vulnerability (CNVD-2022-85092)
Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome that could be exploited by attackers to execute arbitrary code or cause a denial of service on a system...
Bento4 AP4_SttsAtom::Create Denial of Service Vulnerability
Bento4 is an open source C library for reading and writing MP4 files. Bento4 v1.6.0-639 contains a denial of service vulnerability that stems from a memory leak in the AP4SttsAtom::Create method of the mp42hls component. An attacker could exploit the vulnerability to cause a denial of service...
Apache Pulsar Trust Management Issues Vulnerability
Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenancy, persistent storage, multi-machine room cross-region data replication...
Mozilla Firefox Resource Management Error Vulnerability (CNVD-2023-06859)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a memory misreference vulnerability that stems from concurrent use of the URL parser for non-UTF-8 data not being thread-safe. An attacker could exploit the vulnerability t...
Samsung App lock authentication error vulnerability
Samsung App lock is an application for Samsung Samsung mobile devices that protects your privacy with password lock, graphical lock, and fingerprint lock.Samsung App lock suffers from an authentication error vulnerability that stems from the lack of proper authentication logic in AppLock, which c...
Google Android Information Disclosure Vulnerability (CNVD-2022-61753)
Google Android is a Linux-based open-source operating system from the U.S. company Google Google. Google Android has an information leakage vulnerability that could be exploited by attackers to obtain sensitive information...
Google Android has an unspecified vulnerability (CNVD-2022-53377)
Google Android is a Linux-based open source operating system from Google, Inc. A security vulnerability exists in Google Android, which stems from a placeCall in TelecomManager.java, where the application can keep itself running through foreground service importance due to a privilege bypass. The...
Huawei HarmonyOS Buffer Overflow Vulnerability (CNVD-2022-51604)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that stems from a memory out-of-bounds read/write issue in the video framework. An attacker exploited...
Zimbra Access Control Error Vulnerability
Zimbra Collaboration aka ZCS versions 8.8.15 and 9.0 are vulnerable to an access control error. The vulnerability stems from a network system or product that does not properly restrict access to resources from unauthorized roles. An unauthenticated attacker could exploit the vulnerability to inje...
Microsoft SharePoint Server Spoofing Vulnerability (CNVD-2022-59593)
Microsoft SharePoint is a suite of enterprise business collaboration platforms from Microsoft Corporation USA. Microsoft SharePoint Server is vulnerable to spoofing and no details of the vulnerability are currently available...