131102 matches found
Siemens TIA Administrator Denial of Service Vulnerability
SIMATIC PCS neo is a distributed control system DCS.TIA Administrator is a web-based framework.Siemens Network Planner SINETPLAN supports you as a planner of PROFINET-based automation systems.TIA Portal is a PC A denial of service vulnerability exists in Siemens TIA Administrator, which can be...
ZOHO ManageEngine ADSelfService Plus has an unspecified vulnerability (CNVD-2022-02472)
A security vulnerability exists in ZOHO ManageEngine ADSelfService Plus, ZOHO's integrated self-service password management and single sign-on solution for Active Directory and cloud applications. The vulnerability is caused by ManageEngine ADSelfService Plus under build 6116 storing the password...
Lodash command injection vulnerability
Lodash is an open source JavaScript utility library. A command injection vulnerability exists in Lodash 4.17.21, which can be exploited by attackers to execute arbitrary code via a template function...
Mozilla Rust Command Injection Vulnerability
Rust is a general-purpose, compiled programming language from the Mozilla Foundation.A command injection vulnerability exists in Mozilla Rust, which stems from Rust's v9 crate and has an unconditional synchronization implementation for SyncRef . No detailed vulnerability details are currently...
libde265 Global Buffer Overflow Vulnerability
libde265 is an open source implementation of the h.265 video codec. libde265 version 1.0.4 contains a global buffer overflow vulnerability in the decodeCABACbit function. An attacker can exploit this vulnerability via specially crafted files to cause a denial of service...
fig2dev stack buffer overflow vulnerability (CNVD-2021-78419)
fig2dev is used to convert .fig files to various graphics languages and formats. A stack buffer overflow vulnerability exists in the bezierspline function in genepic.c in fig2dev version 3.2.7b. No detailed vulnerability details are currently available...
Microsoft Windows Print Spooler Remote Code Execution Vulnerability (CNVD-2022-10025)
Microsoft Windows Print Spooler is a print backend processor component of Microsoft Corporation USA.A remote code execution vulnerability exists in Microsoft Windows Print Spooler, which can be exploited by attackers to run malicious code on the system...
Linux kernel buffer overflow vulnerability (CNVD-2021-54396)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel. The vulnerability stems from the fact that eBPF RINGBUF bpfringbufreserve does not check if the allocated size is smaller...
Elasticsearch Resource Management Error Vulnerability
Elasticsearch is a set of open source distributed RESTful search engine built on Lucene from the Dutch company Elasticsearch. The product is mainly used in cloud computing and supports data indexing using JSON over HTTP.Elasticsearch has a resource management error vulnerability that stems from...
Kaltura PHP Object Injection Vulnerability
Kaltura is a suite of open source online video platforms from the US company Kaltura. A security vulnerability exists in the 'getUserzoneCookie' function in Kaltura versions prior to 13.2.0. A remote attacker can exploit this vulnerability with a specially crafted userzone cookie to bypass the...
Microsoft Windows GDI+ Information Disclosure Vulnerability (CNVD-2017-33472)
Microsoft Windows Server 2008 SP2 and others are a series of operating systems released by Microsoft.GDI+ component is one of the graphics components. An information disclosure vulnerability exists in the GDI+ component of Microsoft Windows, which arises from a program's failure to properly publi...
Heap Buffer Overflow Vulnerability in Multiple Delta Electronics Products
Delta Electronics WPLSoft and others are software control platforms used by Delta Electronics to edit the Delta DVP series of programmable logic controllers PLCs. A heap buffer overflow vulnerability exists in multiple Delta Electronics products. An attacker could exploit this vulnerability to...
Python Cryptography Security Bypass Vulnerability
Python is an open source, object-oriented programming language from the Python Software Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security bypass vulnerability in Python Cryptography versions prior to 1.5.3 allows attackers to bypass...
ESnet iPerf3 Heap Buffer Overflow Vulnerability
ESnet iPerf3 is a set of tools for testing maximum bandwidth in IP networks. A heap buffer overflow vulnerability exists in the JSON handling feature of Esnet iperf version 3.1.1. A remote attacker can exploit this vulnerability to cause a heap buffer overflow with a specially crafted JSON string...
Google Kubernetes API Server Security Bypass Vulnerability
Google Kubernetes is an open source Docker container cluster management system. The system provides resource scheduling, deployment and operation, service discovery and scaling up and down for containerized applications. Google Kubernetes' API server failed to properly check admission control for...
IBM Concert has a weak cryptographic algorithm vulnerability
IBM Concert is a generative artificial intelligence-driven automated application management and monitoring tool based on the watsonx platform, announced by International Business Machines IBM Corporation at the IBM Think conference in Boston, USA. A weak cryptographic algorithm vulnerability exis...
Fortinet FortiOS and FortiProxy Out-of-Bounds Write Vulnerability
Fortinet FortiOS is a dedicated security operating system on the FortiGate network security platform.Fortinet FortiProxy is a secure network proxy that protects employees from cyberattacks by combining a variety of detection technologies, such as Web filtering, DNS filtering, DLP, anti-virus,...
Siemens SCALANCE M-800/S615 Series OS Command Injection Vulnerability
The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers. An operating system command injection vulnerability exists in the Siemens SCALANCE M-800/S615 series, which can be exploited by an attacker to execute commands on the system...
ZKTeco BioTime Password Reset Vulnerability
ZKTeco BioTime is a powerful web-based time and attendance management software from ZKTeco, China. A password reset vulnerability exists in ZKTeco BioTime, which can be exploited by an attacker to arbitrarily reset the administrator's password via a crafted web request...
Linux kernel nfc_llcp_find_local memory misreference vulnerability
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from a memory misreference vulnerability that originates from a confusion in the instruction nfcllcpfindlocal responsible for freeing memory in NFC's...
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security bypass vulnerability exists in versions prior to Mozilla Firefox 110, which can be exploited by attackers to cause unexpected network requests from the operating system.
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from an information disclosure vulnerability that originates from the use of an iframe with an 'about:blank' source to store data in local memory, which can be exploited by an...
Fortinet FortiWeb Buffer Overflow Vulnerability (CNVD-2023-18301)
Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc. Fortinet FortiWeb is vulnerable to a buffer overflow vulnerability that could be exploited by an attacker to elevate...
Forget Heart Message Box SQL Injection Vulnerability (CNVD-2023-08089)
Forget Heart Message Box is a message site. v1.1 of Forget Heart Message Box contains a security vulnerability that originates from a SQL injection vulnerability found through the name parameter in /admin/loginpost.php. No detailed vulnerability details are available at this time...
F5 BIG-IP DNS profile denial of service vulnerability
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A denial of service vulnerability exists in the F5 BIG-IP DNS profile, where the Rapid Response Mode RRM setting is turned on...
Amasty Blog Pro for Magento 2 Cross-Site Scripting Vulnerability
Amasty Blog is a website page extension from Amasty. magento2 is an open source PHP e-commerce system. Amasty Blog Pro 2.10.5 before the version for Magento 2 has a cross-site scripting vulnerability , the vulnerability stems from the plugin in the blog post creation function fails to shortconten...
Google Chrome Lacros Graphics code execution vulnerability
Google Chrome is a web browser from Google, Inc. A code execution vulnerability exists in Google Chrome Lacros Graphics, which can be exploited by attackers to execute arbitrary code on a system or cause a denial of service...
Unspecified Vulnerability in Google Chrome (CNVD-2022-86348)
Google Chrome is a web browser from Google, an American company. A security vulnerability exists in Goole Chrome versions prior to 108.0.5359.71 for use after the release of Mojo, which can be exploited by attackers to launch an attack via a constructed HTML page using heap corruption...
Buildah has unspecified vulnerabilities
Bulidah is an open source, Linux-based tool from Containers open source. It is used to build containers that are compatible with the Open Container Initiative OCI.Containers Buildah suffers from a security vulnerability. An attacker could exploit the vulnerability to cause local path and...
Unspecified vulnerability in Tenda TX3 (CNVD-2022-70592)
Tenda TX3 is a wireless router from Tenda, a Chinese company. A security vulnerability exists in Tenda TX3 that originates from the endIp parameter of /goform/SetPptpServerCfg containing a stack overflow. No details of the vulnerability are provided at this time...
Oracle MySQL Server Denial of Service Vulnerability (CNVD-2022-89434)
Oracle MySQL Server is a relational database from Oracle Corporation USA. A denial-of-service vulnerability exists in the Server: Optimizer component of Oracle MySQL Server. An attacker can exploit the vulnerability to access the network via multiple protocols, which can compromise MySQL Server a...
Google protobuf-java denial of service vulnerability
Google protobuf is a data interchange format from the US company Google. google protobuf-java core and lite versions parse binary data for a denial of service vulnerability, which can be exploited by attackers to cause a denial of service...
Nasm buffer overflow vulnerability (CNVD-2022-69151)
Nasm is an open source programming tool software. A buffer overflow vulnerability exists in Nasm v2.16, which stems from the inclusion of a stack overflow in the Ndisasm component. No detailed vulnerability details are provided at this time...
Elitecms SQL Injection Vulnerability (CNVD-2022-57764)
Elitecms is a web content management by elitecms India. elitecms version 1.01 has a SQL injection vulnerability, which originates from the /admin/editsidebar.php page page parameter lack of validation of external input SQL statements, an attacker can use this vulnerability to execute illegal SQL...
Linux Kernel Buffer Overflow Vulnerability (CNVD-2022-79427)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from a buffer overflow vulnerability that originates from not properly validating data boundaries when net/ipv4/esp4.c and net/ipv6/esp6.c perform...
Expat has an unspecified vulnerability (CNVD-2022-18356)
Expat is a fast streaming XML parser written in C. A security vulnerability exists in Expat prior to 2.4.5, which stems from a lack of certain encoding validations in xmltokimpl.c. No detailed vulnerability details are currently available...
WordPress WP User Frontend plugin SQL injection vulnerability
WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. SQL injection vulnerability exists in versions of the WordPress plugin WP User Frontend prior to 3.5.26, which...
Sourcecodester Online Resort Management System SQL Injection Vulnerability
Sourcecodester Online Resort Management System is an open source web-based application that provides online room reservations and can also be used as a simple website for resorts. sourcecodester Online Resort Management System in version v1.0 A SQL injection vulnerability exists, which stems from...
Oracle Java SE Input Validation Error Vulnerability (CNVD-2022-15487)
Oracle Java SE is an Oracle Corporation USA product for developing and deploying Java applications on desktops, servers, and embedded devices and in real-time environments.Oracle Java SE is vulnerable to an input validation error that could be exploited by an attacker to cause an unauthorized...
Apache log4j JMSSink deserialization code execution vulnerability
Apache Log4j is a Java-based open source logging tool from the Apache Foundation. Apache log4j JMSSink is vulnerable to deserialized code execution. The vulnerability stems from insecure input validation when the program is processing serialized data. A remote attacker could exploit the...
Samba permission permission and access control issues vulnerability
Samba is a standard Windows interoperability suite for Linux and Unix. Samba is vulnerable to privilege licensing and access control issues, which can be exploited by attackers to cause privilege escalation...
Adobe Premiere Elements null pointer dereference vulnerability (CNVD-2021-91993)
Adobe Premiere Elements is a video editing software application from Adobe. Adobe Premiere Elements 2021 build 19.0 and earlier versions are vulnerable to a null pointer dereference. An attacker could exploit this vulnerability to cause a denial of service for the application...
Intel Processors Information Disclosure Vulnerability (CNVD-2022-05687)
Intel Processors Intel processors is a U.S. Intel Corporation that provides interpretation of computer instructions and processing of data in computer software. Intel Processors has an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...
Apache Kafka Timing Attack Vulnerability
Apache Kafka is an open source distributed streaming platform developed by the Apache Apache Software Foundation in the United States. The platform is capable of acquiring real-time data for building applications that react in real time to changes in the data stream. A timing attack vulnerability...
fig2dev buffer overflow vulnerability (CNVD-2021-78422)
fig2dev is used to convert .fig files to various graphics languages and formats. A buffer overflow vulnerability exists in the setfigfont function in genepic.c in fig2dev version 3.2.7b. No detailed vulnerability details are currently available...
Microsoft SharePoint Server Spoofing Vulnerability (CNVD-2022-59600)
Microsoft SharePoint is a set of enterprise business collaboration platform developed by the U.S. Microsoft SharePoint Server has a spoofing vulnerability, which can be exploited by attackers to conduct spoofing attacks...
Unauthorized Access Vulnerability in Circontrol ccl1mini
Circontrol is a Spanish company. An unauthorized access vulnerability exists in the Circontrol ccl1mini, which can be exploited by attackers to obtain sensitive information...
Xiongmai Technology IP Cameras and DVRs Stack Buffer Overflow Vulnerability
Xiongmai IP Camera Module and DVR are both products of XiongMai, China.Xiongmai IP Camera Module is an IP camera module product.DVR is a hard disk recorder. A stack buffer overflow vulnerability exists in Xiongmai Technology's IP Camera and DVRs that use the NetSurveillance web interface, allowin...
chromium-browser tool referral disclosure vulnerability
chromium-browser is an open source web browser project started by Google to provide source code for the proprietary Google Chrome browser. A disclosure vulnerability exists in chromium-browser. An attacker exploits the vulnerability to retrieve sensitive information...
Ruby http gem man-in-the-middle attack vulnerability
The Ruby http gem is a standard package for managing Ruby libraries and programs. A man-in-the-middle attack vulnerability exists in Ruby http gem versions prior to 0.7.3, which stems from the program failing to validate the hostname during an SSL connection. A remote attacker could use this...
Microsoft Malware Protection Engine Remote Code Execution Vulnerability
Microsoft Malware Protection Engine is a Microsoft malicious program protection engine. Microsoft Malware Protection Engine has a security vulnerability in its implementation that allows remote attackers to exploit the vulnerability to submit special requests and execute arbitrary code...