131102 matches found
Red Hat Undertow Security Bypass Vulnerability
Red Hat Undertow is a web server from Red Hat USA. A security bypass vulnerability exists in Red Hat Undertow. An attacker could exploit this vulnerability to bypass security restrictions and perform unauthorized operations...
Apple macOS Sierra Restricted Memory Read Vulnerability
Apple macOS is a set of operating systems that run on Apple's Macintosh line of computers. Apple macOS Sierra suffers from a restricted memory read vulnerability that can be exploited by remote attackers to build malicious applications that read arbitrary restricted memory...
Nagios Local Elevation of Privilege Vulnerability (CNVD-2016-13293)
Nagios is an American programmer Ethan Galstad developed a set of open source system status and network information monitoring program. The program provides network service monitoring, host resource monitoring, SMS alerts and other functions. A local exploit exists in Nagios. A local attacker cou...
OpenJPEG heap buffer overflow vulnerability (CNVD-2016-12658)
OpenJPEG is a C-based open source JPEG 2000 codec . A heap buffer overflow vulnerability exists in OpenJPEG version 2.1.2. An attacker can exploit this vulnerability to execute arbitrary code...
AlienVault OSSIM and USM SQL Injection Vulnerabilities
AlienVault OSSIM and USM are both products of AlienVault Corporation, U.S.A. OSSIM is an open source security information management system. USM is a security management platform that provides security monitoring, security event management and reporting, and threat awareness system. An SQL...
Red Hat Satellite SQL Injection Vulnerability
Red Hat Satellite is a suite of system management platforms from Red Hat, Inc. that can be used to extend Linux infrastructures and provide system management functions such as administration, configuration, and monitoring. A security vulnerability exists in the 'sortby' and 'sortorder' parameters...
Oracle MySQL Server JSON Component Denial of Service Vulnerability
Oracle MySQL Server is an open source relational database management system that provides data storage, querying and management capabilities. A denial of service vulnerability exists in Oracle MySQL Server. The vulnerability stems from a failure of the Server: JSON component to properly handle...
D-Link DIR-825 do_file function buffer overflow vulnerability
The D-Link DIR-825 is a router from China's AUO D-Link. A buffer overflow vulnerability exists in the D-Link DIR-825 version 2.03, which originates from the function dofile in the HTTP POST Request Handler component that fails to correctly validate the length and size of the input data, and can b...
Microsoft Defender for IoT elevation of privilege vulnerability (CNVD-2024-19331)
Microsoft Defender for IoT is an asset discovery, vulnerability management and threat monitoring solution for IoT/OT environments. An elevation of privilege vulnerability exists in Microsoft Defender for IoT, which can be exploited by an attacker to escalate privileges...
Apache Doris Security Bypass Vulnerability
Apache Doris is a modern MPP analytic database product of the U.S. Apache Apache Foundation. Can provide sub-second queries and efficient real-time data analysis. Apache Doris has a security bypass vulnerability that stems from the use of the chmod function, which can be exploited by an attacker ...
Unspecified Vulnerability in Oracle MySQL (CNVD-2024-11158)
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL for MySQL Server version 8.0.35 and earlier, version 8.2.0 and earlier. An attacker can exploit this...
Adobe Premiere Pro Buffer Overflow Vulnerability (CNVD-2023-95451)
Adobe Premiere Pro is a video editing software developed by Adobe for non-linear editing. A buffer overflow vulnerability exists in Adobe Premiere Pro, which can be exploited by an attacker to overflow a buffer and execute arbitrary code on the system or cause the application to crash...
XSS Vulnerability in PageOffice of Beijing Zhuozheng Zhiyuan Software Co.
PAGEOFFICE is an Internet private cloud OFFICE technology solution independently developed by Zhuozheng Software. PageOffice of Beijing Zhuozheng Zhiyuan Software Co., Ltd. exists XSS vulnerability, attackers can use the vulnerability to obtain sensitive information such as user cookies...
Google Chrome Security Bypass Vulnerability (CNVD-2023-63444)
Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome versions prior to 108.0.5359.71 due to an improper implementation in DevTools. An attacker can use this vulnerability to bypass file access restrictions to install malicious...
Linux kernel memory misreference vulnerability (CNVD-2023-62923)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from a memory misreference vulnerability that originates when a user triggers the nftpipaporemove function using an element without NFTSETEXTKEYEND,...
OpenCart SQL Injection Vulnerability (CNVD-2023-54401)
OpenCart is an open source online shopping system that allows you to build your own online store. The system is simple and easy to use and supports all kinds of data import and export , including product information , user orders , products and so on. Through OpenCart users can easily complete th...
Netdata Command Injection Vulnerability
Netdata is a high-fidelity infrastructure monitoring and troubleshooting application open-sourced by Netdata. Netdata is vulnerable to a command injection vulnerability that stems from the fact that an attacker who is able to establish a streaming connection can execute arbitrary commands on the...
Adobe Illustrator out-of-bounds read vulnerability (CNVD-2023-07317)
Adobe Illustrator is a set of vector-based image creation software from Adobe. Adobe Illustrator has an out-of-bounds read vulnerability that can be exploited by attackers to bypass mitigations such as ASLR and cause sensitive memory leaks...
Arbitrary File Download Vulnerability in Huatian Power OA System
Huatian Power OA system is a collaborative office software developed by Dalian Huatian Software Co. The Huatian Power OA system suffers from an arbitrary file download vulnerability, which can be exploited by attackers to obtain sensitive information...
Google Chrome Resource Management Error Vulnerability (CNVD-2022-78154)
Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome, which stems from a post-release memory reuse issue in Web Workers. No details of the vulnerability are currently available...
Siemens Parasolid out-of-bounds read vulnerability
Parasolid is a 3D geometric modeling tool that supports multiple techniques, including solid modeling, direct editing, and free-form surface/table modeling.An out-of-bounds read vulnerability exists in Siemens Parasolid, which can be exploited by attackers to execute code in the context of the...
Aruba Networks ArubaOS Buffer Overflow Vulnerability
Aruba Networks ArubaOS, an operating system for Aruba Mobility-Defined Networks including mobile controllers and mobile access switches from Aruba Networks, is vulnerable to a buffer overflow vulnerability. An attacker could exploit this vulnerability to cause unauthenticated remote code executio...
SQL Injection Vulnerability in Huatian Power OA System
Huatian Power OA system is a collaborative office software developed by Dalian Huatian Software Co. The Huatian Power OA system suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database...
Linux kernel cm4000_cs.c competition condition vulnerability
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel 6.0.6 and earlier versions have a contention condition vulnerability that originates in drivers/char/pcmcia/cm4000cs.c when calling open if cmmopen and cm4000detach, an attacker can exploit...
Linux Kerne code issue vulnerability
The Linux Kernel is the kernel used by the Linux Foundation's open source operating system Linux, which is vulnerable. A local attacker could exploit this vulnerability to cause a system crash, which could affect system availability...
CreativeDream php uploader arbitrary file upload vulnerability
CreativeDream php uploader is an easy-to-use, high-performance file upload script for CreativeDream personal developers. CreativeDream php uploader version 0.3 is vulnerable to arbitrary file uploads, which stem from a lack of valid validation of uploaded files by the application. An attacker cou...
Multiple MediaTek chip ril denial-of-service vulnerabilities
MediaTek Inc. is the world's fourth largest fab semiconductor company and a market leader in mobile devices, smart home applications, wireless connectivity technologies and IoT products, with approximately 1.5 billion devices with MediaTek chips built into them available worldwide each year...
Apache Hadoop Parameter Injection Vulnerability
Apache Hadoop is an open source distributed system infrastructure from the Apache Foundation. The product is capable of distributed processing of large amounts of data and is highly reliable, scalable, and fault-tolerant. Apache Hadoop has a security vulnerability that stems from its...
Oracle Enterprise Manager Base Platform Input Validation Error Vulnerability
Oracle Enterprise Manager Base Platform is a set of local management platform of Oracle Oracle. The platform is primarily used to manage Oracle product deployments. An input validation error vulnerability exists in Oracle Enterprise Manager Base Platform component: Policy Framework version...
Samsung CACertificateInfo Elevation of Privilege Vulnerability
Samsung CACertificateInfo is a system component of Samsung Samsung mobile devices.An elevation of privilege vulnerability exists in Samsung CACertificateInfo, which stems from faulty authentication logic in CACertificateInfo. An attacker could exploit this vulnerability to initiate certain...
Jenkins Failed Job Deactivator Plugin授权问题漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins Failed Job Deactivator Plugin...
repo-git-downloader denial-of-service vulnerability
repo-git-downloader is a tool for downloading git repositories. repo-git-downloader v0.1.1 contains a denial of service vulnerability, which stems from the presence of improper regular expressions and can be exploited by attackers to cause a denial of service DOS attack...
Google Android out-of-bounds read vulnerability (CNVD-2022-53382)
Google Android is a Linux-based open source operating system from Google, Inc. An out-of-bounds read vulnerability exists in Google Android, which stems from a possible out-of-bounds read in hid-lg.c and other USB HID files in lgprobe and related functions due to input validation errors. An...
ZKEACMS Cross-Site Scripting Vulnerability
ZKEACMS v3.5.2 is a cross-site scripting vulnerability that can be exploited by attackers to inject malicious JavaScript programs to steal other users' cookies, etc...
QEMU Buffer Overflow Vulnerability (CNVD-2023-80120)
QEMU Quick Emulator is a set of simulation processor software. The software is fast and cross-platform. QEMU suffers from a buffer overflow vulnerability that stems from an integer overflow in cursoralloc that could lead to a heap buffer overflow. A malicious privileged attacker can exploit this...
NVIDIA GPU Display Driver for Windows and Linux越界写入漏洞
An out-of-bounds write vulnerability exists in NVIDIA GPU Display Driver for Windows and Linux, which can be exploited by attackers to It can be exploited to cause code execution, denial of service, privilege escalation, information disclosure, and data tampering...
Simple Client Management System SQL注入漏洞(CNVD-2022-57777)
Simple Client Management System is a simple client management system from Carlo Montero's personal developer. version 1.0 of Simple Client Management System is vulnerable to SQL injection, which originates from a vulnerability in /cms/classes/Users.php ? f=delete in the post request id parameter...
Oracle MySQL Server Input Validation Error Vulnerability (CNVD-2022-33993)
Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Server is one of the database server components. Oracle MySQL Server Component: Server: DDL 8.0.28 and earlier versions are vulnerable to an input validation error. An unauthenticated attacker coul...
Microsoft Windows Endpoint Configuration Manager Elevation of Privilege Vulnerability
Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. An elevation of privilege vulnerability exists in Microsoft Windows Endpoint Configuration Manager. The vulnerability stems from an incorrect programmatic call to an advanced local...
Apache Struts Remote Code Execution Vulnerability (CNVD-2023-02478)
A remote code execution vulnerability exists in Apache Struts, an open source web application architecture for developing Java EE web applications from the Apache Foundation, which stems from the use of mandatory OGNL evaluation in tag attributes for untrusted user input. An attacker could exploi...
Joomla! SQL Injection Vulnerability (CNVD-2022-64102)
Joomla! is a set of forum components used in the Joomla! content management system. SQL injection vulnerabilities exist in versions 3.0.0 through 3.10.6 and 4.0.0 through 4.1.0. The vulnerability stems from the application's lack of validation of externally entered SQL statements. An attacker cou...
VMware vCenter Server Information Disclosure Vulnerability (CNVD-2022-55066)
VMware vCenter Server is a suite of server and virtualization management software from Vmware, Inc. VMware vCenter Server is vulnerable to an information disclosure vulnerability that could be exploited by an attacker with unmanaged access to gain access to sensitive information...
Linux kernel denial of service vulnerability (CNVD-2022-79428)
Linux kernel is the kernel used by the Linux Foundation's open-source operating system Linux.KVM is one of the kernel-based virtual machines. A denial of service vulnerability exists in Linux kernel, which stems from a lack of code cleanup when the deviceadd call fails when adding a partition to...
Foxit PDF Reader pdf Buffer Overflow Vulnerability
Foxit PDF Reader is a PDF reader. Foxit PDF Reader has a security vulnerability that can be exploited by remote attackers to submit a special file request, which induces the user to parse it and can crash the application or execute arbitrary code in the application context...
October CMS File Upload Vulnerability
October CMS is an open source content management system CMS based on PHP and Laravel web application framework. A file upload vulnerability exists in October CMS, which stems from the "Create, Modify, and Delete Site Pages" privilege of the management system, and can be exploited by an attacker t...
Jenkins Authorization Issues Vulnerability (CNVD-2022-08041)
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . Jenkins Publish Over SSH Plugin in 1.22 and earlier versions of the authorization problem vulnerability , the...
cve-search has an unspecified vulnerability
Cve-Search is a tool that performs local searches for known vulnerabilities. It is used for searching, indexing, correlating and managing software vulnerabilities. cve-search versions prior to 4.1.0 have a security vulnerability that stems from lib/DatabaseLayer.py allowing regular expression...
Adobe Prelude Memory Buffer Out-of-Bounds Access Vulnerability (CNVD-2021-92811)
Adobe Prelude is a video recording and capture tool designed for intuitive and efficient media organization and metadata entry to quickly tag and transcode video footage and quickly create rough cuts.Adobe Prelude 10.1 and earlier versions are vulnerable to an out-of-bounds memory buffer access...
Microsoft SharePoint Server Remote Code Execution Vulnerability (CNVD-2021-82956)
Microsoft Office and Microsoft SharePoint are both products of Microsoft Corporation USA. Microsoft SharePoint is an enterprise business collaboration platform. Microsoft SharePoint Server has a remote code execution vulnerability, which can be exploited by attackers to achieve remote code...
Siemens Solid Edge Buffer Out-of-Bounds Read Vulnerability (CNVD-2021-75889)
Solid Edge is a 3D CAD, parametric feature and synchronous technology solid modeling software. buffer out-of-bounds read vulnerability exists in versions prior to Siemens Solid Edge SE2021MP8. An attacker can exploit the vulnerability to disclose information in the context of the current process...