131102 matches found
Google Chrome Intents Security Bypass Vulnerability
Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome Intents, which is caused by insufficient policy enforcement in Intents. An attacker can exploit this vulnerability to bypass security restrictions...
phpstudy-linux SQL Injection Vulnerability
phpstudy-linux is a version of PhpStudy linux, a program integration package for the PHP debugging environment. phpstudy-linux is vulnerable to SQL injection, which can be exploited by attackers to obtain sensitive database information...
Adobe Connect Access Control Error Vulnerability (CNVD-2023-14294)
Adobe Connect is a software for creating meeting environments from Adobe. Adobe Connect has an access control error vulnerability that can be exploited by attackers to cause security features to be bypassed...
Siemens Parasolid and Solid Edge SE2022 out-of-bounds read vulnerability
Siemens Parasolid is a geometric modeling kernel from Siemens, a German company. Siemens Solid Edge is a 3D CAD software from Siemens, a German company. The software can be used in industries such as part design, assembly design, sheet metal design, welding design, etc. An out-of-bounds read...
Microsoft PowerShell Remote Code Execution Vulnerability
PowerShell is a task automation and configuration management framework developed by Microsoft Corporation USA, consisting of a command line interface shell layer related manuscript language built from . exploit this vulnerability to bypass sandbox restrictions and execute arbitrary code on the...
Mozilla Thunderbird Resource Management Error Vulnerability (CNVD-2023-03054)
Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP, POP mail protocols and HTML mail format. Mozilla Thunderbird suffers from a resource management error vulnerability that stems fro...
Linux kernel L2TP protocol denial of service vulnerability
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A denial of service vulnerability exists in Linux layer2tunnelingprotocol prior to version 6.0, which stems from a flaw in the Linux kernel's Layer 2 Tunneling Protocol, L2TP,...
Google Chrome Live Caption Code Execution Vulnerability
Google Chrome is a web browser from Google, Inc. A code execution vulnerability exists in Google Chrome Live Caption, which can be exploited by attackers to execute arbitrary code on a system or cause a denial of service...
Arbitrary File Download Vulnerability in Huatian Power OA System
Huatian Power OA system is a collaborative office software developed by Dalian Huatian Software Co. The Huatian Power OA system suffers from an arbitrary file download vulnerability, which can be exploited by attackers to obtain sensitive information...
SAP Manufacturing Execution Path Traversal Vulnerability
SAP Manufacturing Execution is an integrated Manufacturing Execution System MES solution for discrete manufacturing processes from SAP. Enables MES functionality to be customized specifically for the management and control of production environments. A path traversal vulnerability exists in SAP...
Linux kernel competition condition issue vulnerability (CNVD-2022-74091)
Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable to a contention problem that originates from a contention problem in the perfeventopen function, which can be exploited by local attackers to elevate privileges...
IBM QRadar SIEM Licensing Issue Vulnerability (CNVD-2022-83585)
IBM QRadar SIEM is a solution from IBM America that leverages security intelligence to protect assets and information from advanced threats. The solution provides monitoring of the entire scope of the IT architecture, generates detailed reports on data access and user activity, etc. IBM QRadar SI...
Oracle MySQL Input Validation Error Vulnerability (CNVD-2022-53246)
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. An input validation error vulnerability exists in Oracle MySQL version 8.0.28 and prior versions. The vulnerability originates from an attacker with...
SAP BusinessObjects Business Intelligence Platform SQL Injection Vulnerability
SAP Business Objects is a business intelligence suite from SAP Germany. An SQL injection vulnerability exists in SAP BusinessObjects Business Intelligence Platform versions 420 and 430, which can be exploited by an authenticated attacker to query and extract SQL backend data through the BI...
Google Android Buffer Overflow Vulnerability (CNVD-2022-53367)
Google Android is a Linux-based open source operating system from Google, Inc. A buffer overflow vulnerability exists in Google Android, which stems from the fact that the UE and EMM use NAS messages to communicate with each other. The vulnerability can be exploited to remotely crash the modem...
DCMTK Denial of Service Vulnerability
DCMTK is a collection of libraries and applications that implement most DICOM standards. Software for inspecting, building and converting DICOM image files, handling offline media, sending and receiving images over a network connection, and demo image storage and worklist servers. a denial of...
Jorani v1.0 SQL Injection Vulnerability
Jorani is a leave management system developed by Benjamin BALET, an individual developer in France. Designed to provide small organizations with a simple workflow for leave and overtime requests. Jorani v1.0 suffers from an SQL injection vulnerability that stems from a lack of valid validation in...
ZKEACMS Cross-Site Scripting Vulnerability
ZKEACMS v3.5.2 is a cross-site scripting vulnerability that can be exploited by attackers to inject malicious JavaScript programs to steal other users' cookies, etc...
Microsoft Windows Network File System Remote Code Execution Vulnerability (CNVD-2022-74601)
Microsoft Windows Network File System is a file sharing solution from Microsoft that allows you to transfer files between computers running Windows Server and UNIX operating systems using the NFS protocol. Network File System is vulnerable to a remote code execution vulnerability caused by a flaw...
jc21 Nginx Proxy Manager Cross-Site Scripting Vulnerability
jc21 Nginx Proxy Manager is a graphical user interface for managing Nginx servers. jc21 Nginx Proxy Manager versions prior to 2.9.17 contain a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could...
WordPress WP-DownloadManager plugin cross-site scripting vulnerability
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress WP-DownloadManager plugin version 1.68.6...
TOTOLINK N600R Command Injection Vulnerability (CNVD-2022-53560)
TotoLink N600R is a wireless router from TotoLink, Taiwan, China. TotoLink N600R is vulnerable to command injection, which can be exploited by attackers via the exportOvpn interface of cstecgi.cgi...
WordPress Page Builder KingComposer plugin access control error vulnerability
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Page Builder KingComposer plugin version...
Samsung AppLock licensing issue vulnerability
Samsung AppLock is an application lock for Samsung mobile devices used to lock applications on Android.An authorization issue vulnerability exists in Samsung AppLock, which stems from a lack of authentication measures or insufficient authentication strength for Unprotected Activity in AppLock. An...
Google Chrome Omnibox code execution vulnerability
Google Chrome is a web browser from Google, Inc. A code execution vulnerability exists in Google Chrome Omnibox, which is caused by a confusion in the program's instructions for freeing memory and can be exploited by attackers to execute arbitrary code on the system or cause a denial of service...
MaxSite CMS Cross-Site Scripting Vulnerability (CNVD-2022-33826) (CVE-2022-25413)
MaxSite CMS is a web content management system of the Russian MaxSite CMS open source project.MaxSite CMS 108 has a cross-site scripting vulnerability that can be exploited by attackers to perform cross-site scripting attacks via the ftags parameter in /admin/pageedit/3...
WordPress TI WooCommerce Wishlist plugin SQL injection vulnerability
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers.A SQL injection vulnerability exists in versions of the WordPress TI WooCommerce Wishlist plugin prior to 1.40.1, which stem...
KiCad EDA Buffer Overflow Vulnerability
KiCad Eda is a cross-platform and open source electronic design automation suite from the KiCad community. KiCad EDA is vulnerable to a buffer overflow vulnerability that could be exploited by an attacker with a specially crafted gerber or excellon file to cause code execution...
Apache Tomcat permission permission and access control issues vulnerability
Apache Tomcat is a lightweight web application server from the Apache Foundation in the United States. The program implements support for Servlet and JavaServer Page JSP. Apache Tomcat is vulnerable to privilege permission and access control issues, and an attacker can bypass Apache Tomcat's...
Oracle WebLogic Server Input Validation Error Vulnerability (CNVD-2022-05874)
Oracle WebLogic Server is an application services middleware from Oracle for cloud and traditional environments that provides a modern, lightweight development platform that supports full lifecycle management of applications from development to production and simplifies application deployment and...
Jenkins Badge Plugin Cross-Site Scripting Vulnerability
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . Jenkins Badge Plugin in version 1.9 and earlier suffers from a cross-site scripting vulnerability that stems from a lac...
Apache Dubbo Deserialization Vulnerability (CNVD-2022-05106)
Apache Dubbo is a lightweight Java-based RPC remote procedure call framework from the Apache Foundation in the United States. The product provides interface-based remote calling, fault tolerance and load balancing, and automatic service registration and discovery. Apache Dubbo in version 3.2.11 a...
Insyde InsydeH2O Buffer Overflow Vulnerability (CNVD-2022-10290)
Insyde InsydeH2O is a C source from Insyde Software Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the legacy BIOS Basic Input/Output System. A buffer overflow vulnerability exists in InsydeH2O, which stems from the SWSMI handler not adequately...
Apache log4j2 denial of service vulnerability
Apache Log4j is a Java-based open source logging tool from the Apache Foundation. Apache log4j2 suffers from a denial-of-service vulnerability. When improperly configured, an attacker can exploit the vulnerability to cause a denial-of-service attack...
Adobe XMP Toolkit SDK Stack Buffer Overflow Vulnerability (CNVD-2021-91984)
Adobe XMP Toolkit SDK is a tagging technology from Adobe that allows you to embed data about a file called metadata into the file itself.Adobe XMP Toolkit SDK 2021.07 and earlier versions are vulnerable to a stack buffer overflow. An attacker could exploit this vulnerability to execute arbitrary...
Google Chrome Heap Buffer Overflow Vulnerability (CNVD-2021-84817)
Chrome is a web browsing tool developed by Google. a heap buffer overflow vulnerability exists in WebRTC in versions prior to Google Chrome 94.0.4606.81. An attacker could exploit this vulnerability to exploit heap corruption via a crafted HTML page...
fig2dev stack buffer overflow vulnerability (CNVD-2021-78419)
fig2dev is used to convert .fig files to various graphics languages and formats. A stack buffer overflow vulnerability exists in the bezierspline function in genepic.c in fig2dev version 3.2.7b. No detailed vulnerability details are currently available...
Microsoft MSHTML Remote Code Execution Vulnerability
MSHTML also known as Trident is Microsoft's Internet Explorer browser engine, and while MHTML is primarily used in the deprecated Internet Explorer browser, the component is also used in Office applications to render Word, Excel, or PowerPoint documents in A remote code execution vulnerability...
ZEIT Next.js Input Validation Error Vulnerability (CNVD-2021-61800)
ZEIT Next.js is an open source web application framework from ZEIT based on Vue.js, Node.js, Webpack, and Babel.js. ZEIT Next.js is vulnerable to an input validation error in versions prior to 11.1.0, which stems from a web system or product that does not properly validate input data. An attacker...
Cisco Adaptive Security Device Manager Remote Code Execution Vulnerability
Cisco Adaptive Security Device Manager ASDM is a simple, GUI-based firewall device management application. a remote code execution vulnerability exists in Cisco Adaptive Security Device Manager ASDM version 9.16.1 and earlier. The vulnerability stems from a lack of proper signature verification o...
ForgeRock AM code issue vulnerability
ForgeRock AM is an open source access management, privilege control platform with widespread use in universities and social organizations.ForgeRock AM is vulnerable to a code issue that could be exploited by an unauthenticated attacker to remotely execute arbitrary code by constructing a special...
HP PageWide Pro 477dw MFP has an unauthorized access vulnerability
Hewlett-Packard Trading Shanghai Co., Ltd. is a company whose business scope includes computer hardware and software equipment, printing equipment, imaging equipment, communication equipment and so on. An unauthorized access vulnerability exists in HP PageWide Pro 477dw MFP, which can be exploite...
Microsoft SharePoint Remote Code Execution Vulnerability
Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A code injection...
Unspecified Vulnerability in Mozilla Rust (CNVD-2021-30438)
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability in prost crate in Mozilla Rust versions prior to 0.6.1, which stems from stack consumption via crafted messages, can be exploited by an attacker to cause a denial of service or remote co...
Xiongmai Technology IP Cameras and DVRs Stack Buffer Overflow Vulnerability
Xiongmai IP Camera Module and DVR are both products of XiongMai, China.Xiongmai IP Camera Module is an IP camera module product.DVR is a hard disk recorder. A stack buffer overflow vulnerability exists in Xiongmai Technology's IP Camera and DVRs that use the NetSurveillance web interface, allowin...
jqueryFileTree directory traversal vulnerability
jqueryFileTree is a configurable AJAX file browser plugin with jQuery . A directory traversal vulnerability exists in jqueryFileTree 2.1.5 and earlier versions. No detailed vulnerability details are provided at this time...
Roundcube Webmail Arbitrary File Access Vulnerability
RoundCube Webmail is a browser-based IMAP client mail client that supports address book management, message searching, spell checking and more. A security vulnerability exists in Roundcube Webmail versions prior to 1.1.10, 1.2.x versions prior to 1.2.7, and 1.3.x versions prior to 1.3.3. An...
Memory Corruption Vulnerability in Apple Logic Pro X and GarageBand
Apple Logic Pro x is an official music production and editing software from Apple; GarageBand is a music performance, synthesis, and recording tool for Apple machines. A memory corruption vulnerability exists in Apple Logic Pro X and GarageBand. An attacker could exploit the vulnerabilities to...
Apache HTTP Server Security Bypass Vulnerability (CNVD-2016-13233)
Apache httpd is the U.S. Apache Apache Software Foundation, an open source HTTP server developed and maintained specifically for modern operating systems. A security vulnerability exists in Apache httpd versions prior to 2.4.25, which stems from the program's failure to properly parse HTTP header...
Apache ActiveMQ Artemis Remote Code Execution Vulnerability
Apache ActiveMQ Artemis is the United States Apache Apache Software Foundation, a project to provide embedded messaging services for Java applications. A remote code execution vulnerability exists in Apache ActiveMQ Artemis. Successful exploitation of this vulnerability could allow an attacker to...