131102 matches found
Google Android Denial of Service Vulnerability (CNVD-2022-89771)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from a denial of service vulnerability that can be exploited by attackers to cause a denial of service...
Command Execution Vulnerability in UFIDA GRP-U8 (CNVD-2023-02755)
UFIDA GRP-U8 is a new generation product launched by UFIDA focusing on the national e-government business and based on cloud computing technology, which is the government financial management software in the field of finance for administrative undertakings in China. A command execution...
Phpgurukul Teacher Record Management System Cross-Site Scripting Vulnerability
Phpgurukul Teachers Record Management System version 1.0 contains a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data on the Add Subject page, which could be exploited by a highly privileged attacker such as an administrator to...
Google TensorFlow code issue vulnerability (CNVD-2022-80679)
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A code issue vulnerability exists in Google TensorFlow, which results from pywrap code failing to parse a tensor and returning an uncaught "nullptr" if a list of quantified tensors is assigned to an...
Oracle Solaris Denial of Service Vulnerability (CNVD-2023-06477)
Oracle Solaris is a UNIX operating system from Oracle Corporation. A denial of service vulnerability exists in the LDoms component of Oracle Solaris 11. An attacker could compromise Oracle Solaris to gain unauthorized access to a subset of Oracle Solaris-accessible data and cause a partial denial...
IBM Rational Change Cross-Site Scripting Vulnerability (CNVD-2022-77517)
IBM Rational Change is a software tool from IBM Corporation, USA. provides software configuration management functionality for all artifacts related to software development, including source code, documentation and images, as well as final build software executables and libraries. A cross-site...
Dolibarr ERP/CRM Access Control Error Vulnerability
Dolibarr ERP/CRM is a web-based enterprise resource planning ERP and customer relationship management CRM system from the French Dolibarr Foundation. The system can be used to manage products, inventory, invoices, orders, etc. An access control error vulnerability exists in Dolibarr ERP/CRM 15.0....
Google Android elevation of privilege vulnerability (CNVD-2022-81237)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that stems from proxy obfuscation in the CarSettings of the application package, which can be exploited by an attacker to cause an elevation of privilege i...
SWFTools Memory Disclosure Vulnerability (CNVD-2022-70586)
SWFTools is a set of utilities for working with Adobe Flash files SWF files. A memory leak vulnerability exists in SWFTools, which originates from /lib/mem.c not freeing or failing to free dynamically allocated heap memory, and can be exploited by an attacker to cause the program to crash...
Google TensorFlow code issue vulnerability (CNVD-2023-10609)
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A code issue vulnerability exists in Google TensorFlow, which stems from the fact that if an empty sortedinputs input is provided for a LowerBound or UpperBound, it can cause nullptr dereference, an...
GitLab CE/EE Remote Command Execution Vulnerability
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features.GitLab CE/EE has a security vulnerability that could be exploited by an attacke...
Google Android Buffer Overflow Vulnerability (CNVD-2023-25101)
Google Android is a Linux-based open-source operating system from Google, a U.S. company. The vulnerability stems from the failure of a network system or product to properly filter special elements of code segments during the construction of external input data. An attacker could exploit the...
F5 NGINX Instance Manager Denial of Service Vulnerability
NGINX Instance Manager NIM is part of F5's NGINX Management Suite NMS.The NIM module provides a REST API that uses standard authentication methods and HTTP response code, among other things.A denial of service vulnerability exists in F5 NGINX Instance Manager, which stems from a When using NGINX...
Adobe Acrobat Reader Buffer Overflow Vulnerability (CNVD-2022-54889)
Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDF. A buffer overflow vulnerability exists in Adobe Acrobat Reader version 22.001.20085 and earlier, version 20.005.30314 and earlier, version 17.012.30205 and earlier,...
Apple macOS Monterey buffer overflow vulnerability (CNVD-2022-71989)
Apple macOS Monterey is the 18th major release of Apple's macOS for the Macintosh desktop operating system. A buffer overflow vulnerability exists in Apple macOS Monterey versions prior to 12.5, which stems from allowing local users to access potentially sensitive information. Install the update...
yasm expand_smacro function denial of service vulnerability
yasm is yasm open source a completely rewritten Netwide assembler. A denial of service vulnerability exists in yasm version 1.3.0, which stems from the presence of a NULL pointer dereference in the expandsmacro function in modules/preprocs/nasm/nasm-pp.c. An attacker could exploit this...
IBM CICS TX Advanced Cross-Site Scripting Vulnerability
IBM CICS TX Advanced is a comprehensive, single transaction runtime package from IBM USA. It can provide a cloud-native deployment model for standalone applications. A cross-site scripting vulnerability exists in all versions of IBM CICS TX Advanced, which stems from the program's lack of data...
Apache Druid Cross-Site Scripting Vulnerability
Apache Druid is the United States Apache Apache Foundation of a use of the Java language , written in column-oriented open source distributed database . Apache Druid suffers from a cross-site scripting vulnerability that stems from insufficient cleansing of user-supplied data. A remote attacker...
WAVLINK WN579 X3 Information Disclosure Vulnerability (CNVD-2022-61036)
The WAVLINK WN579 X3 is a wireless router from the Chinese company WAVLINK. An information disclosure vulnerability exists in WAVLINK WN579 X3 M79X3.V5030.180719 version, which originates from improper authorization management in /cgi-bin/ExportAllSettings.sh. An attacker can exploit this...
Rancher Labs Rancher Sensitive Data Encryption Missing Vulnerability
Rancher Labs Rancher is an open source, enterprise-class container management platform from Rancher Labs, Inc. Rancher Labs Rancher is vulnerable to a sensitive data encryption miss vulnerability, which stems from the presence of sensitive data encryption misses. An attacker could exploit this...
Aruba ClearPass Policy Manager Command Injection Vulnerability (CNVD-2022-64231)
Aruba ClearPass Policy Manager is an application of the U.S. company Aruba to provide wireless network security access management system Aruba ClearPass Policy Manager has a command injection vulnerability, the vulnerability stems from the user input structure to execute the command process, the...
F5 BIG-IP has an unspecified vulnerability (CNVD-2022-74719)
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A security vulnerability exists in F5 BIG-IP that could be exploited to modify and delete Dashboards created by other BIG-IP...
Delta Electronics DIAEnergie SQL Injection Vulnerability (CNVD-2022-36026)
Delta Electronics DIAEnergie is an industrial energy management system for monitoring and analyzing energy consumption in real time, calculating energy consumption and load characteristics, optimizing equipment performance, improving production processes and maximizing energy efficiency. Delta...
Apache Struts Remote Code Execution Vulnerability (CNVD-2023-02478)
A remote code execution vulnerability exists in Apache Struts, an open source web application architecture for developing Java EE web applications from the Apache Foundation, which stems from the use of mandatory OGNL evaluation in tag attributes for untrusted user input. An attacker could exploi...
Linux kernel block_invalidatepage function denial of service vulnerability
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A denial of service vulnerability exists in the Linux kernel blockinvalidatepage function, which can be exploited by an attacker to cause a program to crash...
TerraMaster TOS Identity Bypass Vulnerability
TerraMaster is a world-renowned professional storage brand. TerraMaster TOS identity bypass vulnerability can be exploited by attackers to gain server privileges...
Linux kernel has unspecified vulnerabilities (CNVD-2022-17770)
Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable to a security flaw that could be exploited by an attacker to inject data into a victim's TCP session or terminate that session...
Sqlite has an unspecified vulnerability (CNVD-2022-18011)
Sqlite is a lightweight database, a relational database management system that adheres to ACID. SQLite3 versions 3.35.1 and 3.37.0 contain a security vulnerability that can be exploited by attackers to query records and leak subsequent memory bytes beyond the record to obtain sensitive informatio...
Tenda AC Series Router Buffer Overflow Vulnerability
Tenda AC11 is a router from Tenda, China. The onlineList module of Tenda AC Series Router AC11V02.03.01.104CN is vulnerable to a stack buffer overflow vulnerability, which can be exploited by attackers to cause a denial of service via specially crafted overflow data...
Linux kernel buffer overflow vulnerability (CNVD-2022-68616)
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel buffer overflow vulnerability, which is caused by a failure of the Transparent Inter-Process Communication TIPC module to properly boundary check. An attacker could exploit the vulnerability...
Bentley Systems Bentley View Buffer Overflow Vulnerability (CNVD-2022-15837)
Bentley Systems Bentley View is a free viewer from Bentley Systems, USA. A buffer overflow vulnerability exists in Bentley View, which can be exploited by an attacker to execute arbitrary code in the context of the current process, along with other vulnerabilities...
Adobe Acrobat Reader DC Buffer Overflow Vulnerability (CNVD-2022-10759)
Acrobat Reader DC is an excellent PDF file reader developed by Adobe. Adobe Acrobat Reader DC has a buffer overflow vulnerability, which can be exploited by attackers to execute arbitrary code in the context of the current user...
Rust acc_reader crate has an unspecified vulnerability
Rust accreader crate is a structure that provides an AccReader that wraps an arbitrary instance of std::io::Read and provides an implementation of std::io::Seek for it. memory location. No details of the vulnerability are currently available...
Google Chrome Resource Management Error Vulnerability (CNVD-2022-16304)
Google Chrome is a web browser from Google, Inc. Google Chrome is vulnerable to a resource management error that can be exploited by attackers to cause arbitrary code execution or data corruption...
Google TensorFlow Input Validation Error Vulnerability (CNVD-2022-09874)
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from an input validation error vulnerability that can be exploited by an attacker to cause an abort and denial of service related to a CHECK failure...
Oracle MySQL Server Information Disclosure Vulnerability (CNVD-2021-81767)
Oracle MySQL Server is a relational database from Oracle Corporation. An information disclosure vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to cause unauthorized read access to a subset of MySQL Server accessible data...
nGeniusONE authorization bypass vulnerability
nGeniusONE is a service assurance solution provided by NETSCOUT that provides full visibility into infrastructure, interdependencies, and applications. nGeniusONE version 6.3.0 build 1196 contains an authorization bypass vulnerability in FDSQueryService. An attacker could exploit this vulnerabili...
libde265 Heap Buffer Overflow Vulnerability (CNVD-2021-78434)
libde265 is an open source implementation of the h.265 video codec. libde265 version 1.0.4 has a heap buffer overflow vulnerability in the putweightedbipred16fallback function. An attacker can exploit the vulnerability to cause a denial of service via specially crafted files...
XStream Arbitrary Code Execution Vulnerability (CNVD-2021-67827)
XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...
Nextcloud Input Validation Error Vulnerability (CNVD-2022-20701)
An input validation error vulnerability exists in Nextcloud Server, which stems from the fact that DownloadResponse does not do security checks on uploaded file names, and could be exploited to trick users into downloading malicious files with normal file name...
Unauthorized Access Vulnerability in HP LaserJet Pro M501dn Printers
Hewlett-Packard Hewlett-Packard, or HP is one of the information technology IT companies, founded in 1939 Hewlett-Packard is headquartered in Palo Alto, California, USA. Hewlett-Packard has three major business groups: Information Products Group, Printing and Imaging Systems Group and Enterprise...
Mozilla Firefox password leak vulnerability
Mozilla Firefox is an open source Web browser from the Mozilla Foundation. Mozilla FireFox has a password disclosure vulnerability that can be exploited by attackers to obtain password information...
Apache HTTP Server Response Splitting Vulnerability (CNVD-2018-15542)
Apache HTTP Server is the United States Apache Apache Software Foundation, an open source web server. The server is fast, reliable and can be expanded through a simple API. A response splitting vulnerability exists in Apache HTTP Server versions 2.4.1 through 2.4.23 and 2.2.0 through 2.2.31. An...
Microsoft Project Server and SharePoint Enterprise Server Elevation of Privilege Vulnerability
Microsoft Project Server 2013 SP1 and SharePoint Enterprise Server 2016 are both products of Microsoft Corporation.Microsoft Project Server 2013 SP1 is a suite of project management solutions for project portfolio management PPM and Microsoft Project Server 2013 SP1 is a project management soluti...
Xiongmai Technology IP Cameras and DVRs Stack Buffer Overflow Vulnerability
Xiongmai IP Camera Module and DVR are both products of XiongMai, China.Xiongmai IP Camera Module is an IP camera module product.DVR is a hard disk recorder. A stack buffer overflow vulnerability exists in Xiongmai Technology's IP Camera and DVRs that use the NetSurveillance web interface, allowin...
Xiph.Org vorbis-tools 'wav_open' function denial of service vulnerability
Xiph.Org vorbis-tools is a set of Ogg an audio compression format vorbis tools. A security vulnerability exists in the 'wavopen' function of the oggenc/audio.c file in Xiph.Org vorbis-tools version 1.4.0. A remote attacker can exploit this vulnerability to cause a denial of service memory...
WordPress WP Rocket Plugin Security Bypass Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . WP Rocket plugin is one of the cache optimization plugin . A security vulnerability exists in version 2.9.3 of...
MuPDF 'fitz/pixmap.c' Heap Buffer Overflow Vulnerability
Artifex Software MuPDF is a free, lightweight PDF reader from Artifex Software, USA. A heap buffer overflow vulnerability exists in MuPDF. An attacker could exploit the vulnerability to execute arbitrary code or cause a denial of service in an affected application environment...
AVer Information EH6108H+ hybrid DVR VU Hardcoded Credentials Vulnerability Vulnerability
The AVer Information EH6108H+ hybrid DVR VU is a hard disk recorder DVR product from Round Show AVer Information. A hard-coded credentials vulnerability exists in the AVer Information EH6108H+ hybrid DVR VU. An attacker can exploit the vulnerability to gain root privileges...
Microsoft Windows Graphics Remote Code Execution Vulnerability (CNVD-2016-06273)
Microsoft Windows is the popular computer operating system. A remote code execution vulnerability exists in Microsoft Windows due to a font library that does not properly handle constructed embedded fonts. This vulnerability could be exploited by an attacker to take full control of an affected...