Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2022/12/12 12:0 a.m.•42 views

Google Android Denial of Service Vulnerability (CNVD-2022-89771)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a denial of service vulnerability that can be exploited by attackers to cause a denial of service...

5.5CVSS5.2AI score0.00157EPSS
Exploits0References1
CNVD
CNVD
•added 2022/12/10 12:0 a.m.•42 views

Command Execution Vulnerability in UFIDA GRP-U8 (CNVD-2023-02755)

UFIDA GRP-U8 is a new generation product launched by UFIDA focusing on the national e-government business and based on cloud computing technology, which is the government financial management software in the field of finance for administrative undertakings in China. A command execution...

7.6AI score
Exploits0
CNVD
CNVD
•added 2022/11/24 12:0 a.m.•42 views

Phpgurukul Teacher Record Management System Cross-Site Scripting Vulnerability

Phpgurukul Teachers Record Management System version 1.0 contains a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data on the Add Subject page, which could be exploited by a highly privileged attacker such as an administrator to...

4.8CVSS2.7AI score0.01015EPSS
Exploits1References1
CNVD
CNVD
•added 2022/11/23 12:0 a.m.•42 views

Google TensorFlow code issue vulnerability (CNVD-2022-80679)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A code issue vulnerability exists in Google TensorFlow, which results from pywrap code failing to parse a tensor and returning an uncaught "nullptr" if a list of quantified tensors is assigned to an...

7.5CVSS2.7AI score0.00404EPSS
Exploits1References1
CNVD
CNVD
•added 2022/10/19 12:0 a.m.•42 views

Oracle Solaris Denial of Service Vulnerability (CNVD-2023-06477)

Oracle Solaris is a UNIX operating system from Oracle Corporation. A denial of service vulnerability exists in the LDoms component of Oracle Solaris 11. An attacker could compromise Oracle Solaris to gain unauthorized access to a subset of Oracle Solaris-accessible data and cause a partial denial...

3.3CVSS3.9AI score0.00197EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/14 12:0 a.m.•42 views

IBM Rational Change Cross-Site Scripting Vulnerability (CNVD-2022-77517)

IBM Rational Change is a software tool from IBM Corporation, USA. provides software configuration management functionality for all artifacts related to software development, including source code, documentation and images, as well as final build software executables and libraries. A cross-site...

6.1CVSS2.2AI score0.00931EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/14 12:0 a.m.•42 views

Dolibarr ERP/CRM Access Control Error Vulnerability

Dolibarr ERP/CRM is a web-based enterprise resource planning ERP and customer relationship management CRM system from the French Dolibarr Foundation. The system can be used to manage products, inventory, invoices, orders, etc. An access control error vulnerability exists in Dolibarr ERP/CRM 15.0....

3.2AI score0.33371EPSS
Exploits1Affected Software1
CNVD
CNVD
•added 2022/10/13 12:0 a.m.•42 views

Google Android elevation of privilege vulnerability (CNVD-2022-81237)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that stems from proxy obfuscation in the CarSettings of the application package, which can be exploited by an attacker to cause an elevation of privilege i...

8.8CVSS8.5AI score0.00158EPSS
Exploits0References1
CNVD
CNVD
•added 2022/09/22 12:0 a.m.•42 views

SWFTools Memory Disclosure Vulnerability (CNVD-2022-70586)

SWFTools is a set of utilities for working with Adobe Flash files SWF files. A memory leak vulnerability exists in SWFTools, which originates from /lib/mem.c not freeing or failing to free dynamically allocated heap memory, and can be exploited by an attacker to cause the program to crash...

5.5CVSS5.8AI score0.00308EPSS
Exploits1References1
CNVD
CNVD
•added 2022/09/20 12:0 a.m.•42 views

Google TensorFlow code issue vulnerability (CNVD-2023-10609)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A code issue vulnerability exists in Google TensorFlow, which stems from the fact that if an empty sortedinputs input is provided for a LowerBound or UpperBound, it can cause nullptr dereference, an...

7.5CVSS3.8AI score0.00383EPSS
Exploits0References1
CNVD
CNVD
•added 2022/08/23 12:0 a.m.•42 views

GitLab CE/EE Remote Command Execution Vulnerability

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features.GitLab CE/EE has a security vulnerability that could be exploited by an attacke...

9.9CVSS6.5AI score0.75718EPSS
Exploits4References1
CNVD
CNVD
•added 2022/08/04 12:0 a.m.•42 views

Google Android Buffer Overflow Vulnerability (CNVD-2023-25101)

Google Android is a Linux-based open-source operating system from Google, a U.S. company. The vulnerability stems from the failure of a network system or product to properly filter special elements of code segments during the construction of external input data. An attacker could exploit the...

8.8AI score0.00396EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2022/08/03 12:0 a.m.•42 views

F5 NGINX Instance Manager Denial of Service Vulnerability

NGINX Instance Manager NIM is part of F5's NGINX Management Suite NMS.The NIM module provides a REST API that uses standard authentication methods and HTTP response code, among other things.A denial of service vulnerability exists in F5 NGINX Instance Manager, which stems from a When using NGINX...

6.5CVSS1.9AI score0.00645EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/29 12:0 a.m.•42 views

Adobe Acrobat Reader Buffer Overflow Vulnerability (CNVD-2022-54889)

Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDF. A buffer overflow vulnerability exists in Adobe Acrobat Reader version 22.001.20085 and earlier, version 20.005.30314 and earlier, version 17.012.30205 and earlier,...

7.8CVSS7.8AI score0.00381EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/28 12:0 a.m.•42 views

Apple macOS Monterey buffer overflow vulnerability (CNVD-2022-71989)

Apple macOS Monterey is the 18th major release of Apple's macOS for the Macintosh desktop operating system. A buffer overflow vulnerability exists in Apple macOS Monterey versions prior to 12.5, which stems from allowing local users to access potentially sensitive information. Install the update...

5.5CVSS5.4AI score0.00921EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/28 12:0 a.m.•42 views

yasm expand_smacro function denial of service vulnerability

yasm is yasm open source a completely rewritten Netwide assembler. A denial of service vulnerability exists in yasm version 1.3.0, which stems from the presence of a NULL pointer dereference in the expandsmacro function in modules/preprocs/nasm/nasm-pp.c. An attacker could exploit this...

5.5CVSS5.2AI score0.00317EPSS
Exploits1References1
CNVD
CNVD
•added 2022/07/12 12:0 a.m.•42 views

IBM CICS TX Advanced Cross-Site Scripting Vulnerability

IBM CICS TX Advanced is a comprehensive, single transaction runtime package from IBM USA. It can provide a cloud-native deployment model for standalone applications. A cross-site scripting vulnerability exists in all versions of IBM CICS TX Advanced, which stems from the program's lack of data...

5.4CVSS5.2AI score0.00691EPSS
Exploits0References1
CNVD
CNVD
•added 2022/07/11 12:0 a.m.•42 views

Apache Druid Cross-Site Scripting Vulnerability

Apache Druid is the United States Apache Apache Foundation of a use of the Java language , written in column-oriented open source distributed database . Apache Druid suffers from a cross-site scripting vulnerability that stems from insufficient cleansing of user-supplied data. A remote attacker...

6.1CVSS6AI score0.02088EPSS
Exploits0References1
CNVD
CNVD
•added 2022/06/20 12:0 a.m.•42 views

WAVLINK WN579 X3 Information Disclosure Vulnerability (CNVD-2022-61036)

The WAVLINK WN579 X3 is a wireless router from the Chinese company WAVLINK. An information disclosure vulnerability exists in WAVLINK WN579 X3 M79X3.V5030.180719 version, which originates from improper authorization management in /cgi-bin/ExportAllSettings.sh. An attacker can exploit this...

7.5CVSS7AI score0.05482EPSS
Exploits1References1
CNVD
CNVD
•added 2022/05/27 12:0 a.m.•42 views

Rancher Labs Rancher Sensitive Data Encryption Missing Vulnerability

Rancher Labs Rancher is an open source, enterprise-class container management platform from Rancher Labs, Inc. Rancher Labs Rancher is vulnerable to a sensitive data encryption miss vulnerability, which stems from the presence of sensitive data encryption misses. An attacker could exploit this...

3.6CVSS1.6AI score0.00369EPSS
Exploits1Affected Software2
CNVD
CNVD
•added 2022/05/18 12:0 a.m.•42 views

Aruba ClearPass Policy Manager Command Injection Vulnerability (CNVD-2022-64231)

Aruba ClearPass Policy Manager is an application of the U.S. company Aruba to provide wireless network security access management system Aruba ClearPass Policy Manager has a command injection vulnerability, the vulnerability stems from the user input structure to execute the command process, the...

7.2CVSS3.9AI score0.0145EPSS
Exploits0References1
CNVD
CNVD
•added 2022/05/07 12:0 a.m.•42 views

F5 BIG-IP has an unspecified vulnerability (CNVD-2022-74719)

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A security vulnerability exists in F5 BIG-IP that could be exploited to modify and delete Dashboards created by other BIG-IP...

4CVSS3.6AI score0.00452EPSS
Exploits0Affected Software3
CNVD
CNVD
•added 2022/05/05 12:0 a.m.•42 views

Delta Electronics DIAEnergie SQL Injection Vulnerability (CNVD-2022-36026)

Delta Electronics DIAEnergie is an industrial energy management system for monitoring and analyzing energy consumption in real time, calculating energy consumption and load characteristics, optimizing equipment performance, improving production processes and maximizing energy efficiency. Delta...

10CVSS9.8AI score0.01138EPSS
Exploits0References1
CNVD
CNVD
•added 2022/04/15 12:0 a.m.•42 views

Apache Struts Remote Code Execution Vulnerability (CNVD-2023-02478)

A remote code execution vulnerability exists in Apache Struts, an open source web application architecture for developing Java EE web applications from the Apache Foundation, which stems from the use of mandatory OGNL evaluation in tag attributes for untrusted user input. An attacker could exploi...

9.8CVSS2.8AI score0.85315EPSS
Exploits16References1
CNVD
CNVD
•added 2022/03/25 12:0 a.m.•42 views

Linux kernel block_invalidatepage function denial of service vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A denial of service vulnerability exists in the Linux kernel blockinvalidatepage function, which can be exploited by an attacker to cause a program to crash...

5.5CVSS6.5AI score0.00309EPSS
Exploits1References1
CNVD
CNVD
•added 2022/03/09 12:0 a.m.•42 views

TerraMaster TOS Identity Bypass Vulnerability

TerraMaster is a world-renowned professional storage brand. TerraMaster TOS identity bypass vulnerability can be exploited by attackers to gain server privileges...

9.8CVSS4.9AI score0.8405EPSS
Exploits9References1
CNVD
CNVD
•added 2022/03/01 12:0 a.m.•42 views

Linux kernel has unspecified vulnerabilities (CNVD-2022-17770)

Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable to a security flaw that could be exploited by an attacker to inject data into a victim's TCP session or terminate that session...

5.9CVSS2.1AI score0.00678EPSS
Exploits0References1
CNVD
CNVD
•added 2022/02/16 12:0 a.m.•42 views

Sqlite has an unspecified vulnerability (CNVD-2022-18011)

Sqlite is a lightweight database, a relational database management system that adheres to ACID. SQLite3 versions 3.35.1 and 3.37.0 contain a security vulnerability that can be exploited by attackers to query records and leak subsequent memory bytes beyond the record to obtain sensitive informatio...

4.3CVSS3AI score0.01614EPSS
Exploits1References1
CNVD
CNVD
•added 2022/02/16 12:0 a.m.•42 views

Tenda AC Series Router Buffer Overflow Vulnerability

Tenda AC11 is a router from Tenda, China. The onlineList module of Tenda AC Series Router AC11V02.03.01.104CN is vulnerable to a stack buffer overflow vulnerability, which can be exploited by attackers to cause a denial of service via specially crafted overflow data...

9.8CVSS6.5AI score0.01734EPSS
Exploits1References1
CNVD
CNVD
•added 2022/02/14 12:0 a.m.•42 views

Linux kernel buffer overflow vulnerability (CNVD-2022-68616)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel buffer overflow vulnerability, which is caused by a failure of the Transparent Inter-Process Communication TIPC module to properly boundary check. An attacker could exploit the vulnerability...

9CVSS4.1AI score0.67994EPSS
Exploits2References1
CNVD
CNVD
•added 2022/02/10 12:0 a.m.•42 views

Bentley Systems Bentley View Buffer Overflow Vulnerability (CNVD-2022-15837)

Bentley Systems Bentley View is a free viewer from Bentley Systems, USA. A buffer overflow vulnerability exists in Bentley View, which can be exploited by an attacker to execute arbitrary code in the context of the current process, along with other vulnerabilities...

5.5CVSS6.1AI score0.01699EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/17 12:0 a.m.•42 views

Adobe Acrobat Reader DC Buffer Overflow Vulnerability (CNVD-2022-10759)

Acrobat Reader DC is an excellent PDF file reader developed by Adobe. Adobe Acrobat Reader DC has a buffer overflow vulnerability, which can be exploited by attackers to execute arbitrary code in the context of the current user...

9.3CVSS6.5AI score0.29951EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/28 12:0 a.m.•42 views

Rust acc_reader crate has an unspecified vulnerability

Rust accreader crate is a structure that provides an AccReader that wraps an arbitrary instance of std::io::Read and provides an implementation of std::io::Seek for it. memory location. No details of the vulnerability are currently available...

9.8CVSS3.1AI score0.01191EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/14 12:0 a.m.•42 views

Google Chrome Resource Management Error Vulnerability (CNVD-2022-16304)

Google Chrome is a web browser from Google, Inc. Google Chrome is vulnerable to a resource management error that can be exploited by attackers to cause arbitrary code execution or data corruption...

8.8CVSS6AI score0.07836EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/24 12:0 a.m.•42 views

Google TensorFlow Input Validation Error Vulnerability (CNVD-2022-09874)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from an input validation error vulnerability that can be exploited by an attacker to cause an abort and denial of service related to a CHECK failure...

5.5CVSS5.4AI score0.00205EPSS
Exploits1References1
CNVD
CNVD
•added 2021/10/20 12:0 a.m.•42 views

Oracle MySQL Server Information Disclosure Vulnerability (CNVD-2021-81767)

Oracle MySQL Server is a relational database from Oracle Corporation. An information disclosure vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to cause unauthorized read access to a subset of MySQL Server accessible data...

4CVSS3.7AI score0.01342EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/11 12:0 a.m.•42 views

nGeniusONE authorization bypass vulnerability

nGeniusONE is a service assurance solution provided by NETSCOUT that provides full visibility into infrastructure, interdependencies, and applications. nGeniusONE version 6.3.0 build 1196 contains an authorization bypass vulnerability in FDSQueryService. An attacker could exploit this vulnerabili...

4.3CVSS4.3AI score0.00639EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/17 12:0 a.m.•42 views

libde265 Heap Buffer Overflow Vulnerability (CNVD-2021-78434)

libde265 is an open source implementation of the h.265 video codec. libde265 version 1.0.4 has a heap buffer overflow vulnerability in the putweightedbipred16fallback function. An attacker can exploit the vulnerability to cause a denial of service via specially crafted files...

6.5CVSS4.8AI score0.01337EPSS
Exploits1References1
CNVD
CNVD
•added 2021/08/23 12:0 a.m.•42 views

XStream Arbitrary Code Execution Vulnerability (CNVD-2021-67827)

XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...

8.5CVSS6.4AI score0.98124EPSS
Exploits6References1
CNVD
CNVD
•added 2021/07/14 12:0 a.m.•42 views

Nextcloud Input Validation Error Vulnerability (CNVD-2022-20701)

An input validation error vulnerability exists in Nextcloud Server, which stems from the fact that DownloadResponse does not do security checks on uploaded file names, and could be exploited to trick users into downloading malicious files with normal file name...

8.8CVSS3.5AI score0.0137EPSS
Exploits0References1
CNVD
CNVD
•added 2021/06/21 12:0 a.m.•42 views

Unauthorized Access Vulnerability in HP LaserJet Pro M501dn Printers

Hewlett-Packard Hewlett-Packard, or HP is one of the information technology IT companies, founded in 1939 Hewlett-Packard is headquartered in Palo Alto, California, USA. Hewlett-Packard has three major business groups: Information Products Group, Printing and Imaging Systems Group and Enterprise...

6.6AI score
Exploits0
CNVD
CNVD
•added 2020/11/24 12:0 a.m.•42 views

Mozilla Firefox password leak vulnerability

Mozilla Firefox is an open source Web browser from the Mozilla Foundation. Mozilla FireFox has a password disclosure vulnerability that can be exploited by attackers to obtain password information...

6.5CVSS3.7AI score0.01236EPSS
Exploits0References1
CNVD
CNVD
•added 2018/08/16 12:0 a.m.•42 views

Apache HTTP Server Response Splitting Vulnerability (CNVD-2018-15542)

Apache HTTP Server is the United States Apache Apache Software Foundation, an open source web server. The server is fast, reliable and can be expanded through a simple API. A response splitting vulnerability exists in Apache HTTP Server versions 2.4.1 through 2.4.23 and 2.2.0 through 2.2.31. An...

6.1CVSS6.4AI score0.19798EPSS
Exploits0References1
CNVD
CNVD
•added 2018/03/14 12:0 a.m.•42 views

Microsoft Project Server and SharePoint Enterprise Server Elevation of Privilege Vulnerability

Microsoft Project Server 2013 SP1 and SharePoint Enterprise Server 2016 are both products of Microsoft Corporation.Microsoft Project Server 2013 SP1 is a suite of project management solutions for project portfolio management PPM and Microsoft Project Server 2013 SP1 is a project management soluti...

8.8CVSS7AI score0.04708EPSS
Exploits0References1
CNVD
CNVD
•added 2017/12/12 12:0 a.m.•42 views

Xiongmai Technology IP Cameras and DVRs Stack Buffer Overflow Vulnerability

Xiongmai IP Camera Module and DVR are both products of XiongMai, China.Xiongmai IP Camera Module is an IP camera module product.DVR is a hard disk recorder. A stack buffer overflow vulnerability exists in Xiongmai Technology's IP Camera and DVRs that use the NetSurveillance web interface, allowin...

10CVSS7.6AI score0.09216EPSS
Exploits3References1
CNVD
CNVD
•added 2017/08/03 12:0 a.m.•42 views

Xiph.Org vorbis-tools 'wav_open' function denial of service vulnerability

Xiph.Org vorbis-tools is a set of Ogg an audio compression format vorbis tools. A security vulnerability exists in the 'wavopen' function of the oggenc/audio.c file in Xiph.Org vorbis-tools version 1.4.0. A remote attacker can exploit this vulnerability to cause a denial of service memory...

5.5CVSS6.8AI score0.03793EPSS
Exploits3References1
CNVD
CNVD
•added 2017/07/27 12:0 a.m.•42 views

WordPress WP Rocket Plugin Security Bypass Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . WP Rocket plugin is one of the cache optimization plugin . A security vulnerability exists in version 2.9.3 of...

7.5CVSS7.3AI score0.03327EPSS
Exploits1References1
CNVD
CNVD
•added 2017/02/10 12:0 a.m.•42 views

MuPDF 'fitz/pixmap.c' Heap Buffer Overflow Vulnerability

Artifex Software MuPDF is a free, lightweight PDF reader from Artifex Software, USA. A heap buffer overflow vulnerability exists in MuPDF. An attacker could exploit the vulnerability to execute arbitrary code or cause a denial of service in an affected application environment...

5.5CVSS7.3AI score0.01746EPSS
Exploits0References1
CNVD
CNVD
•added 2016/09/18 12:0 a.m.•42 views

AVer Information EH6108H+ hybrid DVR VU Hardcoded Credentials Vulnerability Vulnerability

The AVer Information EH6108H+ hybrid DVR VU is a hard disk recorder DVR product from Round Show AVer Information. A hard-coded credentials vulnerability exists in the AVer Information EH6108H+ hybrid DVR VU. An attacker can exploit the vulnerability to gain root privileges...

10CVSS7.1AI score0.02305EPSS
Exploits2References1
CNVD
CNVD
•added 2016/08/10 12:0 a.m.•42 views

Microsoft Windows Graphics Remote Code Execution Vulnerability (CNVD-2016-06273)

Microsoft Windows is the popular computer operating system. A remote code execution vulnerability exists in Microsoft Windows due to a font library that does not properly handle constructed embedded fonts. This vulnerability could be exploited by an attacker to take full control of an affected...

9.3CVSS8AI score0.44492EPSS
Exploits1References1
Total number of security vulnerabilities5000