131102 matches found
Microsoft Visual Studio Remote Code Execution Vulnerability (CNVD-2022-67839)
Microsoft Visual Studio is a family of development tools from Microsoft Corporation USA and is a largely complete development toolset that includes most of the tools needed throughout the software lifecycle.Microsoft Visual Studio is vulnerable to remote code execution. An attacker could exploit...
WordPress plugin Adminer Login has an unspecified vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin Adminer Login version 1.4.4 contains a security vulnerability that can be exploited by...
IBM DataPower Gateway Server-Side Request Forgery Vulnerability (CNVD-2022-56971)
IBM DataPower Gateway is a set of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interface API, web, service-oriented architecture SOA, B2B and cloud workloads. The platform protects, integrates and optimizes access across channels...
Adobe Acrobat Reader Buffer Overflow Vulnerability (CNVD-2022-54889)
Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDF. A buffer overflow vulnerability exists in Adobe Acrobat Reader version 22.001.20085 and earlier, version 20.005.30314 and earlier, version 17.012.30205 and earlier,...
SAP BusinessObjects BW Publisher Service Elevation of Privilege Vulnerability
SAP BusinessObjects BW Publisher Service is a model-driven data warehouse product from SAP Germany. An elevation of privilege vulnerability exists in versions 420 and 430 of the SAP BusinessObjects BW Publisher Service, which stems from the use of search paths that contain un-referenced elements,...
Annotation Tool path traversal vulnerability
Annotation Tool is a Bonn activity map annotation tool open sourced by bonn-activity-maps. 2021-08-31 and earlier versions of Annotation Tool are vulnerable to a path traversal vulnerability that stems from a failure of Flask's sendfile function to properly filter special elements in a resource o...
HCL Technologies HCL Launch Information Disclosure Vulnerability (CNVD-2022-58411)
HCL Technologies HCL Launch is a versatile, enterprise-grade continuous delivery automation software from HCL Technologies, India. for handling the most complex deployment processes in DevOps. HCL Technologies HCL Launch suffers from an information disclosure vulnerability that stems from the...
Huawei HarmonyOS security bypass vulnerability (CNVD-2022-57613)
Huawei HarmonyOS is an operating system from Huawei China. It provides a microkernel-based, fully distributed operating system. Huawei HarmonyOS contains a security vulnerability that could be exploited by attackers to compromise system integrity...
Huawei WS7200-10 Access Control Error Vulnerability
The Huawei ws7200-10 is a wireless router from the Chinese company Huawei HUAWEI. Huawei WS7200-10 11.0.2.13 suffers from an access control error vulnerability, which stems from a problem with user password authentication, and can be exploited by an attacker on a local area network LAN to obtain ...
WordPress plugin Google Tag Manager cross-site scripting vulnerability
WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin Google Tag Manager version 1.15 has a cross-site scripting vulnerability that stems from the fact that site searches are n...
Wolters Kluwer TeamMate Audit SQL Injection Vulnerability
Wolters Kluwer TeamMate Audit is a cloud-based audit management tool from Wolters Kluwer Netherlands. A SQL injection vulnerability exists in Wolters Kluwer TeamMate Audit version 28.0.19.0, which stems from a lack of filtering and escaping of SQL data in search forms. An attacker could use this...
Command execution vulnerability exists in Laravel (CNVD-2022-44351)
Laravel is a PHP Web development framework PHP Web Framework. A command execution vulnerability exists in Laravel that can be exploited by an attacker to perform remote code execution RCE...
Linux kernel denial-of-service vulnerability (CNVD-2022-66584)
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel is vulnerable to a denial of service. An attacker could exploit this vulnerability to force a NULL pointer dereference on the Linux kernel via kvmmmuinvpcidgva to trigger a denial of service...
Air Cargo Management System SQL Injection Vulnerability (CNVD-2022-58096)
Air Cargo Management System is an air cargo management system. version 1.0 of Air Cargo Management System is vulnerable to a SQL injection vulnerability in /acms/classes/Master.php?f=deletecargotype which lacks a filter and escape for the parameter The vulnerability is caused by a lack of filteri...
Tenda AX12 Cross-Site Request Forgery Vulnerability (CNVD-2022-63551)
Tenda AX12 is a dual-band gigabit Wifi 6 wireless router from Tenda, China.Tenda AX12 V22.03.01.21CN is vulnerable to cross-site request spoofing. users, an attacker could use the vulnerability to spoof malicious requests to trick victims into clicking to perform sensitive operations...
Resource Management Error Vulnerability in Multiple Adobe Products (CNVD-2022-67850)
Adobe Acrobat and Adobe Reader are both products of Adobe, a PDF file editing and conversion tool, and Adobe Reader, a PDF document reader. A number of Adobe products have resource management error vulnerability, the vulnerability is derived from the processing of PDF files occurred after the...
Microsoft .NET Framework Denial of Service Vulnerability (CNVD-2022-60136)
Microsoft .NET Framework is a comprehensive and consistent programming model from Microsoft Corporation USA and a Windows Store, Windows Phone, Windows Server, and Microsoft Azure applications. The platform includes the C and Visual Basic programming languages, a public language runtime library,...
Microsoft Windows Common Log File System Driver权限提升漏洞
Microsoft Windows Common Log File System Driver is a Microsoft Corporation Common Log File System CLFS API that provides a high-performance, common log file subsystem that can be used by dedicated client applications and shared by multiple clients to optimize log access. An elevation-of-privilege...
Huawei EMUI Information Disclosure Vulnerability (CNVD-2022-64483)
Huawei Emui is an Android-based mobile operating system developed by Huawei, a Chinese company. Huawei EMUI suffers from an information disclosure vulnerability that originates from an unauthorized rewrite vulnerability in the memory access management module on the ACPU. The vulnerability can be...
Jenkins Parameterized Trigger Plugin Information Disclosure Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. These values are stored and can be viewed by an attacker with access to the...
Luocms SQL Injection Vulnerability (CNVD-2022-20133)
Luocms is an article management system. A SQL injection vulnerability exists in Luocms v2.0, which stems from a lack of validation of external input SQL statements in /admin/news/newsmod.php. An attacker could use this vulnerability to execute illegal SQL commands to steal sensitive database data...
Adobe After Effects Buffer Overflow Vulnerability (CNVD-2022-22099)
Adobe After Effects is a suite of visual effects and motion graphics software from Adobe, Inc. A buffer overflow vulnerability exists in Adobe After Effects, which stems from a failure to properly validate data boundaries when performing operations on memory, and can be exploited by remote...
Envoy Trust Management Issue Vulnerability (CNVD-2022-16289)
Envoy is an open source distributed proxy server. Envoy is vulnerable to trust management issues, and no detailed vulnerability details are available at this time...
Envoy has an unspecified vulnerability (CNVD-2022-16288)
Envoy is an open source distributed proxy server. Envoy has a security vulnerability that can be exploited by attackers to cause stack exhaustion and abnormal process termination...
Expat has an unspecified vulnerability (CNVD-2022-18357)
Expat is a fast streaming XML parser written in C. A security vulnerability existed prior to Expat 2.4.5, which could be exploited by attackers to insert namespace separators into namespace URIs...
Foxit PDF Reader Buffer Overflow Vulnerability (CNVD-2023-49839)
Foxit PDF Reader is a Chinese Foxit Foxit company's a PDF reader. A security vulnerability exists in Foxit PDF Reader, which stems from carefully crafted data in JP2 images that can trigger the reading of data beyond the end of the allocated buffer. The vulnerability can be exploited by an attack...
Apache Cassandra Code Injection Vulnerability
Apache Cassandra is a distributed Nosql database from the American Apache Apache Foundation. Apache Cassandra suffers from a code injection vulnerability that stems from a network system or product failing to properly filter specific elements of externally entered data during the construction of ...
Google Android Information Disclosure Vulnerability (CNVD-2022-13349)
Google Android is a Linux-based open source operating system from Google. A security vulnerability exists in Google Android, which can be exploited by an attacker to access screenshots in the clipboard via Edge Panel...
Google Tensorflow has an unspecified vulnerability (CNVD-2022-09902)
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A security vulnerability exists in Google TensorFlow that could be exploited to trigger a denial of service by changing the SavedModel on disk...
vim buffer overflow vulnerability (CNVD-2022-20799)
Vim is a UNIX-based editor. buffer overflow vulnerability exists in versions prior to vim 8.2, which stems from a networked system or product that does not properly validate data boundaries when performing operations on memory, resulting in incorrect read and write operations being performed to...
HDF5 Denial of Service Vulnerability (CNVD-2022-07232)
HDF5 is a suite of tools for managing and storing different types of data from HDF, Inc. The product supports managing, manipulating, viewing and analyzing data, and generating files in portable formats.A security vulnerability exists in HDF5 v1.13.1-1, which stems from a heap-release-after-reuse...
Linux kernel elevation of privilege vulnerability (CNVD-2022-68560)
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel has a security vulnerability that can be exploited by attackers to bypass Linux kernel restrictions through Cgroup Fd Writing to elevate privileges...
Jenkins Cross-Site Request Forgery Vulnerability (CNVD-2022-08036)
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . Jenkins has a cross-site request forgery vulnerability that stems from the WEB application not adequately verifying tha...
October CMS File Upload Vulnerability
October CMS is an open source content management system CMS based on PHP and Laravel web application framework. A file upload vulnerability exists in October CMS, which stems from the "Create, Modify, and Delete Site Pages" privilege of the management system, and can be exploited by an attacker t...
ZOHO ManageEngine ADSelfService Plus has an unspecified vulnerability (CNVD-2022-02472)
A security vulnerability exists in ZOHO ManageEngine ADSelfService Plus, ZOHO's integrated self-service password management and single sign-on solution for Active Directory and cloud applications. The vulnerability is caused by ManageEngine ADSelfService Plus under build 6116 storing the password...
WordPress Modern Events Calendar Lite PluginSQL Injection Vulnerability
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. Modern Events Calendar Lite Plugin is a WordPress open source application plugin. WordPress Modern Events Calendar Lite...
ZOHO ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability
ZOHO ManageEngine ServiceDesk Plus SDP is the United States ZhuoHao ZOHO company's set of ITIL-based architecture of IT service management software. The software integrates incident management, problem management, asset management IT project management, procurement and contract management and oth...
Samba permission permission and access control issue vulnerability (CNVD-2022-15501)
Samba is the standard Windows interoperability suite for Linux and Unix. Samba is vulnerable to a permission permission and access control issue, which stems from a flaw found in the way samba can support RODCs read-only domain controllers as Active Directory domain controllers. An attacker could...
Google Android Kernel Component Elevation of Privilege Vulnerability (CNVD-2021-101428)
Android is a Linux-based open source operating system developed by Google Inc. and the Open Handheld Alliance OHA. an elevation of privilege vulnerability exists in the Google Android Kernel component Kernel, which could be exploited by an attacker to cause a local elevation of privilege that...
Adobe XMP Toolkit SDK Out-of-Bounds Read Vulnerability (CNVD-2021-63257)
Adobe XMP Toolkit SDK is a tagging technology from Adobe that allows you to embed data about a file called metadata into the file itself. an out-of-bounds read vulnerability exists in Adobe XMP Toolkit SDK 2020.1 and earlier. An attacker could exploit this vulnerability to cause a denial of servi...
Microsoft Windows Print Spooler Remote Code Execution Vulnerability (CNVD-2021-91637)
Microsoft Windows is an operating system for personal devices, and Microsoft Windows Server is a server operating system. Windows Print Spooler is one of the print backend processors, and a remote code execution vulnerability exists in Microsoft Windows Print Spooler. No details of the...
Unauthorized Access Vulnerability in Apache Storm
Apache Storm is a distributed real-time big data processing system. Apache Storm has an unauthorized access vulnerability that can be exploited by an attacker to gain unauthorized access to sensitive information and perform unauthorized operations...
Wee Enhanced Environment for Chat logger plugin denial of service vulnerability
WeeChat Wee Enhanced Environment for Chat is an efficient lightweight IRC chat client. logger plugin is one of the logger plugins. A security vulnerability exists in the logger.c file of the logger plugin in versions of WeeChat prior to 1.9.1, which stems from the program failing to initialize a...
Apache HTTP Server Security Bypass Vulnerability (CNVD-2016-13233)
Apache httpd is the U.S. Apache Apache Software Foundation, an open source HTTP server developed and maintained specifically for modern operating systems. A security vulnerability exists in Apache httpd versions prior to 2.4.25, which stems from the program's failure to properly parse HTTP header...
Cairo 'cairo-png.c' Integer Overflow Vulnerability
Cairo is a cross-platform open source vector graphics library , it supports in multiple contexts to do 2D drawing , and provides high-quality display and printout . An integer overflow vulnerability exists in Cairo 'cairo-png.c'. An attacker may exploit this issue to crash the affected applicatio...
Open Ticket Request System FAQ SQL Injection Vulnerability
Open Ticket Request System OTRS is an open source defect tracking and management system software from the German OTRS Group. The software categorizes service requests submitted by phone, email and other channels into different queues, service levels, and service personnel through the OTRS system ...
Microsoft Exchange Server Open Redirect Vulnerability
Microsoft Exchange Server is a set of e-mail service programs from Microsoft, which provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. An open redirection vulnerability exists in Microsoft Exchange Server. An attacker could exploit this vulnerability by sendi...
Moxa EDR-G903 Information Disclosure Vulnerability (CNVD-2016-03388)
The Moxa EDR-G903 is an all-in-one firewall/VPN security router product. A security vulnerability exists in the Moxa EDR-G903 that allows remote attackers to submit special URIs to obtain configuration file and log file information...
Linux kernel privilege acquisition vulnerability
The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. aufs is one of the federated file system modules. A privilege-acquisition vulnerability exists in the aufs module of Linux kernel versions 3.x and 4.x. The vulnerability stems...
Pro-face GP-Pro EX Heap Buffer Overflow Vulnerability
Pro-face GP-Pro EX is a set of HMI screen editing and logic programming software from American Pro-face. A heap buffer overflow vulnerability exists in Pro-face GP-Pro EX. A remote attacker can exploit this vulnerability to execute arbitrary code in the context of a process...