131102 matches found
JetBrains Rider Code Injection Vulnerability
JetBrains Rider is a cross-platform integrated development environment IDE from Czech company Jetbrains. versions prior to JetBrains Rider 2022.1 contain a code injection vulnerability that could be exploited by attackers to execute native code via a link in the ReSharper quick documentation...
Microsoft Windows DiskUsage.exe remote code execution vulnerability
Microsoft Windows DiskUsage.exe is a remote code execution vulnerability in Microsoft Windows, an operating system used by personal devices. The vulnerability stems from the failure of a network system or product to properly filter special elements in code segments constructed from external input...
Microsoft Windows Cluster Shared Volume (CSV) 拒绝服务漏洞
Microsoft Windows Cluster Shared Volume is a feature of Microsoft Corporation USA. A denial of service vulnerability exists in Microsoft Windows Cluster Shared Volume CSV, which can be exploited by attackers to cause a denial of service condition...
Microsoft Windows Common Log File System Driver权限提升漏洞
Microsoft Windows Common Log File System Driver is a Microsoft Corporation Common Log File System CLFS API that provides a high-performance, common log file subsystem that can be used by dedicated client applications and shared by multiple clients to optimize log access. An elevation-of-privilege...
Microsoft .NET Framework Denial of Service Vulnerability (CNVD-2022-60136)
Microsoft .NET Framework is a comprehensive and consistent programming model from Microsoft Corporation USA and a Windows Store, Windows Phone, Windows Server, and Microsoft Azure applications. The platform includes the C and Visual Basic programming languages, a public language runtime library,...
nconf has unspecified vulnerabilities
nconf is a TOML-formatted plugin. nconf versions prior to 0.11.4 have a security vulnerability that stems from the .set function, which is responsible for setting configuration properties, being vulnerable to prototype contamination, which can be exploited by attackers to override JavaScript...
Synology DiskStation Manager Buffer Overflow Vulnerability
Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology Inc. of Taiwan, China. This operating system manages information such as data, files, photos, music, and more. A buffer overflow vulnerability exists in Synology DiskStation Manager DSM,...
Red Hat 389 Directory Server Code Issue Vulnerability
Red Hat 389 Directory Server formerly known as Fedora Directory Server is an enterprise-class Linux directory server from Red Hat, Inc. The server fully supports the LDAPv3 specification and features scalable, multi-master replication, etc. A security vulnerability exists in Red Hat 389 Directory...
TP-Link TL-WR886N Buffer Overflow Vulnerability (CNVD-2022-20073)
A buffer overflow vulnerability exists in TP-Link TL-WR886N 20190826 version 2.3.8, which originates from the /cloudconfig/routerpost/resetcloudpwd function when executing operations on memory An authenticated attacker could use this vulnerability to execute arbitrary code on the system via a...
libxml2 Resource Management Error Vulnerability (CNVD-2022-21487)
libxml2 is an open source library for parsing XML documents. It is written in C and can be called by multiple languages, such as C, C, XSH. libxml2 suffers from a resource management error vulnerability that can be exploited by attackers to threaten alerts that affect software or systems...
Linux kernel buffer overflow vulnerability (CNVD-2022-13357)
Linux kernel is the kernel used by the Linux Foundation's open-source operating system, Linux.KVM is one of the kernel-based virtual machines. Linux kernel suffers from a buffer overflow vulnerability that stems from a use-after-free vulnerability found in rtsxusbmsdrvremove in...
Linux kernel information disclosure vulnerability (CNVD-2022-13356)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from an information disclosure vulnerability that stems from a vulnerability found in the Linux kernel's eBPF validation program when dealing with...
Multiple Siemens Industrial Products Denial of Service Vulnerabilities
SIMATIC Drive Controller family products are machines designed for production automation, combining the functionality of the SIMATIC S7-1500 CPU and the SINAMICS S120 drive control.SIMATIC S7-1200 CPU family products are designed for discrete and continuous control in industrial environments such...
QEMU Elevation of Privilege Vulnerability (CNVD-2022-84163)
QEMU is a suite of emulation processor software from Fabrice Bellard, a French personal developer. The software is fast and cross-platform.QEMU suffers from an elevation of privilege vulnerability, which stems from a flaw found in the QEMU virtio-fs shared file system daemon implementation. An...
HDF5 Denial of Service Vulnerability (CNVD-2022-07232)
HDF5 is a suite of tools for managing and storing different types of data from HDF, Inc. The product supports managing, manipulating, viewing and analyzing data, and generating files in portable formats.A security vulnerability exists in HDF5 v1.13.1-1, which stems from a heap-release-after-reuse...
An unspecified vulnerability exists in vim (CNVD-2022-20698)
Vim is a UNIX-based editor. vim has a security vulnerability that stems from a heap-based buffer overflow in vim. No detailed vulnerability details are currently available...
Google Android Information Disclosure Vulnerability (CNVD-2022-05479)
Google Android is a Linux-based open-source operating system from Google, Inc. Google Android is vulnerable to an information disclosure vulnerability that stems from a configuration error in the network system or product during operation. An attacker could use the vulnerability to obtain sensiti...
Google Android Input Validation Error Vulnerability (CNVD-2022-06151)
Google Android is a Linux-based open source operating system from Google, Inc. Google Android 11 is vulnerable to an input validation error, which stems from a network system or product that does not properly validate input data. No details of the vulnerability are currently available...
Shopware Open Redirect Vulnerability
Shopware is a set of open source e-commerce software from the German company Shopware. shopware has an open redirect vulnerability in versions prior to 5.7.7, which stems from incomplete URL handling in shopware routing and can be exploited by attackers to redirect users to arbitrary websites...
cve-search has an unspecified vulnerability
Cve-Search is a tool that performs local searches for known vulnerabilities. It is used for searching, indexing, correlating and managing software vulnerabilities. cve-search versions prior to 4.1.0 have a security vulnerability that stems from lib/DatabaseLayer.py allowing regular expression...
crocoblock JetEngine code issue vulnerability
crocoblock JetEngine is a dynamic content plugin that allows you to build complex websites quickly and cost-effectively. crocoblock JetEngine versions prior to 2.9.1 are vulnerable to a code issue that stems from the application's inability to properly validate and clean up form data. An attacker...
Google Chrome autofill security bypass vulnerability (CNVD-2021-100607)
Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome that could be exploited by attackers to bypass security restrictions...
ZOHO ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability
ZOHO ManageEngine ServiceDesk Plus SDP is the United States ZhuoHao ZOHO company's set of ITIL-based architecture of IT service management software. The software integrates incident management, problem management, asset management IT project management, procurement and contract management and oth...
Lantronix PremierWave 2050 Path Traversal Vulnerability (CNVD-2022-01596)
The Lantronix PremierWave 2050 is an embedded enterprise Wi-Fi module from Lantronix, Inc. The Lantronix PremierWave 2050 version 8.9.0.0R4 is vulnerable to a path traversal vulnerability caused by a lack of filtering and escaping of path parameters by the Web Manager FSBrowsePage feature. An...
Adobe Bridge Memory Corruption Vulnerability (CNVD-2022-67851)
Adobe Bridge is a free digital asset management application from Adobe. 11.1.1 and earlier versions of Adobe Bridge contain a memory corruption vulnerability that could be exploited by attackers to execute arbitrary code in the context of the current user...
IBM Sterling File Gateway Cross-Site Scripting Vulnerability (CNVD-2021-78438)
IBM Sterling File Gateway is an application for transferring files between internal and external partners, allowing you to more securely and reliably transfer files with trading partners.IBM Sterling File Gateway versions 2.2.0.0-5.2.6.54, 6.0.0.0-6.0.0.6, 6.0 .1.0-6.0.3.4, and 6.1.0.0-6.1.0.2...
Weak Password Vulnerability in Smart Camera of Shenzhen Anjiavision Information Technology Co.
Shenzhen Anjoy Vision Information Technology Co., Ltd. hereinafter referred to as: Anjoy Vision is a high-tech enterprise integrating R&D, production, sales and service. Shenzhen Anjoy Vision Information Technology Co., Ltd. smart camera has a weak password vulnerability, which can be exploited b...
Linux kernel denial-of-service vulnerability (CNVD-2021-60515)
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel is vulnerable due to a null pointer dereference and OOPS flaw in arch/powerpc/perf/core-book3s.c. By sending a constructed perf record command, an authenticated local attacker can exploit th...
Linux kernel denial-of-service vulnerability (CNVD-2021-60518)
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel is vulnerable due to a deadlock flaw in btrfs when there is not enough free space in system spaceinfo. A local attacker can exploit this vulnerability to cause a denial of service situation...
Linux kernel information disclosure vulnerability (CNVD-2021-60526)
Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable due to an excessive amount of data output in the Linux kernel functions, which allows user-state applications to read the contents of a sigpage, thereby leaking the contents o...
Command execution vulnerability exists in SEACMS (CNVD-2021-46592)
SeaCMS Ocean CMS is a professional open source free PHP film and television system. A command execution vulnerability exists in SEACMS, which can be exploited by attackers to gain control of the server...
Apache HTTP Server Stack Overflow Vulnerability
Apache HTTP Server is an open source web server from the Apache Foundation. The server is fast, reliable, and extensible via a simple API. Apache HTTP Server is vulnerable to a per-zero-byte stack overflow in modauthdigest, which can be exploited to trigger remote code execution or...
Unspecified Vulnerability in Mozilla Rust (CNVD-2021-30438)
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability in prost crate in Mozilla Rust versions prior to 0.6.1, which stems from stack consumption via crafted messages, can be exploited by an attacker to cause a denial of service or remote co...
Exim Input Validation Error Vulnerability
Exim is an open source messaging agent MTA running on Unix systems that routes, forwards and delivers mail. An input validation error vulnerability exists in Exim versions 4.87 through 4.91. The vulnerability stems from a network system or product that does not properly validate incoming data. No...
Unspecified Vulnerability in CloudBees Jenkins Zephyr for JIRA Test Management Plugin
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . Zephyr for JIRA Test Management Plugin is used...
Roundcube Webmail Arbitrary File Access Vulnerability
RoundCube Webmail is a browser-based IMAP client mail client that supports address book management, message searching, spell checking and more. A security vulnerability exists in Roundcube Webmail versions prior to 1.1.10, 1.2.x versions prior to 1.2.7, and 1.3.x versions prior to 1.3.3. An...
Google Android HTC OEM fastboot command elevation of privilege vulnerability
Google Android is a mobile operating system based on the Linux open kernel. Google Android has a security vulnerability in the HTC OEM fastboot command implementation, which allows remote attackers to exploit the vulnerability to submit special applications with elevated privileges...
Apache NiFi Cross-Site Scripting Vulnerability
Apache NiFi is an automated solution for data transfer between systems. Apache NiFi suffers from a cross-site scripting vulnerability in the connection details dialog box, which allows an attacker to inject malicious code into the affected site...
Apache HTTP Server Security Bypass Vulnerability (CNVD-2016-13233)
Apache httpd is the U.S. Apache Apache Software Foundation, an open source HTTP server developed and maintained specifically for modern operating systems. A security vulnerability exists in Apache httpd versions prior to 2.4.25, which stems from the program's failure to properly parse HTTP header...
Microsoft Windows Kernel Local Privilege Elevation Vulnerability (CNVD-2016-11012)
Microsoft Windows is a series of operating systems released by Microsoft Corporation in the United States. kernel is one of the kernels. A local elevation of privilege vulnerability exists in the Microsoft Windows kernel. Due to a failure of the kernel API to properly handle privileges, a local...
Dracut Local Information Disclosure Vulnerability
Dracut is an initramfs infrastructure that is primarily used to create initramfs images. Dracut suffers from a local information disclosure vulnerability that can be exploited by an attacker to obtain sensitive information...
vBulletin Server-Side Request Forgery Security Bypass Vulnerability
vBulletin is the United States Internet Brands and vBulletin Solutions, Inc. jointly developed an open source commercial Web forum program . A security bypass vulnerability exists in vBulletin versions 5.2.2 and earlier, 4.2.3, and 3.8.9 and earlier. An attacker can exploit this vulnerability to...
Moxa EDR-G903 Denial of Service Vulnerability
Moxa EDR-G903 is a suite of Moxa's all-in-one firewall/VPN security router products. A security vulnerability exists in Moxa EDR-G903 V3.4.11 and earlier versions. A remote attacker can exploit this vulnerability by sending a malicious request to cause a denial of service cold boot...
Microsoft Windows win32k elevation of privilege vulnerability (CNVD-2016-03099)
Microsoft Windows is a series of operating systems released by Microsoft USA. win32k.sys is the kernel part of the Windows subsystem, a kernel-mode device driver, which contains a window manager, background control windows and screen output management. An elevation of privilege vulnerability exis...
Microsoft Windows WebDAV Elevation of Privilege Vulnerability
Microsoft Windows is a series of operating systems released by Microsoft.WebDAV client is one of the Web distributed authoring and version control client. An elevation of privilege vulnerability exists in the WebDAV client for Microsoft Windows that stems from the program failing to properly...
Radexscript CMS 'SEARCH_TERMS' Parameter SQL Injection Vulnerability
Redaxscript is a free content management system CMS based on PHP and MySQL. The system is mainly used for small businesses and private site builders. A SQL injection vulnerability exists in the 'searchpost' function in the includes/search.php script in Redaxscript versions prior to 2.3.0. A remot...
OpenClaw Information Disclosure Vulnerability (CNVD-2026-14389)
OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw has an information disclosure vulnerability, the vulnerability stems from the component File Existence Handler's function tools.exec.safeBins for the protection of sensitive information is insufficient, an attacker can...
IBM WebSphere Application Server Liberty Resource Management Error Vulnerability (CNVD-2024-18059)
IBM WebSphere Application Server Liberty is a Java application server from International Business Machines IBM built on top of the Open Liberty project. A resource management error vulnerability exists in IBM WebSphere Application Server Liberty versions 17.0.0.3 through 24.0.0.3, which stems fro...
Apache Doris Security Bypass Vulnerability
Apache Doris is a modern MPP analytic database product of the U.S. Apache Apache Foundation. Can provide sub-second queries and efficient real-time data analysis. Apache Doris has a security bypass vulnerability that stems from the use of the chmod function, which can be exploited by an attacker ...
Unspecified Vulnerability in Oracle MySQL (CNVD-2024-11152)
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL for MySQL Server version 8.0.35 and earlier, version 8.2.0 and earlier. An attacker can exploit this...