131102 matches found
Modesty Pdf2json resource management error vulnerability
Modesty Pdf2json is Modesty's personal developer of a Java-based code library that interacts PDF files with Json files. PDF2JSON version 0.70 has a security vulnerability that stems from an issue found in the function DCTStream::transformDataUnit, which could be used by an attacker to cause a...
Linux kernel information disclosure vulnerability (CNVD-2021-60526)
Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable due to an excessive amount of data output in the Linux kernel functions, which allows user-state applications to read the contents of a sigpage, thereby leaking the contents o...
Command execution vulnerability exists in SEACMS (CNVD-2021-46592)
SeaCMS Ocean CMS is a professional open source free PHP film and television system. A command execution vulnerability exists in SEACMS, which can be exploited by attackers to gain control of the server...
Apache HTTP Server Stack Overflow Vulnerability
Apache HTTP Server is an open source web server from the Apache Foundation. The server is fast, reliable, and extensible via a simple API. Apache HTTP Server is vulnerable to a per-zero-byte stack overflow in modauthdigest, which can be exploited to trigger remote code execution or...
Exim Input Validation Error Vulnerability
Exim is an open source messaging agent MTA running on Unix systems that routes, forwards and delivers mail. An input validation error vulnerability exists in Exim versions 4.87 through 4.91. The vulnerability stems from a network system or product that does not properly validate incoming data. No...
Unspecified Vulnerability in CloudBees Jenkins Zephyr for JIRA Test Management Plugin
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing project and some timed tasks . Zephyr for JIRA Test Management Plugin is used...
Microsoft Office Memory Corruption Vulnerability (CNVD-2017-27433)
Microsoft Office is an office software suite of products developed by the U.S. company Microsoft Microsoft. Commonly used components are Word, Excel, Access, Powerpoint, FrontPage and so on. A memory corruption vulnerability exists in Microsoft Office where a remote program fails to properly hand...
Apache HTTP Server Denial of Service Vulnerability (CNVD-2017-13906)
Apache HTTP Server is the United States Apache Apache Software Foundation, an open source web server. The server is fast, reliable and can be expanded through a simple API. A denial of service vulnerability exists in Apache HTTP Server versions prior to 2.4.26. An attacker can exploit this...
Elasticsearch Logstash Information Disclosure Vulnerability
Elasticsearch Logstash is a set of log analysis and monitoring tools from Elasticsearch Netherlands. The tool provides functions such as search, processing and management of logs or events. An information disclosure vulnerability exists in Elasticsearch Logstash versions prior to 5.0.1. An attack...
Google Android HTC OEM fastboot command elevation of privilege vulnerability
Google Android is a mobile operating system based on the Linux open kernel. Google Android has a security vulnerability in the HTC OEM fastboot command implementation, which allows remote attackers to exploit the vulnerability to submit special applications with elevated privileges...
Artifex Software Ghostscript Local Integer Overflow Vulnerability
Artifex Software Ghostscript is an open source Postscript a page description language and programming language used in the electronics industry and desktop publishing parser from Artifex Software that displays Postscript files and prints them on non-Postscript printers. print Postscript files on...
Apache NiFi Cross-Site Scripting Vulnerability
Apache NiFi is an automated solution for data transfer between systems. Apache NiFi suffers from a cross-site scripting vulnerability in the connection details dialog box, which allows an attacker to inject malicious code into the affected site...
Game Music Emulators Memory Corruption Vulnerability (CNVD-2017-00404)
Game Music Emulators. A memory corruption vulnerability exists in Game Music Emulators. A remote attacker could exploit this vulnerability to execute arbitrary code or trigger a denial of service...
vBulletin Server-Side Request Forgery Security Bypass Vulnerability
vBulletin is the United States Internet Brands and vBulletin Solutions, Inc. jointly developed an open source commercial Web forum program . A security bypass vulnerability exists in vBulletin versions 5.2.2 and earlier, 4.2.3, and 3.8.9 and earlier. An attacker can exploit this vulnerability to...
Moxa EDR-G903 Denial of Service Vulnerability
Moxa EDR-G903 is a suite of Moxa's all-in-one firewall/VPN security router products. A security vulnerability exists in Moxa EDR-G903 V3.4.11 and earlier versions. A remote attacker can exploit this vulnerability by sending a malicious request to cause a denial of service cold boot...
Microsoft Windows win32k elevation of privilege vulnerability (CNVD-2016-03099)
Microsoft Windows is a series of operating systems released by Microsoft USA. win32k.sys is the kernel part of the Windows subsystem, a kernel-mode device driver, which contains a window manager, background control windows and screen output management. An elevation of privilege vulnerability exis...
Microsoft Windows WebDAV Elevation of Privilege Vulnerability
Microsoft Windows is a series of operating systems released by Microsoft.WebDAV client is one of the Web distributed authoring and version control client. An elevation of privilege vulnerability exists in the WebDAV client for Microsoft Windows that stems from the program failing to properly...
ZOHO ManageEngine Applications Manager FailOverHelperServlet servlet Information Disclosure Vulnerability
ZOHO ManageEngine Applications Manager is a set of application performance monitoring software from ZOHO. The software allows remote monitoring and management of different business systems, applications and network services e.g. servers, operating systems, etc.. An information disclosure...
OpenClaw Information Disclosure Vulnerability (CNVD-2026-14389)
OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw has an information disclosure vulnerability, the vulnerability stems from the component File Existence Handler's function tools.exec.safeBins for the protection of sensitive information is insufficient, an attacker can...
IBM WebSphere Application Server Liberty Resource Management Error Vulnerability (CNVD-2024-18059)
IBM WebSphere Application Server Liberty is a Java application server from International Business Machines IBM built on top of the Open Liberty project. A resource management error vulnerability exists in IBM WebSphere Application Server Liberty versions 17.0.0.3 through 24.0.0.3, which stems fro...
Unspecified Vulnerability in Oracle MySQL (CNVD-2024-11152)
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL for MySQL Server version 8.0.35 and earlier, version 8.2.0 and earlier. An attacker can exploit this...
ZZCMS File Upload Vulnerability (CNVD-2024-06241)
ZZCMS is a content management system CMS by the ZZCMS team in China. A file upload vulnerability exists in ZZCMS version 2023, which stems from the lack of valid validation of uploaded files in /Ebak5.1/upload/index.php. An attacker can exploit this vulnerability to gain server privileges and...
BaserCMS path traversal vulnerability (CNVD-2023-86331)
baserCMS is an enterprise-level content management system CMS from the baserCMS team. A path traversal vulnerability exists in versions of baserCMS prior to 4.8.0, which stems from a lack of validity checking of paths when processing directory requests by the form submission data management...
Microsoft Skype for Business Remote Code Execution Vulnerability (CNVD-2023-92203)
Microsoft Skype for Business Server is a secure and unified communications platform from Microsoft that provides instant messaging IM, audio and video calling, online conferencing, online status messages, and sharing capabilities. A remote code execution vulnerability exists in Microsoft Skype fo...
Linux Kernel Denial of Service Vulnerability (CNVD-2023-71723)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A denial of service vulnerability exists in the Linux Kernel, which originates from a NULL pointer dereference flaw in vmxnet3rqcleanup in drivers/net/vmxnet3/vmxnet3drv.c in t...
HCL Technologies BigFix Mobile Command Injection Vulnerability
HCL Technologies BigFix Mobile is a Mobile Device Management MDM solution from HCL Technologies. It is designed to help businesses and organizations effectively manage and secure mobile devices, including smartphones, tablets and other mobile devices. HCL Technologies BigFix Mobile suffers from a...
Information leakage vulnerability in Dahua DSS system
DSS Digital Surveillance System is a digital surveillance management system developed by Zhejiang Dahua Technology Co. There is an information leakage vulnerability in Dahua DSS system, which can be exploited by an attacker to obtain server related information and cause information leakage...
Linux kernel resource management error vulnerability (CNVD-2023-48540)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from a resource management error vulnerability that stems from the incorrect handling of per-CPU sequence counts during concurrent iptables rule...
Online Thesis Archiving System sql Injection Vulnerability (CNVD-2023-29788)
Online Thesis Archiving System is an online thesis archiving system. Online Thesis Archiving System version 1.0 has a sql injection vulnerability, which originates from the poor filtering of the id parameter in /admin/user/manageuser.php. An attacker can use this vulnerability to perform SQL...
Microsoft Windows DNS Remote Code Execution Vulnerability
Microsoft Windows DNS is a domain name resolution service from Microsoft. The Domain Name System DNS is one of the industry-standard suite of protocols that encompasses TCP/IP, and DNS clients and DNS servers work together to provide name resolution services for computers and users that map...
Google Chrome Autofill component code issue vulnerability
Google Chrome is a web browser from Google, Inc. A code issue vulnerability exists in versions prior to Google Chrome 111.0.5563.64, which stems from a weak policy enforcement issue in the Autofill component. A remote attacker could exploit the vulnerability to disclose cross-domain data via...
Siemens RUGGEDCOM APE1808 Product Family Competitive Conditions Vulnerability (CNVD-2023-09126)
The RUGGEDCOM APE1808 is a utility-level application hosting platform that allows you to deploy a range of commercial applications for edge computing and network security in harsh industrial environments. a competitive condition vulnerability exists in the Siemens RUGGEDCOM APE1808 product family...
IBM Security Verify Governance Encryption Issue Vulnerability
IBM Security Verify Governance, an intelligent identity access platform from International Business Machines IBM, Inc. provides organizations with a platform to analyze, define and control user access and access risks. IBM Security Verify Governanc has an encryption issue vulnerability that stems...
F5 BIG-IP APM Oauth Denial of Service Vulnerability
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A denial-of-service vulnerability exists in F5 BIG-IP APM Oauth, which can be exploited by remote unauthenticated attackers t...
Mozilla Firefox Trust Management Issue Vulnerability (CNVD-2023-05204)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S. Mozilla Firefox is vulnerable to trust management issues, which can be exploited by attackers to read and modify data...
Apple iOS and iPadOS Arbitrary Code Execution Vulnerability
Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices. The vulnerability can be exploited to execute arbitrary code on the device with kernel privileges...
Oracle MySQL Server Denial of Service Vulnerability (CNVD-2023-08439)
Oracle MySQL Server is a relational database from Oracle Corporation USA. A denial-of-service vulnerability exists in the Oracle MySQL Server Server:Optimizer component. An attacker can exploit the vulnerability to access the network via multiple protocols, which can compromise MySQL Server and...
Google Chrome Permissions API Memory Misreference Vulnerability
Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in Google Chrome versions prior to 106.0.5249.119. The vulnerability stems from the use of the Permissions API after release, and can be exploited by a remote attacker to trick a user into...
Aruba Networks ArubaOS and InstantOS Buffer Overflow Vulnerability
ArubaOS is the network operating system for Aruba Mobility Controllers, Mobility Masters, and controller-managed Access Points APs.InstantOS is an Arch Linux-based distribution. Aruba Networks ArubaOS and InstantOS are vulnerable to a buffer overflow vulnerability that originates from a boundary...
Rocket.Chat getS3FileUrl Meteor Information Disclosure Vulnerability
Rocket.Chat is an open source team chat software. An information disclosure vulnerability exists in Rocket.Chat versions prior to 4.7.5, 4.8.0 and later, and prior to 4.8.2. The vulnerability exists in the getS3FileUrl Meteor server method, which can be exploited by an authenticated attacker to...
D-Link DIR-2150 OS Command Injection Vulnerability (CNVD-2023-21660)
The D-Link DIR-2150 is a wireless router device from D-Link.The D-Link DIR-2150 is vulnerable to an operating system command injection vulnerability that could be exploited by attackers to execute code in the context of a service account...
Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2022-87164)
Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications and forms. Adobe Experience Manager contains a cross-site scripting vulnerability that could be exploited by attackers to execute malicious JavaScript content in the...
Laravel Deserialization Vulnerability (CNVD-2022-59204)
Laravel is a web application framework from the Laravel team.Laravel version 5.1 contains a deserialization vulnerability that stems from insecure deserialization processing of serialized data submitted by the application at the time of receipt, which can be exploited by an attacker to remotely...
Adobe Acrobat Reader Buffer Overflow Vulnerability (CNVD-2022-56978)
Adobe Acrobat Reader is a PDF viewer from Adobe, a U.S. company. The software is used to print, sign, and annotate PDFs. Adobe Acrobat Reader is vulnerable to a buffer overflow vulnerability that originates from out-of-bounds reads and results in a memory leak. No detailed vulnerability details a...
Microsoft Visual Studio Remote Code Execution Vulnerability (CNVD-2022-67839)
Microsoft Visual Studio is a family of development tools from Microsoft Corporation USA and is a largely complete development toolset that includes most of the tools needed throughout the software lifecycle.Microsoft Visual Studio is vulnerable to remote code execution. An attacker could exploit...
WordPress plugin Adminer Login has an unspecified vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin Adminer Login version 1.4.4 contains a security vulnerability that can be exploited by...
Google Android Information Disclosure Vulnerability (CNVD-2022-71982)
Google Android is a Linux-based open-source operating system from the U.S. company Google Google. Google Android has an information disclosure vulnerability that could be exploited by attackers to obtain sensitive information...
IBM DataPower Gateway Server-Side Request Forgery Vulnerability (CNVD-2022-56971)
IBM DataPower Gateway is a set of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interface API, web, service-oriented architecture SOA, B2B and cloud workloads. The platform protects, integrates and optimizes access across channels...
Adobe Acrobat and Adobe Acrobat Reader Buffer Overflow Vulnerability
Adobe Acrobat and Adobe Acrobat Reader are both products of the United States Ordoby Adobe.Adobe Acrobat is a set of PDF file editing and conversion tools.Adobe Acrobat Reader is a PDF viewer. The software is used to print, sign and annotate PDF. Adobe Acrobat and Adobe Reader has a buffer overfl...
SAP BusinessObjects BW Publisher Service Elevation of Privilege Vulnerability
SAP BusinessObjects BW Publisher Service is a model-driven data warehouse product from SAP Germany. An elevation of privilege vulnerability exists in versions 420 and 430 of the SAP BusinessObjects BW Publisher Service, which stems from the use of search paths that contain un-referenced elements,...