131102 matches found
Linux kernel resource management error vulnerability (CNVD-2023-48540)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from a resource management error vulnerability that stems from the incorrect handling of per-CPU sequence counts during concurrent iptables rule...
Online Thesis Archiving System sql Injection Vulnerability (CNVD-2023-29788)
Online Thesis Archiving System is an online thesis archiving system. Online Thesis Archiving System version 1.0 has a sql injection vulnerability, which originates from the poor filtering of the id parameter in /admin/user/manageuser.php. An attacker can use this vulnerability to perform SQL...
Microsoft Windows DNS Remote Code Execution Vulnerability
Microsoft Windows DNS is a domain name resolution service from Microsoft. The Domain Name System DNS is one of the industry-standard suite of protocols that encompasses TCP/IP, and DNS clients and DNS servers work together to provide name resolution services for computers and users that map...
Google Chrome Autofill component code issue vulnerability
Google Chrome is a web browser from Google, Inc. A code issue vulnerability exists in versions prior to Google Chrome 111.0.5563.64, which stems from a weak policy enforcement issue in the Autofill component. A remote attacker could exploit the vulnerability to disclose cross-domain data via...
IBM Security Verify Governance Encryption Issue Vulnerability
IBM Security Verify Governance, an intelligent identity access platform from International Business Machines IBM, Inc. provides organizations with a platform to analyze, define and control user access and access risks. IBM Security Verify Governanc has an encryption issue vulnerability that stems...
F5 BIG-IP APM Oauth Denial of Service Vulnerability
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A denial-of-service vulnerability exists in F5 BIG-IP APM Oauth, which can be exploited by remote unauthenticated attackers t...
Mozilla Firefox Trust Management Issue Vulnerability (CNVD-2023-05204)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S. Mozilla Firefox is vulnerable to trust management issues, which can be exploited by attackers to read and modify data...
Apple iOS and iPadOS Arbitrary Code Execution Vulnerability
Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices. The vulnerability can be exploited to execute arbitrary code on the device with kernel privileges...
Oracle MySQL Server Denial of Service Vulnerability (CNVD-2023-08439)
Oracle MySQL Server is a relational database from Oracle Corporation USA. A denial-of-service vulnerability exists in the Oracle MySQL Server Server:Optimizer component. An attacker can exploit the vulnerability to access the network via multiple protocols, which can compromise MySQL Server and...
Google Chrome Permissions API Memory Misreference Vulnerability
Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in Google Chrome versions prior to 106.0.5249.119. The vulnerability stems from the use of the Permissions API after release, and can be exploited by a remote attacker to trick a user into...
Aruba Networks ArubaOS and InstantOS Buffer Overflow Vulnerability
ArubaOS is the network operating system for Aruba Mobility Controllers, Mobility Masters, and controller-managed Access Points APs.InstantOS is an Arch Linux-based distribution. Aruba Networks ArubaOS and InstantOS are vulnerable to a buffer overflow vulnerability that originates from a boundary...
Rocket.Chat getS3FileUrl Meteor Information Disclosure Vulnerability
Rocket.Chat is an open source team chat software. An information disclosure vulnerability exists in Rocket.Chat versions prior to 4.7.5, 4.8.0 and later, and prior to 4.8.2. The vulnerability exists in the getS3FileUrl Meteor server method, which can be exploited by an authenticated attacker to...
D-Link DIR-2150 OS Command Injection Vulnerability (CNVD-2023-21660)
The D-Link DIR-2150 is a wireless router device from D-Link.The D-Link DIR-2150 is vulnerable to an operating system command injection vulnerability that could be exploited by attackers to execute code in the context of a service account...
Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2022-87164)
Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications and forms. Adobe Experience Manager contains a cross-site scripting vulnerability that could be exploited by attackers to execute malicious JavaScript content in the...
Laravel Deserialization Vulnerability (CNVD-2022-59204)
Laravel is a web application framework from the Laravel team.Laravel version 5.1 contains a deserialization vulnerability that stems from insecure deserialization processing of serialized data submitted by the application at the time of receipt, which can be exploited by an attacker to remotely...
Adobe Acrobat Reader Buffer Overflow Vulnerability (CNVD-2022-56978)
Adobe Acrobat Reader is a PDF viewer from Adobe, a U.S. company. The software is used to print, sign, and annotate PDFs. Adobe Acrobat Reader is vulnerable to a buffer overflow vulnerability that originates from out-of-bounds reads and results in a memory leak. No detailed vulnerability details a...
Microsoft Visual Studio Remote Code Execution Vulnerability (CNVD-2022-67839)
Microsoft Visual Studio is a family of development tools from Microsoft Corporation USA and is a largely complete development toolset that includes most of the tools needed throughout the software lifecycle.Microsoft Visual Studio is vulnerable to remote code execution. An attacker could exploit...
WordPress plugin Adminer Login has an unspecified vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin Adminer Login version 1.4.4 contains a security vulnerability that can be exploited by...
Google Android Information Disclosure Vulnerability (CNVD-2022-71982)
Google Android is a Linux-based open-source operating system from the U.S. company Google Google. Google Android has an information disclosure vulnerability that could be exploited by attackers to obtain sensitive information...
IBM DataPower Gateway Server-Side Request Forgery Vulnerability (CNVD-2022-56971)
IBM DataPower Gateway is a set of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interface API, web, service-oriented architecture SOA, B2B and cloud workloads. The platform protects, integrates and optimizes access across channels...
Adobe Acrobat and Adobe Acrobat Reader Buffer Overflow Vulnerability
Adobe Acrobat and Adobe Acrobat Reader are both products of the United States Ordoby Adobe.Adobe Acrobat is a set of PDF file editing and conversion tools.Adobe Acrobat Reader is a PDF viewer. The software is used to print, sign and annotate PDF. Adobe Acrobat and Adobe Reader has a buffer overfl...
SAP BusinessObjects BW Publisher Service Elevation of Privilege Vulnerability
SAP BusinessObjects BW Publisher Service is a model-driven data warehouse product from SAP Germany. An elevation of privilege vulnerability exists in versions 420 and 430 of the SAP BusinessObjects BW Publisher Service, which stems from the use of search paths that contain un-referenced elements,...
Annotation Tool path traversal vulnerability
Annotation Tool is a Bonn activity map annotation tool open sourced by bonn-activity-maps. 2021-08-31 and earlier versions of Annotation Tool are vulnerable to a path traversal vulnerability that stems from a failure of Flask's sendfile function to properly filter special elements in a resource o...
HCL Technologies HCL Launch Information Disclosure Vulnerability (CNVD-2022-58411)
HCL Technologies HCL Launch is a versatile, enterprise-grade continuous delivery automation software from HCL Technologies, India. for handling the most complex deployment processes in DevOps. HCL Technologies HCL Launch suffers from an information disclosure vulnerability that stems from the...
Huawei HarmonyOS security bypass vulnerability (CNVD-2022-57613)
Huawei HarmonyOS is an operating system from Huawei China. It provides a microkernel-based, fully distributed operating system. Huawei HarmonyOS contains a security vulnerability that could be exploited by attackers to compromise system integrity...
LDAP Account Manager Parameter Injection Vulnerability
LDAP Account Manager is a web front-end for managing entries e.g., users, groups, DHCP settings stored in the LDAP directory. LDAP Account Manager LAM versions prior to 8.0 are vulnerable to parameter injection, which stems from the fact that LAM instantiates objects from arbitrary classes and ca...
Huawei WS7200-10 Access Control Error Vulnerability
The Huawei ws7200-10 is a wireless router from the Chinese company Huawei HUAWEI. Huawei WS7200-10 11.0.2.13 suffers from an access control error vulnerability, which stems from a problem with user password authentication, and can be exploited by an attacker on a local area network LAN to obtain ...
WordPress plugin Google Tag Manager cross-site scripting vulnerability
WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin Google Tag Manager version 1.15 has a cross-site scripting vulnerability that stems from the fact that site searches are n...
Linux kernel denial-of-service vulnerability (CNVD-2022-66584)
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel is vulnerable to a denial of service. An attacker could exploit this vulnerability to force a NULL pointer dereference on the Linux kernel via kvmmmuinvpcidgva to trigger a denial of service...
Air Cargo Management System SQL Injection Vulnerability (CNVD-2022-58096)
Air Cargo Management System is an air cargo management system. version 1.0 of Air Cargo Management System is vulnerable to a SQL injection vulnerability in /acms/classes/Master.php?f=deletecargotype which lacks a filter and escape for the parameter The vulnerability is caused by a lack of filteri...
AMD System Management Unit Denial of Service Vulnerability (CNVD-2022-63548)
AMD System Management Unit SMU is a system management unit of AMD, Inc. A denial of service vulnerability exists in AMD System Management Unit, which stems from inadequate inspection of bindings in the System Management Unit SMU and can be exploited by an attacker to cause a denial of service...
Tenda AX12 Cross-Site Request Forgery Vulnerability (CNVD-2022-63551)
Tenda AX12 is a dual-band gigabit Wifi 6 wireless router from Tenda, China.Tenda AX12 V22.03.01.21CN is vulnerable to cross-site request spoofing. users, an attacker could use the vulnerability to spoof malicious requests to trick victims into clicking to perform sensitive operations...
Resource Management Error Vulnerability in Multiple Adobe Products (CNVD-2022-67850)
Adobe Acrobat and Adobe Reader are both products of Adobe, a PDF file editing and conversion tool, and Adobe Reader, a PDF document reader. A number of Adobe products have resource management error vulnerability, the vulnerability is derived from the processing of PDF files occurred after the...
Huawei EMUI Information Disclosure Vulnerability (CNVD-2022-64483)
Huawei Emui is an Android-based mobile operating system developed by Huawei, a Chinese company. Huawei EMUI suffers from an information disclosure vulnerability that originates from an unauthorized rewrite vulnerability in the memory access management module on the ACPU. The vulnerability can be...
Microsoft Windows DNS Server Remote Code Execution Vulnerability (CNVD-2022-84606)
Microsoft Windows is a set of operating systems for personal devices used by the U.S. company Microsoft Microsoft. A remote code execution vulnerability exists in Microsoft Windows DNS Server, which can be exploited by attackers to execute arbitrary code on the system...
Jenkins Parameterized Trigger Plugin Information Disclosure Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. These values are stored and can be viewed by an attacker with access to the...
Luocms SQL Injection Vulnerability (CNVD-2022-20133)
Luocms is an article management system. A SQL injection vulnerability exists in Luocms v2.0, which stems from a lack of validation of external input SQL statements in /admin/news/newsmod.php. An attacker could use this vulnerability to execute illegal SQL commands to steal sensitive database data...
Adobe After Effects Buffer Overflow Vulnerability (CNVD-2022-22099)
Adobe After Effects is a suite of visual effects and motion graphics software from Adobe, Inc. A buffer overflow vulnerability exists in Adobe After Effects, which stems from a failure to properly validate data boundaries when performing operations on memory, and can be exploited by remote...
Envoy Trust Management Issue Vulnerability (CNVD-2022-16289)
Envoy is an open source distributed proxy server. Envoy is vulnerable to trust management issues, and no detailed vulnerability details are available at this time...
Envoy has an unspecified vulnerability (CNVD-2022-16288)
Envoy is an open source distributed proxy server. Envoy has a security vulnerability that can be exploited by attackers to cause stack exhaustion and abnormal process termination...
Expat has an unspecified vulnerability (CNVD-2022-18357)
Expat is a fast streaming XML parser written in C. A security vulnerability existed prior to Expat 2.4.5, which could be exploited by attackers to insert namespace separators into namespace URIs...
Foxit PDF Reader Buffer Overflow Vulnerability (CNVD-2023-49839)
Foxit PDF Reader is a Chinese Foxit Foxit company's a PDF reader. A security vulnerability exists in Foxit PDF Reader, which stems from carefully crafted data in JP2 images that can trigger the reading of data beyond the end of the allocated buffer. The vulnerability can be exploited by an attack...
Apache Cassandra Code Injection Vulnerability
Apache Cassandra is a distributed Nosql database from the American Apache Apache Foundation. Apache Cassandra suffers from a code injection vulnerability that stems from a network system or product failing to properly filter specific elements of externally entered data during the construction of ...
Google Android Information Disclosure Vulnerability (CNVD-2022-13349)
Google Android is a Linux-based open source operating system from Google. A security vulnerability exists in Google Android, which can be exploited by an attacker to access screenshots in the clipboard via Edge Panel...
Google Tensorflow has an unspecified vulnerability (CNVD-2022-09902)
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A security vulnerability exists in Google TensorFlow that could be exploited to trigger a denial of service by changing the SavedModel on disk...
vim buffer overflow vulnerability (CNVD-2022-20799)
Vim is a UNIX-based editor. buffer overflow vulnerability exists in versions prior to vim 8.2, which stems from a networked system or product that does not properly validate data boundaries when performing operations on memory, resulting in incorrect read and write operations being performed to...
Linux kernel elevation of privilege vulnerability (CNVD-2022-68560)
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel has a security vulnerability that can be exploited by attackers to bypass Linux kernel restrictions through Cgroup Fd Writing to elevate privileges...
Jenkins Cross-Site Request Forgery Vulnerability (CNVD-2022-08036)
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . Jenkins has a cross-site request forgery vulnerability that stems from the WEB application not adequately verifying tha...
WordPress Modern Events Calendar Lite PluginSQL Injection Vulnerability
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. Modern Events Calendar Lite Plugin is a WordPress open source application plugin. WordPress Modern Events Calendar Lite...
Samba permission permission and access control issue vulnerability (CNVD-2022-15501)
Samba is the standard Windows interoperability suite for Linux and Unix. Samba is vulnerable to a permission permission and access control issue, which stems from a flaw found in the way samba can support RODCs read-only domain controllers as Active Directory domain controllers. An attacker could...