131102 matches found
Google Chrome PictureInPicture Security Bypass Vulnerability
Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome PictureInPicture, which can be exploited by attackers to bypass security restrictions...
Mozilla Firefox Code Problem Vulnerability (CNVD-2023-68213)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a code issue vulnerability that stems from the fact that by displaying a prompt with a long description, a full-screen notification may be hidden, which can be exploited by...
Siemens JT Open Toolkit Stack Buffer Overflow Vulnerability
Siemens JT Open Toolkit Siemens JTTK is a C++ application programming interface API from Siemens, Germany. It provides support for 64-bit application development on Microsoft Windows, Linux and MacOS. Siemens JT Open Toolkit suffers from a stack buffer overflow vulnerability that can be exploited...
Siretta QUARTZ-GOLD OS Command Injection Vulnerability (CNVD-2023-17079)
Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta.The Siretta QUARTZ-GOLD is vulnerable to an operating system command injection vulnerability, which can be exploited by attackers to cause the execution of arbitrary commands by sending specially crafted...
Mozilla Firefox Access Control Error Vulnerability (CNVD-2023-03058)
Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. Mozilla Firefox is vulnerable to an access control error that could be exploited by an unauthenticated attacker to access other restricted features...
Tenda F1203 Command Injection Vulnerability
Tenda F1203 is a 11AC 1200M intelligent dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. and Ali. A command injection vulnerability exists in Tenda F1203 V2.0.1.6. An attacker can use this vulnerability to perform command injection via the mac parameter of...
IBM AIX Denial of Service Vulnerability (CNVD-2023-00808)
IBM AIX is an open standards-based UNIX operating system developed by International Business Machines IBM for the IBM Power architecture. IBM AIX suffers from a denial-of-service vulnerability that can be exploited by unprivileged local attackers to cause a denial of service...
PostgreSQL JDBC Drive Information Disclosure Vulnerability
PostgreSQL JDBC Driver is an open source JDBC driver written in Pure Java Type 4 for communication in the PostgreSQL native network protocol . An information disclosure vulnerability exists in PostgreSQL JDBC Driver. The vulnerability stems from the fact that a preprocessing statement using...
ZTE MF286R Buffer Overflow Vulnerability
The ZTE MF286R is a wireless router from ZTE Corporation China.A buffer overflow vulnerability previously existed in the ZTE MF286R mf286rb07 version, which stems from the lack of input validation of the wifi interface parameters and can be exploited by attackers to conduct denial of service...
Google TensorFlow tf.raw_ops.FusedResizeAndPadConv2D buffer overflow vulnerability
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A buffer overflow vulnerability exists in Google TensorFlow versions prior to 2.7.4, 2.8.0 and later, 2.8.1 and later, 2.9.0 and later, and 2.9.1 and earlier, which originates from "tf.rawops...
Tenda AC1200 setWanPpoe function stack overflow vulnerability
Tenda AC1200 is a wireless router from Tenda China.A stack overflow vulnerability exists in the Tenda AC1200 setWanPpoe function. An attacker can exploit this vulnerability to cause a denial of service via specially crafted overflow data...
Simmeth System Supplier Manager Cross-Site Scripting Vulnerability
Simmeth System Supplier Manager, a supply chain software from Simmeth System GmbH, Germany, is vulnerable to a cross-site scripting vulnerability in versions prior to Simmeth System GmbH Supplier Manager 5.6. An attacker could use this vulnerability to execute JavaScript code in the victim's...
Aruba Networks ArubaOS Buffer Overflow Vulnerability (CNVD-2022-75544)
Aruba Networks ArubaOS, an operating system for Aruba Mobility-Defined Networks including mobile controllers and mobile access switches from Aruba Networks, is vulnerable to a buffer overflow vulnerability. An attacker could exploit this vulnerability to cause unauthenticated remote code executio...
Corel CorelDRAW Graphics Suite buffer overflow vulnerability (CNVD-2023-29425)
Corel CorelDRAW Graphics Suite is a vector graphics creation tool from Corel. A buffer overflow vulnerability exists in Corel CorelDRAW Graphics Suite, which can be exploited by attackers to execute code in the context of the current process...
Microsoft Windows TCP/IP component denial of service vulnerability
Microsoft Windows TCP/IP component is a component of Microsoft Corporation USA that provides TCP/IP configuration functionality for Windows.A denial of service vulnerability exists in Microsoft Windows TCP/IP, which stems from a failure to properly handle incoming error messages. An attacker coul...
Rocket.Chat Input Validation Error Vulnerability
Rocket.Chat is an open source team chat software. Rocket.Chat suffers from an input validation error vulnerability that stems from a failure to type validate input data in the getUsersOfRoom Meteor server method. An authenticated attacker could use this vulnerability to enumerate existing rooms a...
Squid Out-of-Bounds Read Vulnerability
Squid is a suite of proxy server and web caching server software. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. Squid suffers from an out-of-bounds read vulnerability. The vulnerability stems from a boundary error when handling...
Unspecified Vulnerability in Microsoft Windows Internet
Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. A security vulnerability exists in Microsoft Windows IKE Extension. No details of the vulnerability are provided at this time...
Helm Resource Management Error Vulnerability
Helm is a Kubernetes package manager. Helm version 3.9.3 and earlier are vulnerable to a resource management error that stems from a fuzz test provided by CNCF that identifies input to a function in the strvals package that could cause an out-of-memory panic. No detailed vulnerability details are...
Apache Airflow Licensing Issue Vulnerability (CNVD-2022-76236)
Apache Airflow is the Apache Foundation's open source platform for creating, managing, and monitoring workflows. A security vulnerability exists in Apache Airflow versions 2.2.4 to 2.3.3, which stems from the vulnerability of the "database" web server session backend to session fixation. No detai...
Microsoft Edge has an unspecified vulnerability (CNVD-2022-56255)
Microsoft Edge is a Web browser that comes with post-Windows 10 versions of Microsoft Corporation Microsoft. Microsoft Edge has a security vulnerability that stems from the existence of a remote code execution vulnerability. No detailed vulnerability details are available at this time...
Siemens SCALANCE product command injection vulnerability
SCALANCE M-800, MUM-800 and S615 and RUGGEDCOM RM1224 industrial routers are used for secure remote access to plants over mobile networks e.g. GPRS or UMTS with integrated security features of firewalls to prevent unauthorized access, and VPNs to protect data transmission.SCALANCE SC-600 devices...
WAVLINK WN530HG4 Trust Management Issue Vulnerability
The WAVLINK WN530HG4 is a wireless router from the Chinese company WAVLINK. A security vulnerability exists in WAVLINK WN530HG4 M30HG4.V5030.191116 version, which originates from a hard-coded encryption/decryption key contained in the configuration file of xportAllSettings.sh. No details of the...
SAP 3D Visual Enterprise Viewer Input Validation Error Vulnerability (CNVD-2022-56958)
SAP 3D Visual Enterprise Viewer is a 3D view viewer from SAP, Germany. The software supports the publishing of 2D and 3D scenes in all industry-standard desktop applications and supports separate installations as stand-alone executable programs and ActiveX spaces. An input validation error...
GitLab Remote Code Execution Vulnerability
GitLab is an open source, end-to-end software development platform from the U.S. company GitLab, with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. GitLab has a remote code execution vulnerability, the vulnerability...
FFmpeg vorbis_header() function denial of service vulnerability
FFmpeg is a complete solution for recording, converting and streaming audio and video from the Ffmpeg team. A denial of service vulnerability exists in the FFmpeg vorbisheader function, which can be exploited by an attacker to cause a denial of service attack...
Microsoft SharePoint Server Remote Code Execution Vulnerability (CNVD-2022-59591)
Microsoft SharePoint Server is a remote code execution vulnerability in Microsoft SharePoint Server, an enterprise business collaboration platform from Microsoft Corporation. An attacker could use this vulnerability to execute arbitrary code on the system...
SAP NetWeaver Developer Studio code issue vulnerability
SAP NetWeaver Developer Studio is a Java part of the integrated development environment IDE of the German company SAP. SAP NetWeaver Developer Studio is vulnerable to a code issue that could be exploited by an attacker to cause a loss of confidentiality and integrity...
Huawei CV81-WDM FW Input Check Vulnerability
The Huawei CV81-WDM FW is a laser multifunction printer from Huawei China. A security vulnerability exists in Huawei CV81-WDM FW 01.70.49.29.46. An attacker can exploit the vulnerability to cause a business anomaly...
Elitecms SQL Injection Vulnerability (CNVD-2022-57760)
Elitecms is a Web content management from elitecms India. elitecms version 1.01 has a SQL injection vulnerability that originates from the /admin/addsidebar.php page's lack of validation of external input SQL statements, which can be exploited by attackers to execute illegal SQL commands to steal...
Huawei HarmonyOS competition condition issue vulnerability
Huawei HarmonyOS is an operating system from Huawei, China HUAWEI. Huawei HarmonyOS 2.0 is vulnerable to a contention condition issue, which stems from a conditional contention vulnerability in the kernel module and can be exploited by attackers to compromise confidentiality...
74cms SQL Injection Vulnerability (CNVD-2022-43224)
74cms is an online recruitment system based on PHP and MySQL by China Xunyi Technology Company. A SQL injection vulnerability exists in 74cmsSE v3.5.1, which originates from the lack of validation of the keyword parameter in /home/jobfairol/resumelist for externally entered SQL statements. An...
Buffer Overflow Vulnerability in Multiple Qualcomm Snapdragon Products
Qualcomm chips are chips from Qualcomm, Inc. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc., and is often manufactured on the surface of semiconductor wafers. Several Qualcomm Snapdragon products are vulnerable to a buffer overflow. The vulnerability...
Totolink A3600R Buffer Overflow Vulnerability
TotoLink A3600R is a 6-antenna 1200M wireless router from TotoLink, Taiwan, China.A buffer overflow vulnerability exists in version V4.1.2cu.5182B20201102 of the Totolink A3600R, which stems from a vulnerability in the fread function of infostat.cgi that contains stacker overflow, which can be...
Spring Framework Denial of Service Vulnerability
Spring Framework is the U.S. Spring team of a set of Java, JavaEE application framework . The framework helps developers build high-quality applications.Spring Framework 5.3.20 , 5.2.22 before the version of the denial of service vulnerability , the vulnerability stems from the data binding to th...
HUAWEI HarmonyOS Information Disclosure Vulnerability (CNVD-2022-50634)
HUAWEI HarmonyOS is an operating system from the Chinese company Huawei HUAWEI. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in the HUAWEI HarmonyOS security component, which stems from a serial number capture vulnerability in th...
Microsoft Excel Remote Code Execution Vulnerability (CNVD-2023-02194)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A remote code execution vulnerability exists in Microsoft Excel. An attacker can exploit this vulnerability to execute arbitrary code on the system...
Microsoft Windows Kerberos Remote Code Execution Vulnerability
Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. A remote code execution vulnerability exists in Microsoft Windows Kerberos. The vulnerability stems from failure to properly process input data and can be exploited by an attacker to...
Gin-Vue-Admin SQL Injection Vulnerability
Gin-Vue-Admin is a full-stack pre-development infrastructure platform based on Vue and Gin. Gin-Vue-Admin is vulnerable to SQL injection, which can be exploited by attackers to execute arbitrary SQL statements...
Samsung SMR Information Disclosure Vulnerability (CNVD-2022-63643)
Samsung SMR is a system patch package from South Korea's Samsung Samsung. An information disclosure vulnerability exists in versions prior to Samsung SMR Apr-2022 Release 1, which can be exploited by attackers to cause unauthorized access to the EFRUIMID value...
Passwork On-Premise Edition Path Traversal Vulnerability
Passwork On-Premise Edition is a local password manager for your business from Passwork Finland.A path traversal vulnerability exists in versions prior to Passwork On-Premise Edition 4.6.13, no detailed vulnerability details are currently available...
Totolink X5000R and TotoLink A7000R Command Injection Vulnerability (CNVD-2022-21813)
Totolink X5000R is a router from Totolink, China.TotoLink A7000R is a wireless router from TotoLink, China.Totolink routers X5000R V9.1.0u.6118B20201102 and A7000R V9.1.0u.6115 B20201022 contain a security vulnerability that could be exploited by attackers to execute arbitrary commands via crafte...
vim buffer overflow vulnerability (CNVD-2022-18519)
Vim is an editor based on the UNIX platform. vim is vulnerable to a buffer overflow vulnerability, which originates from a heap-based buffer overflow. No detailed vulnerability details are currently available...
Tor Browser Information Disclosure Vulnerability
Tor Browser is a browser used to access the Internet anonymously. Tor Browser is vulnerable to an information disclosure vulnerability that could be exploited by attackers to bypass the expected anonymity features and obtain information about the Onion service accessed by local users...
WordPress Shield Security plugin跨站脚本漏洞
WordPress is a set of blogging platforms developed by the WordPress Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Shield Security plugin version 13.0.6 previously had a cross-site scripting vulnerability, whic...
Reolink RLC-410W OS Command Injection Vulnerability
Reolink Rlc-410W is a Wifi security camera from Reolink China. The Reolink RLC-410W suffers from an OS command injection vulnerability. An attacker can exploit this vulnerability to cause command execution by sending a specially crafted HTTP request...
Oracle MySQL Cluster Input Validation Error Vulnerability (CNVD-2022-07912)
Oracle MySQL Cluster is a write-scalable, real-time, ACID-compliant transactional database developed by Oracle Corporation. Oracle MySQL Cluster 7.4.34, 7.5.24, 7.6.20, 8.0.27 and earlier versions are vulnerable to an input validation error. An attacker could use this vulnerability to corrupt or...
GPAC Buffer Overflow Vulnerability (CNVD-2022-07643)
GPAC is an open source multimedia framework. Version v1.0.1 of GPAC has a security vulnerability that stems from a heap-based buffer overflow vulnerability in the gfisomdoviconfigget function of MP4Box, which could be exploited by an attacker to cause a denial of service or execute arbitrary code...
Apache log4j Chainsaw deserialization code execution vulnerability
Apache Log4j is a Java-based open source logging tool from the Apache Foundation. Apache log4j Chainsaw is vulnerable to deserialized code execution. The vulnerability stems from insufficient cleanup of user-supplied data in JDBCAppender in a non-default configuration with JDBCAppender enabled. A...
Apache Log4j SQL Injection Vulnerability
Apache Log4j, a Java-based open source logging tool from the Apache Foundation, is vulnerable to SQL injection, which stems from a JDBCAppender in Log4j 1.2.x that accepts a SQL statement as a configuration parameter, where the value to be inserted is from the PatternLayout's converter. The messa...