131102 matches found
Microsoft Visual Studio Elevation of Privilege Vulnerability (CNVD-2022-60135)
Microsoft Visual Studio is a family of development tool suites from Microsoft, and a largely complete development toolset that includes most of the tools needed throughout the software life cycle. An elevation of privilege vulnerability exists in Microsoft Visual Studio Code, which stems from...
Microsoft Windows Hyper-V Shared Virtual Hard Disks信息泄露漏洞(CNVD-2022-62514)
Microsoft Hyper-V is an application from Microsoft Corporation USA. A system hypervisor virtualization technology that enables desktop virtualization. Microsoft Windows Hyper-V Shared Virtual Hard Disks has an information disclosure vulnerability that could be exploited by attackers to obtain...
unspecified vulnerability in simple-git-hooks
simple-git-hooks is an application. A simple git hooks manager for small projects. simple-git-hooks versions prior to 3.5.0 have security vulnerabilities that attackers exploit for command injection...
Netgear W104 has an unspecified vulnerability (CNVD-2022-22305)
Netgear W104 is a wireless access point from Netgear, Inc. A security vulnerability exists in Netgear W104 WAC104-V1.0.4.13, which stems from a lack of protection and privilege restrictions for sensitive information on the BRStop.html page. An unauthenticated attacker could access the page and us...
SyliusGridBundle SQL Injection Vulnerability
SyliusGridBundle is an open source e-commerce solution built from decoupled components with a robust API and the highest quality code.A SQL injection vulnerability exists in SyliusGridBundle versions prior to 1.10.1 and prior to 1.11-rc2, which stems from the fact that values added at the end of ...
WordPress Sync QCloud COS plugin cross-site scripting vulnerability
WordPress is a set of blogging platform developed by Wordpress Foundation using PHP language. WordPress plugin is a WordPress application plugin. WordPress Sync QCloud COS plugin version prior to 2.0.1 contains a cross-site scripting vulnerability that stems from the plugin's failure to escape so...
Nextcloud server information disclosure vulnerability (CNVD-2022-20691)
Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from the German company Nextcloud. nextcloud server is a self-hosted system designed to provide cloud-style services. nextcloud server is vulnerable to an information disclosure vulnerabili...
Google Chrome Full screen mode安全绕过漏洞
Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome that could be exploited by attackers to bypass security restrictions...
Siemens Mendix Forgot Password Appstore module存在未明漏洞
Forgot Password module allows users to register applications or reset their own passwords without the need for administrator involvement...
Tp-link Archer C2 OS Command Injection Vulnerability
TP-Link Archer C2 is a wireless router from Tp-link.TP-Link Archer C20i version 0.9.1 3.2 v003a.0 Build 170221 Rel.55462n is vulnerable due to a security flaw in the device's HTTP parameter XTP ExternalIPv6Address. ExternalIPv6Address in the device lacks filtering and escaping of user data, which...
WordPress Yoast SEO plugin information leakage vulnerability
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. An information disclosure vulnerability exists in versions of the WordPress Yoast SEO plugin prior to...
JetBrains TeamCity Cross-Site Request Forgery Vulnerability
JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic. The tool provides continuous unit testing, code quality analysis, and build issue analysis reporting.A security vulnerability exists in JetBrains TeamCity, which stems from the...
Oracle MySQL Server Input Validation Error Vulnerability (CNVD-2022-17681)
Oracle MySQL Server is a relational database from Oracle Corporation. Oracle MySQL Server is vulnerable to an input validation error that could be exploited by an attacker to update, insert, or delete access to MySQL Server accessible data without authorization...
KiCad EDA Buffer Overflow Vulnerability
KiCad Eda is a cross-platform and open source electronic design automation suite from the KiCad community. KiCad EDA is vulnerable to a buffer overflow vulnerability that could be exploited by an attacker with a specially crafted gerber or excellon file to cause code execution...
Jenkins Pipeline Multibranch Plugin Arbitrary File Read Vulnerability
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. Jenkins Pipeline Multibranch Plugin 706.vd43c65dec013 and earlier versions contain an arbitrary file reading vulnerability...
WordPress WOOF plugin cross-site scripting vulnerability
WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. WordPress WOOF plugin has a cross-site scripting vulnerability in versions prior to 1.2.6.3, which stems from the lack of escaping of woofredrawelements and can be exploited by attackers to...
Oracle MySQL Input Validation Error Vulnerability (CNVD-2022-09139)
Oracle MySQL Server is a relational database from Oracle Corporation. An input validation error vulnerability exists in MySQL Server, which originates from an input validation error in the Server: Optimizer component in MySQL Server. An attacker can exploit the vulnerability to corrupt or delete...
Linux kernel buffer overflow vulnerability (CNVD-2022-68570)
Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable to a buffer overflow vulnerability that stems from a driver that can randomly access memory, which can be exploited by attackers to run malicious code on the GPU and escalate...
Adobe Acrobat Reader Dc Buffer Error Vulnerability (CNVD-2022-11151)
Adobe Acrobat Reader Dc is a Pdf reading tool from the American company Adobe. It is used to reliably view, print and annotate Pdf documents. Adobe Acrobat Reader Dc suffers from a buffer overflow vulnerability, which can be exploited by attackers to trick victims into opening a carefully...
Linux kernel heap buffer overflow vulnerability (CNVD-2022-68564)
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel is vulnerable due to a security flaw caused by an integer underflow in the legacyparseparam function in fs/fscontext.c. By sending a carefully crafted request, a locally authenticated attack...
WordPress Landing Page Builder plugin cross-site scripting vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Landing Page Builder plugin prior to version...
Shopware Open Redirect Vulnerability
Shopware is a set of open source e-commerce software from the German company Shopware. shopware has an open redirect vulnerability in versions prior to 5.7.7, which stems from incomplete URL handling in shopware routing and can be exploited by attackers to redirect users to arbitrary websites...
ZOHO ManageEngine ADSelfService Plus has an unspecified vulnerability (CNVD-2022-02473)
A security vulnerability exists in ZOHO ManageEngine ADSelfService Plus, ZOHO's integrated self-service password management and single sign-on solution for Active Directory and cloud applications. The vulnerability stems from build 6116 of ManageEngine ADSelfService Plus containing an observable...
GNOME Web Cross-Site Scripting Vulnerability (CNVD-2022-02768)
GNOME Web Epiphany is a Web browser based on the WebKit rendering engine. The product provides paginated browsing, cookie management, pop-up ad control, etc. GNOME Web contains a cross-site scripting vulnerability that can be exploited by attackers to conduct exploit attacks when viewing in sourc...
Vim Buffer Overflow Vulnerability (CNVD-2022-05069)
Vim is a UNIX-based editor, and a buffer overflow vulnerability exists in Vim, which stems from the product's failure to properly determine memory boundaries and can be exploited by attackers to cause a buffer overflow...
Lantronix PremierWave 2050 Path Traversal Vulnerability (CNVD-2022-01596)
The Lantronix PremierWave 2050 is an embedded enterprise Wi-Fi module from Lantronix, Inc. The Lantronix PremierWave 2050 version 8.9.0.0R4 is vulnerable to a path traversal vulnerability caused by a lack of filtering and escaping of path parameters by the Web Manager FSBrowsePage feature. An...
Google Chrome iframe sandbox security bypass vulnerability
Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome iframe sandbox that stems from improper policy enforcement in the product's iframe sandbox. An attacker can exploit the vulnerability to bypass security restrictions...
Microsoft Exchange Server Spoofing Vulnerability (CNVD-2021-101660)
Microsoft Exchange Server is a mail server and calendar server developed by Microsoft. a spoofing vulnerability exists in Microsoft Exchange Server. No detailed vulnerability details are available...
FastAdmin has a file upload vulnerability
FastAdmin is an extremely fast backend development framework based on ThinkPHP and Bootstrap.FastAdmin is vulnerable to file upload. An attacker can use this vulnerability to gain server privileges...
Adobe Media Encoder memory corruption vulnerability
A memory corruption vulnerability exists in Adobe Media Encoder, an audio and video encoding application from Adobe, which stems from a boundary error when handling untrusted input. An attacker could use this vulnerability to trigger memory corruption and execute arbitrary code on the target syst...
Google Android Android TV Remote Service Component Remote Code Execution Vulnerability
Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. A remote code execution vulnerability exists in the Android TV Remote Service component of Google Android, which can be exploited by an attacker to achieve remote...
Google Chrome Heap Buffer Overflow Vulnerability (CNVD-2021-84815)
Chrome is a web browsing tool developed by Google. Skia in versions prior to Google Chrome 95.0.4638.54 is vulnerable to a heap buffer overflow. A remote attacker can exploit this vulnerability to be able to perform a sandbox escape via a crafted HTML page...
Oracle MySQL Server Denial of Service Vulnerability (CNVD-2021-81774)
Oracle MySQL Server is a relational database from Oracle Corporation. A denial of service vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to cause the MySQL server to hang or crash frequently and repeatedly...
Oracle Database Server has an unspecified vulnerability (CNVD-2021-84599)
Oracle Database Server is a relational database management system from Oracle Corporation USA. An unspecified vulnerability exists in the Oracle Database Enterprise Edition Unified Audit component of Oracle Database Server versions 12.1.0.2, 12.2.0.1, and 19c. An attacker could use this...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2021-81782)
Oracle MySQL Server is a relational database from Oracle Corporation. An unspecified vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to compromise MySQL Server by accessing the network via multiple protocols...
Google Chrome Post-release Reuse Vulnerability (CNVD-2021-99279)
Chrome is a simple and efficient web browsing tool developed by Google Google Chrome 94.0.4606.71 Previous versions of Safe Browsing have a post-release reuse vulnerability. An attacker could exploit this vulnerability to potentially cause heap corruption via a crafted HTML page...
Google Chrome Post-release Reuse Vulnerability (CNVD-2021-99278)
Chrome is a simple and efficient web browsing tool developed by Google. a post-release reuse vulnerability exists in V8 in versions prior to Google Chrome 94.0.4606.71. An attacker could exploit this vulnerability to potentially cause heap corruption via a crafted HTML page...
Nokogiri Code Issue Vulnerability
Nokogiri is an open source software library for parsing HTML and XML in Ruby . Nokogiri suffers from a code issue vulnerability that stems from the SAX parser parsing external entities by default in Nokogiri v1.12.4 and earlier versions, on JRuby only. No detailed vulnerability details are provid...
JetBrains Hub Licensing Issue Vulnerability (CNVD-2022-09222)
JetBrains Hub is a web-based application from JetBrains Czech Republic. The application is able to integrate multiple JetBrains team tools together.JetBrains Hub versions prior to 2021.1.13389 have an authorization issue vulnerability that can be exploited by an attacker to cause an account to be...
libde265 Heap Buffer Overflow Vulnerability (CNVD-2021-78434)
libde265 is an open source implementation of the h.265 video codec. libde265 version 1.0.4 has a heap buffer overflow vulnerability in the putweightedbipred16fallback function. An attacker can exploit the vulnerability to cause a denial of service via specially crafted files...
F5 BIG-IP TMM Denial of Service Vulnerability (CNVD-2021-65645)
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A denial of service vulnerability exists in the F5 BIG-IP TMM, which can be exploited by attackers to cause a denial of servi...
Discourse code issue vulnerability
Discourse is an open source community discussion platform. The platform includes community, email, and chat room features.A code issue vulnerability exists in versions of Discourse prior to 2.7.8 and prior to 2.8.0.beta4. No detailed vulnerability details are currently available...
Google TensorFlow TFLite Denial of Service Vulnerability
Google TensorFlow is an end-to-end open source machine learning platform. A denial of service vulnerability exists in Google TensorFlow TFLite. A local attacker can exploit this vulnerability to cause a denial of service condition...
Nexus Control Panel Elevation of Privilege Vulnerability
Swisslog Healthcare Nexus Panel is a medical device from Swisslog Healthcare.An elevation of privilege vulnerability exists in versions prior to Nexus Control Panel 7.2.5.7. An attacker could exploit this vulnerability to gain root access to the device, which would allow access to all device...
Linux kernel input validation error vulnerability (CNVD-2021-53926)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel is vulnerable to an input validation error vulnerability that stems from an out-of-bounds write flaw. No detailed vulnerability details are provided at this time...
Google Chrome dialog box code execution vulnerability
Google Chrome is a web browser from Google, Inc. A security vulnerability exists in the handling of dialog boxes in Windows in versions prior to Google Chrome 92.0.4515.107. A remote attacker could use this vulnerability to execute arbitrary code on the system or cause a denial of service conditi...
Adobe Prelude incorrect input validation vulnerability
Adobe Prelude is a video recording and capture tool designed for media finishing and metadata entry to quickly tag and transcode video footage and quickly create rough cuts. Adobe Prelude 10.0 and earlier versions contain an incorrect input validation vulnerability. An attacker could exploit this...
Oracle MySQL Server Denial of Service Vulnerability (CNVD-2021-54676)
Oracle MySQL is an open source relational database management system from Oracle. A denial of service vulnerability exists in the Server: Replication component in Oracle MySQL Server 5.7.34, 8.0.25 and earlier versions. An attacker could exploit this vulnerability to cause the MySQL server to han...
Adobe Acrobat/Reader OS Command Injection Vulnerability
Adobe Acrobat is a PDF editor developed by Adobe. Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat/Reader is vulnerable to operating system command injection. An attacker can exploit this vulnerability to execute arbitrary code...
Apache CXF Resource Management Error Vulnerability (CNVD-2021-70100)
Apache CXF is the United States Apache Apache Foundation's an open source Web services framework. The framework supports multiple Web service standards, multiple front-end programming APIs, etc. Apache CXF has a resource management error vulnerability that can be exploited by an attacker to submi...