131102 matches found
Nokogiri Code Issue Vulnerability
Nokogiri is an open source software library for parsing HTML and XML in Ruby . Nokogiri suffers from a code issue vulnerability that stems from the SAX parser parsing external entities by default in Nokogiri v1.12.4 and earlier versions, on JRuby only. No detailed vulnerability details are provid...
JetBrains Hub Licensing Issue Vulnerability (CNVD-2022-09222)
JetBrains Hub is a web-based application from JetBrains Czech Republic. The application is able to integrate multiple JetBrains team tools together.JetBrains Hub versions prior to 2021.1.13389 have an authorization issue vulnerability that can be exploited by an attacker to cause an account to be...
libde265 Heap Buffer Overflow Vulnerability (CNVD-2021-78434)
libde265 is an open source implementation of the h.265 video codec. libde265 version 1.0.4 has a heap buffer overflow vulnerability in the putweightedbipred16fallback function. An attacker can exploit the vulnerability to cause a denial of service via specially crafted files...
F5 BIG-IP TMM Denial of Service Vulnerability (CNVD-2021-65645)
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A denial of service vulnerability exists in the F5 BIG-IP TMM, which can be exploited by attackers to cause a denial of servi...
Discourse code issue vulnerability
Discourse is an open source community discussion platform. The platform includes community, email, and chat room features.A code issue vulnerability exists in versions of Discourse prior to 2.7.8 and prior to 2.8.0.beta4. No detailed vulnerability details are currently available...
Google TensorFlow TFLite Denial of Service Vulnerability
Google TensorFlow is an end-to-end open source machine learning platform. A denial of service vulnerability exists in Google TensorFlow TFLite. A local attacker can exploit this vulnerability to cause a denial of service condition...
Nexus Control Panel Elevation of Privilege Vulnerability
Swisslog Healthcare Nexus Panel is a medical device from Swisslog Healthcare.An elevation of privilege vulnerability exists in versions prior to Nexus Control Panel 7.2.5.7. An attacker could exploit this vulnerability to gain root access to the device, which would allow access to all device...
Linux kernel input validation error vulnerability (CNVD-2021-53926)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel is vulnerable to an input validation error vulnerability that stems from an out-of-bounds write flaw. No detailed vulnerability details are provided at this time...
Google Chrome dialog box code execution vulnerability
Google Chrome is a web browser from Google, Inc. A security vulnerability exists in the handling of dialog boxes in Windows in versions prior to Google Chrome 92.0.4515.107. A remote attacker could use this vulnerability to execute arbitrary code on the system or cause a denial of service conditi...
Adobe Prelude incorrect input validation vulnerability
Adobe Prelude is a video recording and capture tool designed for media finishing and metadata entry to quickly tag and transcode video footage and quickly create rough cuts. Adobe Prelude 10.0 and earlier versions contain an incorrect input validation vulnerability. An attacker could exploit this...
Oracle MySQL Server Denial of Service Vulnerability (CNVD-2021-54676)
Oracle MySQL is an open source relational database management system from Oracle. A denial of service vulnerability exists in the Server: Replication component in Oracle MySQL Server 5.7.34, 8.0.25 and earlier versions. An attacker could exploit this vulnerability to cause the MySQL server to han...
Adobe Acrobat/Reader OS Command Injection Vulnerability
Adobe Acrobat is a PDF editor developed by Adobe. Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat/Reader is vulnerable to operating system command injection. An attacker can exploit this vulnerability to execute arbitrary code...
Apache CXF Resource Management Error Vulnerability (CNVD-2021-70100)
Apache CXF is the United States Apache Apache Foundation's an open source Web services framework. The framework supports multiple Web service standards, multiple front-end programming APIs, etc. Apache CXF has a resource management error vulnerability that can be exploited by an attacker to submi...
Information Disclosure Vulnerability in Kyan Network Monitoring Appliance (CNVD-2021-49589)
Kyan is a network monitoring device. An information disclosure vulnerability exists in the Kyan network monitoring device, which can be exploited by attackers to obtain sensitive information...
Unauthorized Access Vulnerability in TENDA 11N Wireless Router
Shenzhen Jixiang Tengda Technology Co., Ltd. is a high-tech enterprise integrating independent research and development, production and sales of network equipment. An unauthorized access vulnerability exists in the TENDA 11N Wireless Router, which can be exploited by attackers to obtain sensitive...
Jupyter Notebook redirection vulnerability
Jupyter Notebook is an open source web application that allows you to create and share documents containing live code, equations, visualizations, and narrative text.A redirection vulnerability exists in versions prior to Jupyter Notebook 6.1.5. An attacker can exploit this vulnerability to redire...
Microsoft Windows and Windows Server Elevation of Privilege Vulnerability (CNVD-2021-61771)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. Microsoft Windows and Windows Server have an elevation of privilege vulnerability that can be exploited by...
Apache HTTP Server Environment Issues Vulnerabilities
Apache HTTP Server is the United States Apache Software Apache Software Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A security vulnerability exists in Apache HTTP Server versions 2.4.20 through 2.4.43, which can be exploited by ...
Joomla! Joom Sky JS Jobs Extension Cross-Site Scripting Vulnerability
Joomla! is a U.S. Open Source Matters team developed a set of open source content management system CMS, the system provides RSS feeds, site search and other features . Joom Sky JS Jobs extension is used in one of the recruitment features with an extension . A cross-site scripting vulnerability...
Kaltura PHP Object Injection Vulnerability
Kaltura is a suite of open source online video platforms from the US company Kaltura. A security vulnerability exists in the 'getUserzoneCookie' function in Kaltura versions prior to 13.2.0. A remote attacker can exploit this vulnerability with a specially crafted userzone cookie to bypass the...
Red Hat Undertow Security Bypass Vulnerability
Red Hat Undertow is a web server from Red Hat USA. A security bypass vulnerability exists in Red Hat Undertow. An attacker could exploit this vulnerability to bypass security restrictions and perform unauthorized operations...
Microsoft Windows Uniscribe Component Remote Code Execution Vulnerability
Microsoft Windows is a series of operating systems released by the American company Microsoft. A remote code execution vulnerability exists in the Microsoft Windows Uniscribe component. An attacker could exploit this vulnerability to compromise an affected system...
MoinMoin HTML Injection Vulnerability (CNVD-2016-11259)
MoinMoin is a set of open source , scalable wiki engine program based on the Python environment . An HTML injection vulnerability exists in MoinMoin version 1.9.8. A remote attacker can exploit this vulnerability to inject arbitrary JS code via a specially crafted URL...
Cisco IP Interoperability and Collaboration System Authentication Bypass Vulnerability
The Cisco IP Interoperability and Collaboration System is a set of solutions that provide voice interoperability across different systems based on IP standards. An authentication bypass vulnerability exists in Cisco IP Interoperability and Collaboration System Universal Media Services, which coul...
GNU wget Competitive Conditions Vulnerability
wget is a free and open source set of download tools that support automatic downloading of files from the web. A competitive condition vulnerability exists in GNU wget versions 1.17 and earlier. An attacker on the remote server side can exploit this vulnerability by keeping the HTTP link open to...
Microsoft Multiple Scripting Engine Memory Corruption Vulnerability
Microsoft Internet Explorer IE and Microsoft Edge are web browsers developed by Microsoft Corporation. The former is the default browser that comes with operating systems prior to Windows 10, and the latter is the default browser that comes with the latest operating system, Windows 10. JScript is...
OpenSLP Denial of Service Vulnerability
OpenSLP Service Location Protocol is an IETF standard protocol developed by the OpenSLP project for dynamic service discovery within the Internet. The protocol supports looking up services in the network by their types and attributes. A denial of service vulnerability exists in the 'xrealloc'...
BeanShell Arbitrary Command Execution Vulnerability
BeanShell is an open source , free Java source code interpreter . A security vulnerability exists in BeanShell. An attacker can exploit this vulnerability to execute arbitrary commands...
Swift3 Replay Attack Vulnerability
OpenStack is a cloud platform management project.Swift is one of the storage projects for storing permanent static data.Swift3 is a middleware that provides access to OpenStack Swift through the Amazon S3 API. Swift3 has a security vulnerability that allows a remote attacker to perform a replay...
Android kernel/sys.c elevation of privilege vulnerability
Android is a cell phone operating system based on the Linux open kernel. A security vulnerability exists in the implementation of the prctlsetvmaanonname function within kernel/sys.c in versions of Android prior to 5.1.1 LMY49F, and 6.0 prior to 2016-01-01, which does not ensure that only one vma...
Apache Tomcat Remote Code Execution Vulnerability
Apache Tomcat is an open source lightweight Java Web server and Servlet container , designed to run Java Servlet and JSP core tools designed to support dynamic content processing and hosting of static resources , is the cornerstone of small and medium-sized Java Web application development and...
Oracle MySQL Denial of Service Vulnerability (CNVD-2024-19015)
Oracle MySQL is an open source relational database management system from Oracle. A security vulnerability exists in Oracle MySQL's MySQL Server. An attacker could exploit this vulnerability to cause MySQL Server to hang or crash frequently and repeatedly...
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty Server-Side Request Forgery Vulnerability
IBM WebSphere Application Server WAS and IBM WebSphere Application Server Liberty are both products of International Business Machines IBM.IBM WebSphere Application Server is an application server IBM WebSphere Application Server is an application server product. The product is a platform for...
IBM Security verify Access Appliance Security Vulnerability
IBM Security Verify Access ISAM is a service from International Business Machines IBM that improves user access security. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies through the use of risk-based access, single sign-on, integrated acce...
Apache Commons Configuration Out-of-Bounds Write Vulnerability (CNVD-2024-16109)
Apache Commons Configuration is the United States Apache Apache Foundation , a common configuration interface , it is mainly used to enable Java applications to read configuration data from a variety of sources . An out-of-bounds write vulnerability exists in Apache Commons Configuration versions...
Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability (CNVD-2024-11663)
Adobe Acrobat Reader is the United States of America Audobee Adobe, a PDF viewer. Adobe Acrobat and Reader has an out-of-bounds read vulnerability that can be exploited by an attacker to obtain sensitive information caused by an out-of-bounds read...
D-Link R15 Code Issue Vulnerability
The D-Link R15 is a wireless router from China-based AUO D-Link. The D-Link R15 v1.08.02 suffers from a code issue vulnerability that stems from the device not including firewall restrictions for IPv6 traffic, which can be exploited by an attacker to arbitrarily access services on the device that...
Information Leakage Vulnerability in Urban Security Monitoring DSS System of Zhejiang Dahua Technology Co.
Zhejiang Dahua Technology Co., Ltd. is a leading supplier and solution provider of surveillance products. An information leakage vulnerability exists in Zhejiang Dahua Technology Co. city security monitoring DSS system, which can be exploited by attackers to obtain sensitive information...
Siemens Mendix Authentication Bypass Vulnerability
Mendix is a high-productivity application platform for building and continuously improving mobile and web applications at scale. An authentication bypass vulnerability exists in Siemens Mendix, which can be exploited by an attacker to access or modify objects without proper authorization or to...
The Milesight UR32L is a 4G industrial router from China's Milesight. A buffer overflow vulnerability exists in the Milesight UR32L set_qos function, which can be exploited by an attacker to cause a buffer overflow and execute arbitrary code on the system, or cause an application to crash.
iOS is a mobile operating system developed by Apple. iPadOS is Apple's family of mobile operating systems based on iOS. macOS Ventura is Apple's desktop operating system. An arbitrary code execution vulnerability exists in several Apple products, which can be exploited by an attacker to send...
WinRAR Code Execution Vulnerability
WinRAR is a shareware program for managing zip files. A code execution vulnerability exists in WinRAR that can be exploited by an attacker to execute arbitrary code when a user attempts to view benign files in a ZIP archive...
Microsoft Outlook Spoofing Vulnerability
Microsoft Outlook is a suite of e-mail applications from the American company Microsoft. Microsoft Outlook has a spoofing vulnerability that can be exploited by attackers to conduct spoofing attacks...
Microsoft Exchange Server Remote Code Execution Vulnerability (CNVD-2023-64868)
Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. A remote code execution vulnerability exists in Microsoft Exchange Server, which can be exploited...
Microsoft SharePoint Server Spoofing Vulnerability (CNVD-2023-53466)
Microsoft SharePoint Server is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A spoofing...
Google Chrome V8 Type Obfuscation Vulnerability (CNVD-2023-28127)
Chrome is a free and fast Internet browser software developed by Google, Inc. with the goal of making Google Chrome is based on the more powerful JavaScript V8 Google Chrome is based on the more powerful JavaScript V8 engine, which improves the browser's processing speed. It supports multi-tab...
Microsoft Windows DNS Remote Code Execution Vulnerability (CNVD-2023-44303)
Microsoft Windows DNS is a domain name resolution service from Microsoft. The Domain Name System DNS is one of the industry-standard suite of protocols that encompasses TCP/IP, and DNS clients and DNS servers work together to provide name resolution services for computers and users that map...
Google Chrome Out-of-Bounds Access Vulnerability
Google Chrome is a web browser from Google, an American company. An out-of-bounds access vulnerability exists in versions prior to Google Chrome 111.0.5563.110, which stems from out-of-bounds memory access in the Chrome WebHID, and can be exploited by a remote attacker to potentially leverage hea...
Google Chrome ANGLE out-of-bounds read vulnerability
Google Chrome is a web browser from Google, Inc. An out-of-bounds read vulnerability exists in versions of Google Chrome prior to 111.0.5563.110, which stems from a lack of proper validation of user-supplied data by ANGLE, where specially crafted data could trigger a read beyond the end of the...
Linux kernel xusb.c file code issue vulnerability
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A code issue vulnerability exists in the Linux kernel prior to version 5.17, which stems from the drivers/phy/tegra/xusb.c file incorrectly handling the return value of...
Dell BIOS Buffer Overflow Vulnerability (CNVD-2023-14511)
A buffer overflow vulnerability exists in Dell BIOS, which is embedded software on a small memory chip on a computer motherboard from Dell, U.S.A. The vulnerability stems from a boundary error when handling untrusted input. A locally authenticated attacker could exploit the vulnerability to execu...