131102 matches found
Cisco IP Interoperability and Collaboration System Authentication Bypass Vulnerability
The Cisco IP Interoperability and Collaboration System is a set of solutions that provide voice interoperability across different systems based on IP standards. An authentication bypass vulnerability exists in Cisco IP Interoperability and Collaboration System Universal Media Services, which coul...
GNU wget Competitive Conditions Vulnerability
wget is a free and open source set of download tools that support automatic downloading of files from the web. A competitive condition vulnerability exists in GNU wget versions 1.17 and earlier. An attacker on the remote server side can exploit this vulnerability by keeping the HTTP link open to...
vBulletin Server-Side Request Forgery Security Bypass Vulnerability
vBulletin is the United States Internet Brands and vBulletin Solutions, Inc. jointly developed an open source commercial Web forum program . A security bypass vulnerability exists in vBulletin versions 5.2.2 and earlier, 4.2.3, and 3.8.9 and earlier. An attacker can exploit this vulnerability to...
Microsoft Multiple Scripting Engine Memory Corruption Vulnerability
Microsoft Internet Explorer IE and Microsoft Edge are web browsers developed by Microsoft Corporation. The former is the default browser that comes with operating systems prior to Windows 10, and the latter is the default browser that comes with the latest operating system, Windows 10. JScript is...
OpenSLP Denial of Service Vulnerability
OpenSLP Service Location Protocol is an IETF standard protocol developed by the OpenSLP project for dynamic service discovery within the Internet. The protocol supports looking up services in the network by their types and attributes. A denial of service vulnerability exists in the 'xrealloc'...
Joyent Node.js UglifyJS Denial of Service Vulnerability
Joyent Node.js is a web application platform built on top of Google's V8 JavaScript engine. A denial of service vulnerability exists in Joyent Node.js UglifyJS due to the program failing to check the input of the .parse function, allowing remote attackers to submit submit special regular...
BeanShell Arbitrary Command Execution Vulnerability
BeanShell is an open source , free Java source code interpreter . A security vulnerability exists in BeanShell. An attacker can exploit this vulnerability to execute arbitrary commands...
Apache Tomcat Remote Code Execution Vulnerability
Apache Tomcat is an open source lightweight Java Web server and Servlet container , designed to run Java Servlet and JSP core tools designed to support dynamic content processing and hosting of static resources , is the cornerstone of small and medium-sized Java Web application development and...
Oracle MySQL Denial of Service Vulnerability (CNVD-2024-19015)
Oracle MySQL is an open source relational database management system from Oracle. A security vulnerability exists in Oracle MySQL's MySQL Server. An attacker could exploit this vulnerability to cause MySQL Server to hang or crash frequently and repeatedly...
IBM WebSphere Application Server and IBM WebSphere Application Server Liberty Server-Side Request Forgery Vulnerability
IBM WebSphere Application Server WAS and IBM WebSphere Application Server Liberty are both products of International Business Machines IBM.IBM WebSphere Application Server is an application server IBM WebSphere Application Server is an application server product. The product is a platform for...
IBM Security verify Access Appliance Security Vulnerability
IBM Security Verify Access ISAM is a service from International Business Machines IBM that improves user access security. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies through the use of risk-based access, single sign-on, integrated acce...
Scholars Tracking System SQL Injection Vulnerability (CNVD-2024-14045)
Scholars Tracking System is a scholars tracking system by the individual developer Fabian Ros. Scholars Tracking System suffers from a SQL injection vulnerability that can be exploited by an attacker to send crafted SQL statements to Eligibility Information Update...
Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability (CNVD-2024-11663)
Adobe Acrobat Reader is the United States of America Audobee Adobe, a PDF viewer. Adobe Acrobat and Reader has an out-of-bounds read vulnerability that can be exploited by an attacker to obtain sensitive information caused by an out-of-bounds read...
D-Link R15 Code Issue Vulnerability
The D-Link R15 is a wireless router from China-based AUO D-Link. The D-Link R15 v1.08.02 suffers from a code issue vulnerability that stems from the device not including firewall restrictions for IPv6 traffic, which can be exploited by an attacker to arbitrarily access services on the device that...
Information Leakage Vulnerability in Urban Security Monitoring DSS System of Zhejiang Dahua Technology Co.
Zhejiang Dahua Technology Co., Ltd. is a leading supplier and solution provider of surveillance products. An information leakage vulnerability exists in Zhejiang Dahua Technology Co. city security monitoring DSS system, which can be exploited by attackers to obtain sensitive information...
Siemens Mendix Authentication Bypass Vulnerability
Mendix is a high-productivity application platform for building and continuously improving mobile and web applications at scale. An authentication bypass vulnerability exists in Siemens Mendix, which can be exploited by an attacker to access or modify objects without proper authorization or to...
The Milesight UR32L is a 4G industrial router from China's Milesight. A buffer overflow vulnerability exists in the Milesight UR32L set_qos function, which can be exploited by an attacker to cause a buffer overflow and execute arbitrary code on the system, or cause an application to crash.
iOS is a mobile operating system developed by Apple. iPadOS is Apple's family of mobile operating systems based on iOS. macOS Ventura is Apple's desktop operating system. An arbitrary code execution vulnerability exists in several Apple products, which can be exploited by an attacker to send...
WinRAR Code Execution Vulnerability
WinRAR is a shareware program for managing zip files. A code execution vulnerability exists in WinRAR that can be exploited by an attacker to execute arbitrary code when a user attempts to view benign files in a ZIP archive...
Microsoft Outlook Spoofing Vulnerability
Microsoft Outlook is a suite of e-mail applications from the American company Microsoft. Microsoft Outlook has a spoofing vulnerability that can be exploited by attackers to conduct spoofing attacks...
Microsoft Exchange Server Remote Code Execution Vulnerability (CNVD-2023-64868)
Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. A remote code execution vulnerability exists in Microsoft Exchange Server, which can be exploited...
Microsoft SharePoint Server Spoofing Vulnerability (CNVD-2023-53466)
Microsoft SharePoint Server is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A spoofing...
Google Chrome V8 Type Obfuscation Vulnerability (CNVD-2023-28127)
Chrome is a free and fast Internet browser software developed by Google, Inc. with the goal of making Google Chrome is based on the more powerful JavaScript V8 Google Chrome is based on the more powerful JavaScript V8 engine, which improves the browser's processing speed. It supports multi-tab...
Microsoft Windows DNS Remote Code Execution Vulnerability (CNVD-2023-44303)
Microsoft Windows DNS is a domain name resolution service from Microsoft. The Domain Name System DNS is one of the industry-standard suite of protocols that encompasses TCP/IP, and DNS clients and DNS servers work together to provide name resolution services for computers and users that map...
Google Chrome Out-of-Bounds Access Vulnerability
Google Chrome is a web browser from Google, an American company. An out-of-bounds access vulnerability exists in versions prior to Google Chrome 111.0.5563.110, which stems from out-of-bounds memory access in the Chrome WebHID, and can be exploited by a remote attacker to potentially leverage hea...
Google Chrome ANGLE out-of-bounds read vulnerability
Google Chrome is a web browser from Google, Inc. An out-of-bounds read vulnerability exists in versions of Google Chrome prior to 111.0.5563.110, which stems from a lack of proper validation of user-supplied data by ANGLE, where specially crafted data could trigger a read beyond the end of the...
Linux kernel xusb.c file code issue vulnerability
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A code issue vulnerability exists in the Linux kernel prior to version 5.17, which stems from the drivers/phy/tegra/xusb.c file incorrectly handling the return value of...
Dell BIOS Buffer Overflow Vulnerability (CNVD-2023-14511)
A buffer overflow vulnerability exists in Dell BIOS, which is embedded software on a small memory chip on a computer motherboard from Dell, U.S.A. The vulnerability stems from a boundary error when handling untrusted input. A locally authenticated attacker could exploit the vulnerability to execu...
Discourse Information Disclosure Vulnerability (CNVD-2023-07923)
Discourse is an open source community discussion platform. The platform includes community, email, and chat room features.A security vulnerability exists in versions of Discourse prior to 2.8.14. The vulnerability stems from the fact that recipients of group SMTP emails can see the email addresse...
Huawei HarmonyOS Multi-Screen Collaboration Module Elevation of Privilege Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a microkernel-based distributed operating system. The Huawei HarmonyOS multi-screen collaboration module is vulnerable to an elevation of privilege vulnerability that could be exploited by attackers to compromise data...
Canteen Management System SQL Injection Vulnerability (CNVD-2023-08051)
Canteen Management System is a canteen management system. version 1.0 of Canteen Management System is vulnerable to SQL injection, which stems from the lack of validation of external input SQL statements by parameter id. An attacker could use this vulnerability to execute illegal SQL commands to...
phpIPAM authorization issue issue vulnerability
phpIPAM is an open source PHP and MySQL-based IP address management application IPAM. phpIPAM versions prior to 1.5.1 are vulnerable to authorization issues, which can be exploited by attackers to download the findfullsubnets.php endpoint containing sensitive information...
F5 BIG-IP SSL OCSP Authentication Profile Denial of Service Vulnerability
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A denial of service vulnerability exists in the F5 BIG-IP SSL OCSP authentication profile, when a virtual server is configure...
IBM AIX has an unspecified vulnerability (CNVD-2023-05472)
IBM AIX is an open standards-based UNIX operating system developed by International Business Machines IBM for the IBM Power architecture. IBM AIX has a security vulnerability that stems from a buffer overflow caused by a non-privileged local user exploiting a vulnerability in X11, resulting in a...
Mozilla Firefox Input Validation Error Vulnerability (CNVD-2023-03059)
Mozilla Firefox, an open source web browser from the Mozilla Foundation, is vulnerable to an input validation error that results from a request initiated in reader mode that does not properly omit cookies with the SameSite attribute. An attacker could use this vulnerability to elevate privileges ...
Apache Kylin Command Injection Vulnerability
Apache Kylin is an open source distributed analytic data warehouse from the Apache Foundation. The product mainly provides Hadoop/Spark on top of the SQL query interface and multidimensional analysis OLAP and other functions. kylin has a command injection vulnerability, the vulnerability stems fr...
Mozilla Firefox Resource Management Error Vulnerability (CNVD-2023-03067)
Mozilla Firefox is an open source web browser from the Mozilla Foundation, U.S. Mozilla Firefox suffers from a resource management error vulnerability, which stems from a post-release reuse problem after VR process corruption. An attacker could exploit the vulnerability to cause the browser to...
Apache Zeppelin Cross-Site Scripting Vulnerability (CNVD-2022-89420)
Apache Zeppelin is a Web-based open source notebook application from the Apache Foundation that supports interactive data analysis and collaborative documentation. The application supports interactive data analysis and collaborative documentation. versions of Apache Zeppelin prior to 0.8.2 contai...
Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2023-00603)
Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications and forms. The solution supports mobile content management, marketing and sales campaign management, and multi-site management, etc. A cross-site scripting vulnerabilit...
XWiki Platform Code Injection Vulnerability
XWiki Platform is the French company XWiki's set of Wiki platform for creating Web collaboration applications. A code injection vulnerability exists in XWiki Platform. The vulnerability stems from incorrectly escaping macro content and menu macro parameters, which can be exploited to execute...
DedeCMS Arbitrary File Upload Vulnerability (CNVD-2022-80695)
DedeCMS Weaving Dream Content Management System is a PHP-based open source content management system CMS. The system has content publishing, content management, content editing and content retrieval functions.An arbitrary file upload vulnerability exists in the /dede/filemanagecontrol.php compone...
Tenda AC23 Stack Overflow Vulnerability
Tenda AC23 is a dual-band gigabit wireless router from Tenda, China. Tenda AC23 is vulnerable to a stack overflow vulnerability, which can be exploited by attackers to execute arbitrary code...
Oracle E-Business Suite has an unspecified vulnerability (CNVD-2023-05481)
Oracle E-Business Suite E-Business Suite is a fully integrated global business management software from Oracle Corporation USA. A security vulnerability exists in Oracle Web Applications Desktop Integrator for Oracle E-Business Suite. An unauthenticated attacker could exploit the vulnerability to...
Oracle Supply Chain Denial of Service Vulnerability
Oracle Supply Chain Products Suite is a set of supply chain solutions from Oracle Oracle. The product provides value chain planning, value chain execution, product lifecycle management and other functions. A denial of service vulnerability exists in Oracle Transportation Management versions 6.4.3...
Oracle MySQL Server Denial of Service Vulnerability (CNVD-2022-87656)
Oracle MySQL Server is a relational database from Oracle Corporation USA. A denial-of-service vulnerability exists in the Server: Optimizer component of Oracle MySQL Server. An attacker can exploit the vulnerability to access the network via multiple protocols, which can compromise MySQL Server a...
Microsoft Windows Secure Channel Denial of Service Vulnerability
Microsoft Windows is a set of operating systems for personal devices from Microsoft Corporation USA. A denial of service vulnerability exists in Microsoft Windows Secure Channel, which stems from a failure to properly handle incoming error messages and can be exploited by attackers to cause a...
Microsoft Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
Microsoft Windows Resilient File System ReFS is a resilient file system from Microsoft Corporation USA.An elevation of privilege vulnerability exists in Microsoft Windows Resilient File System ReFS, which stems from an improper assignment of privileges in an application. An attacker could exploit...
Puppet puppetlabs-apt module command injection vulnerability
Puppet is a client/server C/S architecture-based configuration management tool from Puppet Labs that can be used to manage configuration files, users, cron tasks, packages, system services, etc. A command injection vulnerability exists in versions of Puppet Puppetlabs-apt module prior to 9.0.0. T...
Google Chrome Media Memory Misreference Vulnerability
Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 106.0.5249.62, which stems from a mix-up in instructions responsible for freeing memory in Media. An attacker could exploit the vulnerability potential...
Google TensorFlow Conv2D Denial of Service Vulnerability
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A denial-of-service vulnerability exists in Google TensorFlow, which stems from the fact that if Conv2D is specified as an empty input and the filter and padding sizes are valid, the output is all zeros...
File upload vulnerability exists in Tongda OA (CNVD-2022-70712)
Tongda OA is a mobile intelligent office application. There is a file upload vulnerability in Tongda OA, which can be exploited by attackers to gain control of the server...