131102 matches found
Libass Arbitrary Code Execution Vulnerability
libass is a lightweight library of functions for rendering subtitles in ASS/SSA format. An arbitrary code execution vulnerability exists in Libass, which can be exploited by a remote attacker to execute arbitrary code...
potrace null pointer back-reference vulnerability (CNVD-2016-10140)
potrace is a set of bitmap image processing tools developed by software developer Peter Selinger. The tool offers the ability to add smoothing effects, free scaling of images, and more. A null pointer back-reference vulnerability exists in potrace bitmapio.c:651:11. A remote attacker can exploit...
QEMU Denial of Service Vulnerability (CNVD-2016-07820)
QEMU is a simulation processor software developed by French programmer Fabrice Bellard. The software is fast and cross-platform. A denial of service vulnerability exists in QEMU. An attacker can exploit this vulnerability to crash the QEMU process, resulting in a denial of service...
CHICKEN has multiple vulnerabilities
CHICKEN is a compiler for the CHICKEN programming language. A buffer overflow and information disclosure vulnerability exists in CHICKEN. An attacker could exploit the vulnerabilities to obtain sensitive information or execute arbitrary code in the context of an affected application...
Microsoft Windows Graphics Remote Code Execution Vulnerability (CNVD-2016-06272)
Microsoft Windows is the popular computer operating system. A remote code execution vulnerability exists in Microsoft Windows due to a font library that does not properly handle constructed embedded fonts. This vulnerability could be exploited by an attacker to take full control of an affected...
MEDHOST Perioperative Information Management System Unauthorized Operation Vulnerability
MEDHOST Perioperative Information Management System PIMS is a suite of solutions covering surgical treatment, nursing care and other services from MEDHOST, Inc. that includes an anesthesia information management system AIMS, remote host control and streamlined patient tracking. A security...
Apache HTTP Server Denial of Service Vulnerability (CNVD-2015-01691)
Apache HTTP Server is an open source web server from the Apache Software Foundation that runs on most computer operating systems and is widely used as one of the most popular web server-side software due to its multi-platform and security. A denial-of-service vulnerability exists in Apache HTTP...
Apache Commons Configuration Out-of-Bounds Write Vulnerability (CNVD-2024-16109)
Apache Commons Configuration is the United States Apache Apache Foundation , a common configuration interface , it is mainly used to enable Java applications to read configuration data from a variety of sources . An out-of-bounds write vulnerability exists in Apache Commons Configuration versions...
Mozilla Firefox Security Bypass Vulnerability (CNVD-2024-14982)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security bypass vulnerability exists in Mozilla Firefox that stems from improper handling of WASM register values. An attacker can exploit the vulnerability to create invalid wasm values...
TP-LINK Tapo C100 Denial of Service Vulnerability
TP-LINK Tapo C100 is a webcam device from China P&L TP-LINK. The TP-LINK Tapo C100 suffers from a denial of service vulnerability that stems from not properly handling incoming error messages, which can be exploited by an attacker to cause a denial of service DoS by serving a crafted web request...
Siemens Tecnomatix Plant Simulation Buffer Overflow Vulnerability
Siemens Tecnomatix Plant Simulation is an industrial control device from Siemens, Germany, that uses discrete-event simulation to analyze and optimize throughput and thereby improve manufacturing system performance. Siemens Tecnomatix Plant Simulation suffers from a buffer overflow vulnerability...
Apache Superset REST API Authorization Issues Vulnerability
Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset version 2.1.0 and prior versions suffer from an authorization issue vulnerability that stems from incorrect REST API permissions. An attacker can exploit this vulnerability to cau...
Apache Airflow code issue vulnerability (CNVD-2023-85615)
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow has a code issue vulnerability that can be exploited by an attacker ...
Microsoft Exchange Server Remote Code Execution Vulnerability (CNVD-2023-64865)
Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. A remote code execution vulnerability exists in Microsoft Exchange Server, which can be exploited...
Microsoft Office Code Execution Vulnerability (CNVD-2024-02722)
Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. Microsoft Office has a code execution vulnerability that can be exploited by an attacker to execute arbitra...
Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2023-59026)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox, which can be exploited by a remote attacker to submit a special WEB request that can be tricked into being parsed by the user, which can crash the...
Linux kernel command execution vulnerability
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A command execution vulnerability exists in the Linux kernel that stems from a lack of functionality checking and can be exploited by an attacker to execute administrative...
Microsoft Windows DNS Remote Code Execution Vulnerability (CNVD-2023-44303)
Microsoft Windows DNS is a domain name resolution service from Microsoft. The Domain Name System DNS is one of the industry-standard suite of protocols that encompasses TCP/IP, and DNS clients and DNS servers work together to provide name resolution services for computers and users that map...
Apache Airflow Information Disclosure Vulnerability (CNVD-2023-23550)
Apache Airflow is an open source platform for creating, managing, and monitoring workflows from the Apache Foundation. The platform is scalable and dynamically monitored, etc. An information disclosure vulnerability exists in versions prior to Apache Airflow 2.5.2, which stems from the fact that...
Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability (CNVD-2023-28105)
Microsoft PostScript Printer Driver is a Microsoft standard printer driver for PostScript printers from Microsoft USA. Microsoft PCL6 Class Printer Driver is a printer driver software from Microsoft Corporation. Microsoft PostScript and PCL6 Class Printer Driver contains an information disclosure...
D-Link DIR-867 Command Injection Vulnerability
The D-Link DIR-867 is a wireless router from China Youxun D-Link.A command injection vulnerability exists in the D-Link DIR-867, which is caused by a command injection vulnerability in the SetVirtualServerSettings function. By sending a carefully crafted request using the LocalIPAddress parameter...
Dell BIOS Buffer Overflow Vulnerability (CNVD-2023-14511)
A buffer overflow vulnerability exists in Dell BIOS, which is embedded software on a small memory chip on a computer motherboard from Dell, U.S.A. The vulnerability stems from a boundary error when handling untrusted input. A locally authenticated attacker could exploit the vulnerability to execu...
phpIPAM authorization issue issue vulnerability
phpIPAM is an open source PHP and MySQL-based IP address management application IPAM. phpIPAM versions prior to 1.5.1 are vulnerable to authorization issues, which can be exploited by attackers to download the findfullsubnets.php endpoint containing sensitive information...
Linux kernel has unspecified vulnerabilities (CNVD-2023-06531)
Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel has a security vulnerability that stems from type obfuscation, which leads to denial of service. No details of the vulnerability are currently available...
Google Android Information Disclosure Vulnerability (CNVD-2023-04550)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability, which is caused by a logic error in the code beginning with Threads.cpp. An attacker can exploit the vulnerability to obtain sensitive information...
XWiki Platform Code Injection Vulnerability
XWiki Platform is the French company XWiki's set of Wiki platform for creating Web collaboration applications. A code injection vulnerability exists in XWiki Platform. The vulnerability stems from incorrectly escaping macro content and menu macro parameters, which can be exploited to execute...
Linux kernel denial-of-service vulnerability (CNVD-2022-74086)
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel is vulnerable to a denial-of-service vulnerability that results from a null pointer dereference due to an incorrect operation. An attacker could exploit this vulnerability to cause a denial ...
Oracle MySQL Server Denial of Service Vulnerability (CNVD-2022-87656)
Oracle MySQL Server is a relational database from Oracle Corporation USA. A denial-of-service vulnerability exists in the Server: Optimizer component of Oracle MySQL Server. An attacker can exploit the vulnerability to access the network via multiple protocols, which can compromise MySQL Server a...
Microsoft Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability
Microsoft Windows is an operating system for personal devices from Microsoft Corporation USA.A security feature bypass vulnerability exists in Microsoft Windows Portable Device Enumerator Service, which could be exploited by an attacker to compromise the confidentiality, integrity, or The...
Linux kernel denial-of-service vulnerability (CNVD-2022-74090)
Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable to a denial of service. The vulnerability is due to the ability of affected versions of the Linux kernel to inject WLAN frames into the mac80211 stack of a local attacker coul...
SAP Customer Data Cloud Encryption Issue Vulnerability
SAP Customer Data Cloud is a tool from SAP Germany that provides digital customer identity and access management. It enables companies to collect, aggregate and manage customer data across multiple touch points and applications. An encryption issue vulnerability exists in SAP Customer Data Cloud...
Puppet puppetlabs-apt module command injection vulnerability
Puppet is a client/server C/S architecture-based configuration management tool from Puppet Labs that can be used to manage configuration files, users, cron tasks, packages, system services, etc. A command injection vulnerability exists in versions of Puppet Puppetlabs-apt module prior to 9.0.0. T...
SAMSUNG Mobile devices account component access control error vulnerability
SAMSUNG Mobile devices is a series of Samsung mobile devices from South Korea's Samsung SAMSUNG, including cell phones, tablets, etc. SAMSUNG Mobile devices versions prior to 13.5.01.3 contain an access control error vulnerability that stems from improper protection of components in Samsung...
Nepxion Discovery Remote Code Execution Vulnerability
Nepxion Discovery is an enhanced middleware for service registration discovery for Spring Cloud. Nepxion Discovery 6.16.2 and earlier versions are vulnerable to a remote code execution vulnerability that stems from a lack of validation of input data in Discovery-commons and is susceptible to SpEL...
Sophos Firewall Code Execution Vulnerability
Sophos Firewall is a firewall from Sophos UK. A code execution vulnerability exists in Sophos Firewall 19.0.1 and prior versions, which fails to properly filter special elements of constructed snippets in User Portal and Webadmin. An attacker can exploit the vulnerability to cause arbitrary code...
Apache XML Graphics Batik Server-Side Request Forgery Vulnerability
Apache XML Graphics Batik is a Java-based application from the Apache Foundation that is primarily used to process images in SVG format.Apache XML Graphics Batik is vulnerable to server-side request forgery, which is caused by a flaw in the DefaultScriptSecurity function. An attacker could exploi...
Apache OFBiz Code Issue Vulnerability (CNVD-2023-03920)
Apache OFBiz is an enterprise resource planning ERP system from the Apache Foundation. A code issue vulnerability exists in Apache OFBiz Solr plugin 18.12.05 and earlier, which stems from the default configuration of automatically issuing RMI requests on port 1099 on localhost, which can be...
Tenda AC15 Buffer Overflow Vulnerability (CNVD-2022-75823)
Tenda AC15 is a wireless router from Tenda, China. Tenda AC15 is vulnerable to a buffer overflow vulnerability caused by improper boundary checking of the WifiBasicSet function. A remote attacker could exploit this vulnerability to overflow the buffer and execute arbitrary code on the system...
Cisco Nexus Dashboard OS Command Injection Vulnerability
Cisco Nexus Dashboard is the United States Cisco Cisco a single console. It can simplify the operation and management of data center networks. Cisco Nexus Dashboard has a security vulnerability that can be exploited by an unauthenticated, remote attacker to access specific APIs running in the dat...
Oracle MySQL Server Encryption Component Denial of Service Vulnerability
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. Oracle MySQL has a denial of service vulnerability that originates from incorrect input validation in the Encryption component of MySQL Server, which...
Apache Hive Authorization Issues Vulnerability
Apache Hive is a set of data warehouse software based on Hadoop Distributed Systems Infrastructure from the Apache Apache Foundation in the United States. The software provides a data integration approach and a high-level query language to support large-scale data analysis on Hadoop. An...
Adobe InCopy Buffer Overflow Vulnerability (CNVD-2022-55643)
Adobe InCopy is a text editing software for creative writing from Adobe, USA. Adobe InCopy suffers from a buffer overflow vulnerability that stems from a lack of proper validation of user-supplied data, which can be exploited by an attacker to cause a read to exceed the end of an allocated buffer...
PbootCMS Code Injection Vulnerability
PbootCMS is a new core and permanent open source free PHP enterprise website development and construction management system , is a set of efficient , simple , strong and free commercial PHP CMS source code , to meet the needs of various types of enterprise website development and construction...
Siemens RUGGEDCOM ROX Command Injection Vulnerability
RUGGEDCOM products provide a level of robustness and reliability that sets the standard for communication networks deployed in harsh environments. Siemens RUGGEDCOM ROX has a command injection vulnerability that could be exploited by an attacker with administrator privileges to access the shell o...
Apache Druid Clickjacking Vulnerability
Apache Druid is a column-oriented open source distributed data storage system written in Java, designed to quickly access large amounts of event data and provide low-latency queries on top of the data. A clickjacking vulnerability exists in Apache Druid. The vulnerability is due to the server not...
Vega Charts Kibana Cross-Site Scripting Vulnerability
Vega is a Javscript-based software from the Vega team that can be used to create interactive visual displays. The software can use JSON format to describe the data visualization and use HTML5 Canvas or SVG to generate interactive views. A cross-site scripting vulnerability exists in Vega Charts...
VICIdial Cross-Site Scripting Vulnerability
Vicidial is a software suite from Vicidial, Inc. Designed to interact with the Asterisk open source Pbx phone system as a complete inbound/outbound contact center suite with inbound email support. A cross-site scripting vulnerability exists in VICIdial versions prior to 2.14b0.5, which stems from...
Vim inc function buffer overflow vulnerability
Vim is a cross-platform text editor. versions prior to Vim 9.0.0011 are vulnerable to a buffer overflow vulnerability that stems from a boundary error in the inc function when handling untrusted input. A remote attacker could exploit this vulnerability to crash the software, modify memory, and...
Ruby ruby-mysql security vulnerability (CNVD-2022-74096)
Ruby ruby-mysql is a pure Ruby version of the MySQL connector from the Ruby community.An access control error vulnerability exists in Ruby ruby-mysql Gem versions prior to 2.10.0, which stems from the fact that a malicious MySQL server can request local file content from a client without explicit...
74cmsSE SQL Injection Vulnerability
74cmsSE is a free open source professional recruitment system based on PHP MYSQL. 74cmsSE is vulnerable to SQL injection, which results from a lack of validation of externally entered SQL statements in the /home/resume/index keyword parameter. An attacker could use this vulnerability to execute...