130997 matches found
Microsoft Windows/Windows Server Information Disclosure Vulnerability (CNVD-2021-63327)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. Microsoft Windows/Windows Server is vulnerable to an information disclosure vulnerability that originates...
Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-90798)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows/Windows Server, which stems from a...
Microsoft Windows/Windows Server Remote Code Execution Vulnerability (CNVD-2021-65600)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. A remote code execution vulnerability exists in Microsoft Windows/Windows Server. The vulnerability stems...
MiniUPnP MiniUPnPd Denial of Service Vulnerability
MiniUPnP is a UPnP tool that can be used for embedded systems. MiniUPnP A denial of service detail exists in MiniUPnPd. The vulnerability stems from improper design or implementation during code development of a networked system or product. An attacker can exploit the vulnerability to launch a...
Apache JMeter Remote Command Execution Vulnerability
Apache Jmeter is an open source Java application designed to test functional behavior and measure performance for load ... Apache JMeter suffers from a remote command execution vulnerability in distributed mode using an insecure RMI connection, which can be exploited by an attacker to execute...
Wireshark SoulSeek Parser Denial of Service Vulnerability
Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A denial-of-service vulnerability exists in the Wireshark SoulSeek parser, which allows ...
DiskSavvy Enterprise Buffer Overflow Vulnerability
Flexense DiskSavvy is a disk space analyzer from Flexense USA. A buffer overflow vulnerability exists in the build-in web server of Flexense DiskSavvy Enterprise. A remote attacker could exploit the vulnerability to send a specially crafted URI request to conduct a denial of service or arbitrary...
Cairo 'cairo-png.c' Integer Overflow Vulnerability
Cairo is a cross-platform open source vector graphics library , it supports in multiple contexts to do 2D drawing , and provides high-quality display and printout . An integer overflow vulnerability exists in Cairo 'cairo-png.c'. An attacker may exploit this issue to crash the affected applicatio...
Adobe ColdFusion Information Disclosure Vulnerability (CNVD-2016-07016)
Adobe ColdFusion is the United States of America Audobee Adobe a dynamic Web server products, which runs the CFML ColdFusion Markup Language is a programming language for Web applications. An information disclosure vulnerability exists in Adobe ColdFusion 11 Update 9 and earlier and ColdFusion 10...
Microsoft Kerberos Elevation of Privilege Vulnerability
Microsoft Windows is the popular computer operating system. Windows Kerberos re-adopts the NTLM Authentication Protocol as the default protocol if a password change request is not handled correctly during a domain account password change, an elevation of privilege vulnerability exists that can be...
Huawei Mate 7 Local Elevation of Privilege Vulnerability
Huawei Mate 7 is a smartphone developed by the domestic company Huawei. A security vulnerability exists on the Huawei Mate 7 TEEOS module that allows local attackers to exploit the vulnerability to elevate privileges...
python-dbusmock local code execution vulnerability
python-dbusmock is a Python library for creating simulated objects on the D-Bus. A security vulnerability exists in python-dbusmock that allows a local attacker to exploit the vulnerability to execute arbitrary code...
Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability (CNVD-2024-19324)
Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge for Android Chromium-based suffers from an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...
Linux Kernel suffers from a denial of service vulnerability (CNVD-2024-17902)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux Kernel has a denial of service vulnerability that can be exploited by attackers to conduct denial of service attacks...
File Upload Vulnerability in Wando ezOFFICE Collaboration Management Platform (CNVD-2024-14208)
Wando ezOFFICE collaborative management platform is a comprehensive information base application platform. A file upload vulnerability exists in Wando ezOFFICE Collaborative Management Platform, which can be exploited by an attacker to gain server privileges...
Cups Easy cross-site scripting vulnerability (CNVD-2024-11147)
Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the description parameter on the /cupseasylive/statemodify.php page. An attacker could...
Unspecified vulnerability in Linux kernel (CNVD-2024-06433)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel prior to version 6.4.12, which stems from a post-release reuse vulnerability in amdgpucswaitallfences in...
Unspecified vulnerability in Linux kernel (CNVD-2024-06428)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel version 6.7.1 and earlier, which stems from a crash due to a missing paramkernel-datasize check. No details of the vulnerability...
Microsoft Win32K Elevation of Privilege Vulnerability (CNVD-2024-11164)
Microsoft Win32k is a system file for Windows multi-user management from Microsoft USA. An elevation of privilege vulnerability exists in Microsoft Win32K, which can be exploited by an attacker to gain elevated privileges on a system...
Apache InLong Code Issue Vulnerability (CNVD-2024-08088)
Apache InLong is the U.S. Apache Apache Foundation's one-stop massive data integration framework. Provides automated, secure and reliable data transfer capabilities. Apache InLong has a code issue vulnerability that stems from the presence of a deserialization vulnerability. An attacker can explo...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-9944413)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Foxit Reader Arbitrary File Creation Vulnerability
Foxit Reader is a Chinese Foxit Foxit company's a PDF document reader. Foxit Reader suffers from an arbitrary file creation vulnerability, which can be exploited by an attacker to create a file in any location via a specially crafted malicious file, resulting in the execution of arbitrary code...
Linux kernel competitive conditions issue vulnerability (CNVD-2024-1477122)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a Competitive Conditions Issue vulnerability, which stems from the presence of a competitive condition that could cause a local user to cause a system...
Adobe ColdFusion Cross-Site Scripting Vulnerability (CNVD-2023-100311)
Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion cross-site scripting vulnerability, the vulnerability stems from the lack of effective...
Weak Encryption Vulnerability in Multiple Siemens Products
The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers.The SCALANCE W products are wireless communication devices for connecting industrial components, such as Programmable Logic Controllers PLCs or Human Machine Interfaces HMIs, that comply with the IEEE 802.11...
SAP S/4HANA Authorization Issues Vulnerability (CNVD-2024-10202)
SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. An authorization issue vulnerability exists in SAP S/4HANA version 106, which can be exploited by an attacker to cause an escalation of privileges, due to a vulnerability...
IBM Aspera Faspex Information Disclosure Vulnerability (CNVD-2023-76768)
IBM Aspera is a set of fast file transfer and streaming solutions built on the IBM FASP protocol from International Business Machines IBM. An information disclosure vulnerability exists in IBM Aspera Faspex, which can be exploited by attackers to obtain sensitive information...
Google Chrome Skia buffer overflow vulnerability (CNVD-2023-65153)
Google Chrome is a web browser from Google, an American company. A buffer overflow vulnerability exists in versions of Google Chrome prior to 116.0.5845.96, which stems from a boundary error in Skia when handling untrusted input, and can be exploited by a remote attacker to corrupt the renderer...
Microsoft HEVC Video Extensions Remote Code Execution Vulnerability (CNVD-2023-64870)
Microsoft HEVC Video Extensions is a video extension application from Microsoft USA. The application enables computers and devices to read High Efficiency Video Coding or HEVC videos. A remote code execution vulnerability exists in Microsoft HEVC Video Extensions, which can be exploited by an...
Microsoft Exchange Server Remote Code Execution Vulnerability (CNVD-2023-72228)
Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. A remote code execution vulnerability exists in Microsoft Exchange Server. An attacker can exploi...
Linux kernel smb2pdu.c file out-of-bounds read vulnerability
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. An out-of-bounds read vulnerability exists in versions of Linux kernel prior to 6.3.4, which stems from fs/ksmbd/smb2pdu.c not properly checking the UserName value, and can be...
Milesight UR32L set_openvpn_client function buffer overflow vulnerability (CNVD-2023-65481)
The Milesight UR32L is a 4G industrial router from China's Milesight. A buffer overflow vulnerability exists in the Milesight UR32L setopenvpnclient function, which can be exploited by an attacker to cause a buffer overflow and execute arbitrary code on the system, or cause an application to cras...
Unspecified vulnerability in Trend Micro Apex One (CNVD-2023-65415)
Trend Micro Apex One is an endpoint protection software from Trend Micro. Trend Micro Apex One has a security vulnerability that can be exploited by local attackers to obtain sensitive information...
Linux kernel resource management error vulnerability (CNVD-2023-48541)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A resource management error vulnerability exists in the Linux kernel prior to version 6.2.9, which arises from a confusion in the program's instructions responsible for freeing...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2023-67102)
Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which can be exploited by attackers to cause unauthorized MySQL Server hangs or frequent repeated crashes...
SAP Application Interface Framework Cross-Site Scripting Vulnerability
SAP Application Interface Framework SAP AIF is a German SAP SAP company's application program interface framework. A security vulnerability exists in the SAP Application Interface Framework that stems from the application allowing the use of HTML markup, which can be exploited by an attacker to...
IBM Aspera Faspex SQL Injection Vulnerability
IBM Aspera is a set of fast file transfer and streaming solutions built on the IBM FASP protocol from International Business Machines IBM Inc. An SQL injection vulnerability exists in IBM Aspera Faspex version 4.4.2. The vulnerability stems from the application's lack of validation of external...
Adobe Experience Manager Encryption Issue Vulnerability
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. Adobe...
Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privilege Vulnerability
Microsoft PostScript Printer Driver is a Microsoft standard printer driver for PostScript printers from Microsoft USA. Microsoft PCL6 Class Printer Driver is a printer driver software from Microsoft Corporation. Microsoft PostScript and PCL6 Class Printer Driver contains an elevation of privilege...
Adobe Animate stack buffer overflow vulnerability
Adobe Animate is a Flash animation software from Adobe. Adobe Animate is vulnerable to a stack buffer overflow vulnerability that could be exploited to execute arbitrary code in the context of the current user...
D-Link DIR-605L Buffer Overflow Vulnerability (CNVD-2023-17670)
The D-Link DIR-605L is a wireless router from D-Link in China.The D-Link DIR-605L is vulnerable to a buffer overflow vulnerability that could be exploited by attackers to cause remote code execution or service disruption...
Oracle WebLogic Server Information Disclosure Vulnerability (CNVD-2023-08438)
Oracle WebLogic Server is an Oracle Oracle application service middleware for cloud and traditional environments, which provides a modern lightweight development platform that supports the entire lifecycle management of applications from development to production and simplifies application...
Google Android Licensing Issue Vulnerability (CNVD-2023-08088)
Google Android is a Linux-based open-source operating system from the U.S. company Google. Google Android is vulnerable to authorization issues that can be exploited by remote attackers to cause authentication bypass...
Nextcloud Information Disclosure Vulnerability (CNVD-2023-07969)
An information disclosure vulnerability exists in Nextcloud, an open source, self-hosted file synchronization and sharing communications application platform from Nextcloud Germany. The vulnerability stems from the fact that user passwords are stored in plaintext in the database during the OAuth2...
Forget Heart Message Box SQL Injection Vulnerability
Forget Heart Message Box is a messaging website. v1.1 of Forget Heart Message Box is vulnerable to SQL injection, which stems from a lack of validation of external input SQL statements in the name parameter of ca.php. An attacker could use this vulnerability to execute illegal SQL commands to ste...
Microsoft Edge Elevation of Privilege Vulnerability (CNVD-2023-76765)
Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain elevated privileges on the system...
Adobe InCopy out-of-bounds write vulnerability (CNVD-2023-05226)
Adobe InCopy is a text editing software for authoring from Adobe, Inc. An out-of-bounds write vulnerability exists in Adobe InCopy, which can be exploited by attackers to execute arbitrary code in the context of the current user...
Microsoft 3D Builder Remote Code Execution Vulnerability (CNVD-2023-04323)
Microsoft 3D Builder, a tool for creating models and 3D printing from Microsoft USA, has a security vulnerability. No details of the vulnerability are currently available...
Google Chrome iframe Sandbox Code Issue Vulnerability
Google Chrome is a web browser from Google, an American company. A code issue vulnerability exists in versions of Google Chrome prior to 109.0.5414.74, which stems from an improper implementation of its iframe Sandbox, and can be exploited by remote attackers to bypass file download restrictions...
Mozilla Firefox Cross-Site Scripting Vulnerability (CNVD-2023-03057)
Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. A cross-site scripting vulnerability exists in Mozila Firefox. An attacker could exploit the vulnerability to execute client-side code...