Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2021/10/28 12:0 a.m.•35 views

Nextcloud file traversal vulnerability

Nextcloud is an open source set of self-hosted file synchronization and sharing communication applications platform from Germany-based Nextcloud. nextcloud has a file traversal vulnerability in versions prior to 20.0.13, 21.0.5, and 22.2.0, which stems from a lack of authentication, access contro...

8.8CVSS2.5AI score0.01727EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/21 12:0 a.m.•35 views

Google Chrome WebApp Installer improperly implemented vulnerability

Chrome is a web browsing tool developed by Google. versions prior to Google Chrome 95.0.4638.54 are vulnerable to an improper implementation of WebApp Installer. An attacker could potentially override and spoof the content of the multi-function box URL bar via a crafted HTML page...

6.5CVSS3.5AI score0.00784EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/13 12:0 a.m.•35 views

Microsoft SharePoint Server Remote Code Execution Vulnerability (CNVD-2021-82957)

Microsoft Office and Microsoft SharePoint are both products of Microsoft Corporation USA. Microsoft SharePoint is an enterprise business collaboration platform. Microsoft SharePoint Server has a remote code execution vulnerability, which can be exploited by attackers to achieve remote code...

6.5CVSS3.7AI score0.06131EPSS
Exploits0
CNVD
CNVD
•added 2021/10/09 12:0 a.m.•35 views

Google Chrome Post-release Reuse Vulnerability (CNVD-2021-84819)

Chrome is a web browsing tool developed by Google. A post-release reuse vulnerability exists in Garbage Collection in versions of Google Chrome prior to 94.0.4606.81. An attacker could exploit this vulnerability to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS3.9AI score0.00861EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/17 12:0 a.m.•35 views

libde265 Heap Buffer Overflow Vulnerability (CNVD-2021-78432)

libde265 is an open source implementation of the h.265 video codec. libde265 version 1.0.4 contains a heap buffer overflow vulnerability in the putweightedpredavg16fallback function. An attacker can exploit the vulnerability to cause a denial of service via specially crafted files...

6.5CVSS4.8AI score0.01337EPSS
Exploits1References1
CNVD
CNVD
•added 2021/09/15 12:0 a.m.•35 views

Adobe Acrobat/Reader Out-of-Bounds Reading Vulnerability (CNVD-2021-93886)

Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat is a PDF editing software developed by Adobe. Adobe Acrobat/Reader suffers from an out-of-bounds read vulnerability. An attacker can exploit the vulnerability to cause a memory leak...

4.3CVSS5.2AI score0.02456EPSS
Exploits0Affected Software4
CNVD
CNVD
•added 2021/09/14 12:0 a.m.•35 views

Google Chrome Post-release Reuse Vulnerability (CNVD-2021-92836)

Chrome is a simple and efficient web browsing tool developed by Google. a post-release reuse vulnerability exists in the Selection API in versions prior to Google Chrome 93.0.4577.82. A remote attacker exploits heap corruption via a crafted HTML page...

8.8CVSS4.3AI score0.10127EPSS
Exploits1References1
CNVD
CNVD
•added 2021/09/10 12:0 a.m.•35 views

libtiff buffer overflow vulnerability (CNVD-2021-93892)

Libtiff is a library for reading and writing tagged image file format abbreviated as TIFF files. a buffer overflow vulnerability exists in LibTiff version 4.0.10. An attacker can exploit this vulnerability to cause a denial of service via the in TIFFmemcpy function in tifunix.c...

6.5CVSS5.5AI score0.01594EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/09 12:0 a.m.•35 views

Mozilla Firefox Privilege Permission and Access Control Issue Vulnerability (CNVD-2021-90098)

Mozilla Firefox is an open source Web browser from the Mozilla Foundation, U.S. A permission permission and access control issue vulnerability exists in Mozilla Firefox for Android, which stems from Firefox allowing navigation via the intent:// protocol. A remote attacker could exploit the...

8.1CVSS4.5AI score0.00703EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/26 12:0 a.m.•35 views

F5 BIG IP Advanced WAF and ASM Denial of Service Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. The F5 BIG IP Advanced WAF and ASM denial of service vulnerability causes a specific html return page can cause the bd proces...

7.5CVSS2AI score0.00453EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/23 12:0 a.m.•35 views

XStream Arbitrary Code Execution Vulnerability (CNVD-2021-67818)

XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...

8.5CVSS6.4AI score0.04457EPSS
Exploits1References1
CNVD
CNVD
•added 2021/08/23 12:0 a.m.•35 views

XStream Arbitrary Code Execution Vulnerability (CNVD-2021-67820)

XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...

8.5CVSS6.4AI score0.04735EPSS
Exploits1References1
CNVD
CNVD
•added 2021/08/10 12:0 a.m.•35 views

Exiv2 Assertion Failure Vulnerability

Exiv2 is a cross-platform C library and command-line utility for managing image metadata. exiv2 0.27.4 and earlier versions are vulnerable to an assertion failure. An attacker could exploit the vulnerability via specially crafted image files to cause a denial of service...

5.5CVSS5.3AI score0.01104EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/10 12:0 a.m.•35 views

Linux kernel denial-of-service vulnerability (CNVD-2021-60519)

Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable due to a use-after-release and crash flaw in drivers/usb/host/max3421 hcd.c. In some cases, by removing the MAX-3421 USB device, an attacker can exploit the vulnerability to...

6.8CVSS2.5AI score0.00333EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/19 12:0 a.m.•35 views

Google Golang Trust Management Issue Vulnerability

Google Golang is a statically strongly typed, compiled language from Google, U.S. A trust management issue vulnerability exists in Google Golang, which can be exploited by attackers to cause a TLS client panic...

6.5CVSS3.8AI score0.06975EPSS
Exploits1References1
CNVD
CNVD
•added 2021/07/12 12:0 a.m.•35 views

Ruby Information Disclosure Vulnerability (CNVD-2021-59129)

Ruby is a cross-platform, object-oriented, dynamically typed programming language developed by Yukihiro Matsumoto, a personal developer, and is vulnerable to information disclosure that could be exploited by attackers to extract information about other private and undisclosed services...

5.8CVSS3AI score0.0305EPSS
Exploits1References1
CNVD
CNVD
•added 2020/11/13 12:0 a.m.•35 views

Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66108)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows/Windows Server, which could be exploite...

7.8CVSS4.2AI score0.01399EPSS
Exploits0References1
CNVD
CNVD
•added 2020/10/16 12:0 a.m.•35 views

Microsoft Windows and Windows Server Elevation of Privilege Vulnerability (CNVD-2021-61776)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. Microsoft Windows and Windows Server have an elevation of privilege vulnerability that can be exploited by...

7.8CVSS5.1AI score0.00859EPSS
Exploits0References1
CNVD
CNVD
•added 2020/09/10 12:0 a.m.•35 views

Microsoft Windows/Windows Server Information Disclosure Vulnerability (CNVD-2021-63327)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. Microsoft Windows/Windows Server is vulnerable to an information disclosure vulnerability that originates...

5.5CVSS1AI score0.01079EPSS
Exploits0References1
CNVD
CNVD
•added 2020/09/10 12:0 a.m.•35 views

Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-90798)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows/Windows Server, which stems from a...

7.8CVSS3.3AI score0.00777EPSS
Exploits0References1
CNVD
CNVD
•added 2020/09/10 12:0 a.m.•35 views

Microsoft Windows/Windows Server Remote Code Execution Vulnerability (CNVD-2021-65600)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. A remote code execution vulnerability exists in Microsoft Windows/Windows Server. The vulnerability stems...

9.3CVSS3.3AI score0.04905EPSS
Exploits0References1
CNVD
CNVD
•added 2020/08/11 12:0 a.m.•35 views

Apache HTTP Server Environment Issues Vulnerabilities

Apache HTTP Server is the United States Apache Software Apache Software Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A security vulnerability exists in Apache HTTP Server versions 2.4.20 through 2.4.43, which can be exploited by ...

7.5CVSS8.4AI score0.89744EPSS
Exploits0References1
CNVD
CNVD
•added 2019/05/15 12:0 a.m.•35 views

MiniUPnP MiniUPnPd Denial of Service Vulnerability

MiniUPnP is a UPnP tool that can be used for embedded systems. MiniUPnP A denial of service detail exists in MiniUPnPd. The vulnerability stems from improper design or implementation during code development of a networked system or product. An attacker can exploit the vulnerability to launch a...

7.5CVSS7AI score0.02575EPSS
Exploits1References1
CNVD
CNVD
•added 2018/05/29 12:0 a.m.•35 views

NUUO NVRmini 2 Arbitrary File Upload Vulnerability

The NUUO NVRmini 2 is a video storage management device from NUUO USA. A security vulnerability exists in the upload.php file in the NUUO NVRmini 2. An attacker can exploit this vulnerability to upload arbitrary files e.g., .php files...

9.8CVSS7.1AI score0.09926EPSS
Exploits5References1
CNVD
CNVD
•added 2018/02/24 12:0 a.m.•35 views

Apache JMeter Remote Command Execution Vulnerability

Apache Jmeter is an open source Java application designed to test functional behavior and measure performance for load ... Apache JMeter suffers from a remote command execution vulnerability in distributed mode using an insecure RMI connection, which can be exploited by an attacker to execute...

9.8CVSS7.8AI score0.10096EPSS
Exploits0References1
CNVD
CNVD
•added 2017/11/29 12:0 a.m.•35 views

Swagger Parser and Swagger codegen arbitrary code execution vulnerability

Swagger Parser is a Swagger cross-language REST API interface parser. swagger codegen is an API development tool. An arbitrary code execution vulnerability exists in the yaml parsing feature in Swagger Parser 1.0.30 and earlier and Swagger codegen 2.2.2 and earlier. An attacker can exploit this...

8.8CVSS8.2AI score0.01623EPSS
Exploits0References1
CNVD
CNVD
•added 2017/06/22 12:0 a.m.•35 views

Apache HTTP Server Denial of Service Vulnerability (CNVD-2017-13906)

Apache HTTP Server is the United States Apache Apache Software Foundation, an open source web server. The server is fast, reliable and can be expanded through a simple API. A denial of service vulnerability exists in Apache HTTP Server versions prior to 2.4.26. An attacker can exploit this...

7.5CVSS6.7AI score0.53939EPSS
Exploits0References1
CNVD
CNVD
•added 2017/06/06 12:0 a.m.•35 views

Wireshark SoulSeek Parser Denial of Service Vulnerability

Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A denial-of-service vulnerability exists in the Wireshark SoulSeek parser, which allows ...

7.8CVSS8.8AI score0.03436EPSS
Exploits0References1
CNVD
CNVD
•added 2017/02/23 12:0 a.m.•35 views

DiskSavvy Enterprise Buffer Overflow Vulnerability

Flexense DiskSavvy is a disk space analyzer from Flexense USA. A buffer overflow vulnerability exists in the build-in web server of Flexense DiskSavvy Enterprise. A remote attacker could exploit the vulnerability to send a specially crafted URI request to conduct a denial of service or arbitrary...

9.8CVSS8.2AI score0.33052EPSS
Exploits7References1
CNVD
CNVD
•added 2016/12/15 12:0 a.m.•35 views

Multiple Huawei Firewall Denial of Service Vulnerabilities (CNVD-2016-12339)

Huawei Secospace USG6300, Secospace USG6500, Secospace USG6600 are firewall devices from Huawei China. A denial of service vulnerability exists in multiple Huawei firewalls. As part of the memory is not freed after executing a command, a remote attacker with specific privileges can log in to the...

6.5CVSS6.8AI score0.01253EPSS
Exploits2References1
CNVD
CNVD
•added 2016/09/01 12:0 a.m.•35 views

Adobe ColdFusion Information Disclosure Vulnerability (CNVD-2016-07016)

Adobe ColdFusion is the United States of America Audobee Adobe a dynamic Web server products, which runs the CFML ColdFusion Markup Language is a programming language for Web applications. An information disclosure vulnerability exists in Adobe ColdFusion 11 Update 9 and earlier and ColdFusion 10...

8.6CVSS6AI score0.69044EPSS
Exploits7References1
CNVD
CNVD
•added 2016/08/10 12:0 a.m.•35 views

Microsoft Kerberos Elevation of Privilege Vulnerability

Microsoft Windows is the popular computer operating system. Windows Kerberos re-adopts the NTLM Authentication Protocol as the default protocol if a password change request is not handled correctly during a domain account password change, an elevation of privilege vulnerability exists that can be...

7.5CVSS7.2AI score0.17181EPSS
Exploits5References1
CNVD
CNVD
•added 2016/05/03 12:0 a.m.•35 views

Linux kernel privilege acquisition vulnerability

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. aufs is one of the federated file system modules. A privilege-acquisition vulnerability exists in the aufs module of Linux kernel versions 3.x and 4.x. The vulnerability stems...

7.8CVSS6.3AI score0.00905EPSS
Exploits3References1
CNVD
CNVD
•added 2016/03/29 12:0 a.m.•35 views

Drupal Core Forms Interface Ignores Submit Button Access Restriction Vulnerability

Drupal is a free and open source content management system developed in PHP. An access bypass vulnerability exists in Drupal Core. Allowing input submission, e.g. using JavaScript, of form button elements that the user should not have access to because the buttons are blocked by server-side form...

7.5CVSS6.9AI score0.0136EPSS
Exploits0References1
CNVD
CNVD
•added 2015/05/26 12:0 a.m.•35 views

Huawei Mate 7 Local Elevation of Privilege Vulnerability

Huawei Mate 7 is a smartphone developed by the domestic company Huawei. A security vulnerability exists on the Huawei Mate 7 TEEOS module that allows local attackers to exploit the vulnerability to elevate privileges...

7.6CVSS6.5AI score0.0092EPSS
Exploits0References1
CNVD
CNVD
•added 2015/05/26 12:0 a.m.•35 views

python-dbusmock local code execution vulnerability

python-dbusmock is a Python library for creating simulated objects on the D-Bus. A security vulnerability exists in python-dbusmock that allows a local attacker to exploit the vulnerability to execute arbitrary code...

9.3CVSS7.2AI score0.01815EPSS
Exploits0References1
CNVD
CNVD
•added 2024/04/22 12:0 a.m.•34 views

Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability (CNVD-2024-19324)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge for Android Chromium-based suffers from an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...

5.4CVSS6.3AI score0.00514EPSS
Exploits0References1
CNVD
CNVD
•added 2024/04/07 12:0 a.m.•34 views

Foxit PDF Reader AcroForm Code Execution Vulnerability

Foxit PDF Reader is a PDF document reader and printer with fast startup speed and rich features. A code execution vulnerability exists in Foxit PDF Reader AcroForm, which can be exploited by a remote attacker to submit a special file request and trick the user into parsing it, which can crash the...

7.8CVSS7.9AI score0.00817EPSS
Exploits0References1
CNVD
CNVD
•added 2024/03/13 12:0 a.m.•34 views

Linux Kernel suffers from a denial of service vulnerability (CNVD-2024-17902)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux Kernel has a denial of service vulnerability that can be exploited by attackers to conduct denial of service attacks...

5.3CVSS6.6AI score0.00158EPSS
Exploits0
CNVD
CNVD
•added 2024/02/19 12:0 a.m.•34 views

File Upload Vulnerability in Wando ezOFFICE Collaboration Management Platform (CNVD-2024-14208)

Wando ezOFFICE collaborative management platform is a comprehensive information base application platform. A file upload vulnerability exists in Wando ezOFFICE Collaborative Management Platform, which can be exploited by an attacker to gain server privileges...

7AI score
Exploits0
CNVD
CNVD
•added 2024/01/30 12:0 a.m.•34 views

Cups Easy cross-site scripting vulnerability (CNVD-2024-11147)

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the description parameter on the /cupseasylive/statemodify.php page. An attacker could...

8.2CVSS6.2AI score0.00399EPSS
Exploits1References1
CNVD
CNVD
•added 2024/01/29 12:0 a.m.•34 views

Unspecified vulnerability in Linux kernel (CNVD-2024-06433)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel prior to version 6.4.12, which stems from a post-release reuse vulnerability in amdgpucswaitallfences in...

7.8CVSS6.7AI score0.00319EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/29 12:0 a.m.•34 views

Unspecified vulnerability in Linux kernel (CNVD-2024-06428)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel version 6.7.1 and earlier, which stems from a crash due to a missing paramkernel-datasize check. No details of the vulnerability...

5.5CVSS6.7AI score0.00296EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/12 12:0 a.m.•34 views

Microsoft Win32K Elevation of Privilege Vulnerability (CNVD-2024-11164)

Microsoft Win32k is a system file for Windows multi-user management from Microsoft USA. An elevation of privilege vulnerability exists in Microsoft Win32K, which can be exploited by an attacker to gain elevated privileges on a system...

7.8CVSS7.3AI score0.04207EPSS
Exploits0References1
CNVD
CNVD
•added 2023/12/15 12:0 a.m.•34 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-9944413)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS7.5AI score0.00597EPSS
Exploits0References1
CNVD
CNVD
•added 2023/11/30 12:0 a.m.•34 views

Foxit Reader Arbitrary File Creation Vulnerability

Foxit Reader is a Chinese Foxit Foxit company's a PDF document reader. Foxit Reader suffers from an arbitrary file creation vulnerability, which can be exploited by an attacker to create a file in any location via a specially crafted malicious file, resulting in the execution of arbitrary code...

8.8CVSS6.9AI score0.02001EPSS
Exploits1References1
CNVD
CNVD
•added 2023/11/24 12:0 a.m.•34 views

Linux kernel competitive conditions issue vulnerability (CNVD-2024-1477122)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a Competitive Conditions Issue vulnerability, which stems from the presence of a competitive condition that could cause a local user to cause a system...

4.7CVSS6.1AI score0.00275EPSS
Exploits1References1
CNVD
CNVD
•added 2023/11/21 12:0 a.m.•34 views

Adobe ColdFusion Cross-Site Scripting Vulnerability (CNVD-2023-100311)

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion cross-site scripting vulnerability, the vulnerability stems from the lack of effective...

6.1CVSS6.4AI score0.84811EPSS
Exploits0References1
CNVD
CNVD
•added 2023/11/15 12:0 a.m.•34 views

Weak Encryption Vulnerability in Multiple Siemens Products

The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers.The SCALANCE W products are wireless communication devices for connecting industrial components, such as Programmable Logic Controllers PLCs or Human Machine Interfaces HMIs, that comply with the IEEE 802.11...

6.9CVSS6.7AI score0.00446EPSS
Exploits0References1
CNVD
CNVD
•added 2023/10/13 12:0 a.m.•34 views

SAP S/4HANA Authorization Issues Vulnerability (CNVD-2024-10202)

SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. An authorization issue vulnerability exists in SAP S/4HANA version 106, which can be exploited by an attacker to cause an escalation of privileges, due to a vulnerability...

5.4CVSS6.9AI score0.00271EPSS
Exploits0References1
Total number of security vulnerabilities5000