131102 matches found
Nextcloud file traversal vulnerability
Nextcloud is an open source set of self-hosted file synchronization and sharing communication applications platform from Germany-based Nextcloud. nextcloud has a file traversal vulnerability in versions prior to 20.0.13, 21.0.5, and 22.2.0, which stems from a lack of authentication, access contro...
Google Chrome WebApp Installer improperly implemented vulnerability
Chrome is a web browsing tool developed by Google. versions prior to Google Chrome 95.0.4638.54 are vulnerable to an improper implementation of WebApp Installer. An attacker could potentially override and spoof the content of the multi-function box URL bar via a crafted HTML page...
Microsoft SharePoint Server Remote Code Execution Vulnerability (CNVD-2021-82957)
Microsoft Office and Microsoft SharePoint are both products of Microsoft Corporation USA. Microsoft SharePoint is an enterprise business collaboration platform. Microsoft SharePoint Server has a remote code execution vulnerability, which can be exploited by attackers to achieve remote code...
Google Chrome Post-release Reuse Vulnerability (CNVD-2021-84819)
Chrome is a web browsing tool developed by Google. A post-release reuse vulnerability exists in Garbage Collection in versions of Google Chrome prior to 94.0.4606.81. An attacker could exploit this vulnerability to potentially exploit heap corruption via a crafted HTML page...
libde265 Heap Buffer Overflow Vulnerability (CNVD-2021-78432)
libde265 is an open source implementation of the h.265 video codec. libde265 version 1.0.4 contains a heap buffer overflow vulnerability in the putweightedpredavg16fallback function. An attacker can exploit the vulnerability to cause a denial of service via specially crafted files...
Adobe Acrobat/Reader Out-of-Bounds Reading Vulnerability (CNVD-2021-93886)
Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat is a PDF editing software developed by Adobe. Adobe Acrobat/Reader suffers from an out-of-bounds read vulnerability. An attacker can exploit the vulnerability to cause a memory leak...
Google Chrome Post-release Reuse Vulnerability (CNVD-2021-92836)
Chrome is a simple and efficient web browsing tool developed by Google. a post-release reuse vulnerability exists in the Selection API in versions prior to Google Chrome 93.0.4577.82. A remote attacker exploits heap corruption via a crafted HTML page...
libtiff buffer overflow vulnerability (CNVD-2021-93892)
Libtiff is a library for reading and writing tagged image file format abbreviated as TIFF files. a buffer overflow vulnerability exists in LibTiff version 4.0.10. An attacker can exploit this vulnerability to cause a denial of service via the in TIFFmemcpy function in tifunix.c...
Mozilla Firefox Privilege Permission and Access Control Issue Vulnerability (CNVD-2021-90098)
Mozilla Firefox is an open source Web browser from the Mozilla Foundation, U.S. A permission permission and access control issue vulnerability exists in Mozilla Firefox for Android, which stems from Firefox allowing navigation via the intent:// protocol. A remote attacker could exploit the...
F5 BIG IP Advanced WAF and ASM Denial of Service Vulnerability
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. The F5 BIG IP Advanced WAF and ASM denial of service vulnerability causes a specific html return page can cause the bd proces...
XStream Arbitrary Code Execution Vulnerability (CNVD-2021-67818)
XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...
XStream Arbitrary Code Execution Vulnerability (CNVD-2021-67820)
XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...
Exiv2 Assertion Failure Vulnerability
Exiv2 is a cross-platform C library and command-line utility for managing image metadata. exiv2 0.27.4 and earlier versions are vulnerable to an assertion failure. An attacker could exploit the vulnerability via specially crafted image files to cause a denial of service...
Linux kernel denial-of-service vulnerability (CNVD-2021-60519)
Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable due to a use-after-release and crash flaw in drivers/usb/host/max3421 hcd.c. In some cases, by removing the MAX-3421 USB device, an attacker can exploit the vulnerability to...
Google Golang Trust Management Issue Vulnerability
Google Golang is a statically strongly typed, compiled language from Google, U.S. A trust management issue vulnerability exists in Google Golang, which can be exploited by attackers to cause a TLS client panic...
Ruby Information Disclosure Vulnerability (CNVD-2021-59129)
Ruby is a cross-platform, object-oriented, dynamically typed programming language developed by Yukihiro Matsumoto, a personal developer, and is vulnerable to information disclosure that could be exploited by attackers to extract information about other private and undisclosed services...
Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66108)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows/Windows Server, which could be exploite...
Microsoft Windows and Windows Server Elevation of Privilege Vulnerability (CNVD-2021-61776)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. Microsoft Windows and Windows Server have an elevation of privilege vulnerability that can be exploited by...
Microsoft Windows/Windows Server Information Disclosure Vulnerability (CNVD-2021-63327)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. Microsoft Windows/Windows Server is vulnerable to an information disclosure vulnerability that originates...
Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-90798)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows/Windows Server, which stems from a...
Microsoft Windows/Windows Server Remote Code Execution Vulnerability (CNVD-2021-65600)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. A remote code execution vulnerability exists in Microsoft Windows/Windows Server. The vulnerability stems...
Apache HTTP Server Environment Issues Vulnerabilities
Apache HTTP Server is the United States Apache Software Apache Software Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A security vulnerability exists in Apache HTTP Server versions 2.4.20 through 2.4.43, which can be exploited by ...
MiniUPnP MiniUPnPd Denial of Service Vulnerability
MiniUPnP is a UPnP tool that can be used for embedded systems. MiniUPnP A denial of service detail exists in MiniUPnPd. The vulnerability stems from improper design or implementation during code development of a networked system or product. An attacker can exploit the vulnerability to launch a...
NUUO NVRmini 2 Arbitrary File Upload Vulnerability
The NUUO NVRmini 2 is a video storage management device from NUUO USA. A security vulnerability exists in the upload.php file in the NUUO NVRmini 2. An attacker can exploit this vulnerability to upload arbitrary files e.g., .php files...
Apache JMeter Remote Command Execution Vulnerability
Apache Jmeter is an open source Java application designed to test functional behavior and measure performance for load ... Apache JMeter suffers from a remote command execution vulnerability in distributed mode using an insecure RMI connection, which can be exploited by an attacker to execute...
Swagger Parser and Swagger codegen arbitrary code execution vulnerability
Swagger Parser is a Swagger cross-language REST API interface parser. swagger codegen is an API development tool. An arbitrary code execution vulnerability exists in the yaml parsing feature in Swagger Parser 1.0.30 and earlier and Swagger codegen 2.2.2 and earlier. An attacker can exploit this...
Apache HTTP Server Denial of Service Vulnerability (CNVD-2017-13906)
Apache HTTP Server is the United States Apache Apache Software Foundation, an open source web server. The server is fast, reliable and can be expanded through a simple API. A denial of service vulnerability exists in Apache HTTP Server versions prior to 2.4.26. An attacker can exploit this...
Wireshark SoulSeek Parser Denial of Service Vulnerability
Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A denial-of-service vulnerability exists in the Wireshark SoulSeek parser, which allows ...
DiskSavvy Enterprise Buffer Overflow Vulnerability
Flexense DiskSavvy is a disk space analyzer from Flexense USA. A buffer overflow vulnerability exists in the build-in web server of Flexense DiskSavvy Enterprise. A remote attacker could exploit the vulnerability to send a specially crafted URI request to conduct a denial of service or arbitrary...
Multiple Huawei Firewall Denial of Service Vulnerabilities (CNVD-2016-12339)
Huawei Secospace USG6300, Secospace USG6500, Secospace USG6600 are firewall devices from Huawei China. A denial of service vulnerability exists in multiple Huawei firewalls. As part of the memory is not freed after executing a command, a remote attacker with specific privileges can log in to the...
Adobe ColdFusion Information Disclosure Vulnerability (CNVD-2016-07016)
Adobe ColdFusion is the United States of America Audobee Adobe a dynamic Web server products, which runs the CFML ColdFusion Markup Language is a programming language for Web applications. An information disclosure vulnerability exists in Adobe ColdFusion 11 Update 9 and earlier and ColdFusion 10...
Microsoft Kerberos Elevation of Privilege Vulnerability
Microsoft Windows is the popular computer operating system. Windows Kerberos re-adopts the NTLM Authentication Protocol as the default protocol if a password change request is not handled correctly during a domain account password change, an elevation of privilege vulnerability exists that can be...
Linux kernel privilege acquisition vulnerability
The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. aufs is one of the federated file system modules. A privilege-acquisition vulnerability exists in the aufs module of Linux kernel versions 3.x and 4.x. The vulnerability stems...
Drupal Core Forms Interface Ignores Submit Button Access Restriction Vulnerability
Drupal is a free and open source content management system developed in PHP. An access bypass vulnerability exists in Drupal Core. Allowing input submission, e.g. using JavaScript, of form button elements that the user should not have access to because the buttons are blocked by server-side form...
Huawei Mate 7 Local Elevation of Privilege Vulnerability
Huawei Mate 7 is a smartphone developed by the domestic company Huawei. A security vulnerability exists on the Huawei Mate 7 TEEOS module that allows local attackers to exploit the vulnerability to elevate privileges...
python-dbusmock local code execution vulnerability
python-dbusmock is a Python library for creating simulated objects on the D-Bus. A security vulnerability exists in python-dbusmock that allows a local attacker to exploit the vulnerability to execute arbitrary code...
Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability (CNVD-2024-19324)
Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge for Android Chromium-based suffers from an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...
Foxit PDF Reader AcroForm Code Execution Vulnerability
Foxit PDF Reader is a PDF document reader and printer with fast startup speed and rich features. A code execution vulnerability exists in Foxit PDF Reader AcroForm, which can be exploited by a remote attacker to submit a special file request and trick the user into parsing it, which can crash the...
Linux Kernel suffers from a denial of service vulnerability (CNVD-2024-17902)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux Kernel has a denial of service vulnerability that can be exploited by attackers to conduct denial of service attacks...
File Upload Vulnerability in Wando ezOFFICE Collaboration Management Platform (CNVD-2024-14208)
Wando ezOFFICE collaborative management platform is a comprehensive information base application platform. A file upload vulnerability exists in Wando ezOFFICE Collaborative Management Platform, which can be exploited by an attacker to gain server privileges...
Cups Easy cross-site scripting vulnerability (CNVD-2024-11147)
Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the description parameter on the /cupseasylive/statemodify.php page. An attacker could...
Unspecified vulnerability in Linux kernel (CNVD-2024-06433)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel prior to version 6.4.12, which stems from a post-release reuse vulnerability in amdgpucswaitallfences in...
Unspecified vulnerability in Linux kernel (CNVD-2024-06428)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel version 6.7.1 and earlier, which stems from a crash due to a missing paramkernel-datasize check. No details of the vulnerability...
Microsoft Win32K Elevation of Privilege Vulnerability (CNVD-2024-11164)
Microsoft Win32k is a system file for Windows multi-user management from Microsoft USA. An elevation of privilege vulnerability exists in Microsoft Win32K, which can be exploited by an attacker to gain elevated privileges on a system...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-9944413)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Foxit Reader Arbitrary File Creation Vulnerability
Foxit Reader is a Chinese Foxit Foxit company's a PDF document reader. Foxit Reader suffers from an arbitrary file creation vulnerability, which can be exploited by an attacker to create a file in any location via a specially crafted malicious file, resulting in the execution of arbitrary code...
Linux kernel competitive conditions issue vulnerability (CNVD-2024-1477122)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a Competitive Conditions Issue vulnerability, which stems from the presence of a competitive condition that could cause a local user to cause a system...
Adobe ColdFusion Cross-Site Scripting Vulnerability (CNVD-2023-100311)
Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion cross-site scripting vulnerability, the vulnerability stems from the lack of effective...
Weak Encryption Vulnerability in Multiple Siemens Products
The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers.The SCALANCE W products are wireless communication devices for connecting industrial components, such as Programmable Logic Controllers PLCs or Human Machine Interfaces HMIs, that comply with the IEEE 802.11...
SAP S/4HANA Authorization Issues Vulnerability (CNVD-2024-10202)
SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. An authorization issue vulnerability exists in SAP S/4HANA version 106, which can be exploited by an attacker to cause an escalation of privileges, due to a vulnerability...