131102 matches found
Cisco Prime Infrastructure and Cisco EPN Manager跨站脚本漏洞
Cisco Prime Infrastructure is an application from Cisco, Inc. A cross-site scripting vulnerability exists in Cisco Prime Infrastructure and Cisco EPN Manager, which could be exploited by an attacker to execute arbitrary script code or access sensitive browser-based information in the context of t...
Linux kernel denial-of-service vulnerability (CNVD-2022-69196)
Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable due to a NULL pointer dereference flaw in the udffilewriteiter function in the udf file system. By using a constructed UDF image, an authenticated local attacker could exploit...
Jenkins dbCharts Plugin Cross-Site Request Forgery Vulnerability
Jenkins plug-ins are plug-ins that provide appropriate functionality for Jenkins. Jenkins dbCharts Plugin cross-site request forgery vulnerability. The vulnerability allows an attacker to connect to a specified database via JDBC using specified credentials and determine whether a class is availab...
unzip buffer overflow vulnerability (CNVD-2022-11523)
Info-ZIP UnZip is a Unix-based tool for decompressing ".zip" file formats developed by Greg Roelofs. unzip is vulnerable to a buffer overflow vulnerability that results from the conversion of utf-8 strings to native strings resulting in a segmentation error. An attacker could exploit this...
Bentley Systems MicroStation Buffer Overflow Vulnerability (CNVD-2022-16148)
Bentley Systems MicroStation is a Cad software platform for 2D and 3D design and drafting from Bentley Systems, USA. A buffer overflow vulnerability exists in Bentley Systems MicroStation, which can be exploited by an attacker to disclose sensitive information about an affected installation of...
vim resource management error vulnerability (CNVD-2022-09246)
Vim is a UNIX-based editor. vim suffers from a resource management error vulnerability that arises from the use of freed memory and can be exploited by an attacker to enter a specially crafted file to cause a crash or code execution...
Oracle MySQL Input Validation Error Vulnerability (CNVD-2022-09143)
Oracle MySQL Server is a relational database from Oracle Corporation. An input validation error vulnerability exists in MySQL Server that originates from incorrect input validation in the Server: Optimizer component in MySQL Server. An attacker can exploit the vulnerability to corrupt or delete...
Linux kernel elevation of privilege vulnerability (CNVD-2022-68577)
Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel 5.14-rc3 is vulnerable due to a type obfuscation flaw in eBPF program processing. By executing a carefully crafted eBPF program, an authenticated attacker could exploit this vulnerability t...
GPAC Buffer Overflow Vulnerability (CNVD-2022-07643)
GPAC is an open source multimedia framework. Version v1.0.1 of GPAC has a security vulnerability that stems from a heap-based buffer overflow vulnerability in the gfisomdoviconfigget function of MP4Box, which could be exploited by an attacker to cause a denial of service or execute arbitrary code...
Oracle GraalVM Input Validation Error Vulnerability (CNVD-2022-15475)
Oracle GraalVM is a set of on-the-fly compilers written in the Java language from Oracle Corporation USA. The product supports multiple programming languages and execution modes.GraalVM Enterprise Edition is the enterprise version of GraalVM.An input validation error vulnerability exists in Oracl...
WordPress WP HTML Mail plugin cross-site scripting vulnerability
WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress WP HTML Mail plugin in version 3.0.9 and earlier is vulnerable to a cross-site scripting vulnerability tha...
Oracle MySQL Server Input Validation Error Vulnerability (CNVD-2022-17694)
Oracle MySQL Server is a relational database from Oracle Corporation. Oracle MySQL Server is vulnerable to an input validation error that could be exploited by attackers to perform a denial-of-service DoS attack...
October CMS Code Injection Vulnerability
October CMS is an open source content management system CMS based on PHP and Laravel web application framework. October CMS suffers from a code injection vulnerability that arises from a failure of a network system or product to properly filter specific elements of externally entered data during...
Expat storeAtt function buffer overflow vulnerability
Expat is a fast streaming XML parser written in C. libexpat is a streaming XML parser written in C. A buffer overflow vulnerability exists in versions of Expat prior to 2.4.3, which stems from a boundary error in storeAtts in xmlparse.c when processing untrusted input. A remote attacker could...
WordPress RegistrationMagic plugin SQL injection vulnerability
WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.The WordPress RegistrationMagic plugin was vulnerable to SQL injection before 5.0.1.6, which stems from the la...
Huawei Smartphone Buffer Overflow Vulnerability (CNVD-2022-08047)
The Huawei Smartphone is a smartphone from the Chinese company Huawei. The Huawei Smartphone suffers from a buffer error vulnerability that stems from an integer overflow vulnerability in the ACPU in the smartphone. An attacker could exploit this vulnerability to cause out-of-bounds access...
Linux kernel has unspecified vulnerabilities (CNVD-2022-05042)
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. kernel is one of the kernel-based virtual machines. a security vulnerability exists in Linux kernel, which stems from the fact that guest users can force the Linux netback driver to consume large amounts...
libde265 buffer overflow vulnerability
Libde265 is a German h.265 video codec. libde265 suffers from a buffer overflow vulnerability that stems from Cc functionally backing off epel hv when running the program dec265. No detailed vulnerability details are currently available...
libde265 has an unspecified vulnerability
Libde265 is a German h.265 video codec. libde265 suffers from a security vulnerability that could be exploited by an attacker to cause a denial of service DoS by running a crafted file or application with unspecified other impact...
WordPress Cross-Site Scripting Vulnerability (CNVD-2022-03210)
WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress has a cross-site scripting vulnerability in versions prior to 5.8.3, which stems from a lack of...
Apache Kylin Access Control Error Vulnerability
Apache Kylin is an open source distributed analytic data warehouse from the Apache Foundation. The product mainly provides SQL query interface and multidimensional analysis OLAP on top of Hadoop/Spark, etc. An access control error vulnerability exists in Apache kylin, which stems from allowing...
Django Denial of Service Vulnerability (CNVD-2022-03215)
Django is the Django Foundation's set of Python-based language open source Web application framework . The framework includes object-oriented mapper, view system, template system, etc. Django version 2.2 before 2.2.26, version 3.2 before 3.2.11, and version 4.0 before 4.0.1 has a denial-of-servic...
Expat has an unspecified vulnerability
Expat is a fast streaming XML parser written in C. A security vulnerability exists in Expat, which stems from the fact that in Expat aka libexpat prior to 2.4.3, the storeAtts function in xmlparse.c shifted left by 29 or more bits may cause realloc misbehavior e.g., allocating too few bytes too...
Unspecified vulnerability in Linux kernel (CNVD-2021-102383)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel prior to 5.15.11, which stems from the presence of use-after-free in drivers/tee/teeshm.c in the TEE subsystem.No details of...
Microsoft Windows Media Center Elevation of Privilege Vulnerability
Windows Media Center WMC is a digital video recorder and media player created by Microsoft.An elevation of privilege vulnerability exists in Microsoft Windows Media Center. An attacker could exploit this vulnerability to elevate privileges...
Google Android Information Disclosure Vulnerability (CNVD-2021-101697)
Google Android is a Linux-based open-source operating system from the U.S. company Google Google. information disclosure vulnerabilities exist in Google Android 9, 10 and 11. The vulnerability arises from the retrieval of accounts in devices with permissions due to permission bypass in the...
Microsoft Defender for IoT Remote Code Execution Vulnerability (CNVD-2022-04001)
Microsoft Defender for IoT is an asset discovery, vulnerability management and threat monitoring solution for IoT/OT environments.Microsoft Defender for IoT is vulnerable to a remote code execution vulnerability. An attacker could exploit this vulnerability to execute code on the target host...
Quality Open Software logback remote code execution vulnerability
Quality Open Software logback is a logging framework for Java applications from Quality Open Software of Switzerland. quality Open Software logback in versions 1.2.7 and earlier is vulnerable to remote code execution, which stems from a failure to effectively filter user input. The vulnerability...
Fiberhome FiberHome ONU GPON OS Command Injection Vulnerability
Fiberhome FiberHome ONU GPON is a router from Fiberhome, China.FiberHome ONU GPON AN5506-04-F RP2617 is vulnerable to an operating system command injection vulnerability, which originates from FiberHome ONU GPON AN5506-04-F RP2617 is affected by an operating system command injection vulnerability...
Moodle Cross-Site Scripting Vulnerability (CNVD-2021-93379)
Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. cross-site scripting vulnerability exists in Moodle, which stems from the lack of effective filtering and escaping of URL parameters in...
Google Chrome storage foundation code execution vulnerability
Google Chrome is a web browser from Google, Inc. Google chrome has a security vulnerability that could be exploited by remote attackers to execute arbitrary code on the system...
Open Design Alliance Drawings SDK has an unspecified vulnerability (CNVD-2021-89164)
Open Design Alliance Drawings SDK is a software development kit for drawing design applications from Open Design Alliance, Inc. The package provides access to data in .dwg and .dgn through a convenient, object-oriented API, providing a C API, support for repair files, support for . An out - bound...
Samba Security Bypass Vulnerability (CNVD-2022-15500)
Samba is the standard Windows interoperability suite for Linux and Unix. A security vulnerability exists in Samba that stems from a flaw discovered in the way Samba, which acts as an Active Directory domain controller, implements Kerberos name-based authentication. An attacker could exploit this...
Google Chrome Type Obfuscation Vulnerability (CNVD-2021-99262)
Chrome is a simple and efficient web browsing tool developed by Google. a type obfuscation vulnerability exists in V8 in versions prior to Google Chrome 95.0.4638.69. An attacker could exploit this vulnerability to potentially cause heap corruption via a crafted HTML page...
Adobe Photoshop 2021 memory buffer out-of-bounds access vulnerability
Adobe Photoshop, or "PS" for short, is an image processing software developed and distributed by Adobe. Adobe Photoshop 2021 22.5.1 and earlier versions are vulnerable to a memory buffer out-of-bounds access vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...
Adobe Prelude Memory Buffer Out-of-Bounds Access Vulnerability (CNVD-2021-92811)
Adobe Prelude is a video recording and capture tool designed for intuitive and efficient media organization and metadata entry to quickly tag and transcode video footage and quickly create rough cuts.Adobe Prelude 10.1 and earlier versions are vulnerable to an out-of-bounds memory buffer access...
Adobe After Effects null pointer dereference vulnerability (CNVD-2021-89933)
Adobe After Effects "AE" is a graphics and video processing software from Adobe for organizations involved in design and video special effects, including television stations, animation production companies, personal post-production studios, and multimedia studios. Effects 18.4.1 and earlier...
Oracle Java SE and Oracle GraalVM Enterprise Edition Denial of Service Vulnerability (CNVD-2021-81808)
Java SE stands for Java Platform Standard Edition and is used to develop and deploy Java applications for desktops, servers, and embedded devices and real-time environments.Oracle GraalVM Enterprise Edition is an Oracle-based multilingual virtual machine for enterprise Java SE. A denial of servic...
Flatpak input validation error vulnerability
Flatpak is a suite of application virtualization systems for Linux desktop application computing environments. versions prior to Flatpak 1.12.0 and 1.10.4 contain an input validation error vulnerability that stems from direct access to AFUNIX sockets such as those used by Wayland, Pipewire or...
Google Chrome Sandbox Improper Implementation Vulnerability (CNVD-2021-84816)
Chrome is a web browsing tool developed by Google. versions prior to Google Chrome 94.0.4606.81 are vulnerable to improper sandbox implementation. An attacker could potentially bypass site quarantine via Windows by exploiting this vulnerability...
Cobbler Remote Code Execution Vulnerability
Cobbler is a network installation server suite that is primarily used to quickly build Linux network installation environments. remote code execution vulnerability exists in versions of Cobbler prior to 3.3.0, which stems from the failure of a network system or product to properly filter special...
VMware vCenter Server File Upload Vulnerability
Vmware VMware vCenter Server is a suite of server and virtualization management software from Vmware, Inc. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructure. vCenter Server is vulnerable to a...
Google Chrome Performance Manager code execution vulnerability
Google Chrome is a web browser from Google, Inc. A code execution vulnerability exists in Google Chrome Performance Manager. A remote attacker could use this vulnerability to execute arbitrary code on the system or cause a denial of service condition...
Adobe XMP Toolkit SDK Out-of-Bounds Read Vulnerability (CNVD-2021-79742)
The Adobe XMP Toolkit SDK allows you to integrate XMP functionality into your product or solution.An out-of-bounds read vulnerability exists in Adobe XMP Toolkit SDK 2021.07 and earlier. An attacker could exploit this vulnerability to read arbitrary file systems...
Adobe Premiere Elements Memory Out-of-Bounds Access Vulnerability (CNVD-2021-82408)
Adobe Premiere Elements is a video editing software application. 2021 build 19.0 and earlier versions of Adobe Premiere Elements contain a memory out-of-bounds access vulnerability that could be exploited by attackers to execute arbitrary code...
Adobe Acrobat/Reader Out-of-Bounds Reading Vulnerability (CNVD-2021-93887)
Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat is a PDF editing software developed by Adobe. Adobe Acrobat/Reader suffers from an out-of-bounds read vulnerability. An attacker can exploit the vulnerability to cause a memory leak...
Adobe Acrobat/Reader Out-of-Bounds Reading Vulnerability (CNVD-2021-93886)
Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat is a PDF editing software developed by Adobe. Adobe Acrobat/Reader suffers from an out-of-bounds read vulnerability. An attacker can exploit the vulnerability to cause a memory leak...
XStream Arbitrary Code Execution Vulnerability (CNVD-2021-67820)
XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...
Adobe Connect Reflective Cross-Site Scripting Vulnerability (CNVD-2021-74112)
Adobe Connect, an online video conferencing software, is vulnerable to a reflective cross-site scripting vulnerability in Adobe Connect 11.2.2 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary code...
Google Chrome Post-release Reuse Vulnerability (CNVD-2021-62183)
Chrome is a web browsing tool developed by Google, and a post-release reuse vulnerability exists in the "Browser UI" in versions of Google Chrome prior to 92.0.4515.131. An attacker could use this vulnerability to execute arbitrary code or cause a denial of service condition on the system...