Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
added 2022/02/18 12:0 a.m.36 views

Cisco Prime Infrastructure and Cisco EPN Manager跨站脚本漏洞

Cisco Prime Infrastructure is an application from Cisco, Inc. A cross-site scripting vulnerability exists in Cisco Prime Infrastructure and Cisco EPN Manager, which could be exploited by an attacker to execute arbitrary script code or access sensitive browser-based information in the context of t...

6.1CVSS2.6AI score0.01213EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/18 12:0 a.m.36 views

Linux kernel denial-of-service vulnerability (CNVD-2022-69196)

Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable due to a NULL pointer dereference flaw in the udffilewriteiter function in the udf file system. By using a constructed UDF image, an authenticated local attacker could exploit...

5.5CVSS3AI score0.00497EPSS
Exploits1References1
CNVD
CNVD
added 2022/02/17 12:0 a.m.36 views

Jenkins dbCharts Plugin Cross-Site Request Forgery Vulnerability

Jenkins plug-ins are plug-ins that provide appropriate functionality for Jenkins. Jenkins dbCharts Plugin cross-site request forgery vulnerability. The vulnerability allows an attacker to connect to a specified database via JDBC using specified credentials and determine whether a class is availab...

8.8CVSS8.6AI score0.00527EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/13 12:0 a.m.36 views

unzip buffer overflow vulnerability (CNVD-2022-11523)

Info-ZIP UnZip is a Unix-based tool for decompressing ".zip" file formats developed by Greg Roelofs. unzip is vulnerable to a buffer overflow vulnerability that results from the conversion of utf-8 strings to native strings resulting in a segmentation error. An attacker could exploit this...

5.5CVSS5.3AI score0.02108EPSS
Exploits1References1
CNVD
CNVD
added 2022/02/10 12:0 a.m.36 views

Bentley Systems MicroStation Buffer Overflow Vulnerability (CNVD-2022-16148)

Bentley Systems MicroStation is a Cad software platform for 2D and 3D design and drafting from Bentley Systems, USA. A buffer overflow vulnerability exists in Bentley Systems MicroStation, which can be exploited by an attacker to disclose sensitive information about an affected installation of...

4.3CVSS3.9AI score0.01501EPSS
Exploits0References1
CNVD
CNVD
added 2022/02/08 12:0 a.m.36 views

vim resource management error vulnerability (CNVD-2022-09246)

Vim is a UNIX-based editor. vim suffers from a resource management error vulnerability that arises from the use of freed memory and can be exploited by an attacker to enter a specially crafted file to cause a crash or code execution...

8.4CVSS6AI score0.01395EPSS
Exploits1References1
CNVD
CNVD
added 2022/02/03 12:0 a.m.36 views

Oracle MySQL Input Validation Error Vulnerability (CNVD-2022-09143)

Oracle MySQL Server is a relational database from Oracle Corporation. An input validation error vulnerability exists in MySQL Server that originates from incorrect input validation in the Server: Optimizer component in MySQL Server. An attacker can exploit the vulnerability to corrupt or delete...

5.5CVSS4.7AI score0.01478EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/28 12:0 a.m.36 views

Linux kernel elevation of privilege vulnerability (CNVD-2022-68577)

Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel 5.14-rc3 is vulnerable due to a type obfuscation flaw in eBPF program processing. By executing a carefully crafted eBPF program, an authenticated attacker could exploit this vulnerability t...

8.8CVSS3.8AI score0.00972EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/25 12:0 a.m.36 views

GPAC Buffer Overflow Vulnerability (CNVD-2022-07643)

GPAC is an open source multimedia framework. Version v1.0.1 of GPAC has a security vulnerability that stems from a heap-based buffer overflow vulnerability in the gfisomdoviconfigget function of MP4Box, which could be exploited by an attacker to cause a denial of service or execute arbitrary code...

7.8CVSS7.4AI score0.01127EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/24 12:0 a.m.36 views

Oracle GraalVM Input Validation Error Vulnerability (CNVD-2022-15475)

Oracle GraalVM is a set of on-the-fly compilers written in the Java language from Oracle Corporation USA. The product supports multiple programming languages and execution modes.GraalVM Enterprise Edition is the enterprise version of GraalVM.An input validation error vulnerability exists in Oracl...

5.3CVSS4.1AI score0.02896EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/23 12:0 a.m.36 views

WordPress WP HTML Mail plugin cross-site scripting vulnerability

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress WP HTML Mail plugin in version 3.0.9 and earlier is vulnerable to a cross-site scripting vulnerability tha...

8.3CVSS1.1AI score0.70511EPSS
Exploits3References1
CNVD
CNVD
added 2022/01/21 12:0 a.m.36 views

Oracle MySQL Server Input Validation Error Vulnerability (CNVD-2022-17694)

Oracle MySQL Server is a relational database from Oracle Corporation. Oracle MySQL Server is vulnerable to an input validation error that could be exploited by attackers to perform a denial-of-service DoS attack...

4.9CVSS4.4AI score0.0175EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/17 12:0 a.m.36 views

October CMS Code Injection Vulnerability

October CMS is an open source content management system CMS based on PHP and Laravel web application framework. October CMS suffers from a code injection vulnerability that arises from a failure of a network system or product to properly filter specific elements of externally entered data during...

8.8CVSS8.8AI score0.02087EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/14 12:0 a.m.36 views

Expat storeAtt function buffer overflow vulnerability

Expat is a fast streaming XML parser written in C. libexpat is a streaming XML parser written in C. A buffer overflow vulnerability exists in versions of Expat prior to 2.4.3, which stems from a boundary error in storeAtts in xmlparse.c when processing untrusted input. A remote attacker could...

8.8CVSS6.2AI score0.02778EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/14 12:0 a.m.36 views

WordPress RegistrationMagic plugin SQL injection vulnerability

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL.The WordPress RegistrationMagic plugin was vulnerable to SQL injection before 5.0.1.6, which stems from the la...

7.2CVSS3.7AI score0.73293EPSS
Exploits6References1
CNVD
CNVD
added 2022/01/14 12:0 a.m.36 views

Huawei Smartphone Buffer Overflow Vulnerability (CNVD-2022-08047)

The Huawei Smartphone is a smartphone from the Chinese company Huawei. The Huawei Smartphone suffers from a buffer error vulnerability that stems from an integer overflow vulnerability in the ACPU in the smartphone. An attacker could exploit this vulnerability to cause out-of-bounds access...

9.8CVSS9.6AI score0.00756EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/14 12:0 a.m.36 views

Linux kernel has unspecified vulnerabilities (CNVD-2022-05042)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. kernel is one of the kernel-based virtual machines. a security vulnerability exists in Linux kernel, which stems from the fact that guest users can force the Linux netback driver to consume large amounts...

6.5CVSS2.1AI score0.00325EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/13 12:0 a.m.36 views

libde265 buffer overflow vulnerability

Libde265 is a German h.265 video codec. libde265 suffers from a buffer overflow vulnerability that stems from Cc functionally backing off epel hv when running the program dec265. No detailed vulnerability details are currently available...

5.5CVSS3.4AI score0.00859EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/13 12:0 a.m.36 views

libde265 has an unspecified vulnerability

Libde265 is a German h.265 video codec. libde265 suffers from a security vulnerability that could be exploited by an attacker to cause a denial of service DoS by running a crafted file or application with unspecified other impact...

7.8CVSS5.9AI score0.00897EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/08 12:0 a.m.36 views

WordPress Cross-Site Scripting Vulnerability (CNVD-2022-03210)

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress has a cross-site scripting vulnerability in versions prior to 5.8.3, which stems from a lack of...

8CVSS1.9AI score0.63418EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/07 12:0 a.m.36 views

Apache Kylin Access Control Error Vulnerability

Apache Kylin is an open source distributed analytic data warehouse from the Apache Foundation. The product mainly provides SQL query interface and multidimensional analysis OLAP on top of Hadoop/Spark, etc. An access control error vulnerability exists in Apache kylin, which stems from allowing...

7.5CVSS2.1AI score0.02338EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/06 12:0 a.m.36 views

Django Denial of Service Vulnerability (CNVD-2022-03215)

Django is the Django Foundation's set of Python-based language open source Web application framework . The framework includes object-oriented mapper, view system, template system, etc. Django version 2.2 before 2.2.26, version 3.2 before 3.2.11, and version 4.0 before 4.0.1 has a denial-of-servic...

7.5CVSS3.7AI score0.02397EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/05 12:0 a.m.36 views

Expat has an unspecified vulnerability

Expat is a fast streaming XML parser written in C. A security vulnerability exists in Expat, which stems from the fact that in Expat aka libexpat prior to 2.4.3, the storeAtts function in xmlparse.c shifted left by 29 or more bits may cause realloc misbehavior e.g., allocating too few bytes too...

9CVSS2.4AI score0.042EPSS
Exploits1References1
CNVD
CNVD
added 2021/12/24 12:0 a.m.36 views

Unspecified vulnerability in Linux kernel (CNVD-2021-102383)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel prior to 5.15.11, which stems from the presence of use-after-free in drivers/tee/teeshm.c in the TEE subsystem.No details of...

7CVSS7.4AI score0.00694EPSS
Exploits2References1
CNVD
CNVD
added 2021/12/19 12:0 a.m.36 views

Microsoft Windows Media Center Elevation of Privilege Vulnerability

Windows Media Center WMC is a digital video recorder and media player created by Microsoft.An elevation of privilege vulnerability exists in Microsoft Windows Media Center. An attacker could exploit this vulnerability to elevate privileges...

7.8CVSS4.7AI score0.00701EPSS
Exploits0References1
CNVD
CNVD
added 2021/12/19 12:0 a.m.36 views

Google Android Information Disclosure Vulnerability (CNVD-2021-101697)

Google Android is a Linux-based open-source operating system from the U.S. company Google Google. information disclosure vulnerabilities exist in Google Android 9, 10 and 11. The vulnerability arises from the retrieval of accounts in devices with permissions due to permission bypass in the...

5.5CVSS2.1AI score0.00128EPSS
Exploits0References1
CNVD
CNVD
added 2021/12/19 12:0 a.m.36 views

Microsoft Defender for IoT Remote Code Execution Vulnerability (CNVD-2022-04001)

Microsoft Defender for IoT is an asset discovery, vulnerability management and threat monitoring solution for IoT/OT environments.Microsoft Defender for IoT is vulnerable to a remote code execution vulnerability. An attacker could exploit this vulnerability to execute code on the target host...

9.8CVSS2.6AI score0.01992EPSS
Exploits0References1
CNVD
CNVD
added 2021/12/19 12:0 a.m.36 views

Quality Open Software logback remote code execution vulnerability

Quality Open Software logback is a logging framework for Java applications from Quality Open Software of Switzerland. quality Open Software logback in versions 1.2.7 and earlier is vulnerable to remote code execution, which stems from a failure to effectively filter user input. The vulnerability...

8.5CVSS3.4AI score0.04439EPSS
Exploits1References1
CNVD
CNVD
added 2021/12/17 12:0 a.m.36 views

Fiberhome FiberHome ONU GPON OS Command Injection Vulnerability

Fiberhome FiberHome ONU GPON is a router from Fiberhome, China.FiberHome ONU GPON AN5506-04-F RP2617 is vulnerable to an operating system command injection vulnerability, which originates from FiberHome ONU GPON AN5506-04-F RP2617 is affected by an operating system command injection vulnerability...

9CVSS2.5AI score0.141EPSS
Exploits0
CNVD
CNVD
added 2021/11/17 12:0 a.m.36 views

Moodle Cross-Site Scripting Vulnerability (CNVD-2021-93379)

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. cross-site scripting vulnerability exists in Moodle, which stems from the lack of effective filtering and escaping of URL parameters in...

6.1CVSS4.4AI score0.00845EPSS
Exploits0References1
CNVD
CNVD
added 2021/11/17 12:0 a.m.36 views

Google Chrome storage foundation code execution vulnerability

Google Chrome is a web browser from Google, Inc. Google chrome has a security vulnerability that could be exploited by remote attackers to execute arbitrary code on the system...

8.8CVSS6.8AI score0.00982EPSS
Exploits0References1
CNVD
CNVD
added 2021/11/16 12:0 a.m.36 views

Open Design Alliance Drawings SDK has an unspecified vulnerability (CNVD-2021-89164)

Open Design Alliance Drawings SDK is a software development kit for drawing design applications from Open Design Alliance, Inc. The package provides access to data in .dwg and .dgn through a convenient, object-oriented API, providing a C API, support for repair files, support for . An out - bound...

7.8CVSS3.2AI score0.01641EPSS
Exploits0References1
CNVD
CNVD
added 2021/11/12 12:0 a.m.36 views

Samba Security Bypass Vulnerability (CNVD-2022-15500)

Samba is the standard Windows interoperability suite for Linux and Unix. A security vulnerability exists in Samba that stems from a flaw discovered in the way Samba, which acts as an Active Directory domain controller, implements Kerberos name-based authentication. An attacker could exploit this...

9CVSS3.1AI score0.01673EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/29 12:0 a.m.36 views

Google Chrome Type Obfuscation Vulnerability (CNVD-2021-99262)

Chrome is a simple and efficient web browsing tool developed by Google. a type obfuscation vulnerability exists in V8 in versions prior to Google Chrome 95.0.4638.69. An attacker could exploit this vulnerability to potentially cause heap corruption via a crafted HTML page...

8.8CVSS2.9AI score0.26703EPSS
Exploits1References1
CNVD
CNVD
added 2021/10/27 12:0 a.m.36 views

Adobe Photoshop 2021 memory buffer out-of-bounds access vulnerability

Adobe Photoshop, or "PS" for short, is an image processing software developed and distributed by Adobe. Adobe Photoshop 2021 22.5.1 and earlier versions are vulnerable to a memory buffer out-of-bounds access vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...

7.8CVSS5.7AI score0.01979EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/27 12:0 a.m.36 views

Adobe Prelude Memory Buffer Out-of-Bounds Access Vulnerability (CNVD-2021-92811)

Adobe Prelude is a video recording and capture tool designed for intuitive and efficient media organization and metadata entry to quickly tag and transcode video footage and quickly create rough cuts.Adobe Prelude 10.1 and earlier versions are vulnerable to an out-of-bounds memory buffer access...

7.8CVSS4AI score0.0169EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/27 12:0 a.m.36 views

Adobe After Effects null pointer dereference vulnerability (CNVD-2021-89933)

Adobe After Effects "AE" is a graphics and video processing software from Adobe for organizations involved in design and video special effects, including television stations, animation production companies, personal post-production studios, and multimedia studios. Effects 18.4.1 and earlier...

5.5CVSS4.9AI score0.0133EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/20 12:0 a.m.36 views

Oracle Java SE and Oracle GraalVM Enterprise Edition Denial of Service Vulnerability (CNVD-2021-81808)

Java SE stands for Java Platform Standard Edition and is used to develop and deploy Java applications for desktops, servers, and embedded devices and real-time environments.Oracle GraalVM Enterprise Edition is an Oracle-based multilingual virtual machine for enterprise Java SE. A denial of servic...

5.3CVSS5.7AI score0.14839EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/11 12:0 a.m.36 views

Flatpak input validation error vulnerability

Flatpak is a suite of application virtualization systems for Linux desktop application computing environments. versions prior to Flatpak 1.12.0 and 1.10.4 contain an input validation error vulnerability that stems from direct access to AFUNIX sockets such as those used by Wayland, Pipewire or...

8.8CVSS1.1AI score0.00406EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/09 12:0 a.m.36 views

Google Chrome Sandbox Improper Implementation Vulnerability (CNVD-2021-84816)

Chrome is a web browsing tool developed by Google. versions prior to Google Chrome 94.0.4606.81 are vulnerable to improper sandbox implementation. An attacker could potentially bypass site quarantine via Windows by exploiting this vulnerability...

7.4CVSS4.9AI score0.01416EPSS
Exploits0References1
CNVD
CNVD
added 2021/10/08 12:0 a.m.36 views

Cobbler Remote Code Execution Vulnerability

Cobbler is a network installation server suite that is primarily used to quickly build Linux network installation environments. remote code execution vulnerability exists in versions of Cobbler prior to 3.3.0, which stems from the failure of a network system or product to properly filter special...

9.8CVSS4.3AI score0.88482EPSS
Exploits0References1
CNVD
CNVD
added 2021/09/24 12:0 a.m.36 views

VMware vCenter Server File Upload Vulnerability

Vmware VMware vCenter Server is a suite of server and virtualization management software from Vmware, Inc. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructure. vCenter Server is vulnerable to a...

9.8CVSS3.1AI score0.99999EPSS
Exploits11References1
CNVD
CNVD
added 2021/09/22 12:0 a.m.36 views

Google Chrome Performance Manager code execution vulnerability

Google Chrome is a web browser from Google, Inc. A code execution vulnerability exists in Google Chrome Performance Manager. A remote attacker could use this vulnerability to execute arbitrary code on the system or cause a denial of service condition...

8.8CVSS4.9AI score0.01222EPSS
Exploits0References1
CNVD
CNVD
added 2021/09/15 12:0 a.m.36 views

Adobe XMP Toolkit SDK Out-of-Bounds Read Vulnerability (CNVD-2021-79742)

The Adobe XMP Toolkit SDK allows you to integrate XMP functionality into your product or solution.An out-of-bounds read vulnerability exists in Adobe XMP Toolkit SDK 2021.07 and earlier. An attacker could exploit this vulnerability to read arbitrary file systems...

5.5CVSS3AI score0.0217EPSS
Exploits0References1
CNVD
CNVD
added 2021/09/15 12:0 a.m.36 views

Adobe Premiere Elements Memory Out-of-Bounds Access Vulnerability (CNVD-2021-82408)

Adobe Premiere Elements is a video editing software application. 2021 build 19.0 and earlier versions of Adobe Premiere Elements contain a memory out-of-bounds access vulnerability that could be exploited by attackers to execute arbitrary code...

9.3CVSS6.8AI score0.01646EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2021/09/15 12:0 a.m.36 views

Adobe Acrobat/Reader Out-of-Bounds Reading Vulnerability (CNVD-2021-93887)

Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat is a PDF editing software developed by Adobe. Adobe Acrobat/Reader suffers from an out-of-bounds read vulnerability. An attacker can exploit the vulnerability to cause a memory leak...

4.3CVSS5.2AI score0.02988EPSS
Exploits0Affected Software4
CNVD
CNVD
added 2021/09/15 12:0 a.m.36 views

Adobe Acrobat/Reader Out-of-Bounds Reading Vulnerability (CNVD-2021-93886)

Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat is a PDF editing software developed by Adobe. Adobe Acrobat/Reader suffers from an out-of-bounds read vulnerability. An attacker can exploit the vulnerability to cause a memory leak...

4.3CVSS5.2AI score0.02456EPSS
Exploits0Affected Software4
CNVD
CNVD
added 2021/08/23 12:0 a.m.36 views

XStream Arbitrary Code Execution Vulnerability (CNVD-2021-67820)

XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...

8.5CVSS6.4AI score0.04735EPSS
Exploits1References1
CNVD
CNVD
added 2021/08/11 12:0 a.m.36 views

Adobe Connect Reflective Cross-Site Scripting Vulnerability (CNVD-2021-74112)

Adobe Connect, an online video conferencing software, is vulnerable to a reflective cross-site scripting vulnerability in Adobe Connect 11.2.2 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary code...

6.1CVSS4.2AI score0.0135EPSS
Exploits0References1
CNVD
CNVD
added 2021/08/03 12:0 a.m.36 views

Google Chrome Post-release Reuse Vulnerability (CNVD-2021-62183)

Chrome is a web browsing tool developed by Google, and a post-release reuse vulnerability exists in the "Browser UI" in versions of Google Chrome prior to 92.0.4515.131. An attacker could use this vulnerability to execute arbitrary code or cause a denial of service condition on the system...

6.8CVSS5.9AI score0.01254EPSS
Exploits1References1
Total number of security vulnerabilities5000