131102 matches found
Oracle WebLogic Server Information Disclosure Vulnerability (CNVD-2023-08438)
Oracle WebLogic Server is an Oracle Oracle application service middleware for cloud and traditional environments, which provides a modern lightweight development platform that supports the entire lifecycle management of applications from development to production and simplifies application...
Nextcloud Information Disclosure Vulnerability (CNVD-2023-07969)
An information disclosure vulnerability exists in Nextcloud, an open source, self-hosted file synchronization and sharing communications application platform from Nextcloud Germany. The vulnerability stems from the fact that user passwords are stored in plaintext in the database during the OAuth2...
Forget Heart Message Box SQL Injection Vulnerability
Forget Heart Message Box is a messaging website. v1.1 of Forget Heart Message Box is vulnerable to SQL injection, which stems from a lack of validation of external input SQL statements in the name parameter of ca.php. An attacker could use this vulnerability to execute illegal SQL commands to ste...
Microsoft Edge Elevation of Privilege Vulnerability (CNVD-2023-76765)
Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain elevated privileges on the system...
Adobe InCopy out-of-bounds write vulnerability (CNVD-2023-05226)
Adobe InCopy is a text editing software for authoring from Adobe, Inc. An out-of-bounds write vulnerability exists in Adobe InCopy, which can be exploited by attackers to execute arbitrary code in the context of the current user...
Microsoft 3D Builder Remote Code Execution Vulnerability (CNVD-2023-04323)
Microsoft 3D Builder, a tool for creating models and 3D printing from Microsoft USA, has a security vulnerability. No details of the vulnerability are currently available...
Google Chrome iframe Sandbox Code Issue Vulnerability
Google Chrome is a web browser from Google, an American company. A code issue vulnerability exists in versions of Google Chrome prior to 109.0.5414.74, which stems from an improper implementation of its iframe Sandbox, and can be exploited by remote attackers to bypass file download restrictions...
Mozilla Firefox Cross-Site Scripting Vulnerability (CNVD-2023-03057)
Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. A cross-site scripting vulnerability exists in Mozila Firefox. An attacker could exploit the vulnerability to execute client-side code...
Mozilla Firefox code issue vulnerability (CNVD-2023-03065)
A code issue vulnerability exists in Mozilla Firefox, an open source Web browser from the Mozilla Foundation, which stems from the product's failure to restrict the lifecycle of script execution. An attacker could use this vulnerability to cause scripts to execute in an invalid object state...
Mozilla Firefox Security Feature Issue Vulnerability (CNVD-2023-05206)
Mozilla Firefox is an open source Web browser from the Mozilla Foundation. Mozilla Firefox is vulnerable to a security feature issue that stems from a lack of security checks in the sourceMapURL feature of devtools. A remote attacker could use the vulnerability to trick a victim into performing...
Mozilla Firefox Resource Management Error Vulnerability (CNVD-2023-03063)
Mozilla Firefox, an open source Web browser from the Mozilla Foundation, is vulnerable to a resource management error that results from improper internal resource management when selecting text. A remote attacker could use the vulnerability to trick a victim into selecting certain portions of tex...
File Upload Vulnerability in MetaSoft MetaCrm
hereinafter referred to as "Metsoft" is a professional customer relationship management software provider. A file upload vulnerability exists in MetaCrm, which can be exploited by attackers to upload arbitrary malicious files...
Mozilla Firefox permission permission and access control issue vulnerability (CNVD-2023-05211)
Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. A permission permission and access control issue vulnerability exists in Mozilla Firefox, which stems from the way Firefox handles extension updates. An attacker could use the vulnerability to trick victims into...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-00009)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Siemens Teamcenter Visualization and JT2Go Out-of-Bounds Read Vulnerability (CNVD-2022-88424)
Siemens Teamcenter Visualization is a team collaboration software for designing 2D and 3D scenes. Siemens JT2GO is a JT file viewer. Siemens Teamcenter Visualization and JT2Go are vulnerable to an out-of-bounds read vulnerability that can be exploited by attackers to execute code in the context o...
Siemens Teamcenter Visualization and JT2Go Heap Buffer Overflow Vulnerability
Siemens Teamcenter Visualization is a software that provides team collaboration capabilities for designing 2D and 3D scenes. Siemens JT2GO is a JT file viewer. Siemens Teamcenter Visualization and JT2Go are vulnerable to a heap buffer overflow vulnerability that could be exploited by an attacker ...
Google Android Code Execution Vulnerability (CNVD-2023-07645)
Google Android is a Linux-based open source operating system from Google, Inc. A code execution vulnerability exists in Google Android, which is caused by an out-of-range read in the toLanguageTag of LocaleListCache.cpp. An attacker could exploit this vulnerability to execute arbitrary code on th...
XWiki Platform Information Disclosure Vulnerability
XWiki Platform is the French company XWiki's set of Wiki platform for creating Web collaboration applications. The XWiki Platform suffers from an information disclosure vulnerability that originates from the fact that when using XWiki's "Reset forgotten password" feature, passwords are stored in...
ZTE ZXA10 C3XX Access Control Error Vulnerability
ZTE ZXA10 C3XX is a series of optical access aggregation equipment with EPON/GPON function from China ZTE Corporation ZTE. An access control error vulnerability exists in the ZTE ZXA10 C3XX version 2.1.0 and later, before 2.1.0xgp002.4. The vulnerability stems from improper access control setting...
Phpgurukul Teacher Record Management System Cross-Site Scripting Vulnerability
Phpgurukul Teachers Record Management System version 1.0 contains a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data on the Add Subject page, which could be exploited by a highly privileged attacker such as an administrator to...
NdkAdvancedCustomizationFields Server-Side Request Forgery Vulnerability
NdkAdvancedCustomizationFields is an advanced customization field from Ndk. A server-side request forgery vulnerability exists in NdkAdvancedCustomizationFields 3.5.0 and prior versions, which stems from rotateimg.php failing to properly validate user input. An attacker could use this vulnerabili...
Tenda AC18 addWifiMacFilter function buffer overflow vulnerability
The Tenda AC18 is a router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC18 version V15.03.05.19, which is caused by the addWifiMacFilter function not checking the length and size of the input data, and can be exploited to cause a denial of service...
Tenda AC1200 Command Injection Vulnerability
Tenda AC1200 is a wireless router from Tenda, China.A command injection vulnerability exists in the IPsecLocalNet and IPsecRemoteNet parameters of the Tenda AC1200 setIPsecTunnelList function. An attacker can exploit this vulnerability to perform command injection...
Siemens POWER METER SICAM Q100 Input Validation Error Vulnerability (CNVD-2022-75538)
The POWER METER SICAM Q100 is a multifunctional device used to detect, report and analyze measured values and events. Siemens POWER METER SICAM Q100 is vulnerable to an input validation error, which could be exploited by an attacker to crash the device followed by an automatic reboot or execute...
Google Chrome Security Bypass Vulnerability (CNVD-2022-85084)
Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome, which is caused by insufficient data validation in the bypass file system. An attacker could use this vulnerability to bypass security restrictions...
Oracle MySQL Denial of Service Vulnerability (CNVD-2022-91134)
Oracle MySQL is a relational database from Oracle Corporation. A denial of service vulnerability exists in the Server: Optimizer component of Oracle MySQL. An attacker can exploit this vulnerability to compromise MySQL Server by accessing the network over multiple protocols and cause it to hang o...
Dell GeoDrive DLL Hijacking Vulnerability
Dell GeoDrive is a free application from Dell Inc. It provides access to Dell EMC ECS and Atmos storage from Microsoft Windows desktops and servers. A DLL hijacking vulnerability exists in Dell GeoDrive versions prior to 2.2.3, which can be exploited by an attacker to execute arbitrary code on a...
Adobe ColdFusion XML External Entity Injection Vulnerability
Adobe ColdFusion is a rapid application development platform from Adobe, which includes an integrated development environment and scripting language. The platform includes an integrated development environment and scripting language.Adobe ColdFusion has an XML external entity injection...
Adobe ColdFusion XML External Entity Injection Vulnerability (CNVD-2023-08756)
Adobe ColdFusion is a rapid application development platform from Adobe, which includes an integrated development environment and scripting language. The platform includes an integrated development environment and scripting language.Adobe ColdFusion has an XML external entity injection...
Microsoft Windows USB Serial Driver Information Disclosure Vulnerability
Microsoft Windows is a set of operating systems for personal devices from Microsoft Corporation USA.Microsoft Windows USB Serial Driver is vulnerable to information disclosure, which stems from insufficient protection of sensitive information on network systems or products, and can be exploited b...
ZoneMinder has an unspecified vulnerability
ZoneMinder is an open source video surveillance software system that supports IP, USB and analog cameras. The system supports IP, USB and analog cameras, etc. A security vulnerability exists in ZoneMinder, which stems from the fact that an authenticated attacker can use the vulnerability to bypas...
TOTOLINK NR1800X UploadCustomModule Buffer Overflow Vulnerability
TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE from China-based Gion Electronics TOTOLINK, designed to provide fast and easy deployment of NR fixed data services for homes and offices.A buffer overflow vulnerability exists in TOTOLINK NR1800X V9.1.0u.6279B20210910 version, whic...
Tacitine Firewall EN6200 Command Injection Vulnerability
Tacitine Firewall EN6200 is a series of firewalls from Tacitine. The Tacitine Firewall EN6200 suffers from a command injection vulnerability that stems from improper control of code generation in the web-based management interface of the Tacitine-Firewall. An unauthenticated, remote attacker coul...
WordPress GS Testimonial Slider plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2022-66020)
Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications and forms. The solution supports mobile content management, marketing and sales campaign management, and multi-site management, etc. Adobe Experience Manager is...
Huawei HarmonyOS Conditional Competition Vulnerability
Huawei HarmonyOS is an operating system from Huawei, a Chinese company that provides a microkernel-based, distributed operating system. A conditional contention vulnerability exists in Huawei HarmonyOS, which stems from improper handling of concurrent accesses when concurrent code needs to access...
Apache OFBiz Code Injection Vulnerability (CNVD-2023-03918)
Apache OFBiz is an enterprise resource planning ERP system from the Apache Foundation. A code injection vulnerability exists in Apache OFBiz 18.12.05 and earlier versions, which stems from an error in Birt and can be exploited by attackers to remotely execute code...
IBM Sterling B2B Integrator Licensing Issue Vulnerability (CNVD-2022-61908)
IBM Sterling B2B Integrator is a suite of software from IBM USA that integrates important B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with different partner communities. IBM Sterling B2B Integrator Standard Edition has an...
Tenda W6 Stack Overflow Vulnerability
Tenda W6 is a wireless WiFi AP access point router from Tenda China.Tenda W6 is vulnerable to a stack overflow vulnerability caused by a stack buffer overflow in the function wifiSSIDget. A remote attacker can exploit this vulnerability to cause a denial of service...
Adobe Acrobat Reader Resource Management Error Vulnerability (CNVD-2022-56977)
Adobe Acrobat Reader is a PDF viewer from Adobe, a U.S. company. The software is used to print, sign, and annotate PDFs. Adobe Acrobat Reader is vulnerable to a resource management error that stems from post-release reuse, resulting in a memory leak. No details of the vulnerability are currently...
Huawei EMUI and Magic UI Information Disclosure Vulnerability (CNVD-2022-81251)
Huawei EMUI is a mobile operating system developed on Android. Huawei Magic UI is a smart device operating system. Huawei EMUI and Magic UI are vulnerable to an information disclosure vulnerability that originates from the issue of writing data to an arbitrary address in the HWKEYMASTER module,...
Wyse Management Suite has an unspecified vulnerability (CNVD-2022-56660)
Wyse Management Suite is a scalable solution for managing and optimizing Wyse endpoints from Dell, Inc. The product includes centralized management of Wyse endpoints, asset tracking and automated device discovery.Wyse Management Suite 3.6.1 and prior versions contain a security vulnerability that...
Siemens Teamcenter Denial of Service Vulnerability
Teamcenter software is a modern, adaptable product lifecycle management PLM system that connects people and processes across functional silos via digital threads to enable innovation. a denial-of-service vulnerability exists in Siemens Teamcenter that can be exploited by attackers to cause a...
IBM CICS TX Advanced Access Control Error Vulnerability
IBM CICS TX Advanced is a comprehensive, single transaction runtime package from IBM USA. It can provide a cloud-native deployment model for standalone applications. An Access Control Error vulnerability exists in IBM CICS TX Advanced version 11.1, which stems from a failure to set a security...
IBM DataPower Gateway Cross-Site Scripting Vulnerability (CNVD-2022-56972)
IBM DataPower Gateway is a set of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interface API, web, service-oriented architecture SOA, B2B, and cloud workloads. The platform protects, integrates, and optimizes access across channe...
F5 BIG-IP and BIG-IQ iControl SOAP input validation error vulnerability
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. An input validation error vulnerability exists in F5 BIG-IP and BIG-IQ iControl SOAP, which can be exploited by an...
Vim buffer overflow vulnerability (CNVD-2022-54899)
Vim is a cross-platform text editor. A buffer overflow vulnerability exists in versions prior to Vim 9.0.0060, which stems from a boundary error when handling untrusted input. A remote attacker can exploit this vulnerability to execute arbitrary code on the system...
Oracle MySQL Server PAM Auth Component Input Validation Error Vulnerability
Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Server is one of the database server components, and an input validation error vulnerability exists in Oracle MySQL 8.0.28 and earlier versions, which originates in the PAM Auth component of MySQL...
Moodle Input Validation Error Vulnerability (CNVD-2022-54916)
Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment.Moodle suffers from an input validation error vulnerability that stems from insufficient cleanup of SCORM tracking details, which can b...
Adobe InCopy Buffer Overflow Vulnerability (CNVD-2022-55643)
Adobe InCopy is a text editing software for creative writing from Adobe, USA. Adobe InCopy suffers from a buffer overflow vulnerability that stems from a lack of proper validation of user-supplied data, which can be exploited by an attacker to cause a read to exceed the end of an allocated buffer...