131102 matches found
Samsung SMR Information Disclosure Vulnerability (CNVD-2022-63643)
Samsung SMR is a system patch package from South Korea's Samsung Samsung. An information disclosure vulnerability exists in versions prior to Samsung SMR Apr-2022 Release 1, which can be exploited by attackers to cause unauthorized access to the EFRUIMID value...
Jenkins Job Generator Plugin Cross-Site Scripting Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application software.Jenkins Job Generator Plugin has...
D-Link DIR-619 Stack Overflow Vulnerability (CNVD-2022-31545)
D-Link DIR-619 is a series of routers from D-Link, a Chinese company. D-Link DIR-619 Ax v1.00 has a security vulnerability that can be exploited by attackers to cause a denial of service DoS via the curTime parameter...
radare2 buffer overflow vulnerability (CNVD-2022-30438)
radare2 is a set of libraries and tools for processing binary files. radare2 versions prior to 5.6.8 are vulnerable to a buffer overflow vulnerability that can be exploited by attackers to cause a denial of service...
TotoLink EX300_v2 Cross-Site Scripting Vulnerability
TotoLink EX300 is a 300 Mbps wireless N range extender from TotoLink China. version TotoLink EX300v2 V4.0.3c.140B20210429 has a cross-site scripting vulnerability that can be exploited by attackers to execute JavaScript code on the client side...
Bentley MicroStation CONNECT Code Execution Vulnerability (CNVD-2022-65620)
Bentley MicroStation CONNECT is a Cad software platform for 2D and 3D design and drafting.A code execution vulnerability exists in Bentley MicroStation CONNECT, which can be exploited by attackers to execute arbitrary code in the context of the current process...
WordPress Narnoo Distributor plugin path traversal vulnerability
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress plugin is a WordPress open source application plugin . A path traversal vulnerability exists in WordPress Narnoo...
Passwork On-Premise Edition Path Traversal Vulnerability
Passwork On-Premise Edition is a local password manager for your business from Passwork Finland.A path traversal vulnerability exists in versions prior to Passwork On-Premise Edition 4.6.13, no detailed vulnerability details are currently available...
Google Android Elevation of Privilege Vulnerability (CNVD-2022-22949)
Google Android is a Linux-based open source operating system from Google, Inc. An elevation-of-privilege vulnerability exists in Google Android due to a code logic error in kbasejduserbufpinpages in malikbasemem.c. error. An attacker could exploit this vulnerability to elevate local privileges...
Moodle SQL Injection Vulnerability (CNVD-2022-25190)
Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A SQL injection vulnerability exists in Moodle versions 3.9.0 through 3.11.5, which stems from insufficient cleanup of user-supplied da...
CuppaCMS alertConfigField.php file contains a vulnerability
CuppaCMS is a content management system CMS, and a file inclusion vulnerability exists in CuppaCMS version 1.0. The vulnerability stems from the fact that the url parameter in /alerts/alertConfigField.php does not effectively filter calls to local file resources, which could be exploited to read...
CKEditor4 authentication vulnerability
An authentication vulnerability exists in CKEditor4, an open source HTML editor, in the "Dialog Box" plug-in. The vulnerability allows misuse of the dialog input validator regular expression, which can cause significant performance degradation, leading to browser tab freezes. No details of the...
IBM Spectrum Protect Plus和IBM Spectrum Copy Data Management拒绝服务漏洞
IBM Spectrum Protect Plus and IBM Spectrum Copy Data Management are both products of IBM Corporation, U.S.A. IBM Spectrum Protect Plus is a data protection platform. The platform provides enterprises with a single point of control and management and supports backup and recovery for virtual,...
TP-Link TL-WR886N Stack Overflow Vulnerability (CNVD-2022-21168)
The TP-Link TL-WR886N is a wireless router from China P&L. A stack overflow vulnerability exists in the TP-Link TL-WR886N /cloudconfig/routerpost/checkregverifycode, which can be exploited by a remote attacker to submit a special request that can crash the application or can be used to execute...
Orchard Core Permissions and Access Control Issues Vulnerability
Orchard Core is an open source modular and multi-tenant application framework built with Asp.Net Core and a content management system Cms built on top of the framework from Orchard Core, Inc. Orchard Core is vulnerable to privilege permission and access control issues that could be exploited by a...
Vim Buffer Error Vulnerability (CNVD-2022-18520)
Vim is a UNIX-based editor. vim suffers from a buffer overflow vulnerability that stems from base read out-of-bounds. No detailed vulnerability details are currently available...
Microsoft Media Foundation Information Disclosure Vulnerability
Microsoft Media Foundation, a next-generation multimedia platform for Windows, is vulnerable to information disclosure. An attacker could use this vulnerability to obtain sensitive information...
Vim Resource Management Error Vulnerability (CNVD-2022-20100)
Vim is an editor for the UNIX platform. A resource management error vulnerability exists in vim, which can be exploited by an attacker to input a specially crafted file, resulting in a crash or code execution...
vim buffer overflow vulnerability (CNVD-2022-20693)
Vim is a UNIX-based editor. vim suffers from a buffer overflow vulnerability that could be exploited by an attacker to input a specially crafted file, leading to a crash or code execution...
Google Chrome OS Shell Memory Misreference Vulnerability
Google Chrome is a web browser from Google, Inc. A memory mis-reference vulnerability exists in Google Chrome OS Shell, which can be exploited by attackers to execute arbitrary code on the system or cause a denial of service condition...
Spring Cloud Gateway Remote Code Execution Vulnerability
Spring Cloud GateWay is a library provided for building API gateways on top of Spring WebFlux.A remote code execution vulnerability exists in Spring Cloud Gateway, which occurs in the Actuator endpoint of the Spring Cloud Gateway application, which is enabled, public and insecure, is vulnerable t...
vim buffer overflow vulnerability (CNVD-2022-20696)
Vim is a UNIX-based editor. buffer overflow vulnerability exists in versions prior to Vim 8.2.4436, which stems from a heap overflow in winlbrchartabsize and can be exploited to crash the program...
WordPress Shield Security plugin跨站脚本漏洞
WordPress is a set of blogging platforms developed by the WordPress Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress Shield Security plugin version 13.0.6 previously had a cross-site scripting vulnerability, whic...
Apache ActiveMQ Resource Management Error Vulnerability (CNVD-2022-14699)
Apache ActiveMQ is the United States Apache Apache Foundation of a set of open source messaging middleware , which supports Java messaging services , clustering , Spring Framework and so on. A resource management error vulnerability exists in Apache ActiveMQ Artemis, which can be exploited by an...
Google Chrome Security Feature Issue Vulnerability (CNVD-2022-20551)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security signature issue vulnerability that can be exploited by attackers to bypass security restrictions...
Oracle MySQL Input Validation Error Vulnerability (CNVD-2022-09248)
Oracle MySQL Server is a relational database from Oracle Corporation. Oracle MySQL Server suffers from an input validation error vulnerability that originates from an input validation error in the Server: Optimizer component in MySQL Server. An attacker can exploit the vulnerability to corrupt or...
Oracle Java SE Input Validation Error Vulnerability (CNVD-2022-15483)
Oracle Java SE, an Oracle company, is used to develop and deploy Java applications on desktops, servers, and embedded devices and in real-time environments.Oracle Java SE is vulnerable to an input validation error that could be exploited by an attacker to cause unauthorized read access to a subse...
F5 BIG-IP Resource Management Error Vulnerability (CNVD-2022-70619)
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. F5 BIG-IP has a resource management error vulnerability that can be exploited by an unauthenticated attacker to cause a...
Expat storeAtt function buffer overflow vulnerability
Expat is a fast streaming XML parser written in C. libexpat is a streaming XML parser written in C. A buffer overflow vulnerability exists in versions of Expat prior to 2.4.3, which stems from a boundary error in storeAtts in xmlparse.c when processing untrusted input. A remote attacker could...
Insyde InsydeH2O Buffer Overflow Vulnerability
Insyde InsydeH2O is a C source from Insyde Software Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the legacy BIOS Basic Input/Output System.Insyde InsydeH2O is vulnerable to a buffer overflow A buffer overflow vulnerability exists in InsydeH2O, whi...
WordPress Cross-Site Scripting Vulnerability (CNVD-2022-03210)
WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress has a cross-site scripting vulnerability in versions prior to 5.8.3, which stems from a lack of...
Expat has an unspecified vulnerability
Expat is a fast streaming XML parser written in C. Expat is vulnerable in versions prior to 2.4.3. The vulnerability stems from mgroupSize in Expat's xmlparse.c that does not properly validate data boundaries when performing operations on memory, resulting in incorrect read and write operations...
Apache Apisix Licensing Issue Vulnerability
Apache Apisix is a cloud-native microservices API gateway service from the Apache Foundation in the United States. The software is based on OpenResty and etcd for dynamic routing and plug-in hot-loading, and is suitable for API management in microservice systems. an authorization issue...
Quality Open Software logback remote code execution vulnerability
Quality Open Software logback is a logging framework for Java applications from Quality Open Software of Switzerland. quality Open Software logback in versions 1.2.7 and earlier is vulnerable to remote code execution, which stems from a failure to effectively filter user input. The vulnerability...
WordPress Secure Copy Content Protection and Content Locking plugin SQL injection vulnerability
WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. The WordPress Secure Copy Content Protection and Content Locking plugin has a SQL injection vulnerabili...
Vim has an unspecified vulnerability
Vim is a UNIX-based editor, and a security vulnerability exists in Vim that can be exploited by attackers to perform buffer overflow attacks...
Google Chrome referrer security bypass vulnerability
Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome due to an improper implementation of certain features in the product. A remote attacker could exploit the vulnerability to bypass security restrictions...
Adobe Safari cross-site scripting vulnerability
Adobe Safari is a popular WEB browser from Apple Inc. A cross-site scripting vulnerability exists in Adobe Safari, which can be exploited by remote attackers to submit special WEB requests that trick users into parsing and executing arbitrary code in the context of the application...
Nextcloud file traversal vulnerability
Nextcloud is an open source set of self-hosted file synchronization and sharing communication applications platform from Germany-based Nextcloud. nextcloud has a file traversal vulnerability in versions prior to 20.0.13, 21.0.5, and 22.2.0, which stems from a lack of authentication, access contro...
Google Chrome WebApp Installer improperly implemented vulnerability
Chrome is a web browsing tool developed by Google. versions prior to Google Chrome 95.0.4638.54 are vulnerable to an improper implementation of WebApp Installer. An attacker could potentially override and spoof the content of the multi-function box URL bar via a crafted HTML page...
Microsoft SharePoint Server Remote Code Execution Vulnerability (CNVD-2021-82957)
Microsoft Office and Microsoft SharePoint are both products of Microsoft Corporation USA. Microsoft SharePoint is an enterprise business collaboration platform. Microsoft SharePoint Server has a remote code execution vulnerability, which can be exploited by attackers to achieve remote code...
Google Chrome Post-release Reuse Vulnerability (CNVD-2021-84819)
Chrome is a web browsing tool developed by Google. A post-release reuse vulnerability exists in Garbage Collection in versions of Google Chrome prior to 94.0.4606.81. An attacker could exploit this vulnerability to potentially exploit heap corruption via a crafted HTML page...
Google Chrome Post-release Reuse Vulnerability (CNVD-2021-92836)
Chrome is a simple and efficient web browsing tool developed by Google. a post-release reuse vulnerability exists in the Selection API in versions prior to Google Chrome 93.0.4577.82. A remote attacker exploits heap corruption via a crafted HTML page...
libtiff buffer overflow vulnerability (CNVD-2021-93892)
Libtiff is a library for reading and writing tagged image file format abbreviated as TIFF files. a buffer overflow vulnerability exists in LibTiff version 4.0.10. An attacker can exploit this vulnerability to cause a denial of service via the in TIFFmemcpy function in tifunix.c...
Mozilla Firefox Privilege Permission and Access Control Issue Vulnerability (CNVD-2021-90098)
Mozilla Firefox is an open source Web browser from the Mozilla Foundation, U.S. A permission permission and access control issue vulnerability exists in Mozilla Firefox for Android, which stems from Firefox allowing navigation via the intent:// protocol. A remote attacker could exploit the...
F5 BIG IP Advanced WAF and ASM Denial of Service Vulnerability
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. The F5 BIG IP Advanced WAF and ASM denial of service vulnerability causes a specific html return page can cause the bd proces...
XStream Arbitrary Code Execution Vulnerability (CNVD-2021-67818)
XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...
Linux kernel denial-of-service vulnerability (CNVD-2021-60519)
Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable due to a use-after-release and crash flaw in drivers/usb/host/max3421 hcd.c. In some cases, by removing the MAX-3421 USB device, an attacker can exploit the vulnerability to...
Exiv2 Assertion Failure Vulnerability
Exiv2 is a cross-platform C library and command-line utility for managing image metadata. exiv2 0.27.4 and earlier versions are vulnerable to an assertion failure. An attacker could exploit the vulnerability via specially crafted image files to cause a denial of service...
Foxit PDF Reader Resource Management Error Vulnerability
Foxit PDF Reader is a PDF reader from Foxit China. Foxit PDF Reader is vulnerable to resource management errors, which can be exploited by remote attackers to execute arbitrary code on the target system...