131102 matches found
Linux kernel competitive conditions issue vulnerability (CNVD-2024-1477122)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a Competitive Conditions Issue vulnerability, which stems from the presence of a competitive condition that could cause a local user to cause a system...
Adobe ColdFusion Cross-Site Scripting Vulnerability (CNVD-2023-100311)
Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion cross-site scripting vulnerability, the vulnerability stems from the lack of effective...
Weak Encryption Vulnerability in Multiple Siemens Products
The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers.The SCALANCE W products are wireless communication devices for connecting industrial components, such as Programmable Logic Controllers PLCs or Human Machine Interfaces HMIs, that comply with the IEEE 802.11...
SAP S/4HANA Authorization Issues Vulnerability (CNVD-2024-10202)
SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from SAP, Germany. An authorization issue vulnerability exists in SAP S/4HANA version 106, which can be exploited by an attacker to cause an escalation of privileges, due to a vulnerability...
Google Chrome Skia buffer overflow vulnerability (CNVD-2023-65153)
Google Chrome is a web browser from Google, an American company. A buffer overflow vulnerability exists in versions of Google Chrome prior to 116.0.5845.96, which stems from a boundary error in Skia when handling untrusted input, and can be exploited by a remote attacker to corrupt the renderer...
Microsoft HEVC Video Extensions Remote Code Execution Vulnerability (CNVD-2023-64870)
Microsoft HEVC Video Extensions is a video extension application from Microsoft USA. The application enables computers and devices to read High Efficiency Video Coding or HEVC videos. A remote code execution vulnerability exists in Microsoft HEVC Video Extensions, which can be exploited by an...
Linux kernel smb2pdu.c file out-of-bounds read vulnerability
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. An out-of-bounds read vulnerability exists in versions of Linux kernel prior to 6.3.4, which stems from fs/ksmbd/smb2pdu.c not properly checking the UserName value, and can be...
Milesight UR32L set_openvpn_client function buffer overflow vulnerability (CNVD-2023-65481)
The Milesight UR32L is a 4G industrial router from China's Milesight. A buffer overflow vulnerability exists in the Milesight UR32L setopenvpnclient function, which can be exploited by an attacker to cause a buffer overflow and execute arbitrary code on the system, or cause an application to cras...
Linux kernel resource management error vulnerability (CNVD-2023-48541)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A resource management error vulnerability exists in the Linux kernel prior to version 6.2.9, which arises from a confusion in the program's instructions responsible for freeing...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2023-67102)
Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which can be exploited by attackers to cause unauthorized MySQL Server hangs or frequent repeated crashes...
SAP Application Interface Framework Cross-Site Scripting Vulnerability
SAP Application Interface Framework SAP AIF is a German SAP SAP company's application program interface framework. A security vulnerability exists in the SAP Application Interface Framework that stems from the application allowing the use of HTML markup, which can be exploited by an attacker to...
Buffer Overflow Vulnerability in Various Apple Products
Apple macOS Ventura is a desktop operating system from the American company Apple. A buffer overflow vulnerability exists in several Apple products that stems from incorrect validation of input. An attacker could exploit the vulnerability to execute arbitrary code with kernel privileges...
IBM Aspera Faspex SQL Injection Vulnerability
IBM Aspera is a set of fast file transfer and streaming solutions built on the IBM FASP protocol from International Business Machines IBM Inc. An SQL injection vulnerability exists in IBM Aspera Faspex version 4.4.2. The vulnerability stems from the application's lack of validation of external...
Adobe Experience Manager Encryption Issue Vulnerability
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. Adobe...
Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privilege Vulnerability
Microsoft PostScript Printer Driver is a Microsoft standard printer driver for PostScript printers from Microsoft USA. Microsoft PCL6 Class Printer Driver is a printer driver software from Microsoft Corporation. Microsoft PostScript and PCL6 Class Printer Driver contains an elevation of privilege...
Adobe Animate stack buffer overflow vulnerability
Adobe Animate is a Flash animation software from Adobe. Adobe Animate is vulnerable to a stack buffer overflow vulnerability that could be exploited to execute arbitrary code in the context of the current user...
D-Link DIR-605L Buffer Overflow Vulnerability (CNVD-2023-17670)
The D-Link DIR-605L is a wireless router from D-Link in China.The D-Link DIR-605L is vulnerable to a buffer overflow vulnerability that could be exploited by attackers to cause remote code execution or service disruption...
Oracle WebLogic Server Information Disclosure Vulnerability (CNVD-2023-08438)
Oracle WebLogic Server is an Oracle Oracle application service middleware for cloud and traditional environments, which provides a modern lightweight development platform that supports the entire lifecycle management of applications from development to production and simplifies application...
Nextcloud Information Disclosure Vulnerability (CNVD-2023-07969)
An information disclosure vulnerability exists in Nextcloud, an open source, self-hosted file synchronization and sharing communications application platform from Nextcloud Germany. The vulnerability stems from the fact that user passwords are stored in plaintext in the database during the OAuth2...
Forget Heart Message Box SQL Injection Vulnerability
Forget Heart Message Box is a messaging website. v1.1 of Forget Heart Message Box is vulnerable to SQL injection, which stems from a lack of validation of external input SQL statements in the name parameter of ca.php. An attacker could use this vulnerability to execute illegal SQL commands to ste...
Microsoft Edge Elevation of Privilege Vulnerability (CNVD-2023-76765)
Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain elevated privileges on the system...
Adobe InCopy out-of-bounds write vulnerability (CNVD-2023-05226)
Adobe InCopy is a text editing software for authoring from Adobe, Inc. An out-of-bounds write vulnerability exists in Adobe InCopy, which can be exploited by attackers to execute arbitrary code in the context of the current user...
Microsoft 3D Builder Remote Code Execution Vulnerability (CNVD-2023-04323)
Microsoft 3D Builder, a tool for creating models and 3D printing from Microsoft USA, has a security vulnerability. No details of the vulnerability are currently available...
Google Chrome iframe Sandbox Code Issue Vulnerability
Google Chrome is a web browser from Google, an American company. A code issue vulnerability exists in versions of Google Chrome prior to 109.0.5414.74, which stems from an improper implementation of its iframe Sandbox, and can be exploited by remote attackers to bypass file download restrictions...
Mozilla Firefox Cross-Site Scripting Vulnerability (CNVD-2023-03057)
Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. A cross-site scripting vulnerability exists in Mozila Firefox. An attacker could exploit the vulnerability to execute client-side code...
Mozilla Firefox code issue vulnerability (CNVD-2023-03065)
A code issue vulnerability exists in Mozilla Firefox, an open source Web browser from the Mozilla Foundation, which stems from the product's failure to restrict the lifecycle of script execution. An attacker could use this vulnerability to cause scripts to execute in an invalid object state...
Mozilla Firefox Security Feature Issue Vulnerability (CNVD-2023-05206)
Mozilla Firefox is an open source Web browser from the Mozilla Foundation. Mozilla Firefox is vulnerable to a security feature issue that stems from a lack of security checks in the sourceMapURL feature of devtools. A remote attacker could use the vulnerability to trick a victim into performing...
Mozilla Firefox Resource Management Error Vulnerability (CNVD-2023-03063)
Mozilla Firefox, an open source Web browser from the Mozilla Foundation, is vulnerable to a resource management error that results from improper internal resource management when selecting text. A remote attacker could use the vulnerability to trick a victim into selecting certain portions of tex...
File Upload Vulnerability in MetaSoft MetaCrm
hereinafter referred to as "Metsoft" is a professional customer relationship management software provider. A file upload vulnerability exists in MetaCrm, which can be exploited by attackers to upload arbitrary malicious files...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-00009)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Siemens Teamcenter Visualization and JT2Go Out-of-Bounds Read Vulnerability (CNVD-2022-88424)
Siemens Teamcenter Visualization is a team collaboration software for designing 2D and 3D scenes. Siemens JT2GO is a JT file viewer. Siemens Teamcenter Visualization and JT2Go are vulnerable to an out-of-bounds read vulnerability that can be exploited by attackers to execute code in the context o...
Siemens Teamcenter Visualization and JT2Go Heap Buffer Overflow Vulnerability
Siemens Teamcenter Visualization is a software that provides team collaboration capabilities for designing 2D and 3D scenes. Siemens JT2GO is a JT file viewer. Siemens Teamcenter Visualization and JT2Go are vulnerable to a heap buffer overflow vulnerability that could be exploited by an attacker ...
Google Android Code Execution Vulnerability (CNVD-2023-07645)
Google Android is a Linux-based open source operating system from Google, Inc. A code execution vulnerability exists in Google Android, which is caused by an out-of-range read in the toLanguageTag of LocaleListCache.cpp. An attacker could exploit this vulnerability to execute arbitrary code on th...
Airtable.js misconfiguration vulnerability
Airtable.js is Airtable open source an Airtable javascript client . Provides a simple way to access the data . A misconfiguration vulnerability exists in Airtable.js versions prior to 0.11.6 that stems from a misconfiguration in a script that binds environment variables to the build target of a...
Botan has an unspecified vulnerability
Botan is a library of cryptographic algorithms written in C++. It supports a variety of algorithms such as AES, DES, SHA-1, RSA, DSA and Diffie-Hellman. A security vulnerability exists in Botan versions 1.11.34 and later up to 2.19.3, which stems from a certificate validation error and can be...
ZTE ZXA10 C3XX Access Control Error Vulnerability
ZTE ZXA10 C3XX is a series of optical access aggregation equipment with EPON/GPON function from China ZTE Corporation ZTE. An access control error vulnerability exists in the ZTE ZXA10 C3XX version 2.1.0 and later, before 2.1.0xgp002.4. The vulnerability stems from improper access control setting...
Phpgurukul Teacher Record Management System Cross-Site Scripting Vulnerability
Phpgurukul Teachers Record Management System version 1.0 contains a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data on the Add Subject page, which could be exploited by a highly privileged attacker such as an administrator to...
Tenda AC18 addWifiMacFilter function buffer overflow vulnerability
The Tenda AC18 is a router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC18 version V15.03.05.19, which is caused by the addWifiMacFilter function not checking the length and size of the input data, and can be exploited to cause a denial of service...
Tenda AC1200 Command Injection Vulnerability
Tenda AC1200 is a wireless router from Tenda, China.A command injection vulnerability exists in the IPsecLocalNet and IPsecRemoteNet parameters of the Tenda AC1200 setIPsecTunnelList function. An attacker can exploit this vulnerability to perform command injection...
Siemens POWER METER SICAM Q100 Input Validation Error Vulnerability (CNVD-2022-75538)
The POWER METER SICAM Q100 is a multifunctional device used to detect, report and analyze measured values and events. Siemens POWER METER SICAM Q100 is vulnerable to an input validation error, which could be exploited by an attacker to crash the device followed by an automatic reboot or execute...
Google Chrome Security Bypass Vulnerability (CNVD-2022-85084)
Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome, which is caused by insufficient data validation in the bypass file system. An attacker could use this vulnerability to bypass security restrictions...
Oracle MySQL Denial of Service Vulnerability (CNVD-2022-91134)
Oracle MySQL is a relational database from Oracle Corporation. A denial of service vulnerability exists in the Server: Optimizer component of Oracle MySQL. An attacker can exploit this vulnerability to compromise MySQL Server by accessing the network over multiple protocols and cause it to hang o...
Dell GeoDrive DLL Hijacking Vulnerability
Dell GeoDrive is a free application from Dell Inc. It provides access to Dell EMC ECS and Atmos storage from Microsoft Windows desktops and servers. A DLL hijacking vulnerability exists in Dell GeoDrive versions prior to 2.2.3, which can be exploited by an attacker to execute arbitrary code on a...
Adobe ColdFusion XML External Entity Injection Vulnerability
Adobe ColdFusion is a rapid application development platform from Adobe, which includes an integrated development environment and scripting language. The platform includes an integrated development environment and scripting language.Adobe ColdFusion has an XML external entity injection...
Adobe ColdFusion XML External Entity Injection Vulnerability (CNVD-2023-08756)
Adobe ColdFusion is a rapid application development platform from Adobe, which includes an integrated development environment and scripting language. The platform includes an integrated development environment and scripting language.Adobe ColdFusion has an XML external entity injection...
Microsoft Windows USB Serial Driver Information Disclosure Vulnerability
Microsoft Windows is a set of operating systems for personal devices from Microsoft Corporation USA.Microsoft Windows USB Serial Driver is vulnerable to information disclosure, which stems from insufficient protection of sensitive information on network systems or products, and can be exploited b...
SAP 3D Visual Enterprise Author Buffer Overflow Vulnerability
SAP 3D Visual Enterprise Author is a desktop application from SAP Germany for managing 2D, 3D, animation, video and audio assets. SAP 3D Visual Enterprise Author suffers from a buffer overflow vulnerability that stems from a lack of proper memory management and could be exploited by an attacker t...
ZoneMinder has an unspecified vulnerability
ZoneMinder is an open source video surveillance software system that supports IP, USB and analog cameras. The system supports IP, USB and analog cameras, etc. A security vulnerability exists in ZoneMinder, which stems from the fact that an authenticated attacker can use the vulnerability to bypas...
TOTOLINK NR1800X UploadCustomModule Buffer Overflow Vulnerability
TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE from China-based Gion Electronics TOTOLINK, designed to provide fast and easy deployment of NR fixed data services for homes and offices.A buffer overflow vulnerability exists in TOTOLINK NR1800X V9.1.0u.6279B20210910 version, whic...
Tacitine Firewall EN6200 Command Injection Vulnerability
Tacitine Firewall EN6200 is a series of firewalls from Tacitine. The Tacitine Firewall EN6200 suffers from a command injection vulnerability that stems from improper control of code generation in the web-based management interface of the Tacitine-Firewall. An unauthenticated, remote attacker coul...