Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2021/09/09 12:0 a.m.•35 views

Mozilla Firefox Privilege Permission and Access Control Issue Vulnerability (CNVD-2021-90098)

Mozilla Firefox is an open source Web browser from the Mozilla Foundation, U.S. A permission permission and access control issue vulnerability exists in Mozilla Firefox for Android, which stems from Firefox allowing navigation via the intent:// protocol. A remote attacker could exploit the...

8.1CVSS4.5AI score0.00703EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/27 12:0 a.m.•35 views

Six Apart Movable Type Cross-Site Scripting Vulnerability (CNVD-2022-22650)

Six Apart Movable Type MT is a blogging system from Six Apart, Inc. A cross-site scripting vulnerability exists in Six Apart Movable Type due to a lack of validation and escaping of user-supplied data in the "Create Entry, Page and Content Type" interface, which could be exploited by remote...

6.1CVSS1.9AI score0.009EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/26 12:0 a.m.•35 views

F5 BIG IP Advanced WAF and ASM Denial of Service Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. The F5 BIG IP Advanced WAF and ASM denial of service vulnerability causes a specific html return page can cause the bd proces...

7.5CVSS2AI score0.00468EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/23 12:0 a.m.•35 views

XStream Arbitrary Code Execution Vulnerability (CNVD-2021-67818)

XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...

8.5CVSS6.4AI score0.04457EPSS
Exploits1References1
CNVD
CNVD
•added 2021/08/10 12:0 a.m.•35 views

Exiv2 Assertion Failure Vulnerability

Exiv2 is a cross-platform C library and command-line utility for managing image metadata. exiv2 0.27.4 and earlier versions are vulnerable to an assertion failure. An attacker could exploit the vulnerability via specially crafted image files to cause a denial of service...

5.5CVSS5.3AI score0.01104EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/10 12:0 a.m.•35 views

Linux kernel denial-of-service vulnerability (CNVD-2021-60519)

Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable due to a use-after-release and crash flaw in drivers/usb/host/max3421 hcd.c. In some cases, by removing the MAX-3421 USB device, an attacker can exploit the vulnerability to...

6.8CVSS2.5AI score0.00333EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/29 12:0 a.m.•35 views

Foxit PDF Reader Resource Management Error Vulnerability

Foxit PDF Reader is a PDF reader from Foxit China. Foxit PDF Reader is vulnerable to resource management errors, which can be exploited by remote attackers to execute arbitrary code on the target system...

6.8CVSS5.7AI score0.019EPSS
Exploits1Affected Software1
CNVD
CNVD
•added 2021/07/19 12:0 a.m.•35 views

Google Golang Trust Management Issue Vulnerability

Google Golang is a statically strongly typed, compiled language from Google, U.S. A trust management issue vulnerability exists in Google Golang, which can be exploited by attackers to cause a TLS client panic...

6.5CVSS3.8AI score0.06975EPSS
Exploits1References1
CNVD
CNVD
•added 2021/07/14 12:0 a.m.•35 views

Adobe Acrobat/Reader Out-of-Bounds Reading Vulnerability (CNVD-2021-70143)

Adobe Acrobat is a PDF editing software developed by Adobe. Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat/Reader has an out-of-bounds read vulnerability. An attacker can use the vulnerability to achieve arbitrary read/write system information in...

8.8CVSS3.5AI score0.02763EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/12 12:0 a.m.•35 views

Ruby Information Disclosure Vulnerability (CNVD-2021-59129)

Ruby is a cross-platform, object-oriented, dynamically typed programming language developed by Yukihiro Matsumoto, a personal developer, and is vulnerable to information disclosure that could be exploited by attackers to extract information about other private and undisclosed services...

5.8CVSS3AI score0.0305EPSS
Exploits1References1
CNVD
CNVD
•added 2021/03/01 12:0 a.m.•35 views

Advantech BB-ESWGP506-2SFP-T Hardcoded Vulnerability

The Advantech BB-ESWGP506-2SFP-T is an application from CHAAdvantech that provides an intelligent electric bus management system. A hard-coded vulnerability in the Advantech BB-ESWGP506-2SFP-T allows remote attackers to exploit the vulnerability to submit a special request, gain unauthorized acce...

10CVSS7.1AI score0.03612EPSS
Exploits0References1
CNVD
CNVD
•added 2020/11/13 12:0 a.m.•35 views

Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66108)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows/Windows Server, which could be exploite...

7.8CVSS4.2AI score0.01399EPSS
Exploits0References1
CNVD
CNVD
•added 2020/10/16 12:0 a.m.•35 views

Microsoft Windows and Windows Server Elevation of Privilege Vulnerability (CNVD-2021-61776)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. Microsoft Windows and Windows Server have an elevation of privilege vulnerability that can be exploited by...

7.8CVSS5.1AI score0.00859EPSS
Exploits0References1
CNVD
CNVD
•added 2020/09/10 12:0 a.m.•35 views

Microsoft Windows/Windows Server Remote Code Execution Vulnerability (CNVD-2021-65600)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. A remote code execution vulnerability exists in Microsoft Windows/Windows Server. The vulnerability stems...

9.3CVSS3.3AI score0.04905EPSS
Exploits0References1
CNVD
CNVD
•added 2020/09/10 12:0 a.m.•35 views

Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-90798)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows/Windows Server, which stems from a...

7.8CVSS3.3AI score0.00777EPSS
Exploits0References1
CNVD
CNVD
•added 2019/05/15 12:0 a.m.•35 views

MiniUPnP MiniUPnPd Denial of Service Vulnerability

MiniUPnP is a UPnP tool that can be used for embedded systems. MiniUPnP A denial of service detail exists in MiniUPnPd. The vulnerability stems from improper design or implementation during code development of a networked system or product. An attacker can exploit the vulnerability to launch a...

7.5CVSS7AI score0.02575EPSS
Exploits1References1
CNVD
CNVD
•added 2019/01/18 12:0 a.m.•35 views

Red Hat Ceph Denial of Service Vulnerability (CNVD-2019-02480)

Red Hat Ceph is a Linux petabyte-level distributed file system from Red Hat. The main goal of the system is to be designed as a distributed file system based on POSIX Portable Operating System Interface without a single point of failure, so that data can be fault-tolerant and seamless replication...

6.5CVSS6.6AI score0.02136EPSS
Exploits0References1
CNVD
CNVD
•added 2018/07/11 12:0 a.m.•35 views

VLC media player arbitrary code execution vulnerability (CNVD-2018-12841)

VLC media player is a well-known multimedia player that can play video and audio in many formats. An arbitrary code execution vulnerability exists in VLC media player that allows attackers to execute arbitrary code in the context of a logged-in user via a crafted MKV file...

8CVSS8AI score0.40612EPSS
Exploits10References1
CNVD
CNVD
•added 2018/03/14 12:0 a.m.•35 views

Microsoft SharePoint Remote Elevation of Privilege Vulnerability (CNVD-2018-07008)

Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 are both products of Microsoft Corporation, U.S.A. Microsoft Project Server is a suite of Project Portfolio Management PPM and day to day Microsoft Project Server is a project management solution for project portfolio...

8.8CVSS7.3AI score0.04708EPSS
Exploits0References1
CNVD
CNVD
•added 2018/02/24 12:0 a.m.•35 views

Apache JMeter Remote Command Execution Vulnerability

Apache Jmeter is an open source Java application designed to test functional behavior and measure performance for load ... Apache JMeter suffers from a remote command execution vulnerability in distributed mode using an insecure RMI connection, which can be exploited by an attacker to execute...

9.8CVSS7.8AI score0.10096EPSS
Exploits0References1
CNVD
CNVD
•added 2017/11/29 12:0 a.m.•35 views

Swagger Parser and Swagger codegen arbitrary code execution vulnerability

Swagger Parser is a Swagger cross-language REST API interface parser. swagger codegen is an API development tool. An arbitrary code execution vulnerability exists in the yaml parsing feature in Swagger Parser 1.0.30 and earlier and Swagger codegen 2.2.2 and earlier. An attacker can exploit this...

8.8CVSS8.2AI score0.01623EPSS
Exploits0References1
CNVD
CNVD
•added 2017/08/15 12:0 a.m.•35 views

Red Hat CVS Command Injection Vulnerability

CVS is a free and open source version control system that can be used under a variety of Linux and Unix operating systems, and can also run on Microsoft Windows operating systems. A security vulnerability exists in CVS version 1.12.x. A remote attacker can exploit a repository with a specially...

7.5CVSS7.9AI score0.05968EPSS
Exploits1References1
CNVD
CNVD
•added 2017/06/29 12:0 a.m.•35 views

swagger-ui cross-site scripting vulnerability (CNVD-2017-16019)

swagger-ui is a set of API online documentation generation and testing tools . A cross-site scripting vulnerability exists in versions of swagger-ui prior to 2.2.1. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

6.1CVSS6.1AI score0.01028EPSS
Exploits0References1
CNVD
CNVD
•added 2017/06/06 12:0 a.m.•35 views

Wireshark SoulSeek Parser Denial of Service Vulnerability

Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A denial-of-service vulnerability exists in the Wireshark SoulSeek parser, which allows ...

7.8CVSS8.8AI score0.03436EPSS
Exploits0References1
CNVD
CNVD
•added 2017/05/23 12:0 a.m.•35 views

Red Hat Jboss Arbitrary Code Execution Vulnerability

Red Hat JBoss Application Server AS, also known as WildFly is the United States of America Red Hat Red Hat a JavaEE-based open source application server , it has a startup ultra-fast , lightweight , modular design , hot and parallel deployment , concise management , domain management and the firs...

9.8CVSS8.2AI score0.29323EPSS
Exploits5References1
CNVD
CNVD
•added 2017/02/23 12:0 a.m.•35 views

DiskSavvy Enterprise Buffer Overflow Vulnerability

Flexense DiskSavvy is a disk space analyzer from Flexense USA. A buffer overflow vulnerability exists in the build-in web server of Flexense DiskSavvy Enterprise. A remote attacker could exploit the vulnerability to send a specially crafted URI request to conduct a denial of service or arbitrary...

9.8CVSS8.2AI score0.33052EPSS
Exploits7References1
CNVD
CNVD
•added 2017/02/10 12:0 a.m.•35 views

Xabber User Simulation Vulnerability

Xabber for Android is an XMPP-based live chat OTR client for Android. A user emulation vulnerability exists in XMPP Xabber versions 1.0.30, 1.0.30 VIP and beta 1.0.3 through 1.0.74. Due to the program failing to implement 'XEP-0280: Message Carbons' correctly. A remote attacker can exploit this...

5.9CVSS7AI score0.00783EPSS
Exploits2References1
CNVD
CNVD
•added 2017/01/20 12:0 a.m.•35 views

Oracle VM VirtualBox Local Vulnerability (CNVD-2017-00973)

Oracle VM VirtualBox is an open source virtual machine software from Oracle USA. A local security vulnerability exists in Oracle VM VirtualBox versions prior to 5.0.32 and prior to 5.1.14. An attacker could exploit this vulnerability to affect the integrity and availability of data...

8.4CVSS6.3AI score0.00381EPSS
Exploits0References1
CNVD
CNVD
•added 2017/01/10 12:0 a.m.•35 views

Game Music Emulators Memory Corruption Vulnerability (CNVD-2017-00403)

Game Music Emulators. A memory corruption vulnerability exists in Game Music Emulators. A remote attacker could exploit this vulnerability to execute arbitrary code or trigger a denial of service...

7.8CVSS8.1AI score0.0233EPSS
Exploits1References1
CNVD
CNVD
•added 2016/09/14 12:0 a.m.•35 views

Wireshark Catapult DCT2000 Parser Denial of Service Vulnerability

Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A denial of service vulnerability exists in the epan/dissectors/packet-catapult-dct2000....

5.9CVSS7.7AI score0.02359EPSS
Exploits0References1
CNVD
CNVD
•added 2016/09/06 12:0 a.m.•35 views

Red Hat RESTEasy Denial of Service Vulnerability

RESTEasy is one of the JBoss open source project , is a RESTful Web Services framework. A denial of service vulnerability exists in Red Hat RESTEasy. An attacker could exploit this vulnerability to cause a denial of service...

7.5CVSS7.4AI score0.04913EPSS
Exploits0References1
CNVD
CNVD
•added 2016/09/01 12:0 a.m.•35 views

Adobe ColdFusion Information Disclosure Vulnerability (CNVD-2016-07016)

Adobe ColdFusion is the United States of America Audobee Adobe a dynamic Web server products, which runs the CFML ColdFusion Markup Language is a programming language for Web applications. An information disclosure vulnerability exists in Adobe ColdFusion 11 Update 9 and earlier and ColdFusion 10...

8.6CVSS6AI score0.69044EPSS
Exploits7References1
CNVD
CNVD
•added 2016/08/10 12:0 a.m.•35 views

Microsoft Kerberos Elevation of Privilege Vulnerability

Microsoft Windows is the popular computer operating system. Windows Kerberos re-adopts the NTLM Authentication Protocol as the default protocol if a password change request is not handled correctly during a domain account password change, an elevation of privilege vulnerability exists that can be...

7.5CVSS7.2AI score0.17181EPSS
Exploits5References1
CNVD
CNVD
•added 2016/06/23 12:0 a.m.•35 views

Wolf CMS Metasploit module arbitrary file upload vulnerability (CNVD-2016-04300)

Wolf CMS is a content management system CMS.Metasploit is one of the security vulnerability detection tool components. An arbitrary file upload vulnerability exists in the Metasploit module of Wolf CMS version 0.8.2. An attacker can use this vulnerability to upload arbitrary files to the /public...

8.8CVSS7.2AI score0.10836EPSS
Exploits7References1
CNVD
CNVD
•added 2016/02/08 12:0 a.m.•35 views

Claws-Mail 'src/codeconv.c' Stack Buffer Overflow Vulnerability

Claws-Mail is a mail client product based on GTK+ development. Claws-Mail suffers from a stack buffer overflow vulnerability that can be exploited by attackers to conduct denial of service attacks or execute arbitrary code...

7.5CVSS7.7AI score0.02554EPSS
Exploits0References1
CNVD
CNVD
•added 2016/01/28 12:0 a.m.•35 views

CakePHP Security Bypass Vulnerability

CakePHP is the United States Cake Software Foundation of a MVC-based architecture , open source Web development framework. The framework has a flexible view caching , automatic generation of CRUD code and other features . A security vulnerability exists in CakePHP version 2.x and version 3.x befo...

8.8CVSS7.2AI score0.01401EPSS
Exploits2References1
CNVD
CNVD
•added 2015/05/26 12:0 a.m.•35 views

Huawei Mate 7 Local Elevation of Privilege Vulnerability

Huawei Mate 7 is a smartphone developed by the domestic company Huawei. A security vulnerability exists on the Huawei Mate 7 TEEOS module that allows local attackers to exploit the vulnerability to elevate privileges...

7.6CVSS6.5AI score0.0092EPSS
Exploits0References1
CNVD
CNVD
•added 2015/05/26 12:0 a.m.•35 views

python-dbusmock local code execution vulnerability

python-dbusmock is a Python library for creating simulated objects on the D-Bus. A security vulnerability exists in python-dbusmock that allows a local attacker to exploit the vulnerability to execute arbitrary code...

9.3CVSS7.2AI score0.01815EPSS
Exploits0References1
CNVD
CNVD
•added 2024/04/10 12:0 a.m.•34 views

EyouCMS Deserialization Vulnerability

EyouCms Eyou CMS is an open source content management system CMS based on ThinkPHP. EyouCMS version 1.6.5 has a deserialization vulnerability, the vulnerability stems from the unsafe deserialization of the parameter channelid of the file /login.php in the receipt of user-submitted serialized data...

8.8CVSS7.3AI score0.00717EPSS
Exploits0References1
CNVD
CNVD
•added 2024/03/21 12:0 a.m.•34 views

Code execution vulnerability in multiple Mozilla products (CNVD-2024-14979)

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A code execution vulnerability exists in multiple Mozilla products that...

8.1CVSS7.7AI score0.00971EPSS
Exploits0References1
CNVD
CNVD
•added 2024/03/13 12:0 a.m.•34 views

Linux Kernel suffers from a denial of service vulnerability (CNVD-2024-17902)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux Kernel has a denial of service vulnerability that can be exploited by attackers to conduct denial of service attacks...

5.3CVSS6.6AI score0.00158EPSS
Exploits0
CNVD
CNVD
•added 2024/02/19 12:0 a.m.•34 views

File Upload Vulnerability in Wando ezOFFICE Collaboration Management Platform (CNVD-2024-14208)

Wando ezOFFICE collaborative management platform is a comprehensive information base application platform. A file upload vulnerability exists in Wando ezOFFICE Collaborative Management Platform, which can be exploited by an attacker to gain server privileges...

7AI score
Exploits0
CNVD
CNVD
•added 2024/01/30 12:0 a.m.•34 views

Cups Easy cross-site scripting vulnerability (CNVD-2024-11147)

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the description parameter on the /cupseasylive/statemodify.php page. An attacker could...

8.2CVSS6.2AI score0.00399EPSS
Exploits1References1
CNVD
CNVD
•added 2024/01/29 12:0 a.m.•34 views

Unspecified vulnerability in Linux kernel (CNVD-2024-06433)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel prior to version 6.4.12, which stems from a post-release reuse vulnerability in amdgpucswaitallfences in...

7.8CVSS6.7AI score0.00319EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/29 12:0 a.m.•34 views

Unspecified vulnerability in Linux kernel (CNVD-2024-06428)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel version 6.7.1 and earlier, which stems from a crash due to a missing paramkernel-datasize check. No details of the vulnerability...

5.5CVSS6.7AI score0.00296EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/12 12:0 a.m.•34 views

Microsoft Win32K Elevation of Privilege Vulnerability (CNVD-2024-11164)

Microsoft Win32k is a system file for Windows multi-user management from Microsoft USA. An elevation of privilege vulnerability exists in Microsoft Win32K, which can be exploited by an attacker to gain elevated privileges on a system...

7.8CVSS7.3AI score0.04207EPSS
Exploits0References1
CNVD
CNVD
•added 2023/12/24 12:0 a.m.•34 views

SQL Injection Vulnerability in FineReport of Sailsoft Software Ltd.

Fansoft Software Ltd. is a professional big data BI and analytics platform provider in China. A SQL injection vulnerability exists in FineReport of FanSoft Software Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

7.5AI score
Exploits0
CNVD
CNVD
•added 2023/12/15 12:0 a.m.•34 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-9944413)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS7.5AI score0.00597EPSS
Exploits0References1
CNVD
CNVD
•added 2023/11/30 12:0 a.m.•34 views

Foxit Reader Arbitrary File Creation Vulnerability

Foxit Reader is a Chinese Foxit Foxit company's a PDF document reader. Foxit Reader suffers from an arbitrary file creation vulnerability, which can be exploited by an attacker to create a file in any location via a specially crafted malicious file, resulting in the execution of arbitrary code...

8.8CVSS6.9AI score0.02001EPSS
Exploits1References1
CNVD
CNVD
•added 2023/11/24 12:0 a.m.•34 views

Linux kernel competitive conditions issue vulnerability (CNVD-2024-1477122)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a Competitive Conditions Issue vulnerability, which stems from the presence of a competitive condition that could cause a local user to cause a system...

4.7CVSS6.1AI score0.00275EPSS
Exploits1References1
Total number of security vulnerabilities5000