131102 matches found
Mozilla Firefox Privilege Permission and Access Control Issue Vulnerability (CNVD-2021-90098)
Mozilla Firefox is an open source Web browser from the Mozilla Foundation, U.S. A permission permission and access control issue vulnerability exists in Mozilla Firefox for Android, which stems from Firefox allowing navigation via the intent:// protocol. A remote attacker could exploit the...
Six Apart Movable Type Cross-Site Scripting Vulnerability (CNVD-2022-22650)
Six Apart Movable Type MT is a blogging system from Six Apart, Inc. A cross-site scripting vulnerability exists in Six Apart Movable Type due to a lack of validation and escaping of user-supplied data in the "Create Entry, Page and Content Type" interface, which could be exploited by remote...
F5 BIG IP Advanced WAF and ASM Denial of Service Vulnerability
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. The F5 BIG IP Advanced WAF and ASM denial of service vulnerability causes a specific html return page can cause the bd proces...
XStream Arbitrary Code Execution Vulnerability (CNVD-2021-67818)
XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...
Exiv2 Assertion Failure Vulnerability
Exiv2 is a cross-platform C library and command-line utility for managing image metadata. exiv2 0.27.4 and earlier versions are vulnerable to an assertion failure. An attacker could exploit the vulnerability via specially crafted image files to cause a denial of service...
Linux kernel denial-of-service vulnerability (CNVD-2021-60519)
Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable due to a use-after-release and crash flaw in drivers/usb/host/max3421 hcd.c. In some cases, by removing the MAX-3421 USB device, an attacker can exploit the vulnerability to...
Foxit PDF Reader Resource Management Error Vulnerability
Foxit PDF Reader is a PDF reader from Foxit China. Foxit PDF Reader is vulnerable to resource management errors, which can be exploited by remote attackers to execute arbitrary code on the target system...
Google Golang Trust Management Issue Vulnerability
Google Golang is a statically strongly typed, compiled language from Google, U.S. A trust management issue vulnerability exists in Google Golang, which can be exploited by attackers to cause a TLS client panic...
Adobe Acrobat/Reader Out-of-Bounds Reading Vulnerability (CNVD-2021-70143)
Adobe Acrobat is a PDF editing software developed by Adobe. Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat/Reader has an out-of-bounds read vulnerability. An attacker can use the vulnerability to achieve arbitrary read/write system information in...
Ruby Information Disclosure Vulnerability (CNVD-2021-59129)
Ruby is a cross-platform, object-oriented, dynamically typed programming language developed by Yukihiro Matsumoto, a personal developer, and is vulnerable to information disclosure that could be exploited by attackers to extract information about other private and undisclosed services...
Advantech BB-ESWGP506-2SFP-T Hardcoded Vulnerability
The Advantech BB-ESWGP506-2SFP-T is an application from CHAAdvantech that provides an intelligent electric bus management system. A hard-coded vulnerability in the Advantech BB-ESWGP506-2SFP-T allows remote attackers to exploit the vulnerability to submit a special request, gain unauthorized acce...
Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66108)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows/Windows Server, which could be exploite...
Microsoft Windows and Windows Server Elevation of Privilege Vulnerability (CNVD-2021-61776)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. Microsoft Windows and Windows Server have an elevation of privilege vulnerability that can be exploited by...
Microsoft Windows/Windows Server Remote Code Execution Vulnerability (CNVD-2021-65600)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. A remote code execution vulnerability exists in Microsoft Windows/Windows Server. The vulnerability stems...
Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-90798)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows/Windows Server, which stems from a...
MiniUPnP MiniUPnPd Denial of Service Vulnerability
MiniUPnP is a UPnP tool that can be used for embedded systems. MiniUPnP A denial of service detail exists in MiniUPnPd. The vulnerability stems from improper design or implementation during code development of a networked system or product. An attacker can exploit the vulnerability to launch a...
Red Hat Ceph Denial of Service Vulnerability (CNVD-2019-02480)
Red Hat Ceph is a Linux petabyte-level distributed file system from Red Hat. The main goal of the system is to be designed as a distributed file system based on POSIX Portable Operating System Interface without a single point of failure, so that data can be fault-tolerant and seamless replication...
VLC media player arbitrary code execution vulnerability (CNVD-2018-12841)
VLC media player is a well-known multimedia player that can play video and audio in many formats. An arbitrary code execution vulnerability exists in VLC media player that allows attackers to execute arbitrary code in the context of a logged-in user via a crafted MKV file...
Microsoft SharePoint Remote Elevation of Privilege Vulnerability (CNVD-2018-07008)
Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 are both products of Microsoft Corporation, U.S.A. Microsoft Project Server is a suite of Project Portfolio Management PPM and day to day Microsoft Project Server is a project management solution for project portfolio...
Apache JMeter Remote Command Execution Vulnerability
Apache Jmeter is an open source Java application designed to test functional behavior and measure performance for load ... Apache JMeter suffers from a remote command execution vulnerability in distributed mode using an insecure RMI connection, which can be exploited by an attacker to execute...
Swagger Parser and Swagger codegen arbitrary code execution vulnerability
Swagger Parser is a Swagger cross-language REST API interface parser. swagger codegen is an API development tool. An arbitrary code execution vulnerability exists in the yaml parsing feature in Swagger Parser 1.0.30 and earlier and Swagger codegen 2.2.2 and earlier. An attacker can exploit this...
Red Hat CVS Command Injection Vulnerability
CVS is a free and open source version control system that can be used under a variety of Linux and Unix operating systems, and can also run on Microsoft Windows operating systems. A security vulnerability exists in CVS version 1.12.x. A remote attacker can exploit a repository with a specially...
swagger-ui cross-site scripting vulnerability (CNVD-2017-16019)
swagger-ui is a set of API online documentation generation and testing tools . A cross-site scripting vulnerability exists in versions of swagger-ui prior to 2.2.1. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...
Wireshark SoulSeek Parser Denial of Service Vulnerability
Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A denial-of-service vulnerability exists in the Wireshark SoulSeek parser, which allows ...
Red Hat Jboss Arbitrary Code Execution Vulnerability
Red Hat JBoss Application Server AS, also known as WildFly is the United States of America Red Hat Red Hat a JavaEE-based open source application server , it has a startup ultra-fast , lightweight , modular design , hot and parallel deployment , concise management , domain management and the firs...
DiskSavvy Enterprise Buffer Overflow Vulnerability
Flexense DiskSavvy is a disk space analyzer from Flexense USA. A buffer overflow vulnerability exists in the build-in web server of Flexense DiskSavvy Enterprise. A remote attacker could exploit the vulnerability to send a specially crafted URI request to conduct a denial of service or arbitrary...
Xabber User Simulation Vulnerability
Xabber for Android is an XMPP-based live chat OTR client for Android. A user emulation vulnerability exists in XMPP Xabber versions 1.0.30, 1.0.30 VIP and beta 1.0.3 through 1.0.74. Due to the program failing to implement 'XEP-0280: Message Carbons' correctly. A remote attacker can exploit this...
Oracle VM VirtualBox Local Vulnerability (CNVD-2017-00973)
Oracle VM VirtualBox is an open source virtual machine software from Oracle USA. A local security vulnerability exists in Oracle VM VirtualBox versions prior to 5.0.32 and prior to 5.1.14. An attacker could exploit this vulnerability to affect the integrity and availability of data...
Game Music Emulators Memory Corruption Vulnerability (CNVD-2017-00403)
Game Music Emulators. A memory corruption vulnerability exists in Game Music Emulators. A remote attacker could exploit this vulnerability to execute arbitrary code or trigger a denial of service...
Wireshark Catapult DCT2000 Parser Denial of Service Vulnerability
Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A denial of service vulnerability exists in the epan/dissectors/packet-catapult-dct2000....
Red Hat RESTEasy Denial of Service Vulnerability
RESTEasy is one of the JBoss open source project , is a RESTful Web Services framework. A denial of service vulnerability exists in Red Hat RESTEasy. An attacker could exploit this vulnerability to cause a denial of service...
Adobe ColdFusion Information Disclosure Vulnerability (CNVD-2016-07016)
Adobe ColdFusion is the United States of America Audobee Adobe a dynamic Web server products, which runs the CFML ColdFusion Markup Language is a programming language for Web applications. An information disclosure vulnerability exists in Adobe ColdFusion 11 Update 9 and earlier and ColdFusion 10...
Microsoft Kerberos Elevation of Privilege Vulnerability
Microsoft Windows is the popular computer operating system. Windows Kerberos re-adopts the NTLM Authentication Protocol as the default protocol if a password change request is not handled correctly during a domain account password change, an elevation of privilege vulnerability exists that can be...
Wolf CMS Metasploit module arbitrary file upload vulnerability (CNVD-2016-04300)
Wolf CMS is a content management system CMS.Metasploit is one of the security vulnerability detection tool components. An arbitrary file upload vulnerability exists in the Metasploit module of Wolf CMS version 0.8.2. An attacker can use this vulnerability to upload arbitrary files to the /public...
Claws-Mail 'src/codeconv.c' Stack Buffer Overflow Vulnerability
Claws-Mail is a mail client product based on GTK+ development. Claws-Mail suffers from a stack buffer overflow vulnerability that can be exploited by attackers to conduct denial of service attacks or execute arbitrary code...
CakePHP Security Bypass Vulnerability
CakePHP is the United States Cake Software Foundation of a MVC-based architecture , open source Web development framework. The framework has a flexible view caching , automatic generation of CRUD code and other features . A security vulnerability exists in CakePHP version 2.x and version 3.x befo...
Huawei Mate 7 Local Elevation of Privilege Vulnerability
Huawei Mate 7 is a smartphone developed by the domestic company Huawei. A security vulnerability exists on the Huawei Mate 7 TEEOS module that allows local attackers to exploit the vulnerability to elevate privileges...
python-dbusmock local code execution vulnerability
python-dbusmock is a Python library for creating simulated objects on the D-Bus. A security vulnerability exists in python-dbusmock that allows a local attacker to exploit the vulnerability to execute arbitrary code...
EyouCMS Deserialization Vulnerability
EyouCms Eyou CMS is an open source content management system CMS based on ThinkPHP. EyouCMS version 1.6.5 has a deserialization vulnerability, the vulnerability stems from the unsafe deserialization of the parameter channelid of the file /login.php in the receipt of user-submitted serialized data...
Code execution vulnerability in multiple Mozilla products (CNVD-2024-14979)
Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A code execution vulnerability exists in multiple Mozilla products that...
Linux Kernel suffers from a denial of service vulnerability (CNVD-2024-17902)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux Kernel has a denial of service vulnerability that can be exploited by attackers to conduct denial of service attacks...
File Upload Vulnerability in Wando ezOFFICE Collaboration Management Platform (CNVD-2024-14208)
Wando ezOFFICE collaborative management platform is a comprehensive information base application platform. A file upload vulnerability exists in Wando ezOFFICE Collaborative Management Platform, which can be exploited by an attacker to gain server privileges...
Cups Easy cross-site scripting vulnerability (CNVD-2024-11147)
Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the description parameter on the /cupseasylive/statemodify.php page. An attacker could...
Unspecified vulnerability in Linux kernel (CNVD-2024-06433)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel prior to version 6.4.12, which stems from a post-release reuse vulnerability in amdgpucswaitallfences in...
Unspecified vulnerability in Linux kernel (CNVD-2024-06428)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel version 6.7.1 and earlier, which stems from a crash due to a missing paramkernel-datasize check. No details of the vulnerability...
Microsoft Win32K Elevation of Privilege Vulnerability (CNVD-2024-11164)
Microsoft Win32k is a system file for Windows multi-user management from Microsoft USA. An elevation of privilege vulnerability exists in Microsoft Win32K, which can be exploited by an attacker to gain elevated privileges on a system...
SQL Injection Vulnerability in FineReport of Sailsoft Software Ltd.
Fansoft Software Ltd. is a professional big data BI and analytics platform provider in China. A SQL injection vulnerability exists in FineReport of FanSoft Software Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-9944413)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Foxit Reader Arbitrary File Creation Vulnerability
Foxit Reader is a Chinese Foxit Foxit company's a PDF document reader. Foxit Reader suffers from an arbitrary file creation vulnerability, which can be exploited by an attacker to create a file in any location via a specially crafted malicious file, resulting in the execution of arbitrary code...
Linux kernel competitive conditions issue vulnerability (CNVD-2024-1477122)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a Competitive Conditions Issue vulnerability, which stems from the presence of a competitive condition that could cause a local user to cause a system...