130997 matches found
Google Chrome Audio memory misreference vulnerability (CNVD-2023-65151)
Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 116.0.5845.96, which stems from a mix-up in instructions responsible for freeing memory in Audio. A remote attacker can exploit this vulnerability to...
Google Android elevation of privilege vulnerability (CNVD-2023-82067)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that originates from improper input validation in the readFrom module of Uri.java, which can be exploited by an attacker to gain elevated privileges...
Microsoft Office Visio Remote Code Execution Vulnerability (CNVD-2023-85902)
Microsoft Office Visio is responsible for drawing flowcharts and schematic diagrams in the Office software series of the American Microsoft Microsoft company. A remote code execution vulnerability exists in Microsoft Office Visio, which can be exploited by an attacker to execute arbitrary code on...
Microsoft Outlook Remote Code Execution Vulnerability (CNVD-2023-92208)
Microsoft Outlook is a suite of e-mail applications from the American company Microsoft. The Microsoft Outlook remote code execution vulnerability can be exploited by an attacker to execute arbitrary code on the system...
Adobe Acrobat Reader Post-Release Reuse Vulnerability
Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDF. Adobe Acrobat Reader has a post-release reuse vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2023-65509)
Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to cause unauthorized read access to a subset of MySQL Server accessible data...
Adobe Coldfusion Access Control Bypass Vulnerability
Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. An access control bypass vulnerability exists in Adobe Coldfusion, which can be exploited by an attacke...
Google Chrome PDF component memory misreference vulnerability (CNVD-2023-46113)
Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in the Google Chrome PDF component, which can be exploited by an attacker to execute arbitrary code on the system or cause an application to crash...
Google Chrome Code Execution Vulnerability (CNVD-2023-46125)
Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in Google Chrome, which can be exploited by an attacker to execute arbitrary code on a system or cause an application to crash...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2023-65513)
Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which can be exploited by attackers to cause unauthorized MySQL Server hangs or frequent repeated crashes...
Google Chrome Networking APIs Code Execution Vulnerability
Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in Google Chrome Networking APIs that stems from a memory reuse after release issue in the networking APIs. An attacker could exploit this vulnerability to execute arbitrary code on a system or...
Delta Electronics InfraSuite Device Master Deserialization Vulnerability (CNVD-2023-23887)
Delta Electronics InfraSuite Device Master is Delta Electronics' device for simplifying and automating critical equipment monitoring. A deserialization vulnerability in Delta Electronics InfraSuite Device Master versions prior to 1.0.5 can be exploited by an unauthenticated attacker to remotely...
Google TensorFlow Buffer Overflow Vulnerability (CNVD-2023-43888)
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from a buffer overflow vulnerability that originates from a boundary error in TAvgPoolGrad when handling untrusted input. A remote attacker could exploit the...
Google Chrome Navigation component code issue vulnerability
Google Chrome is a web browser from Google, an American company. A code issue vulnerability exists in versions prior to Google Chrome 111.0.5563.64, which stems from a weak policy enforcement issue in the Navigation component. A remote attacker can exploit the vulnerability to bypass the...
Oracle Business Intelligence Enterprise Edition has an unspecified vulnerability (CNVD-2023-05499)
Oracle Business Intelligence Enterprise Edition is an intelligent business analytics software from Oracle Corporation USA. Oracle Business Intelligence Enterprise Edition is a security vulnerability that can be exploited by a low-privilege attacker to compromise Oracle Business Intelligence...
Microsoft Exchange Server Elevation of Privilege Vulnerability (CNVD-2023-51374)
Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. An elevation of privilege vulnerability exists in Microsoft Exchange Server, which can be exploit...
Binary Vulnerability in Various Cisco Products (CNVD-2023-09623)
The RV340, RV340W, RV345, and RV345P are all small business VPN routers from Cisco. A binary vulnerability exists in several Cisco products, which can be exploited by an attacker to upload files for overwrite operations...
Arbitrary File Read Vulnerability in Istar Electronic Document Security Management System (CNVD-2023-09184)
Easetone electronic document security management system is an electronic document security encryption software. Yisetong Electronic Document Security Management System has an arbitrary file reading vulnerability that can be exploited by attackers to obtain sensitive information...
Mozilla Firefox Input Validation Error Vulnerability (CNVD-2023-03060)
Mozilla Firefox is an open source Web browser from the Mozilla Foundation. Mozilla Firefox is vulnerable to an input validation error that stems from a lack of ASN.1 parsing restrictions on error formats. An attacker could exploit this vulnerability to compromise the affected system...
kkFileView cross-site scripting vulnerability (CNVD-2023-00013)
kkFileView is China's Keking Technology Keking company's a Spring-Boot to create a file document online preview project . A cross-site scripting vulnerability exists in kkFileView, which stems from the setWatermarkAttribute function in the /picturesPreview file that allows an attacker to implemen...
Apache Traffic Server Cross-Site Scripting Vulnerability (CNVD-2023-03922)
Apache Traffic Server ATS is a set of scalable HTTP proxy and cache servers from the Apache Foundation. Apache Traffic Server suffers from a cross-site scripting vulnerability that can be exploited by attackers to cause cross-site scripting and cache poisoning attacks...
Apache Atlas path traversal vulnerability
Apache Atlas is a scalable and extensible set of core functional governance services from the Apache Foundation.Apache Atlas versions 0.8.4 through 2.2.0 have a path traversal vulnerability that stems from improper input validation in the import module, which could be exploited by an authenticate...
Microsoft Office Graphics remote code execution vulnerability (CNVD-2022-89423)
Microsoft Office is an office software suite product of the United States Microsoft Corporation Microsoft. Common components of the product include Word, Excel, Access, Powerpoint, FrontPage, etc. A remote code execution vulnerability exists in Microsoft Office Graphics. An attacker could exploit...
Siemens Parasolid out-of-bounds write vulnerability (CNVD-2022-89757)
An out-of-bounds write vulnerability exists in Siemens Parasolid, a geometric modeling kernel from Siemens, Germany, due to an out-of-bounds write beyond the end of the allocation structure contained in a specially crafted XB file parsed by the affected application. An attacker could exploit this...
Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2023-00609)
Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications and forms. The solution supports mobile content management, marketing and sales campaign management, and multi-site management, etc. A cross-site scripting vulnerabilit...
Siemens Teamcenter Visualization and JT2Go Stack Buffer Overflow Vulnerability
Siemens Teamcenter Visualization is a software that provides team collaboration capabilities for designing 2D and 3D scenes. Siemens JT2GO is a JT file viewer. Siemens Teamcenter Visualization and JT2Go are vulnerable to a stack buffer overflow vulnerability that could be exploited by an attacker...
Siemens Polarion ALM Host Header Injection Vulnerability
Polarion ALM is an application lifecycle management solution that improves the software development process with a single unified solution for requirements, coding, testing and release.A security vulnerability exists in Siemens Polarion ALM, which could be exploited by attackers to spoof host...
Google Chrome Accessibility code execution vulnerability
Google Chrome is a web browser from Google, Inc. A code execution vulnerability exists in Google Chrome Accessibility, which is caused by free usage in Accessibility. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service...
APsystems Access Control Error Vulnerability
APsystems is a microinverter from APsystems, Inc. Combining high efficiency power conversion with a user-friendly monitoring interface, it brings you reliable and smart energy. An access control error vulnerability exists in APsystems ENERGY COMMUNICATION UNIT ECU-C Power Control Software version...
Binary vulnerability in libarchive (CNVD-2022-90746)
libarchive is a multi-format archive and compression library. A binary vulnerability exists in libarchive, which can be exploited by attackers to execute arbitrary code...
D-Link DIR-823G OS Command Injection Vulnerability (CNVD-2022-81490)
D-Link DIR-823G is a wireless router from D-Link, a Chinese company. A security vulnerability exists in D-Link DIR-823G firmware version 1.02B03, which stems from its HNAP API function allowing an attacker to implement arbitrary operating system command execution via a carefully crafted HNAP1...
NdkAdvancedCustomizationFields Server-Side Request Forgery Vulnerability
NdkAdvancedCustomizationFields is an advanced customization field from Ndk. A server-side request forgery vulnerability exists in NdkAdvancedCustomizationFields 3.5.0 and prior versions, which stems from rotateimg.php failing to properly validate user input. An attacker could use this vulnerabili...
Unspecified Vulnerability in Super Xray
Super Xray is an excellent vulnerability scanning tool by 4ra1n individual developers. A security vulnerability exists in Super Xray version 0.2-beta Linux and Mac OS systems, which can be exploited by attackers to elevate privileges...
Google TensorFlow BaseCandidateSamplerOp Buffer Error Vulnerability
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A buffer error vulnerability exists in Google TensorFlow versions prior to 2.8.4, 2.9.0 and later, and prior to 2.9.3, which stems from a lack of validation of user-supplied data in the...
Google TensorFlow Input Validation Error Vulnerability (CNVD-2023-15780)
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. Google TensorFlow is vulnerable to an input validation error that could be exploited by an attacker to cause a denial of service...
Google TensorFlow tf.raw_ops.ImageProjectiveTransformV2 buffer overflow vulnerability
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A buffer overflow vulnerability exists in Google TensorFlow versions prior to 2.8.4, 2.9.0 and later, and 2.9.3 and earlier, which stems from a lack of proper validation of user-supplied data in...
automotive shop management system SQL injection vulnerability (CNVD-2022-87033)
Automotive Shop Management System is an automotive shop management system by the individual developer Carlo Montero. Automotive Shop Management System v1.0 suffers from a SQL injection vulnerability. The vulnerability stems from a lack of validation of the...
LAVA Denial of Service Vulnerability
LAVA is a continuous integration system open sourced by LAVA. It is used to deploy operating systems to physical and virtual hardware to run tests.A denial of service vulnerability exists in versions of LAVA prior to 2022.11. The vulnerability stems from the fact that a user with valid credential...
Student Attendance Management System Cross-Site Scripting Vulnerability
Student Attendance Management System is a student attendance management system. The vulnerability is caused by the lack of effective filtering and escaping of user-supplied data in the className parameter of the createClass.php file, which can be exploited to cause cross-site scripting attacks...
FreeRDP Buffer Overflow Vulnerability (CNVD-2022-78857)
FreeRDP is an open source implementation of the Remote Desktop Protocol RDP from the FreeRDP team.FreeRDP suffers from a buffer overflow vulnerability that stems from an out-of-bounds read in the ZGFX decoder component. No detailed vulnerability details are currently available...
IBM CICS TX Encryption Issue Vulnerability
IBM CICS TX is a comprehensive, single transaction runtime package from International Business Machines IBM. IBM CICS TX version 11.1 is vulnerable to an encryption issue that stems from the use of a weaker-than-expected encryption algorithm, which could be exploited by an attacker to decrypt...
Fortinet FortiSOAR Rights Management Error Vulnerability
FortiSOAR is a Security Orchestration, Automation and Response SOAR solution from Fortinet, U.S.A. Fortinet FortiSOAR is vulnerable to a privilege management error. An attacker could exploit this vulnerability to execute arbitrary Python commands with root privileges...
Huawei HarmonyOS Elevation of Privilege Vulnerability (CNVD-2022-78140)
Huawei HarmonyOS is an operating system from Huawei China. Huawei HarmonyOS is vulnerable to an elevation of privilege vulnerability caused by a serialization/deserialization mismatch in the AMS module. An attacker could exploit this vulnerability to elevate privileges...
Grafana Account Enumeration Vulnerability
Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface. The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus, etc. Grafana has a security vulnerability that stems from the fact that an attacker can bypass access...
SAP GUI OS Command Injection Vulnerability
SAP GUI is an application of SAP, the graphical user interface of the SAP system. SAP GUI is vulnerable to operating system command injection, which results from the failure of the network system or product to properly filter special characters, commands, etc. during the execution of commands...
Aruba Networks ArubaOS Buffer Overflow Vulnerability (CNVD-2022-75543)
Aruba Networks ArubaOS, an operating system for Aruba Mobility-Defined Networks including mobile controllers and mobile access switches from Aruba Networks, is vulnerable to a buffer overflow vulnerability. An attacker could exploit this vulnerability to cause unauthenticated remote code executio...
Siemens JT2Go and Teamcenter Visualization Out-of-Bounds Read Vulnerability (CNVD-2022-75551)
JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML, and available JT, VFZ, CGM, and TIF data. teamcenter Visualization enables companies to enhance their product lifecycle management PLM environments with a comprehensive family of visualization solutions. The...
Apache Spark Injection Vulnerability
Apache Spark, a large-scale data processing engine from the Apache Foundation that supports acyclic data streaming and in-memory computing, is vulnerable to injection. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in a user's web browser...
Apple tvOS Resource Management Error Vulnerability
Apple tvOS is a smart TV operating system from Apple, Inc. Apple tvOS has a security vulnerability that originates from post-release reuse and can be exploited by attackers to execute arbitrary code with kernel privileges...
Oracle MySQL Shell Information Disclosure Vulnerability (CNVD-2023-01495)
Oracle MySQL Server is a relational database from Oracle Corporation. An information disclosure vulnerability exists in the Shell: Core Client component of Oracle MySQL. An attacker can exploit this vulnerability to corrupt the MySQL Shell and gain unauthorized access to a subset of MySQL...