131102 matches found
Google Chrome Security Feature Issue Vulnerability (CNVD-2022-15154)
Google Chrome is a web browser from Google, Inc. Google Chrome is vulnerable to a security feature that could be exploited by attackers to bypass site quarantine via crafted HTML pages...
Caldera Access Control Error Vulnerability (CNVD-2022-08044)
Caldera is a suite of software from Caldera France that provides color management, imaging and processing solutions for printer devices. Caldera suffers from an Access Control Error vulnerability in version 2.8.1 and earlier, which stems from the software's failure to properly segregate user...
Google Android Competitive Conditions Issue Vulnerability (CNVD-2022-15197)
Google Android is a Linux-based open source operating system from Google. A competitive conditions issue vulnerability exists in Google Android, which can be exploited by an attacker to cause a local privilege escalation...
Linux kernel has unspecified vulnerabilities (CNVD-2022-06900)
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel has a security vulnerability that can be exploited by an attacker to trigger a memory corruption in the Linux kernel via RCU file reference GC to trigger a denial of service and possibly run...
Apache Kylin Access Control Error Vulnerability
Apache Kylin is an open source distributed analytic data warehouse from the Apache Foundation. The product mainly provides SQL query interface and multidimensional analysis OLAP on top of Hadoop/Spark, etc. An access control error vulnerability exists in Apache kylin, which stems from allowing...
Shopware Open Redirect Vulnerability
Shopware is a set of open source e-commerce software from the German company Shopware. shopware has an open redirect vulnerability in versions prior to 5.7.7, which stems from incomplete URL handling in shopware routing and can be exploited by attackers to redirect users to arbitrary websites...
ILM OpenEXR Buffer Overflow Vulnerability
ILM OpenEXR is an image file format from Industrial Light and Magic ILM for high dynamic range HDR images. ILM OpenEXR is vulnerable to a buffer overflow vulnerability that can be exploited by attackers to cause a buffer overflow...
Huawei WS318n Cross-Site Scripting Vulnerability
Huawei WS318n is a router from Huawei China.The Huawei WS318n product suffers from a cross-site scripting vulnerability in the network settings interface, which stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit the vulnerability to execute...
Celery Command Injection Vulnerability
celery is an open source package for distributed task queues. A command injection vulnerability exists in celery versions prior to 5.2.2, which can be exploited by an attacker to access or somehow manipulate metadata in the celery backend, triggering a stored command injection vulnerability...
Linux kernel competition condition issue vulnerability (CNVD-2022-21490)
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. kernel is one of the kernel-based virtual machines. overlayfs is one of the file systems. a security vulnerability exists in Linux kernel, which stems from a contention condition issue in the overlayfs...
Microsoft Message Queuing Information Disclosure Vulnerability
Microsoft Message Queuing technology allows applications running at different times to communicate on heterogeneous networks and systems that are temporarily offline.An information disclosure vulnerability exists in Microsoft Message Queuing. An attacker could exploit this vulnerability to execut...
Linux kernel information disclosure vulnerability (CNVD-2021-102393)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the U.S. KVM is one of the kernel-based virtual machines. overlayfs is one of the file systems. A security vulnerability exists in the Linux kernel that stems from a reference count leak in...
Apache Log4j Code Execution Vulnerability
Apache Log4j is a Java-based open source logging tool from the Apache Foundation. Apache Log4j 1.2 is vulnerable to a code issue that could be exploited by attackers to run code via JMSApender deserialization...
Apache Hadoop Yarn RPC Unauthorized Command Execution Vulnerability
Apache Hadoop is a distributed infrastructure. Apache Hadoop Yarn RPC Unauthorized Command Execution vulnerability can be exploited by attackers to gain control of the server...
Google Chrome has an unspecified vulnerability (CNVD-2021-92469)
Google Chrome is a web browser from Google, Inc. A security vulnerability exists in versions of Google Chrome prior to 95.0.4638.69, which stems from insufficient Autofill policy enforcement. An attacker could exploit this vulnerability to leak cross-source data via specially crafted HTML pages...
IBM MQ Denial of Service Vulnerability (CNVD-2021-93631)
IBM MQ formerly IBM WebSphere MQ is a robust, secure and reliable messaging middleware. a denial of service vulnerability exists in IBM MQ versions 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, 9.2 CD. The vulnerability stems from incorrectly processed messages. An attacker could exploit the...
Google TensorFlow code issue vulnerability (CNVD-2022-09869)
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow has a code issue vulnerability that can be exploited by an attacker to cause the program to crash...
Trend Micro Antivirus for Mac Access Control Error Vulnerability
Trend Micro Antivirus for Mac is a Mac-based antivirus software from Trend Micro, Inc. An access control error vulnerability exists in Trend Micro Antivirus for Mac, which is caused by improper access restrictions. A local attacker could exploit the vulnerability to run specially crafted programs...
WordPress plugin Popular Posts arbitrary file upload vulnerability
WordPress is a blogging platform developed using the PHP language, which supports setting up personal blogging sites on PHP and MySQL servers. WordPress plugin Popular Posts 5.3.2 and previous versions are vulnerable to arbitrary file uploads. An attacker could exploit the vulnerability to upload...
Google Chrome CORS security bypass vulnerability
Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome due to inadequate enforcement of cross-domain resource sharing policies in the software. An attacker could use this vulnerability to bypass security restrictions...
BlueZ Resource Management Error Vulnerability (CNVD-2021-92546)
BlueZ is a Bluetooth protocol stack written in C that is primarily used to provide support for the core Bluetooth layer and protocol. blueZ is vulnerable to a resource management error that stems from a vulnerability in the affected version of sdp's cstate alloc buf, which allocates memory that...
Microsoft Windows Media Foundation Remote Code Execution Vulnerability
Microsoft Windows Media Foundation is a next-generation multimedia platform for Windows that enables developers, consumers, and content providers to embrace a new wave of advanced content with greater robustness, unparalleled quality, and seamless interaction. microsoft Windows Media Foundation...
Microsoft Windows Diagnostic Hub Elevation of Privilege Vulnerability
Microsoft Windows Diagnostic Hub is an application from Microsoft Corporation USA. It is not only a task manager, but also a device diagnostic center. This application combines Windows developer tools with UWP functionality to access new information and features.Microsoft Windows Diagnostic Hub i...
Microsoft Excel Remote Code Execution Vulnerability (CNVD-2021-102060)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft Corporation USA.Microsoft Excel is vulnerable to remote code execution. An attacker could exploit this vulnerability to execute code on the target host...
Siemens Nucleus ReadyStart incorrect access vulnerability
Siemens Nucleus ReadyStart is a bundled solution from Siemens Germany. It is used to accelerate the fast startup of complete systems and provides a rich board-level support package Bsp. Siemens Nucleus ReadyStart suffers from an incorrect access vulnerability that could be exploited by an attacke...
Adobe RoboHelp Server Path Traversal Vulnerability (CNVD-2021-94145)
Adobe RoboHelp Server is a server-based application for FrameMaker and RoboHelp enterprise users. a path traversal vulnerability exists in Adobe RoboHelp Server RHS2020.0.1 and earlier versions. An attacker could exploit this vulnerability to execute arbitrary code...
Adobe Prelude Memory Buffer Out-of-Bounds Access Vulnerability (CNVD-2021-92811)
Adobe Prelude is a video recording and capture tool designed for intuitive and efficient media organization and metadata entry to quickly tag and transcode video footage and quickly create rough cuts.Adobe Prelude 10.1 and earlier versions are vulnerable to an out-of-bounds memory buffer access...
Google Go buffer error vulnerability
A buffer error vulnerability exists in Google Go, a statically strongly typed, compiled, concurrent, and garbage collected programming language from Google, Inc. An attacker could exploit this vulnerability to execute remote code. The following products and versions are affected: Google Go versio...
Vim Buffer Overflow Vulnerability (CNVD-2022-05073)
Vim is a UNIX-based editor. Vim is vulnerable to a buffer overflow vulnerability that can be exploited by attackers to cause a heap buffer overflow...
Google Chrome iFrame Sandbox improperly implemented vulnerability
Chrome is a web browsing tool developed by Google. iFrame Sandbox is improperly implemented in versions prior to Google Chrome 95.0.4638.54. An attacker could exploit this vulnerability to bypass navigation restrictions via crafted HTML pages...
Oracle MySQL Server Denial of Service Vulnerability (CNVD-2021-81775)
Oracle MySQL Server is a relational database from Oracle Corporation. A denial of service vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to cause the MySQL server to hang or crash frequently and repeatedly...
Oracle MySQL Cluster Buffer Overflow Vulnerability (CNVD-2022-18216)
MySQL Cluster is a write-scalable, real-time, ACID-compliant transactional database designed to guarantee 99.999% availability. A buffer overflow vulnerability exists in Oracle MySQL Cluster, which stems from a failure to validate the correct length of user-supplied data before copying it to a...
Oracle Java SE and Oracle GraalVM Enterprise Edition Information Disclosure Vulnerability (CNVD-2021-81812)
Java SE stands for Java Platform Standard Edition and is used to develop and deploy Java applications for desktops, servers, and embedded devices and real-time environments.Oracle GraalVM Enterprise Edition is an Oracle-based multilingual virtual machine for enterprise Java SE. An information...
Cobbler authorization issue vulnerability
Cobbler is a Linux installation server that allows for quick setup of network installation environments.Cobbler is vulnerable to authorization issues in versions prior to 3.3.0.The vulnerability stems from a lack of authentication measures or insufficient authentication strength in the network...
Adobe Framemaker Buffer Overflow Vulnerability (CNVD-2021-102813)
Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. Adobe Framemaker suffers from a buffer overflow vulnerability that originates when a networked system or product...
Authentication bypass vulnerability in some Dahua products
Zhejiang Dahua Technology Co., Ltd. is a leading supplier and solution provider of surveillance products. Some Dahua products have an authentication bypass vulnerability, which can be exploited by attackers to bypass device authentication by constructing malicious data packets...
Tuxera NTFS-3G Buffer Overflow Vulnerability (CNVD-2021-72266)
Tuxera NTFS-3G is Finland's Tuxera company's set of open source , cross-platform for supporting NTFS partition read and write drivers . A security vulnerability exists in NTFS-3G that originates from an application's improper validation of certain NTFS metadata, which can be exploited by an...
Tuxera NTFS-3G Buffer Overflow Vulnerability (CNVD-2021-72275)
Tuxera NTFS-3G is Finland's Tuxera company's set of open source , cross-platform for supporting NTFS partition read and write drivers . NTFS-3G suffers from a buffer overflow vulnerability that can be exploited by attackers to potentially trigger out-of-bounds access via a crafted NTFS image...
Tuxera NTFS-3G Buffer Overflow Vulnerability (CNVD-2021-72271)
Tuxera NTFS-3G is Finland's Tuxera company's set of open source , cross-platform for supporting NTFS partition read and write drivers . NTFS-3G suffers from a buffer overflow vulnerability that can be exploited by an attacker to cause a possible heap buffer overflow, which could result in a memor...
libsolv buffer overflow vulnerability (CNVD-2021-69607)
libsolv is a library for checking package dependencies. libsolv versions prior to 0.7.17 are vulnerable to buffer overflow, which can be exploited by attackers to conduct denial-of-service attacks...
Tuxera NTFS-3G Buffer Overflow Vulnerability (CNVD-2021-72277)
Tuxera NTFS-3G is Finland's Tuxera company's set of open source , cross-platform for supporting NTFS partition read and write drivers . A buffer overflow vulnerability exists in NTFS-3G in versions prior to 2021.8.22. The vulnerability is caused by an application incorrectly validating certain NT...
XStream SSRF Vulnerability (CNVD-2021-67819)
XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and previous versions have a server-side request forgery vulnerability, which can be used by remote attackers to submit special requests that can obtain...
Google TensorFlow Arbitrary Code Execution Vulnerability
Google TensorFlow is an end-to-end open source machine learning platform. An arbitrary code execution vulnerability exists in Google TensorFlow versions prior to 2.6.0. The vulnerability stems from YAML deserialization. An attacker can exploit this vulnerability to execute arbitrary code...
Modesty Pdf2json code issue vulnerability
Modesty Pdf2json is a Java-based code library from Modesty's personal developer that allows PDF files to interact with Json files. PDF2JSON version 0.70 has a security vulnerability that stems from an issue found in the function DCTStream::getChar, which could be used by an attacker to cause a...
Google Chrome Protocol Handling Code Execution Vulnerability
Google Chrome is a web browser from Google, Inc. A security vulnerability exists in the protocol handling in versions of Google Chrome prior to 92.0.4515.107. A remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service condition...
Oracle MySQL Server Denial of Service Vulnerability (CNVD-2021-54390)
Oracle MySQL is an open source relational database management system from Oracle Corporation. A denial of service vulnerability exists in the Server: Optimizer component of Oracle MySQL Server 5.7.34, 8.0.25 and earlier versions. An attacker can exploit this vulnerability to cause MySQL Server to...
Arm Mbed TLS Buffer Over Read Vulnerability
ARM mbed TLS is a product from ARM UK that provides secure communication and encryption for mbed products. a security vulnerability exists in versions prior to Arm Mbed TLS 2.24.0, which stems from the program having a buffer that reads data excessively. No details of the vulnerability are...
Microsoft Windows/Windows Server Remote Code Execution Vulnerability (CNVD-2021-62471)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA.Microsoft Windows is a set of operating systems for personal devices.Microsoft Windows Server is a set of server operating systems. A remote code execution vulnerability exists in Font Driver Host in...
Microsoft HEVC Video Extensions Remote Code Execution Vulnerability (CNVD-2021-70130)
Microsoft HEVC Video Extensions is a video extension application from Microsoft Corporation USA. The application enables computers and devices to read High Efficiency Video Encoding or HEVC video.A remote code execution vulnerability exists in Microsoft HEVC Video Extensions. An attacker could...
Linux kernel MAX_RW_COUNT buffer overflow vulnerability
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A buffer overflow vulnerability exists in Linux kernel MAXRWCOUNT. An attacker can trigger a buffer overflow via MAXRWCOUNT in the Linux kernel to trigger a denial of service a...