Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2022/01/24 12:0 a.m.•33 views

Google Chrome Security Feature Issue Vulnerability (CNVD-2022-15154)

Google Chrome is a web browser from Google, Inc. Google Chrome is vulnerable to a security feature that could be exploited by attackers to bypass site quarantine via crafted HTML pages...

6.5CVSS3.6AI score0.00743EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/16 12:0 a.m.•33 views

Caldera Access Control Error Vulnerability (CNVD-2022-08044)

Caldera is a suite of software from Caldera France that provides color management, imaging and processing solutions for printer devices. Caldera suffers from an Access Control Error vulnerability in version 2.8.1 and earlier, which stems from the software's failure to properly segregate user...

8.1CVSS8AI score0.0119EPSS
Exploits2References1
CNVD
CNVD
•added 2022/01/11 12:0 a.m.•33 views

Google Android Competitive Conditions Issue Vulnerability (CNVD-2022-15197)

Google Android is a Linux-based open source operating system from Google. A competitive conditions issue vulnerability exists in Google Android, which can be exploited by an attacker to cause a local privilege escalation...

7.8CVSS7.2AI score0.00157EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/11 12:0 a.m.•33 views

Linux kernel has unspecified vulnerabilities (CNVD-2022-06900)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel has a security vulnerability that can be exploited by an attacker to trigger a memory corruption in the Linux kernel via RCU file reference GC to trigger a denial of service and possibly run...

7CVSS3.3AI score0.0031EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/07 12:0 a.m.•33 views

Apache Kylin Access Control Error Vulnerability

Apache Kylin is an open source distributed analytic data warehouse from the Apache Foundation. The product mainly provides SQL query interface and multidimensional analysis OLAP on top of Hadoop/Spark, etc. An access control error vulnerability exists in Apache kylin, which stems from allowing...

7.5CVSS2.1AI score0.02338EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/06 12:0 a.m.•33 views

Shopware Open Redirect Vulnerability

Shopware is a set of open source e-commerce software from the German company Shopware. shopware has an open redirect vulnerability in versions prior to 5.7.7, which stems from incomplete URL handling in shopware routing and can be exploited by attackers to redirect users to arbitrary websites...

6.8CVSS2.9AI score0.00774EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/05 12:0 a.m.•33 views

ILM OpenEXR Buffer Overflow Vulnerability

ILM OpenEXR is an image file format from Industrial Light and Magic ILM for high dynamic range HDR images. ILM OpenEXR is vulnerable to a buffer overflow vulnerability that can be exploited by attackers to cause a buffer overflow...

5.5CVSS4AI score0.01772EPSS
Exploits1References1
CNVD
CNVD
•added 2021/12/30 12:0 a.m.•33 views

Huawei WS318n Cross-Site Scripting Vulnerability

Huawei WS318n is a router from Huawei China.The Huawei WS318n product suffers from a cross-site scripting vulnerability in the network settings interface, which stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit the vulnerability to execute...

4.2CVSS2.5AI score0.00168EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/30 12:0 a.m.•33 views

Celery Command Injection Vulnerability

celery is an open source package for distributed task queues. A command injection vulnerability exists in celery versions prior to 5.2.2, which can be exploited by an attacker to access or somehow manipulate metadata in the celery backend, triggering a stored command injection vulnerability...

7.5CVSS7.6AI score0.03877EPSS
Exploits1References1
CNVD
CNVD
•added 2021/12/21 12:0 a.m.•33 views

Linux kernel competition condition issue vulnerability (CNVD-2022-21490)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. kernel is one of the kernel-based virtual machines. overlayfs is one of the file systems. a security vulnerability exists in Linux kernel, which stems from a contention condition issue in the overlayfs...

4.7CVSS2AI score0.00213EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/19 12:0 a.m.•33 views

Microsoft Message Queuing Information Disclosure Vulnerability

Microsoft Message Queuing technology allows applications running at different times to communicate on heterogeneous networks and systems that are temporarily offline.An information disclosure vulnerability exists in Microsoft Message Queuing. An attacker could exploit this vulnerability to execut...

7.5CVSS1.5AI score0.02997EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/17 12:0 a.m.•33 views

Linux kernel information disclosure vulnerability (CNVD-2021-102393)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the U.S. KVM is one of the kernel-based virtual machines. overlayfs is one of the file systems. A security vulnerability exists in the Linux kernel that stems from a reference count leak in...

5.5CVSS6.5AI score0.00338EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/16 12:0 a.m.•33 views

Apache Log4j Code Execution Vulnerability

Apache Log4j is a Java-based open source logging tool from the Apache Foundation. Apache Log4j 1.2 is vulnerable to a code issue that could be exploited by attackers to run code via JMSApender deserialization...

7.5CVSS5.2AI score0.81147EPSS
Exploits9References1
CNVD
CNVD
•added 2021/11/29 12:0 a.m.•33 views

Apache Hadoop Yarn RPC Unauthorized Command Execution Vulnerability

Apache Hadoop is a distributed infrastructure. Apache Hadoop Yarn RPC Unauthorized Command Execution vulnerability can be exploited by attackers to gain control of the server...

4.5AI score
Exploits0
CNVD
CNVD
•added 2021/11/25 12:0 a.m.•33 views

Google Chrome has an unspecified vulnerability (CNVD-2021-92469)

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in versions of Google Chrome prior to 95.0.4638.69, which stems from insufficient Autofill policy enforcement. An attacker could exploit this vulnerability to leak cross-source data via specially crafted HTML pages...

4.3CVSS4.3AI score0.00842EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/24 12:0 a.m.•33 views

IBM MQ Denial of Service Vulnerability (CNVD-2021-93631)

IBM MQ formerly IBM WebSphere MQ is a robust, secure and reliable messaging middleware. a denial of service vulnerability exists in IBM MQ versions 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, 9.2 CD. The vulnerability stems from incorrectly processed messages. An attacker could exploit the...

6.5CVSS4.1AI score0.00979EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/24 12:0 a.m.•33 views

Google TensorFlow code issue vulnerability (CNVD-2022-09869)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow has a code issue vulnerability that can be exploited by an attacker to cause the program to crash...

5.5CVSS5.5AI score0.00181EPSS
Exploits1References1
CNVD
CNVD
•added 2021/11/21 12:0 a.m.•33 views

Trend Micro Antivirus for Mac Access Control Error Vulnerability

Trend Micro Antivirus for Mac is a Mac-based antivirus software from Trend Micro, Inc. An access control error vulnerability exists in Trend Micro Antivirus for Mac, which is caused by improper access restrictions. A local attacker could exploit the vulnerability to run specially crafted programs...

7.8CVSS4.3AI score0.00322EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/19 12:0 a.m.•33 views

WordPress plugin Popular Posts arbitrary file upload vulnerability

WordPress is a blogging platform developed using the PHP language, which supports setting up personal blogging sites on PHP and MySQL servers. WordPress plugin Popular Posts 5.3.2 and previous versions are vulnerable to arbitrary file uploads. An attacker could exploit the vulnerability to upload...

8.8CVSS3.7AI score0.79823EPSS
Exploits5References1
CNVD
CNVD
•added 2021/11/17 12:0 a.m.•33 views

Google Chrome CORS security bypass vulnerability

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome due to inadequate enforcement of cross-domain resource sharing policies in the software. An attacker could use this vulnerability to bypass security restrictions...

6.5CVSS3.8AI score0.00831EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/16 12:0 a.m.•33 views

BlueZ Resource Management Error Vulnerability (CNVD-2021-92546)

BlueZ is a Bluetooth protocol stack written in C that is primarily used to provide support for the core Bluetooth layer and protocol. blueZ is vulnerable to a resource management error that stems from a vulnerability in the affected version of sdp's cstate alloc buf, which allocates memory that...

6.5CVSS1.8AI score0.01101EPSS
Exploits1References1
CNVD
CNVD
•added 2021/11/12 12:0 a.m.•33 views

Microsoft Windows Media Foundation Remote Code Execution Vulnerability

Microsoft Windows Media Foundation is a next-generation multimedia platform for Windows that enables developers, consumers, and content providers to embrace a new wave of advanced content with greater robustness, unparalleled quality, and seamless interaction. microsoft Windows Media Foundation...

7.8CVSS5.3AI score0.0233EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/12 12:0 a.m.•33 views

Microsoft Windows Diagnostic Hub Elevation of Privilege Vulnerability

Microsoft Windows Diagnostic Hub is an application from Microsoft Corporation USA. It is not only a task manager, but also a device diagnostic center. This application combines Windows developer tools with UWP functionality to access new information and features.Microsoft Windows Diagnostic Hub i...

7.8CVSS3.7AI score0.00792EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/12 12:0 a.m.•33 views

Microsoft Excel Remote Code Execution Vulnerability (CNVD-2021-102060)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft Corporation USA.Microsoft Excel is vulnerable to remote code execution. An attacker could exploit this vulnerability to execute code on the target host...

7.8CVSS2.9AI score0.0207EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/11 12:0 a.m.•33 views

Siemens Nucleus ReadyStart incorrect access vulnerability

Siemens Nucleus ReadyStart is a bundled solution from Siemens Germany. It is used to accelerate the fast startup of complete systems and provides a rich board-level support package Bsp. Siemens Nucleus ReadyStart suffers from an incorrect access vulnerability that could be exploited by an attacke...

7.5CVSS2.5AI score0.01197EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/10 12:0 a.m.•33 views

Adobe RoboHelp Server Path Traversal Vulnerability (CNVD-2021-94145)

Adobe RoboHelp Server is a server-based application for FrameMaker and RoboHelp enterprise users. a path traversal vulnerability exists in Adobe RoboHelp Server RHS2020.0.1 and earlier versions. An attacker could exploit this vulnerability to execute arbitrary code...

9.3CVSS5.4AI score0.39401EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/27 12:0 a.m.•33 views

Adobe Prelude Memory Buffer Out-of-Bounds Access Vulnerability (CNVD-2021-92811)

Adobe Prelude is a video recording and capture tool designed for intuitive and efficient media organization and metadata entry to quickly tag and transcode video footage and quickly create rough cuts.Adobe Prelude 10.1 and earlier versions are vulnerable to an out-of-bounds memory buffer access...

7.8CVSS4AI score0.0169EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/24 12:0 a.m.•33 views

Google Go buffer error vulnerability

A buffer error vulnerability exists in Google Go, a statically strongly typed, compiled, concurrent, and garbage collected programming language from Google, Inc. An attacker could exploit this vulnerability to execute remote code. The following products and versions are affected: Google Go versio...

9.8CVSS5.4AI score0.10299EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/22 12:0 a.m.•33 views

Vim Buffer Overflow Vulnerability (CNVD-2022-05073)

Vim is a UNIX-based editor. Vim is vulnerable to a buffer overflow vulnerability that can be exploited by attackers to cause a heap buffer overflow...

7.8CVSS3.9AI score0.01389EPSS
Exploits1References1
CNVD
CNVD
•added 2021/10/21 12:0 a.m.•33 views

Google Chrome iFrame Sandbox improperly implemented vulnerability

Chrome is a web browsing tool developed by Google. iFrame Sandbox is improperly implemented in versions prior to Google Chrome 95.0.4638.54. An attacker could exploit this vulnerability to bypass navigation restrictions via crafted HTML pages...

6.5CVSS4.3AI score0.00792EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/20 12:0 a.m.•33 views

Oracle MySQL Server Denial of Service Vulnerability (CNVD-2021-81775)

Oracle MySQL Server is a relational database from Oracle Corporation. A denial of service vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to cause the MySQL server to hang or crash frequently and repeatedly...

4.9CVSS5.1AI score0.02431EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/20 12:0 a.m.•33 views

Oracle MySQL Cluster Buffer Overflow Vulnerability (CNVD-2022-18216)

MySQL Cluster is a write-scalable, real-time, ACID-compliant transactional database designed to guarantee 99.999% availability. A buffer overflow vulnerability exists in Oracle MySQL Cluster, which stems from a failure to validate the correct length of user-supplied data before copying it to a...

6.3CVSS6.3AI score0.50034EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/20 12:0 a.m.•33 views

Oracle Java SE and Oracle GraalVM Enterprise Edition Information Disclosure Vulnerability (CNVD-2021-81812)

Java SE stands for Java Platform Standard Edition and is used to develop and deploy Java applications for desktops, servers, and embedded devices and real-time environments.Oracle GraalVM Enterprise Edition is an Oracle-based multilingual virtual machine for enterprise Java SE. An information...

7.1CVSS6.1AI score0.06868EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/08 12:0 a.m.•33 views

Cobbler authorization issue vulnerability

Cobbler is a Linux installation server that allows for quick setup of network installation environments.Cobbler is vulnerable to authorization issues in versions prior to 3.3.0.The vulnerability stems from a lack of authentication measures or insufficient authentication strength in the network...

7.5CVSS4.4AI score0.01307EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/08 12:0 a.m.•33 views

Adobe Framemaker Buffer Overflow Vulnerability (CNVD-2021-102813)

Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. Adobe Framemaker suffers from a buffer overflow vulnerability that originates when a networked system or product...

4.3CVSS5.7AI score0.0211EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/10 12:0 a.m.•33 views

Authentication bypass vulnerability in some Dahua products

Zhejiang Dahua Technology Co., Ltd. is a leading supplier and solution provider of surveillance products. Some Dahua products have an authentication bypass vulnerability, which can be exploited by attackers to bypass device authentication by constructing malicious data packets...

10CVSS5.4AI score0.99871EPSS
Exploits12References1
CNVD
CNVD
•added 2021/09/07 12:0 a.m.•33 views

Tuxera NTFS-3G Buffer Overflow Vulnerability (CNVD-2021-72266)

Tuxera NTFS-3G is Finland's Tuxera company's set of open source , cross-platform for supporting NTFS partition read and write drivers . A security vulnerability exists in NTFS-3G that originates from an application's improper validation of certain NTFS metadata, which can be exploited by an...

7.8CVSS7.8AI score0.00489EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/07 12:0 a.m.•33 views

Tuxera NTFS-3G Buffer Overflow Vulnerability (CNVD-2021-72275)

Tuxera NTFS-3G is Finland's Tuxera company's set of open source , cross-platform for supporting NTFS partition read and write drivers . NTFS-3G suffers from a buffer overflow vulnerability that can be exploited by attackers to potentially trigger out-of-bounds access via a crafted NTFS image...

7.8CVSS7.8AI score0.00418EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/07 12:0 a.m.•33 views

Tuxera NTFS-3G Buffer Overflow Vulnerability (CNVD-2021-72271)

Tuxera NTFS-3G is Finland's Tuxera company's set of open source , cross-platform for supporting NTFS partition read and write drivers . NTFS-3G suffers from a buffer overflow vulnerability that can be exploited by an attacker to cause a possible heap buffer overflow, which could result in a memor...

7.8CVSS7.8AI score0.00415EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/03 12:0 a.m.•33 views

libsolv buffer overflow vulnerability (CNVD-2021-69607)

libsolv is a library for checking package dependencies. libsolv versions prior to 0.7.17 are vulnerable to buffer overflow, which can be exploited by attackers to conduct denial-of-service attacks...

7.5CVSS6.1AI score0.01462EPSS
Exploits1References1
CNVD
CNVD
•added 2021/09/03 12:0 a.m.•33 views

Tuxera NTFS-3G Buffer Overflow Vulnerability (CNVD-2021-72277)

Tuxera NTFS-3G is Finland's Tuxera company's set of open source , cross-platform for supporting NTFS partition read and write drivers . A buffer overflow vulnerability exists in NTFS-3G in versions prior to 2021.8.22. The vulnerability is caused by an application incorrectly validating certain NT...

7.8CVSS7.8AI score0.00503EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/23 12:0 a.m.•33 views

XStream SSRF Vulnerability (CNVD-2021-67819)

XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and previous versions have a server-side request forgery vulnerability, which can be used by remote attackers to submit special requests that can obtain...

8.5CVSS4.3AI score0.11468EPSS
Exploits2References1
CNVD
CNVD
•added 2021/08/13 12:0 a.m.•33 views

Google TensorFlow Arbitrary Code Execution Vulnerability

Google TensorFlow is an end-to-end open source machine learning platform. An arbitrary code execution vulnerability exists in Google TensorFlow versions prior to 2.6.0. The vulnerability stems from YAML deserialization. An attacker can exploit this vulnerability to execute arbitrary code...

9.3CVSS8.8AI score0.00451EPSS
Exploits1References1
CNVD
CNVD
•added 2021/07/23 12:0 a.m.•33 views

Modesty Pdf2json code issue vulnerability

Modesty Pdf2json is a Java-based code library from Modesty's personal developer that allows PDF files to interact with Json files. PDF2JSON version 0.70 has a security vulnerability that stems from an issue found in the function DCTStream::getChar, which could be used by an attacker to cause a...

5.5CVSS4.9AI score0.00634EPSS
Exploits1References1
CNVD
CNVD
•added 2021/07/21 12:0 a.m.•33 views

Google Chrome Protocol Handling Code Execution Vulnerability

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in the protocol handling in versions of Google Chrome prior to 92.0.4515.107. A remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service condition...

8.8CVSS6.4AI score0.01602EPSS
Exploits1References1
CNVD
CNVD
•added 2021/07/21 12:0 a.m.•33 views

Oracle MySQL Server Denial of Service Vulnerability (CNVD-2021-54390)

Oracle MySQL is an open source relational database management system from Oracle Corporation. A denial of service vulnerability exists in the Server: Optimizer component of Oracle MySQL Server 5.7.34, 8.0.25 and earlier versions. An attacker can exploit this vulnerability to cause MySQL Server to...

4.9CVSS2.6AI score0.02588EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/20 12:0 a.m.•33 views

Arm Mbed TLS Buffer Over Read Vulnerability

ARM mbed TLS is a product from ARM UK that provides secure communication and encryption for mbed products. a security vulnerability exists in versions prior to Arm Mbed TLS 2.24.0, which stems from the program having a buffer that reads data excessively. No details of the vulnerability are...

5CVSS3.1AI score0.01687EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2021/07/19 12:0 a.m.•33 views

Microsoft Windows/Windows Server Remote Code Execution Vulnerability (CNVD-2021-62471)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA.Microsoft Windows is a set of operating systems for personal devices.Microsoft Windows Server is a set of server operating systems. A remote code execution vulnerability exists in Font Driver Host in...

7.8CVSS4.7AI score0.02027EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/16 12:0 a.m.•33 views

Microsoft HEVC Video Extensions Remote Code Execution Vulnerability (CNVD-2021-70130)

Microsoft HEVC Video Extensions is a video extension application from Microsoft Corporation USA. The application enables computers and devices to read High Efficiency Video Encoding or HEVC video.A remote code execution vulnerability exists in Microsoft HEVC Video Extensions. An attacker could...

7.8CVSS4.2AI score0.02177EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/16 12:0 a.m.•33 views

Linux kernel MAX_RW_COUNT buffer overflow vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A buffer overflow vulnerability exists in Linux kernel MAXRWCOUNT. An attacker can trigger a buffer overflow via MAXRWCOUNT in the Linux kernel to trigger a denial of service a...

8.8CVSS8.2AI score0.00629EPSS
Exploits0References1
Total number of security vulnerabilities5000