131102 matches found
Adobe Safari cross-site scripting vulnerability
Adobe Safari is a popular WEB browser from Apple Inc. A cross-site scripting vulnerability exists in Adobe Safari, which can be exploited by remote attackers to submit special WEB requests that trick users into parsing and executing arbitrary code in the context of the application...
Nextcloud file traversal vulnerability
Nextcloud is an open source set of self-hosted file synchronization and sharing communication applications platform from Germany-based Nextcloud. nextcloud has a file traversal vulnerability in versions prior to 20.0.13, 21.0.5, and 22.2.0, which stems from a lack of authentication, access contro...
Adobe Character Animator 2021 Out-of-Bounds Read Vulnerability (CNVD-2022-67828)
Adobe Character Animator is a motion capture and animation tool from the American company Audobee Adobe. An out-of-bounds read vulnerability exists in Adobe Character Animator 2021 4.4 and earlier versions, which can be exploited by an attacker to bypass mitigations such as ASLR and cause a...
Google Chrome WebApp Installer improperly implemented vulnerability
Chrome is a web browsing tool developed by Google. versions prior to Google Chrome 95.0.4638.54 are vulnerable to an improper implementation of WebApp Installer. An attacker could potentially override and spoof the content of the multi-function box URL bar via a crafted HTML page...
Microsoft SharePoint Server Remote Code Execution Vulnerability (CNVD-2021-82957)
Microsoft Office and Microsoft SharePoint are both products of Microsoft Corporation USA. Microsoft SharePoint is an enterprise business collaboration platform. Microsoft SharePoint Server has a remote code execution vulnerability, which can be exploited by attackers to achieve remote code...
Google Chrome Post-release Reuse Vulnerability (CNVD-2021-84819)
Chrome is a web browsing tool developed by Google. A post-release reuse vulnerability exists in Garbage Collection in versions of Google Chrome prior to 94.0.4606.81. An attacker could exploit this vulnerability to potentially exploit heap corruption via a crafted HTML page...
IBM Sterling File Gateway Information Disclosure Vulnerability (CNVD-2021-78437)
IBM Sterling File Gateway is an application for transferring files between internal and external partners, allowing you to more securely and reliably transfer files with trading partners.An information disclosure vulnerability exists in IBM Sterling File Gateway version 6.0.1.0-6.1.0.2. An attack...
ECOA BAS controller information disclosure vulnerability (CNVD-2021-83643)
ECOA BAS controller is a smart lighting control solution. ECOA BAS controller is vulnerable to information disclosure, which can be exploited by remote attackers to obtain user credential information...
Google Chrome Post-release Reuse Vulnerability (CNVD-2021-92836)
Chrome is a simple and efficient web browsing tool developed by Google. a post-release reuse vulnerability exists in the Selection API in versions prior to Google Chrome 93.0.4577.82. A remote attacker exploits heap corruption via a crafted HTML page...
libtiff buffer overflow vulnerability (CNVD-2021-93892)
Libtiff is a library for reading and writing tagged image file format abbreviated as TIFF files. a buffer overflow vulnerability exists in LibTiff version 4.0.10. An attacker can exploit this vulnerability to cause a denial of service via the in TIFFmemcpy function in tifunix.c...
Mozilla Firefox Privilege Permission and Access Control Issue Vulnerability (CNVD-2021-90098)
Mozilla Firefox is an open source Web browser from the Mozilla Foundation, U.S. A permission permission and access control issue vulnerability exists in Mozilla Firefox for Android, which stems from Firefox allowing navigation via the intent:// protocol. A remote attacker could exploit the...
Six Apart Movable Type Cross-Site Scripting Vulnerability (CNVD-2022-22650)
Six Apart Movable Type MT is a blogging system from Six Apart, Inc. A cross-site scripting vulnerability exists in Six Apart Movable Type due to a lack of validation and escaping of user-supplied data in the "Create Entry, Page and Content Type" interface, which could be exploited by remote...
F5 BIG IP Advanced WAF and ASM Denial of Service Vulnerability
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. The F5 BIG IP Advanced WAF and ASM denial of service vulnerability causes a specific html return page can cause the bd proces...
LedgerSMB Cross-Site Scripting Vulnerability (CNVD-2021-101203)
LedgerSMB is a free web-based double-entry bookkeeping system with quoting, ordering, invoicing, projects, time cards, inventory management, shipping, etc. A cross-site scripting vulnerability exists in LedgerSMB, which stems from the application's failure to check the origin of HTML fragments...
XStream Arbitrary Code Execution Vulnerability (CNVD-2021-67818)
XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...
Multiple D-Link products null pointer dereference vulnerability (CNVD-2021-94841)
The D-Link DAP-2310 is a single-band wireless network access point for small businesses or schools that need a fast and reliable wireless network. the D-Link DAP-2330 is a wireless N300 single-band PoE access point. Multiple D-Link products are vulnerable to a null pointer dereference...
Linux kernel denial-of-service vulnerability (CNVD-2021-60519)
Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable due to a use-after-release and crash flaw in drivers/usb/host/max3421 hcd.c. In some cases, by removing the MAX-3421 USB device, an attacker can exploit the vulnerability to...
Foxit PDF Reader Resource Management Error Vulnerability
Foxit PDF Reader is a PDF reader from Foxit China. Foxit PDF Reader is vulnerable to resource management errors, which can be exploited by remote attackers to execute arbitrary code on the target system...
Google Golang Trust Management Issue Vulnerability
Google Golang is a statically strongly typed, compiled language from Google, U.S. A trust management issue vulnerability exists in Google Golang, which can be exploited by attackers to cause a TLS client panic...
Adobe Acrobat/Reader Out-of-Bounds Reading Vulnerability (CNVD-2021-70143)
Adobe Acrobat is a PDF editing software developed by Adobe. Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat/Reader has an out-of-bounds read vulnerability. An attacker can use the vulnerability to achieve arbitrary read/write system information in...
Ruby Information Disclosure Vulnerability (CNVD-2021-59129)
Ruby is a cross-platform, object-oriented, dynamically typed programming language developed by Yukihiro Matsumoto, a personal developer, and is vulnerable to information disclosure that could be exploited by attackers to extract information about other private and undisclosed services...
Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66108)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows/Windows Server, which could be exploite...
Microsoft Windows and Windows Server Elevation of Privilege Vulnerability (CNVD-2021-61776)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. Microsoft Windows and Windows Server have an elevation of privilege vulnerability that can be exploited by...
Microsoft Windows/Windows Server Remote Code Execution Vulnerability (CNVD-2021-65600)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. A remote code execution vulnerability exists in Microsoft Windows/Windows Server. The vulnerability stems...
Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-90798)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows/Windows Server, which stems from a...
Red Hat OpenShift Container Platform Log Information Disclosure Vulnerability
Red Hat OpenShift Container Platform is a suite of application platforms from Red Hat that enable organizations to develop, deploy and manage existing container-based applications across physical, virtual and public cloud infrastructures. A log information disclosure vulnerability exists in Red H...
Discourse input validation error vulnerability
Discourse is an open source community discussion platform. The platform includes community, email, and chat room features.Discourse is vulnerable to an input validation error that stems from a lack of authentication measures or insufficient authentication strength in the web system or product. No...
Red Hat Ceph Denial of Service Vulnerability (CNVD-2019-02480)
Red Hat Ceph is a Linux petabyte-level distributed file system from Red Hat. The main goal of the system is to be designed as a distributed file system based on POSIX Portable Operating System Interface without a single point of failure, so that data can be fault-tolerant and seamless replication...
Apache HTTP Server Denial of Service Vulnerability (CNVD-2018-20078)
Apache HTTP Server is the United States Apache Apache Software Foundation, an open source web server. The server is fast, reliable and can be expanded through a simple API. A denial of service vulnerability exists in Apache HTTP Server versions 2.4.17 through 2.4.34, which can be exploited to cau...
Apache JMeter Remote Command Execution Vulnerability
Apache Jmeter is an open source Java application designed to test functional behavior and measure performance for load ... Apache JMeter suffers from a remote command execution vulnerability in distributed mode using an insecure RMI connection, which can be exploited by an attacker to execute...
POCO 'ZipCommon::isValidPath()' function absolute path traversal vulnerability
POCO C++ Libraries is a set of C++ class libraries developed by Austrian software developer Gunter Obiltschnig, which are used to develop portable web-based applications with threading, file and streaming capabilities. A security vulnerability in the 'ZipCommon::isValidPath' function in the...
Swagger Parser and Swagger codegen arbitrary code execution vulnerability
Swagger Parser is a Swagger cross-language REST API interface parser. swagger codegen is an API development tool. An arbitrary code execution vulnerability exists in the yaml parsing feature in Swagger Parser 1.0.30 and earlier and Swagger codegen 2.2.2 and earlier. An attacker can exploit this...
private_address_check ruby gem security restriction bypass vulnerability
privateaddresscheck ruby gem is a Ruby-based checking tool for server-side request forgery attacks. A security restriction bypass vulnerability exists in the privateaddresscheck ruby gem prior to version 0.4.0, which stems from the program's use of Ruby's Resolv.getaddresses method. An attacker...
Microsoft Edge Information Disclosure Vulnerability (CNVD-2017-23795)
Microsoft Windows 10 and Windows Server 2016 are both products of Microsoft Corporation USA. The former is an operating system for personal computers and the latter is a server operating system.Edge is one of the web browsers that comes with the system. Edge in Microsoft Windows suffers from an...
Wireshark SoulSeek Parser Denial of Service Vulnerability
Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A denial-of-service vulnerability exists in the Wireshark SoulSeek parser, which allows ...
Red Hat Resteasy Remote Code Execution Vulnerability (CNVD-2017-09797)
Red Hat RESTEasy is the United States Red Hat Red Hat, Inc. of a JBoss open source project , which provides a variety of frameworks for building RESTful Web Services and RESTful Java applications . A remote code execution vulnerability exists in Red Hat Resteasy versions 3.0-beta-1 through...
Red Hat Jboss Arbitrary Code Execution Vulnerability
Red Hat JBoss Application Server AS, also known as WildFly is the United States of America Red Hat Red Hat a JavaEE-based open source application server , it has a startup ultra-fast , lightweight , modular design , hot and parallel deployment , concise management , domain management and the firs...
Microsoft Edge Remote Memory Corruption Vulnerability (CNVD-2017-06595)
Microsoft Edge is the web browser built into the Windows 10 version. A remote memory corruption vulnerability exists in the Chakra JavaScript engine rendering when Microsoft Edge handles in-memory objects, where an attacker could execute arbitrary code in the current user context...
DiskSavvy Enterprise Buffer Overflow Vulnerability
Flexense DiskSavvy is a disk space analyzer from Flexense USA. A buffer overflow vulnerability exists in the build-in web server of Flexense DiskSavvy Enterprise. A remote attacker could exploit the vulnerability to send a specially crafted URI request to conduct a denial of service or arbitrary...
Oracle VM VirtualBox Local Vulnerability (CNVD-2017-00973)
Oracle VM VirtualBox is an open source virtual machine software from Oracle USA. A local security vulnerability exists in Oracle VM VirtualBox versions prior to 5.0.32 and prior to 5.1.14. An attacker could exploit this vulnerability to affect the integrity and availability of data...
Game Music Emulators Memory Corruption Vulnerability (CNVD-2017-00403)
Game Music Emulators. A memory corruption vulnerability exists in Game Music Emulators. A remote attacker could exploit this vulnerability to execute arbitrary code or trigger a denial of service...
Mozilla Firefox URL Redirection Vulnerability
Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A remote URL redirection vulnerability exists in Mozilla Firefox. An attacker can exploit this vulnerability by constructing a malicious URL to trick users into clicking on a link and being...
LibTIFF 'tif_dirread.c' Denial of Service Vulnerability
Silicon Graphics LibTIFF is a library for reading and writing TIFF Tagged Image File Format files from Silicon Graphics, USA. The library contains a number of command-line tools for processing TIFF files. A denial of service vulnerability exists in LibTIFF 'tifdirread.c', which can be exploited b...
Phoenix Contact ILC Authentication Bypass Vulnerability
Phoenix Contact ProConOs and MultiProg are programmable logic controllers PLCs for use in industrial PCs from the Phoenix Contact group. An authentication bypass vulnerability exists in Phoenix Contact ILC PLCs, which can be exploited by an unauthenticated attacker to gain access to the web serve...
Wireshark Catapult DCT2000 Parser Denial of Service Vulnerability
Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A denial of service vulnerability exists in the epan/dissectors/packet-catapult-dct2000....
Red Hat RESTEasy Denial of Service Vulnerability
RESTEasy is one of the JBoss open source project , is a RESTful Web Services framework. A denial of service vulnerability exists in Red Hat RESTEasy. An attacker could exploit this vulnerability to cause a denial of service...
Adobe ColdFusion Information Disclosure Vulnerability (CNVD-2016-07016)
Adobe ColdFusion is the United States of America Audobee Adobe a dynamic Web server products, which runs the CFML ColdFusion Markup Language is a programming language for Web applications. An information disclosure vulnerability exists in Adobe ColdFusion 11 Update 9 and earlier and ColdFusion 10...
Microsoft Kerberos Elevation of Privilege Vulnerability
Microsoft Windows is the popular computer operating system. Windows Kerberos re-adopts the NTLM Authentication Protocol as the default protocol if a password change request is not handled correctly during a domain account password change, an elevation of privilege vulnerability exists that can be...
Pidgin MXIT Protocol Memory Corruption Vulnerability
Pidgin is a cross-platform real-time communication client that supports several commonly used real-time communication protocols and allows users to log into different real-time communication services with the same software. A memory corruption vulnerability exists in the MXIT protocol processing ...
Claws-Mail 'src/codeconv.c' Stack Buffer Overflow Vulnerability
Claws-Mail is a mail client product based on GTK+ development. Claws-Mail suffers from a stack buffer overflow vulnerability that can be exploited by attackers to conduct denial of service attacks or execute arbitrary code...