Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2021/11/01 12:0 a.m.•35 views

Adobe Safari cross-site scripting vulnerability

Adobe Safari is a popular WEB browser from Apple Inc. A cross-site scripting vulnerability exists in Adobe Safari, which can be exploited by remote attackers to submit special WEB requests that trick users into parsing and executing arbitrary code in the context of the application...

6.1CVSS6.1AI score0.01309EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/28 12:0 a.m.•35 views

Nextcloud file traversal vulnerability

Nextcloud is an open source set of self-hosted file synchronization and sharing communication applications platform from Germany-based Nextcloud. nextcloud has a file traversal vulnerability in versions prior to 20.0.13, 21.0.5, and 22.2.0, which stems from a lack of authentication, access contro...

8.8CVSS2.5AI score0.01727EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/27 12:0 a.m.•35 views

Adobe Character Animator 2021 Out-of-Bounds Read Vulnerability (CNVD-2022-67828)

Adobe Character Animator is a motion capture and animation tool from the American company Audobee Adobe. An out-of-bounds read vulnerability exists in Adobe Character Animator 2021 4.4 and earlier versions, which can be exploited by an attacker to bypass mitigations such as ASLR and cause a...

4.3CVSS5.1AI score0.01124EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/21 12:0 a.m.•35 views

Google Chrome WebApp Installer improperly implemented vulnerability

Chrome is a web browsing tool developed by Google. versions prior to Google Chrome 95.0.4638.54 are vulnerable to an improper implementation of WebApp Installer. An attacker could potentially override and spoof the content of the multi-function box URL bar via a crafted HTML page...

6.5CVSS3.5AI score0.00784EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/13 12:0 a.m.•35 views

Microsoft SharePoint Server Remote Code Execution Vulnerability (CNVD-2021-82957)

Microsoft Office and Microsoft SharePoint are both products of Microsoft Corporation USA. Microsoft SharePoint is an enterprise business collaboration platform. Microsoft SharePoint Server has a remote code execution vulnerability, which can be exploited by attackers to achieve remote code...

6.5CVSS3.7AI score0.06131EPSS
Exploits0
CNVD
CNVD
•added 2021/10/09 12:0 a.m.•35 views

Google Chrome Post-release Reuse Vulnerability (CNVD-2021-84819)

Chrome is a web browsing tool developed by Google. A post-release reuse vulnerability exists in Garbage Collection in versions of Google Chrome prior to 94.0.4606.81. An attacker could exploit this vulnerability to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS3.9AI score0.00861EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/09 12:0 a.m.•35 views

IBM Sterling File Gateway Information Disclosure Vulnerability (CNVD-2021-78437)

IBM Sterling File Gateway is an application for transferring files between internal and external partners, allowing you to more securely and reliably transfer files with trading partners.An information disclosure vulnerability exists in IBM Sterling File Gateway version 6.0.1.0-6.1.0.2. An attack...

4.3CVSS3.2AI score0.00951EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/08 12:0 a.m.•35 views

ECOA BAS controller information disclosure vulnerability (CNVD-2021-83643)

ECOA BAS controller is a smart lighting control solution. ECOA BAS controller is vulnerable to information disclosure, which can be exploited by remote attackers to obtain user credential information...

5CVSS3.6AI score0.00949EPSS
Exploits1
CNVD
CNVD
•added 2021/09/14 12:0 a.m.•35 views

Google Chrome Post-release Reuse Vulnerability (CNVD-2021-92836)

Chrome is a simple and efficient web browsing tool developed by Google. a post-release reuse vulnerability exists in the Selection API in versions prior to Google Chrome 93.0.4577.82. A remote attacker exploits heap corruption via a crafted HTML page...

8.8CVSS4.3AI score0.10127EPSS
Exploits1References1
CNVD
CNVD
•added 2021/09/10 12:0 a.m.•35 views

libtiff buffer overflow vulnerability (CNVD-2021-93892)

Libtiff is a library for reading and writing tagged image file format abbreviated as TIFF files. a buffer overflow vulnerability exists in LibTiff version 4.0.10. An attacker can exploit this vulnerability to cause a denial of service via the in TIFFmemcpy function in tifunix.c...

6.5CVSS5.5AI score0.01594EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/09 12:0 a.m.•35 views

Mozilla Firefox Privilege Permission and Access Control Issue Vulnerability (CNVD-2021-90098)

Mozilla Firefox is an open source Web browser from the Mozilla Foundation, U.S. A permission permission and access control issue vulnerability exists in Mozilla Firefox for Android, which stems from Firefox allowing navigation via the intent:// protocol. A remote attacker could exploit the...

8.1CVSS4.5AI score0.00703EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/27 12:0 a.m.•35 views

Six Apart Movable Type Cross-Site Scripting Vulnerability (CNVD-2022-22650)

Six Apart Movable Type MT is a blogging system from Six Apart, Inc. A cross-site scripting vulnerability exists in Six Apart Movable Type due to a lack of validation and escaping of user-supplied data in the "Create Entry, Page and Content Type" interface, which could be exploited by remote...

6.1CVSS1.9AI score0.009EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/26 12:0 a.m.•35 views

F5 BIG IP Advanced WAF and ASM Denial of Service Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. The F5 BIG IP Advanced WAF and ASM denial of service vulnerability causes a specific html return page can cause the bd proces...

7.5CVSS2AI score0.00468EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/25 12:0 a.m.•35 views

LedgerSMB Cross-Site Scripting Vulnerability (CNVD-2021-101203)

LedgerSMB is a free web-based double-entry bookkeeping system with quoting, ordering, invoicing, projects, time cards, inventory management, shipping, etc. A cross-site scripting vulnerability exists in LedgerSMB, which stems from the application's failure to check the origin of HTML fragments...

9.6CVSS1.4AI score0.03014EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/23 12:0 a.m.•35 views

XStream Arbitrary Code Execution Vulnerability (CNVD-2021-67818)

XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...

8.5CVSS6.4AI score0.04457EPSS
Exploits1References1
CNVD
CNVD
•added 2021/08/13 12:0 a.m.•35 views

Multiple D-Link products null pointer dereference vulnerability (CNVD-2021-94841)

The D-Link DAP-2310 is a single-band wireless network access point for small businesses or schools that need a fast and reliable wireless network. the D-Link DAP-2330 is a wireless N300 single-band PoE access point. Multiple D-Link products are vulnerable to a null pointer dereference...

7.5CVSS0.7AI score0.01338EPSS
Exploits1References1
CNVD
CNVD
•added 2021/08/10 12:0 a.m.•35 views

Linux kernel denial-of-service vulnerability (CNVD-2021-60519)

Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable due to a use-after-release and crash flaw in drivers/usb/host/max3421 hcd.c. In some cases, by removing the MAX-3421 USB device, an attacker can exploit the vulnerability to...

6.8CVSS2.5AI score0.00333EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/29 12:0 a.m.•35 views

Foxit PDF Reader Resource Management Error Vulnerability

Foxit PDF Reader is a PDF reader from Foxit China. Foxit PDF Reader is vulnerable to resource management errors, which can be exploited by remote attackers to execute arbitrary code on the target system...

6.8CVSS5.7AI score0.019EPSS
Exploits1Affected Software1
CNVD
CNVD
•added 2021/07/19 12:0 a.m.•35 views

Google Golang Trust Management Issue Vulnerability

Google Golang is a statically strongly typed, compiled language from Google, U.S. A trust management issue vulnerability exists in Google Golang, which can be exploited by attackers to cause a TLS client panic...

6.5CVSS3.8AI score0.06975EPSS
Exploits1References1
CNVD
CNVD
•added 2021/07/14 12:0 a.m.•35 views

Adobe Acrobat/Reader Out-of-Bounds Reading Vulnerability (CNVD-2021-70143)

Adobe Acrobat is a PDF editing software developed by Adobe. Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat/Reader has an out-of-bounds read vulnerability. An attacker can use the vulnerability to achieve arbitrary read/write system information in...

8.8CVSS3.5AI score0.02763EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/12 12:0 a.m.•35 views

Ruby Information Disclosure Vulnerability (CNVD-2021-59129)

Ruby is a cross-platform, object-oriented, dynamically typed programming language developed by Yukihiro Matsumoto, a personal developer, and is vulnerable to information disclosure that could be exploited by attackers to extract information about other private and undisclosed services...

5.8CVSS3AI score0.0305EPSS
Exploits1References1
CNVD
CNVD
•added 2020/11/13 12:0 a.m.•35 views

Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66108)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows/Windows Server, which could be exploite...

7.8CVSS4.2AI score0.01399EPSS
Exploits0References1
CNVD
CNVD
•added 2020/10/16 12:0 a.m.•35 views

Microsoft Windows and Windows Server Elevation of Privilege Vulnerability (CNVD-2021-61776)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. Microsoft Windows and Windows Server have an elevation of privilege vulnerability that can be exploited by...

7.8CVSS5.1AI score0.00859EPSS
Exploits0References1
CNVD
CNVD
•added 2020/09/10 12:0 a.m.•35 views

Microsoft Windows/Windows Server Remote Code Execution Vulnerability (CNVD-2021-65600)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. A remote code execution vulnerability exists in Microsoft Windows/Windows Server. The vulnerability stems...

9.3CVSS3.3AI score0.04905EPSS
Exploits0References1
CNVD
CNVD
•added 2020/09/10 12:0 a.m.•35 views

Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-90798)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows/Windows Server, which stems from a...

7.8CVSS3.3AI score0.00777EPSS
Exploits0References1
CNVD
CNVD
•added 2020/04/22 12:0 a.m.•35 views

Red Hat OpenShift Container Platform Log Information Disclosure Vulnerability

Red Hat OpenShift Container Platform is a suite of application platforms from Red Hat that enable organizations to develop, deploy and manage existing container-based applications across physical, virtual and public cloud infrastructures. A log information disclosure vulnerability exists in Red H...

8.2CVSS6.1AI score0.0097EPSS
Exploits0References1
CNVD
CNVD
•added 2019/08/05 12:0 a.m.•35 views

Discourse input validation error vulnerability

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features.Discourse is vulnerable to an input validation error that stems from a lack of authentication measures or insufficient authentication strength in the web system or product. No...

7.5CVSS2.7AI score0.01044EPSS
Exploits0References1
CNVD
CNVD
•added 2019/01/18 12:0 a.m.•35 views

Red Hat Ceph Denial of Service Vulnerability (CNVD-2019-02480)

Red Hat Ceph is a Linux petabyte-level distributed file system from Red Hat. The main goal of the system is to be designed as a distributed file system based on POSIX Portable Operating System Interface without a single point of failure, so that data can be fault-tolerant and seamless replication...

6.5CVSS6.6AI score0.02136EPSS
Exploits0References1
CNVD
CNVD
•added 2018/09/27 12:0 a.m.•35 views

Apache HTTP Server Denial of Service Vulnerability (CNVD-2018-20078)

Apache HTTP Server is the United States Apache Apache Software Foundation, an open source web server. The server is fast, reliable and can be expanded through a simple API. A denial of service vulnerability exists in Apache HTTP Server versions 2.4.17 through 2.4.34, which can be exploited to cau...

5.9CVSS6AI score0.51002EPSS
Exploits0References1
CNVD
CNVD
•added 2018/02/24 12:0 a.m.•35 views

Apache JMeter Remote Command Execution Vulnerability

Apache Jmeter is an open source Java application designed to test functional behavior and measure performance for load ... Apache JMeter suffers from a remote command execution vulnerability in distributed mode using an insecure RMI connection, which can be exploited by an attacker to execute...

9.8CVSS7.8AI score0.10096EPSS
Exploits0References1
CNVD
CNVD
•added 2018/01/04 12:0 a.m.•35 views

POCO 'ZipCommon::isValidPath()' function absolute path traversal vulnerability

POCO C++ Libraries is a set of C++ class libraries developed by Austrian software developer Gunter Obiltschnig, which are used to develop portable web-based applications with threading, file and streaming capabilities. A security vulnerability in the 'ZipCommon::isValidPath' function in the...

6.5CVSS8.7AI score0.01681EPSS
Exploits1References1
CNVD
CNVD
•added 2017/11/29 12:0 a.m.•35 views

Swagger Parser and Swagger codegen arbitrary code execution vulnerability

Swagger Parser is a Swagger cross-language REST API interface parser. swagger codegen is an API development tool. An arbitrary code execution vulnerability exists in the yaml parsing feature in Swagger Parser 1.0.30 and earlier and Swagger codegen 2.2.2 and earlier. An attacker can exploit this...

8.8CVSS8.2AI score0.01623EPSS
Exploits0References1
CNVD
CNVD
•added 2017/11/17 12:0 a.m.•35 views

private_address_check ruby gem security restriction bypass vulnerability

privateaddresscheck ruby gem is a Ruby-based checking tool for server-side request forgery attacks. A security restriction bypass vulnerability exists in the privateaddresscheck ruby gem prior to version 0.4.0, which stems from the program's use of Ruby's Resolv.getaddresses method. An attacker...

8.1CVSS6.8AI score0.02415EPSS
Exploits0References1
CNVD
CNVD
•added 2017/08/09 12:0 a.m.•35 views

Microsoft Edge Information Disclosure Vulnerability (CNVD-2017-23795)

Microsoft Windows 10 and Windows Server 2016 are both products of Microsoft Corporation USA. The former is an operating system for personal computers and the latter is a server operating system.Edge is one of the web browsers that comes with the system. Edge in Microsoft Windows suffers from an...

4.3CVSS5.9AI score0.15118EPSS
Exploits3References1
CNVD
CNVD
•added 2017/06/06 12:0 a.m.•35 views

Wireshark SoulSeek Parser Denial of Service Vulnerability

Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A denial-of-service vulnerability exists in the Wireshark SoulSeek parser, which allows ...

7.8CVSS8.8AI score0.03436EPSS
Exploits0References1
CNVD
CNVD
•added 2017/05/27 12:0 a.m.•35 views

Red Hat Resteasy Remote Code Execution Vulnerability (CNVD-2017-09797)

Red Hat RESTEasy is the United States Red Hat Red Hat, Inc. of a JBoss open source project , which provides a variety of frameworks for building RESTful Web Services and RESTful Java applications . A remote code execution vulnerability exists in Red Hat Resteasy versions 3.0-beta-1 through...

8.1CVSS8.4AI score0.06179EPSS
Exploits0References1
CNVD
CNVD
•added 2017/05/23 12:0 a.m.•35 views

Red Hat Jboss Arbitrary Code Execution Vulnerability

Red Hat JBoss Application Server AS, also known as WildFly is the United States of America Red Hat Red Hat a JavaEE-based open source application server , it has a startup ultra-fast , lightweight , modular design , hot and parallel deployment , concise management , domain management and the firs...

9.8CVSS8.2AI score0.29323EPSS
Exploits5References1
CNVD
CNVD
•added 2017/05/11 12:0 a.m.•35 views

Microsoft Edge Remote Memory Corruption Vulnerability (CNVD-2017-06595)

Microsoft Edge is the web browser built into the Windows 10 version. A remote memory corruption vulnerability exists in the Chakra JavaScript engine rendering when Microsoft Edge handles in-memory objects, where an attacker could execute arbitrary code in the current user context...

7.6CVSS7.6AI score0.31582EPSS
Exploits1References1
CNVD
CNVD
•added 2017/02/23 12:0 a.m.•35 views

DiskSavvy Enterprise Buffer Overflow Vulnerability

Flexense DiskSavvy is a disk space analyzer from Flexense USA. A buffer overflow vulnerability exists in the build-in web server of Flexense DiskSavvy Enterprise. A remote attacker could exploit the vulnerability to send a specially crafted URI request to conduct a denial of service or arbitrary...

9.8CVSS8.2AI score0.33052EPSS
Exploits7References1
CNVD
CNVD
•added 2017/01/20 12:0 a.m.•35 views

Oracle VM VirtualBox Local Vulnerability (CNVD-2017-00973)

Oracle VM VirtualBox is an open source virtual machine software from Oracle USA. A local security vulnerability exists in Oracle VM VirtualBox versions prior to 5.0.32 and prior to 5.1.14. An attacker could exploit this vulnerability to affect the integrity and availability of data...

8.4CVSS6.3AI score0.00384EPSS
Exploits0References1
CNVD
CNVD
•added 2017/01/10 12:0 a.m.•35 views

Game Music Emulators Memory Corruption Vulnerability (CNVD-2017-00403)

Game Music Emulators. A memory corruption vulnerability exists in Game Music Emulators. A remote attacker could exploit this vulnerability to execute arbitrary code or trigger a denial of service...

7.8CVSS8.1AI score0.0233EPSS
Exploits1References1
CNVD
CNVD
•added 2016/12/02 12:0 a.m.•35 views

Mozilla Firefox URL Redirection Vulnerability

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A remote URL redirection vulnerability exists in Mozilla Firefox. An attacker can exploit this vulnerability by constructing a malicious URL to trick users into clicking on a link and being...

8.8CVSS8.6AI score0.01884EPSS
Exploits2References1
CNVD
CNVD
•added 2016/11/23 12:0 a.m.•35 views

LibTIFF 'tif_dirread.c' Denial of Service Vulnerability

Silicon Graphics LibTIFF is a library for reading and writing TIFF Tagged Image File Format files from Silicon Graphics, USA. The library contains a number of command-line tools for processing TIFF files. A denial of service vulnerability exists in LibTIFF 'tifdirread.c', which can be exploited b...

7.5CVSS6.8AI score0.04975EPSS
Exploits0References1
CNVD
CNVD
•added 2016/11/10 12:0 a.m.•35 views

Phoenix Contact ILC Authentication Bypass Vulnerability

Phoenix Contact ProConOs and MultiProg are programmable logic controllers PLCs for use in industrial PCs from the Phoenix Contact group. An authentication bypass vulnerability exists in Phoenix Contact ILC PLCs, which can be exploited by an unauthenticated attacker to gain access to the web serve...

7.5CVSS7.5AI score0.11199EPSS
Exploits4References1
CNVD
CNVD
•added 2016/09/14 12:0 a.m.•35 views

Wireshark Catapult DCT2000 Parser Denial of Service Vulnerability

Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A denial of service vulnerability exists in the epan/dissectors/packet-catapult-dct2000....

5.9CVSS7.7AI score0.02359EPSS
Exploits0References1
CNVD
CNVD
•added 2016/09/06 12:0 a.m.•35 views

Red Hat RESTEasy Denial of Service Vulnerability

RESTEasy is one of the JBoss open source project , is a RESTful Web Services framework. A denial of service vulnerability exists in Red Hat RESTEasy. An attacker could exploit this vulnerability to cause a denial of service...

7.5CVSS7.4AI score0.04913EPSS
Exploits0References1
CNVD
CNVD
•added 2016/09/01 12:0 a.m.•35 views

Adobe ColdFusion Information Disclosure Vulnerability (CNVD-2016-07016)

Adobe ColdFusion is the United States of America Audobee Adobe a dynamic Web server products, which runs the CFML ColdFusion Markup Language is a programming language for Web applications. An information disclosure vulnerability exists in Adobe ColdFusion 11 Update 9 and earlier and ColdFusion 10...

8.6CVSS6AI score0.69044EPSS
Exploits7References1
CNVD
CNVD
•added 2016/08/10 12:0 a.m.•35 views

Microsoft Kerberos Elevation of Privilege Vulnerability

Microsoft Windows is the popular computer operating system. Windows Kerberos re-adopts the NTLM Authentication Protocol as the default protocol if a password change request is not handled correctly during a domain account password change, an elevation of privilege vulnerability exists that can be...

7.5CVSS7.2AI score0.17181EPSS
Exploits5References1
CNVD
CNVD
•added 2016/06/24 12:0 a.m.•35 views

Pidgin MXIT Protocol Memory Corruption Vulnerability

Pidgin is a cross-platform real-time communication client that supports several commonly used real-time communication protocols and allows users to log into different real-time communication services with the same software. A memory corruption vulnerability exists in the MXIT protocol processing ...

8.1CVSS7.5AI score0.03228EPSS
Exploits1References1
CNVD
CNVD
•added 2016/02/08 12:0 a.m.•35 views

Claws-Mail 'src/codeconv.c' Stack Buffer Overflow Vulnerability

Claws-Mail is a mail client product based on GTK+ development. Claws-Mail suffers from a stack buffer overflow vulnerability that can be exploited by attackers to conduct denial of service attacks or execute arbitrary code...

7.5CVSS7.7AI score0.02554EPSS
Exploits0References1
Total number of security vulnerabilities5000