131102 matches found
libGD Buffer Overflow Vulnerability
libGD also known as GD Graphics Library or libgd2 is an American software developer Thomas Boutell developed an open source for the dynamic creation of images library, which supports the creation of charts, graphs and thumbnails and so on. A buffer underflow vulnerability exists in libgd. An...
Oracle VM VirtualBox Local Vulnerability
Oracle VM VirtualBox is a cross-platform virtual machine software from Oracle. The software supports running multiple operating systems, creating VM groups, sharing folders, etc. on the same computer. A local security vulnerability exists in Oracle VM VirtualBox versions prior to 5.0.32 and...
Red Hat JBoss Enterprise Application Platform HTTP Header Injection Vulnerability
Red Hat JBoss Enterprise Application Platform EAP is the United States Red Hat Red Hat company's set of open source, J2EE-based middleware platform. The platform is mainly used to build, deploy and host Java applications and services. An HTTP header injection vulnerability exists in Red Hat JBoss...
cracklib Local Stack Buffer Overflow Vulnerability
cracklib is a Unix library that can be used to write password-related programs. A local stack buffer overflow vulnerability exists in the implementation of cracklib, which can be successfully exploited to allow an attacker to execute arbitrary code in the context of an application...
Schneider Electric Building Operation Application Server Operating System Command Injection Vulnerability
Schneider Electric StruxureWare Building Operation Application Server is a set of automation systems for small and medium-sized buildings from the French company Schneider Electric Schneider Electric. An operating system command injection vulnerability exists in Schneider Electric StruxureWare...
Siemens SIPROTEC 4 Denial of Service Vulnerability
SIPROTEC 4 and SIPROTEC devices offer a wide range of integrated protection, control, measurement and power substation automation functions; EN100 modules are used to implement IEC 61850 communication. SIPROTEC 4 has been disclosed to have a denial of service vulnerability, which can be exploited...
ZOHO ManageEngine Applications Manager FailOverHelperServlet servlet Information Disclosure Vulnerability
ZOHO ManageEngine Applications Manager is a set of application performance monitoring software from ZOHO. The software allows remote monitoring and management of different business systems, applications and network services e.g. servers, operating systems, etc.. An information disclosure...
cups-filters remove_bad_chars function arbitrary command execution vulnerability
CUPS is a Universal Unix Printing System, a cross-platform printing solution for Unix environments, based on the Internet Printing Protocol, providing most PostScript and raster printer services. A security vulnerability exists in the removebadchars function in cups-filters utils/cups-browsed.c,...
Seagate Business Storage 2-Bay NAS Remote Code Execution Vulnerability
The Seagate Business Storage 2-Bay NAS is an enterprise-class network storage server from Seagate USA. A remote code execution vulnerability exists in the Seagate Business Storage 2-Bay NAS. An attacker can exploit this vulnerability to execute arbitrary code with root privileges, which may also...
IBM Security Verify Directory Information Disclosure Vulnerability (CNVD-2024-16924)
IBM Security Verify Directory is part of an authentication and access management solution from International Business Machines IBM. An information disclosure vulnerability exists in IBM Security Verify Directory, which can be exploited by an attacker to obtain sensitive information when a detaile...
Foxit PDF Reader and PDF Editor Code Execution Vulnerability
Foxit PDF Reader is a PDF reader.Foxit PDF Editor is a PDF editor. Foxit PDF Reader and PDF Editor code execution vulnerability can be exploited by attackers to execute code on a system...
Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability (CNVD-2024-11665)
Adobe Acrobat Reader is the United States of America Audobee Adobe, a PDF viewer. Adobe Acrobat and Reader has an out-of-bounds read vulnerability that can be exploited by an attacker to obtain sensitive information caused by an out-of-bounds read...
Microsoft Office Remote Code Execution Vulnerability (CNVD-2024-10429)
Microsoft Office is a suite of office software based on the Windows operating system developed by Microsoft. A remote code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to execute arbitrary code on a system...
Linux kernel memory misreference vulnerability (CNVD-2024-08085)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from a memory misreference vulnerability that originates from a mix-up in the instruction responsible for freeing memory in the Bluetooth module. An...
Google Chrome Security Bypass Vulnerability (CNVD-2024-10241)
Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome version 121.0.6167.85 and earlier versions due to an improper implementation in an accessibility feature. An attacker can exploit the vulnerability to bypass security...
Security Bypass Vulnerability in Multiple Mozilla Products (CNVD-2024-10443)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A...
Siemens JT2Go and Teamcenter Visualization Buffer Overflow Vulnerability (CNVD-2024-01390)
JT2Go is a JT file viewer.Teamcenter Visualization is a software that provides teamwork capabilities for designing 2D and 3D scenarios. A buffer overflow vulnerability exists in Siemens JT2Go and Teamcenter Visualization, which can be exploited by an attacker to execute code in the context of the...
Microsoft .NET DLL Hijacking Remote Code Execution Vulnerability
Microsoft .NET Core is a free open source development platform from Microsoft USA. The platform features multi-language support and cross-platform. NET has a DLL hijacking remote code execution vulnerability that can be exploited by an attacker to remotely execute code...
F5 BIG-IP Remote Code Execution Vulnerability (CNVD-2023-82300)
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. F5 BIG-IP suffers from a remote code execution vulnerability caused by a configuration utility authentication bypass flaw. An...
Adobe Commerce SQL Injection Vulnerability
Adobe Commerce is the United States of America Odobie Adobe company's a kind of merchants and brands for the world's leading digital commerce solutions. A SQL injection vulnerability exists in Adobe Commerce prior to version 2.4.7, which stems from the application's lack of validation of external...
Microsoft Exchange Server Remote Code Execution Vulnerability (CNVD-2023-72224)
Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. A remote code execution vulnerability exists in Microsoft Exchange Server, which can be exploited...
Microsoft Exchange Server Remote Code Execution Vulnerability (CNVD-2023-72227)
Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. A remote code execution vulnerability exists in Microsoft Exchange Server, which can be exploited...
Linux kernel elevation of privilege vulnerability (CNVD-2023-70080)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from an elevation of privilege vulnerability that can be exploited by an attacker to cause a local elevation of privilege...
Linux kernel elevation of privilege vulnerability (CNVD-2023-70083)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from an elevation of privilege vulnerability that can be exploited by an attacker to cause a local elevation of privilege...
Google Chrome MediaStream Memory Misreference Vulnerability (CNVD-2023-69036)
Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in Google Chrome MediaStream. An attacker can exploit this vulnerability to execute arbitrary code on the system or cause an application to crash...
Google Chrome Audio memory misreference vulnerability (CNVD-2023-65151)
Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 116.0.5845.96, which stems from a mix-up in instructions responsible for freeing memory in Audio. A remote attacker can exploit this vulnerability to...
Microsoft Excel Remote Code Execution Vulnerability (CNVD-2023-64864)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A remote code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...
Microsoft Office Visio Remote Code Execution Vulnerability (CNVD-2023-85902)
Microsoft Office Visio is responsible for drawing flowcharts and schematic diagrams in the Office software series of the American Microsoft Microsoft company. A remote code execution vulnerability exists in Microsoft Office Visio, which can be exploited by an attacker to execute arbitrary code on...
Google Chrome Code Execution Vulnerability (CNVD-2023-63464)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that is caused by use after release in Blink Task Scheduling. An attacker can exploit this vulnerability to execute arbitrary code on the system or cause an application to...
Cisco Webex Meetings Cross-Site Scripting Vulnerability (CNVD-2023-62934)
Cisco Webex Meetings is a set of video conferencing solutions from Cisco USA. Cisco Webex Meetings suffers from a cross-site scripting vulnerability that stems from a lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to execute arbitrary Web...
Milesight UR32L vtysh_ubus toolsh_excute.constprop.1 Functional Command Injection Vulnerability
The Milesight UR32L is a 4G industrial router from China's Milesight. The Milesight UR32L vtyshubus toolshexcute.constprop.1 feature suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands on the system...
Food Ordering System SQL Injection Vulnerability
Food Ordering System is a food ordering system. A SQL injection vulnerability exists in Food Ordering System v1.0 due to a lack of validation of the id parameter against externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL commands to steal sensitiv...
Linux kernel resource management error vulnerability (CNVD-2023-51381)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux Kernel that originates from a confusion in the instructions responsible for freeing memory in driver/firewire in the...
IBM Global Security Kit Encryption Issues Vulnerability
IBM Global Security Kit is a library and utility program for SSL or TLS communications from International Business Machines IBM. The IBM Global Security Kit suffers from a cryptographic issue vulnerability that stems from a time-based side-channel in the RSA decryption implementation, which could...
Google Chrome PDF component memory misreference vulnerability (CNVD-2023-46113)
Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in the Google Chrome PDF component, which can be exploited by an attacker to execute arbitrary code on the system or cause an application to crash...
Apache Sling Input Validation Error Vulnerability
Apache Sling is the United States Apache Apache Foundation of a Java platform for open source Web framework. Designed to comply with JSR-170 content repository such as Apache Jackrabbit to create content-centric applications. An input validation error vulnerability exists in Apache Sling Commons...
Wireshark infinite loop vulnerability (CNVD-2023-62291)
Wireshark is a popular and influential open source protocol analyzer , often used in network troubleshooting , protocol development and teaching , etc., which supports a variety of protocols and data formats . Wireshark has a security vulnerability that can be exploited by an attacker to conduct ...
SQLite Code Injection Vulnerability
SQLite is a lightweight database that is ACID compliant relational database management system. A code injection vulnerability exists in SQLite JDBC that stems from a remote code execution vulnerability. No detailed vulnerability details are provided at this time...
TP-Link Archer VR1600V Command Injection Vulnerability
The TP-Link Archer VR1600V is a wireless modem from China P&L TP-LINK. The TP-Link Archer VR1600V suffers from a command injection vulnerability that stems from the application failing to properly filter constructed command special characters, commands, etc. An attacker could exploit the...
Linux kernel number error vulnerability (CNVD-2023-48544)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel version 6.2, which stems from a divide-by-zero error in dodiv indirectly used by ctrlcdevioctl when mtd erasesize is zero. An...
Google Android elevation of privilege vulnerability (CNVD-2023-55366)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that stems from improper privilege management in the onNullBinding of the CallScreeningServiceHelper.java component, which can be exploited by an attacker ...
answer information disclosure vulnerability (CNVD-2023-29790)
answer is an open source knowledge-based community software. An information disclosure vulnerability exists in versions of answer prior to 1.0.8. The vulnerability stems from the fact that when a user uploads his logo, the EXIF geolocation data of the uploaded image is not stripped. An attacker...
Google Chrome Picture In Picture Security Bypass Vulnerability
Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome Picture In Picture, which stems from an incorrect security UI in Picture In Picture. An attacker can exploit this vulnerability to bypass security restrictions...
Google TensorFlow Buffer Overflow Vulnerability (CNVD-2023-43888)
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from a buffer overflow vulnerability that originates from a boundary error in TAvgPoolGrad when handling untrusted input. A remote attacker could exploit the...
Siemens Tecnomatix Plant Simulation Out-of-Bounds Write Vulnerability (CNVD-2023-18930)
Siemens Tecnomatix Plant Simulation is an industrial control device from Siemens, Germany. Using the function of discrete event simulation for production volume analysis and optimization, and thus improve the manufacturing system performance. A security vulnerability exists in Siemens Tecnomatix...
Google Chrome Navigation component code issue vulnerability
Google Chrome is a web browser from Google, an American company. A code issue vulnerability exists in versions prior to Google Chrome 111.0.5563.64, which stems from a weak policy enforcement issue in the Navigation component. A remote attacker can exploit the vulnerability to bypass the...
Dell BIOS Input Validation Error Vulnerability (CNVD-2023-14507)
Dell BIOS is embedded software on a small memory chip on a computer motherboard from Dell USA.Dell BIOS is vulnerable to an input validation error. An authenticated local malicious user can execute arbitrary code in SMRAM by using SMI. A remote attacker could exploit the vulnerability by sending ...
Dell BIOS Input Validation Error Vulnerability (CNVD-2023-14506)
Dell BIOS is embedded software on a small memory chip on a computer motherboard from Dell, U.S.A. An input validation error vulnerability exists in Dell BIOS, which stems from incorrect input validation. An attacker could use the SMI Serial Interface to execute arbitrary code in SMRAM...
Adobe Photoshop Out-of-Bounds Read Vulnerability (CNVD-2023-17045)
Adobe Photoshop is a set of image processing software from the American company Audobee Adobe. The software is mainly used for processing pictures. Adobe Photoshop suffers from an out-of-bounds read vulnerability that stems from a lack of proper validation of user-supplied data, where specially...
Siemens RUGGEDCOM APE1808 Product Family Competitive Conditions Vulnerability (CNVD-2023-09125)
RUGGEDCOM APE1808 is a utility-level application hosting platform that allows you to deploy a range of commercial applications for edge computing and network security in harsh industrial environments.A competitive condition vulnerability exists in the Siemens RUGGEDCOM APE1808 product family, whi...