Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2017/02/10 12:0 a.m.•34 views

libGD Buffer Overflow Vulnerability

libGD also known as GD Graphics Library or libgd2 is an American software developer Thomas Boutell developed an open source for the dynamic creation of images library, which supports the creation of charts, graphs and thumbnails and so on. A buffer underflow vulnerability exists in libgd. An...

9.8CVSS9.8AI score0.10687EPSS
Exploits0References1
CNVD
CNVD
•added 2017/01/20 12:0 a.m.•34 views

Oracle VM VirtualBox Local Vulnerability

Oracle VM VirtualBox is a cross-platform virtual machine software from Oracle. The software supports running multiple operating systems, creating VM groups, sharing folders, etc. on the same computer. A local security vulnerability exists in Oracle VM VirtualBox versions prior to 5.0.32 and...

7.9CVSS6.5AI score0.00359EPSS
Exploits0References1
CNVD
CNVD
•added 2016/09/13 12:0 a.m.•34 views

Red Hat JBoss Enterprise Application Platform HTTP Header Injection Vulnerability

Red Hat JBoss Enterprise Application Platform EAP is the United States Red Hat Red Hat company's set of open source, J2EE-based middleware platform. The platform is mainly used to build, deploy and host Java applications and services. An HTTP header injection vulnerability exists in Red Hat JBoss...

6.1CVSS7.4AI score0.0256EPSS
Exploits0References1
CNVD
CNVD
•added 2016/08/17 12:0 a.m.•34 views

cracklib Local Stack Buffer Overflow Vulnerability

cracklib is a Unix library that can be used to write password-related programs. A local stack buffer overflow vulnerability exists in the implementation of cracklib, which can be successfully exploited to allow an attacker to execute arbitrary code in the context of an application...

7.8CVSS9.7AI score0.00747EPSS
Exploits0References1
CNVD
CNVD
•added 2016/03/03 12:0 a.m.•34 views

Schneider Electric Building Operation Application Server Operating System Command Injection Vulnerability

Schneider Electric StruxureWare Building Operation Application Server is a set of automation systems for small and medium-sized buildings from the French company Schneider Electric Schneider Electric. An operating system command injection vulnerability exists in Schneider Electric StruxureWare...

9CVSS8AI score0.13426EPSS
Exploits7References1
CNVD
CNVD
•added 2015/07/20 12:0 a.m.•34 views

Siemens SIPROTEC 4 Denial of Service Vulnerability

SIPROTEC 4 and SIPROTEC devices offer a wide range of integrated protection, control, measurement and power substation automation functions; EN100 modules are used to implement IEC 61850 communication. SIPROTEC 4 has been disclosed to have a denial of service vulnerability, which can be exploited...

7.8CVSS9.5AI score0.74323EPSS
Exploits7References1
CNVD
CNVD
•added 2015/04/30 12:0 a.m.•34 views

ZOHO ManageEngine Applications Manager FailOverHelperServlet servlet Information Disclosure Vulnerability

ZOHO ManageEngine Applications Manager is a set of application performance monitoring software from ZOHO. The software allows remote monitoring and management of different business systems, applications and network services e.g. servers, operating systems, etc.. An information disclosure...

7.5CVSS6.2AI score0.83399EPSS
Exploits11References1
CNVD
CNVD
•added 2015/03/25 12:0 a.m.•34 views

cups-filters remove_bad_chars function arbitrary command execution vulnerability

CUPS is a Universal Unix Printing System, a cross-platform printing solution for Unix environments, based on the Internet Printing Protocol, providing most PostScript and raster printer services. A security vulnerability exists in the removebadchars function in cups-filters utils/cups-browsed.c,...

7.5CVSS7.2AI score0.02958EPSS
Exploits1References1
CNVD
CNVD
•added 2015/03/11 12:0 a.m.•34 views

Seagate Business Storage 2-Bay NAS Remote Code Execution Vulnerability

The Seagate Business Storage 2-Bay NAS is an enterprise-class network storage server from Seagate USA. A remote code execution vulnerability exists in the Seagate Business Storage 2-Bay NAS. An attacker can exploit this vulnerability to execute arbitrary code with root privileges, which may also...

10CVSS8.5AI score0.43813EPSS
Exploits7References1
CNVD
CNVD
•added 2024/03/26 12:0 a.m.•33 views

IBM Security Verify Directory Information Disclosure Vulnerability (CNVD-2024-16924)

IBM Security Verify Directory is part of an authentication and access management solution from International Business Machines IBM. An information disclosure vulnerability exists in IBM Security Verify Directory, which can be exploited by an attacker to obtain sensitive information when a detaile...

2.7CVSS6.1AI score0.00508EPSS
Exploits0References1
CNVD
CNVD
•added 2024/03/08 12:0 a.m.•33 views

Foxit PDF Reader and PDF Editor Code Execution Vulnerability

Foxit PDF Reader is a PDF reader.Foxit PDF Editor is a PDF editor. Foxit PDF Reader and PDF Editor code execution vulnerability can be exploited by attackers to execute code on a system...

8.4CVSS7.8AI score0.00205EPSS
Exploits0References1
CNVD
CNVD
•added 2024/02/29 12:0 a.m.•33 views

Adobe Acrobat and Reader Out-of-Bounds Read Vulnerability (CNVD-2024-11665)

Adobe Acrobat Reader is the United States of America Audobee Adobe, a PDF viewer. Adobe Acrobat and Reader has an out-of-bounds read vulnerability that can be exploited by an attacker to obtain sensitive information caused by an out-of-bounds read...

5.5CVSS6AI score0.02336EPSS
Exploits0References1
CNVD
CNVD
•added 2024/02/23 12:0 a.m.•33 views

Microsoft Office Remote Code Execution Vulnerability (CNVD-2024-10429)

Microsoft Office is a suite of office software based on the Windows operating system developed by Microsoft. A remote code execution vulnerability exists in Microsoft Office, which can be exploited by an attacker to execute arbitrary code on a system...

7.8CVSS8.5AI score0.01177EPSS
Exploits0References1
CNVD
CNVD
•added 2024/02/02 12:0 a.m.•33 views

Linux kernel memory misreference vulnerability (CNVD-2024-08085)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from a memory misreference vulnerability that originates from a mix-up in the instruction responsible for freeing memory in the Bluetooth module. An...

7.8CVSS6.5AI score0.00495EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/26 12:0 a.m.•33 views

Google Chrome Security Bypass Vulnerability (CNVD-2024-10241)

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome version 121.0.6167.85 and earlier versions due to an improper implementation in an accessibility feature. An attacker can exploit the vulnerability to bypass security...

8.8CVSS6.8AI score0.00481EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/26 12:0 a.m.•33 views

Security Bypass Vulnerability in Multiple Mozilla Products (CNVD-2024-10443)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A...

8.8CVSS6.9AI score0.00837EPSS
Exploits0References1
CNVD
CNVD
•added 2024/01/10 12:0 a.m.•33 views

Siemens JT2Go and Teamcenter Visualization Buffer Overflow Vulnerability (CNVD-2024-01390)

JT2Go is a JT file viewer.Teamcenter Visualization is a software that provides teamwork capabilities for designing 2D and 3D scenarios. A buffer overflow vulnerability exists in Siemens JT2Go and Teamcenter Visualization, which can be exploited by an attacker to execute code in the context of the...

7.8CVSS7.6AI score0.00264EPSS
Exploits0References1
CNVD
CNVD
•added 2023/11/15 12:0 a.m.•33 views

Microsoft .NET DLL Hijacking Remote Code Execution Vulnerability

Microsoft .NET Core is a free open source development platform from Microsoft USA. The platform features multi-language support and cross-platform. NET has a DLL hijacking remote code execution vulnerability that can be exploited by an attacker to remotely execute code...

7.8CVSS7.8AI score0.01531EPSS
Exploits0References1
CNVD
CNVD
•added 2023/11/01 12:0 a.m.•33 views

F5 BIG-IP Remote Code Execution Vulnerability (CNVD-2023-82300)

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. F5 BIG-IP suffers from a remote code execution vulnerability caused by a configuration utility authentication bypass flaw. An...

9.8CVSS8.6AI score0.96515EPSS
Exploits17References1
CNVD
CNVD
•added 2023/10/17 12:0 a.m.•33 views

Adobe Commerce SQL Injection Vulnerability

Adobe Commerce is the United States of America Odobie Adobe company's a kind of merchants and brands for the world's leading digital commerce solutions. A SQL injection vulnerability exists in Adobe Commerce prior to version 2.4.7, which stems from the application's lack of validation of external...

8CVSS8AI score0.00829EPSS
Exploits0References1
CNVD
CNVD
•added 2023/09/15 12:0 a.m.•33 views

Microsoft Exchange Server Remote Code Execution Vulnerability (CNVD-2023-72224)

Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. A remote code execution vulnerability exists in Microsoft Exchange Server, which can be exploited...

8CVSS8.3AI score0.81138EPSS
Exploits1References1
CNVD
CNVD
•added 2023/09/15 12:0 a.m.•33 views

Microsoft Exchange Server Remote Code Execution Vulnerability (CNVD-2023-72227)

Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. A remote code execution vulnerability exists in Microsoft Exchange Server, which can be exploited...

8CVSS8.3AI score0.81713EPSS
Exploits0References1
CNVD
CNVD
•added 2023/09/11 12:0 a.m.•33 views

Linux kernel elevation of privilege vulnerability (CNVD-2023-70080)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from an elevation of privilege vulnerability that can be exploited by an attacker to cause a local elevation of privilege...

7.8CVSS6.4AI score0.00549EPSS
Exploits1References1
CNVD
CNVD
•added 2023/09/11 12:0 a.m.•33 views

Linux kernel elevation of privilege vulnerability (CNVD-2023-70083)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from an elevation of privilege vulnerability that can be exploited by an attacker to cause a local elevation of privilege...

7.8CVSS6.4AI score0.00218EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/31 12:0 a.m.•33 views

Google Chrome MediaStream Memory Misreference Vulnerability (CNVD-2023-69036)

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in Google Chrome MediaStream. An attacker can exploit this vulnerability to execute arbitrary code on the system or cause an application to crash...

8.8CVSS7.5AI score0.0088EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/17 12:0 a.m.•33 views

Google Chrome Audio memory misreference vulnerability (CNVD-2023-65151)

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 116.0.5845.96, which stems from a mix-up in instructions responsible for freeing memory in Audio. A remote attacker can exploit this vulnerability to...

8.8CVSS6.5AI score0.00829EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/12 12:0 a.m.•33 views

Microsoft Excel Remote Code Execution Vulnerability (CNVD-2023-64864)

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A remote code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...

7.8CVSS8.2AI score0.01084EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/12 12:0 a.m.•33 views

Microsoft Office Visio Remote Code Execution Vulnerability (CNVD-2023-85902)

Microsoft Office Visio is responsible for drawing flowcharts and schematic diagrams in the Office software series of the American Microsoft Microsoft company. A remote code execution vulnerability exists in Microsoft Office Visio, which can be exploited by an attacker to execute arbitrary code on...

7.8CVSS8.2AI score0.01074EPSS
Exploits0References1
CNVD
CNVD
•added 2023/08/06 12:0 a.m.•33 views

Google Chrome Code Execution Vulnerability (CNVD-2023-63464)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that is caused by use after release in Blink Task Scheduling. An attacker can exploit this vulnerability to execute arbitrary code on the system or cause an application to...

8.8CVSS7.9AI score0.0112EPSS
Exploits0References1
CNVD
CNVD
•added 2023/07/10 12:0 a.m.•33 views

Cisco Webex Meetings Cross-Site Scripting Vulnerability (CNVD-2023-62934)

Cisco Webex Meetings is a set of video conferencing solutions from Cisco USA. Cisco Webex Meetings suffers from a cross-site scripting vulnerability that stems from a lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to execute arbitrary Web...

4.9CVSS6.3AI score0.00644EPSS
Exploits0
CNVD
CNVD
•added 2023/07/10 12:0 a.m.•33 views

Milesight UR32L vtysh_ubus toolsh_excute.constprop.1 Functional Command Injection Vulnerability

The Milesight UR32L is a 4G industrial router from China's Milesight. The Milesight UR32L vtyshubus toolshexcute.constprop.1 feature suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands on the system...

8.8CVSS8.2AI score0.036EPSS
Exploits1References1
CNVD
CNVD
•added 2023/07/10 12:0 a.m.•33 views

Food Ordering System SQL Injection Vulnerability

Food Ordering System is a food ordering system. A SQL injection vulnerability exists in Food Ordering System v1.0 due to a lack of validation of the id parameter against externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL commands to steal sensitiv...

7.2CVSS8.3AI score0.00897EPSS
Exploits1References1
CNVD
CNVD
•added 2023/06/14 12:0 a.m.•33 views

Linux kernel resource management error vulnerability (CNVD-2023-51381)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux Kernel that originates from a confusion in the instructions responsible for freeing memory in driver/firewire in the...

6.7CVSS6.9AI score0.00228EPSS
Exploits0References1
CNVD
CNVD
•added 2023/06/01 12:0 a.m.•33 views

IBM Global Security Kit Encryption Issues Vulnerability

IBM Global Security Kit is a library and utility program for SSL or TLS communications from International Business Machines IBM. The IBM Global Security Kit suffers from a cryptographic issue vulnerability that stems from a time-based side-channel in the RSA decryption implementation, which could...

7.5CVSS6.2AI score0.00925EPSS
Exploits0References1
CNVD
CNVD
•added 2023/05/31 12:0 a.m.•33 views

Google Chrome PDF component memory misreference vulnerability (CNVD-2023-46113)

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in the Google Chrome PDF component, which can be exploited by an attacker to execute arbitrary code on the system or cause an application to crash...

8.8CVSS7.6AI score0.00918EPSS
Exploits0References1
CNVD
CNVD
•added 2023/05/30 12:0 a.m.•33 views

Apache Sling Input Validation Error Vulnerability

Apache Sling is the United States Apache Apache Foundation of a Java platform for open source Web framework. Designed to comply with JSR-170 content repository such as Apache Jackrabbit to create content-centric applications. An input validation error vulnerability exists in Apache Sling Commons...

7.5CVSS6.7AI score0.02187EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2023/05/30 12:0 a.m.•33 views

Wireshark infinite loop vulnerability (CNVD-2023-62291)

Wireshark is a popular and influential open source protocol analyzer , often used in network troubleshooting , protocol development and teaching , etc., which supports a variety of protocols and data formats . Wireshark has a security vulnerability that can be exploited by an attacker to conduct ...

7.5CVSS6.7AI score0.01592EPSS
Exploits1References1
CNVD
CNVD
•added 2023/05/25 12:0 a.m.•33 views

SQLite Code Injection Vulnerability

SQLite is a lightweight database that is ACID compliant relational database management system. A code injection vulnerability exists in SQLite JDBC that stems from a remote code execution vulnerability. No detailed vulnerability details are provided at this time...

9.8CVSS8.2AI score0.01592EPSS
Exploits0References1
CNVD
CNVD
•added 2023/05/23 12:0 a.m.•33 views

TP-Link Archer VR1600V Command Injection Vulnerability

The TP-Link Archer VR1600V is a wireless modem from China P&L TP-LINK. The TP-Link Archer VR1600V suffers from a command injection vulnerability that stems from the application failing to properly filter constructed command special characters, commands, etc. An attacker could exploit the...

6.7CVSS7.4AI score0.01756EPSS
Exploits2References1
CNVD
CNVD
•added 2023/05/17 12:0 a.m.•33 views

Linux kernel number error vulnerability (CNVD-2023-48544)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel version 6.2, which stems from a divide-by-zero error in dodiv indirectly used by ctrlcdevioctl when mtd erasesize is zero. An...

5.5CVSS6.3AI score0.00379EPSS
Exploits0References1
CNVD
CNVD
•added 2023/04/23 12:0 a.m.•33 views

Google Android elevation of privilege vulnerability (CNVD-2023-55366)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that stems from improper privilege management in the onNullBinding of the CallScreeningServiceHelper.java component, which can be exploited by an attacker ...

7.8CVSS6.8AI score0.00092EPSS
Exploits0References1
CNVD
CNVD
•added 2023/04/16 12:0 a.m.•33 views

answer information disclosure vulnerability (CNVD-2023-29790)

answer is an open source knowledge-based community software. An information disclosure vulnerability exists in versions of answer prior to 1.0.8. The vulnerability stems from the fact that when a user uploads his logo, the EXIF geolocation data of the uploaded image is not stripped. An attacker...

5.6AI score0.00586EPSS
Exploits1Affected Software1
CNVD
CNVD
•added 2023/04/07 12:0 a.m.•33 views

Google Chrome Picture In Picture Security Bypass Vulnerability

Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome Picture In Picture, which stems from an incorrect security UI in Picture In Picture. An attacker can exploit this vulnerability to bypass security restrictions...

6.5CVSS6.6AI score0.00847EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/29 12:0 a.m.•33 views

Google TensorFlow Buffer Overflow Vulnerability (CNVD-2023-43888)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from a buffer overflow vulnerability that originates from a boundary error in TAvgPoolGrad when handling untrusted input. A remote attacker could exploit the...

9.8CVSS8.2AI score0.00415EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/16 12:0 a.m.•33 views

Siemens Tecnomatix Plant Simulation Out-of-Bounds Write Vulnerability (CNVD-2023-18930)

Siemens Tecnomatix Plant Simulation is an industrial control device from Siemens, Germany. Using the function of discrete event simulation for production volume analysis and optimization, and thus improve the manufacturing system performance. A security vulnerability exists in Siemens Tecnomatix...

7.8CVSS7.7AI score0.00223EPSS
Exploits0References1
CNVD
CNVD
•added 2023/03/13 12:0 a.m.•33 views

Google Chrome Navigation component code issue vulnerability

Google Chrome is a web browser from Google, an American company. A code issue vulnerability exists in versions prior to Google Chrome 111.0.5563.64, which stems from a weak policy enforcement issue in the Navigation component. A remote attacker can exploit the vulnerability to bypass the...

4.3CVSS6AI score0.00362EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/21 12:0 a.m.•33 views

Dell BIOS Input Validation Error Vulnerability (CNVD-2023-14507)

Dell BIOS is embedded software on a small memory chip on a computer motherboard from Dell USA.Dell BIOS is vulnerable to an input validation error. An authenticated local malicious user can execute arbitrary code in SMRAM by using SMI. A remote attacker could exploit the vulnerability by sending ...

7.8CVSS1.9AI score0.002EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/21 12:0 a.m.•33 views

Dell BIOS Input Validation Error Vulnerability (CNVD-2023-14506)

Dell BIOS is embedded software on a small memory chip on a computer motherboard from Dell, U.S.A. An input validation error vulnerability exists in Dell BIOS, which stems from incorrect input validation. An attacker could use the SMI Serial Interface to execute arbitrary code in SMRAM...

7.5CVSS4.3AI score0.00205EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/17 12:0 a.m.•33 views

Adobe Photoshop Out-of-Bounds Read Vulnerability (CNVD-2023-17045)

Adobe Photoshop is a set of image processing software from the American company Audobee Adobe. The software is mainly used for processing pictures. Adobe Photoshop suffers from an out-of-bounds read vulnerability that stems from a lack of proper validation of user-supplied data, where specially...

5.5CVSS6AI score0.00313EPSS
Exploits0References1
CNVD
CNVD
•added 2023/02/14 12:0 a.m.•33 views

Siemens RUGGEDCOM APE1808 Product Family Competitive Conditions Vulnerability (CNVD-2023-09125)

RUGGEDCOM APE1808 is a utility-level application hosting platform that allows you to deploy a range of commercial applications for edge computing and network security in harsh industrial environments.A competitive condition vulnerability exists in the Siemens RUGGEDCOM APE1808 product family, whi...

7CVSS2.2AI score0.00132EPSS
Exploits0References1
Total number of security vulnerabilities5000