131102 matches found
Tenda AX1803 TendaAteMode Function Cross-Site Request Forgery Vulnerability
The Tenda AX1803 is a dual-band Gigabit WIFI6 router. A cross-site request forgery vulnerability exists in the Tenda AX1803 firmware, version USAX1803v2.0brv1.0.0.12994CNZGYD014, which exists in the /bin/tdhttpd file TendaAteMode function/goform/ateMode page, which can be exploited by an attacker...
Microsoft Windows DHCP Client privilege elevation vulnerability
Microsoft Windows is a set of operating systems for personal devices from Microsoft Corporation USA.An elevation of privilege vulnerability exists in Microsoft Windows DHCP Client, which stems from improper privilege assignment in the application and can be exploited by an attacker to cause an...
Microsoft Windows Storage Elevation of Privilege Vulnerability
Microsoft Windows Storage is an elevation of privilege vulnerability in Microsoft Windows Storage, which results from the improper assignment of privileges to applications and can be exploited by attackers to cause an elevation of privilege...
Microsoft Windows Event Logging Service Denial of Service Vulnerability
A denial of service vulnerability exists in Microsoft Windows Event Logging Service, an operating system used by Microsoft for personal devices. The vulnerability stems from a failure to properly handle incoming error messages, and an attacker could exploit the vulnerability to cause a denial of...
SAP 3D Visual Enterprise Author .sldprt Buffer Overflow Vulnerability
SAP 3D Visual Enterprise Author is a desktop application for managing 2D, 3D, animation, video and audio assets from SAP. A buffer overflow vulnerability exists in SAP 3D Visual Enterprise Author version 9, which stems from a lack of proper memory management and can be exploited by an attacker to...
Dapr Dashboard Access Control Error Vulnerability
Dapr Dashboard is a web-based user interface for Dapr that allows users to view information, view logs of running Dapr applications, components, configurations, etc. Dapr Dashboard 0.1.0 and later, 0.10.0 and earlier versions have an access control error vulnerability that stems from the existenc...
ISC DHCP Buffer Overflow Vulnerability
ISC DHCP is a set of open source Dynamic Host Configuration Protocol server software from ISC. ISC DHCP has a buffer overflow vulnerability that stems from the lack of validation of the DHCP server's system for the length of DHCP packets tagged with fqdn, which can be exploited by attackers to...
Multiple MediaTek chip denial of service vulnerabilities
MediaTek Inc. is the world's fourth largest fab semiconductor company and a market leader in mobile devices, smart home applications, wireless connectivity technologies and IoT products, with approximately 1.5 billion devices with MediaTek chips built into them hitting the market around the world...
Discourse File Upload Vulnerability
Discourse is an open source community discussion platform. The platform includes community, email, and chat room features.A file upload vulnerability exists in versions of Discourse prior to 2.8.9 and prior to 2.9.0.beta10, which stems from a lack of valid validation of uploaded files by the...
Sony PlayStation Buffer Overflow Vulnerability
The Sony PlayStation is a series of home game consoles from the Japanese company Sony Sony. A buffer overflow vulnerability exists in Sony PS4 and PS5, which stems from a lack of length validation of the parameter dataLength parameter and can be exploited by an attacker to launch an attack agains...
Zammad Access Control Error Vulnerability (CNVD-2022-66765)
Zammad is a suite of ticket management software from the German company Zammad. An access control error vulnerability exists in Zammad version 5.2.1. The vulnerability stems from faulty access control in the program, where Zammad's asset handling mechanism has logic that ensures that client users...
Insyde InsydeH2O Elevation of Privilege Vulnerability
Insyde InsydeH2O is a C language source from Insyde Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the traditional BIOS Basic Input/Output System. Insyde An elevation of privilege vulnerability exists in InsydeH2O, which stems from an SMM memory...
Apache Pulsar Trust Management Issue Vulnerability
Apache Pulsar is an Apache Foundation distributed messaging platform for cloud environments that integrates messaging, storage, and lightweight functional computing. The software supports multi-tenancy, persistent storage, multi-room cross-regional data replication, and highly scalable streaming...
Apache XML Graphics Batik Server-Side Request Forgery Vulnerability (CNVD-2022-73690)
Apache XML Graphics Batik is a Java-based application from the Apache Foundation that is primarily used to process images in SVG format. Apache XML Graphics Batik is vulnerable to server-side request forgery, which is caused by a flaw when calling the fop function. An attacker could exploit the...
Apache XML Graphics Batik Server-Side Request Forgery Vulnerability (CNVD-2022-73693)
Apache XML Graphics Batik is a Java-based application from the Apache Foundation that is primarily used to process images in SVG format.A server-side request forgery vulnerability exists in Apache XML Graphics Batik due to a flaw in the A flaw in the DefaultExternalResourceSecurity function cause...
Adobe InDesign out-of-bounds read vulnerability (CNVD-2022-79418)
Adobe InDesign, a set of typesetting and editing applications from Adobe, has an out-of-bounds read vulnerability that could be exploited by attackers to cause a sensitive memory leak...
Microsoft Dynamics CRM Remote Code Execution Vulnerability
Microsoft Dynamics is a suite of ERP business solutions for multinational organizations from Microsoft USA. The product includes financial management, production management and business intelligence management. A security vulnerability exists in Microsoft Dynamics. No details of the vulnerability...
Enlightenment Elevation of Privilege Vulnerability (CNVD-2022-63641)
Enlightenment is a window manager program, and an elevation of privilege vulnerability exists in Enlightenment, which can be exploited to elevate to root privileges...
Siemens Simcenter Femap and Parasolid Out-of-Bounds Reading Vulnerability (CNVD-2022-62993)
Parasolid is a 3D geometric modeling tool that supports a variety of techniques, including solid modeling, direct editing, and free-form/sheet modeling.Simcenter Femap is an advanced simulation application for creating, editing, and examining finite element models of complex products or...
Huawei HarmonyOS iAware module malicious application control vulnerability
Huawei HarmonyOS is an operating system from Huawei, China. It provides a microkernel-based, fully distributed operating system. The Huawei HarmonyOS iAware module is vulnerable to a malicious application control vulnerability that could be exploited to cause malicious applications to boot and...
Huawei HarmonyOS Misconfiguration Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. A configuration error vulnerability exists in Huawei HarmonyOS, which stems from a configuration flaw in the security OS module. An attacker could exploit this vulnerability to cause confidentiality to be compromised...
Huawei HarmonyOS HwChrService module licensing issue vulnerability
Huawei HarmonyOS is an operating system from Huawei, a Chinese company that provides a microkernel-based, fully distributed operating system. Huawei HarmonyOS is vulnerable to an authorization issue stemming from improper privilege management in the HwChrService module, which could be exploited b...
Vim Resource Management Error Vulnerability (CNVD-2022-68085)
Vim is a cross-platform text editor, and a security vulnerability exists in versions prior to Vim 9.0.0321, which stems from a confusion in the instruction responsible for freeing memory in the qfbufaddline function. An attacker could use this vulnerability to cause a crash, arbitrary code...
Google Android Elevation of Privilege Vulnerability (CNVD-2022-61747)
Google Android is a Linux-based open source operating system from Google, Inc. An elevation of privilege vulnerability exists in Google Android, which is caused by AvatarPhotoController.java,. By sending a build request, an attacker can exploit this vulnerability to gain elevated privileges...
Adobe Acrobat Reader Input Validation Error Vulnerability (CNVD-2022-58462)
Adobe Acrobat Reader is a PDF viewer from Adobe. The software is used to print, sign, and annotate PDFs. Adobe Acrobat Reader is vulnerable to an input validation error, which stems from improper input validation. An attacker could exploit this vulnerability to execute arbitrary code...
Adobe FrameMaker Resource Management Error Vulnerability (CNVD-2022-58406)
Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. A resource management error vulnerability exists in Adobe FrameMaker. An attacker could exploit this vulnerability...
Google Android elevation of privilege vulnerability (CNVD-2022-65640)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability. The vulnerability stems from incorrect programmatic calls to high-level native procedures. An attacker can exploit this vulnerability to gain elevated...
F5 BIG-IP TLS 1.3 iRule null pointer dereference vulnerability
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A null pointer dereference vulnerability exists in the F5 BIG-IP TLS 1.3 iRule, which sources when a TLS 1.3 enabled LTM clie...
Apache Calcite Code Injection Vulnerability
Apache Calcite is an open source framework from the US Apache Apache Foundation for building databases and data management systems. A code injection vulnerability exists in the Apache Calcite Avatica JDBC driver, which stems from the fact that classes are not verified to implement the expected...
SAP SuccessFactors Elevation of Privilege Vulnerability
SAP SuccessFactors is a cloud-based hcm software application from SAP, Germany. SAP SuccessFactors suffers from an elevation of privilege vulnerability that stems from an application endpoint misconfiguration. An attacker could use the vulnerability to elevate privileges and read or write...
Cisco Small Business Buffer Overflow Vulnerability
Cisco Small Business is a switch from Cisco, U.S.A. A buffer overflow vulnerability exists in Cisco Small Business RV110W, RV130, RV130W, RV215W Routers, which stems from insufficient validation of user fields in incoming HTTP packets. An attacker could use this vulnerability to execute arbitrary...
SAP NetWeaver Enterprise Portal Cross-Site Scripting Vulnerability (CNVD-2022-56941)
SAP NetWeaver Enterprise Portal is a web front-end component of SAP NetWeaver. A cross-site scripting vulnerability exists in SAP NetWeaver Enterprise Portal, which can be exploited by attackers to view or modify information...
SAP BusinessObjects Business Intelligence Platform授权问题漏洞
SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP Germany. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and quickly...
Oracle MySQL Cluster Input Validation Error Vulnerability (CNVD-2022-54638)
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. An input validation error vulnerability exists in Oracle MySQL Cluster 8.0.29 and earlier versions, which originates from an input validation error i...
SAP NetWeaver Portal Cross-Site Scripting Vulnerability (CNVD-2022-56965)
SAP NetWeaver Portal is a component of SAP NetWeaver architecture from SAP Germany. A cross-site scripting vulnerability exists in SAP NetWeaver Portal versions 7.30, 7.31, 7.40, and 7.50, which stems from a failure to adequately validate user-controlled input, and which can be exploited by an...
IBM QRadar SIEM Denial of Service Vulnerability (CNVD-2022-56976)
IBM QRadar SIEM is a U.S.-based solution from IBM that leverages security intelligence to protect assets and information from advanced threats. The solution provides monitoring of the entire scope of the IT architecture, generating detailed reports on data access and user activity, etc. A...
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-56597)
Microsoft Azure Site Recovery is a site recovery DRaaS from Microsoft Corporation USA. Microsoft Azure Site Recovery has an elevation of privilege vulnerability, and no details of the vulnerability are available...
WordPress Maintenance Mode
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Maintenance Mode...
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-57195)
Microsoft Azure Site Recovery is a site recovery DRaaS from the U.S. company Microsoft for cloud and hybrid cloud architectures. Microsoft Azure Site Recovery has an elevation of privilege vulnerability that could be exploited by an attacker to gain elevated privileges on the system...
csm path traversal vulnerability
csm is a csm-aut open source automation and orchestration framework for IOS-XR devices. csm 3.5 and earlier versions have a path traversal vulnerability that stems from a failure of Flask's sendfile function to properly filter special elements in a resource or file path, which can be exploited by...
evoting path traversal vulnerability
evoting is an e-voting application open sourced by Idayrus Studio in Indonesia. evoting versions prior to 2022-05-08 contain a path traversal vulnerability that stems from a failure of the Flask sendfile function to properly filter special elements in a resource or file path, which could be...
Jenkins Google Login authorization issue vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins Google Login has an authorizati...
Multiple MediaTek Chip Modem 2G RRs suffer from out-of-bounds write vulnerability
MediaTek Inc. is the world's fourth largest fab-based semiconductor company and a leader in the markets of mobile terminals, smart home applications, wireless connectivity and Internet of Things IoT products, with approximately 1.5 billion units of end products with built-in MediaTek chips hittin...
JFrog Artifactory Cross-Site Scripting Vulnerability
JFrog Artifactory is an open source general-purpose Artifact repository manager from Israel-based JFrog that supports clustering and high-availability Docker registries and provides an end-to-end solution for tracking artifact automation from development to production.JFrog Artifactory suffers fr...
Tenda M3 formGetPassengerAnalyseData function stack overflow vulnerability
Tenda M3 is an access controller from Tenda, China. Tenda M3 v1.0.0.12 is vulnerable to a stack overflow vulnerability that stems from the formGetPassengerAnalyseData function not checking the length of the input data. An attacker could exploit this vulnerability to cause a denial of service atta...
Tenda M3 formSetAccessCodeInfo function stack overflow vulnerability
Tenda M3 is an access controller from Tenda, China. Tenda M3 V1.0.0.12 is vulnerable to a stack overflow vulnerability, which stems from the formSetAccessCodeInfo function info parameter not checking the length of the input data. An attacker could exploit this vulnerability to cause a denial of...
Jenkins Matrix Reloaded Plugin跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exist...
Jenkins Validating Email Parameter Plugin跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exist...
GLPI Help Form SQL Injection Vulnerability
GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, even toner cartridges a...
MiniCMS Cross-Site Request Forgery Vulnerability (CNVD-2022-62184)
MiniCMS is content management system. A cross-site request forgery vulnerability exists in MiniCMS v1.11. An attacker can exploit this vulnerability to delete any local .dat file by clicking a malicious link...