131102 matches found
LibreHealth EHR Cross-Site Scripting Vulnerability (CNVD-2022-62206)
LibreHealth EHR is a clinically-focused electronic health record EHR system designed to be easy to use out of the box and customizable for use in a variety of healthcare settings. The navigation.php page lacks filtering and escaping for parameters. An attacker could exploit this vulnerability to...
Wolters Kluwer TeamMate Audit SQL Injection Vulnerability
Wolters Kluwer TeamMate Audit is a cloud-based audit management tool from Wolters Kluwer Netherlands. A SQL injection vulnerability exists in Wolters Kluwer TeamMate Audit version 28.0.19.0, which stems from a lack of filtering and escaping of SQL data in search forms. An attacker could use this...
Elasticsearch Denial of Service Vulnerability
Elasticsearch is a search engine based on the Lucene library. A denial of service vulnerability exists in Elasticsearch versions 8.0.0 included through 8.2.1 not included. An unauthenticated attacker could exploit the vulnerability to forcefully shut down an Elasticsearch node via a network reque...
HUAWEI HarmonyOS Input Validation Error Vulnerability (CNVD-2022-66177)
HUAWEI HarmonyOS is an operating system from China's Huawei HUAWEI. HUAWEI HarmonyOS 2.0 is vulnerable to an input validation error, which can be exploited by attackers to cause elevation of privilege...
Pix-Link MiniRouter 28K.MiniRouter.20190211 Cross-Site Scripting Vulnerability (CNVD-2022-77885)
Pix-Link MiNi Router 28K.MiniRouter.20190211 is a router from Pix-Link China.Pix-Link MiniRouter 28K.MiniRouter.20190211 suffers from a cross-site scripting vulnerability, which stems from an unhandled security key parameter. An attacker could exploit the vulnerability to execute JavaScript code ...
InHand Networks InRouter302 OS Command Injection Vulnerability (CNVD-2022-59175)
InHand Networks InRouter Series is a series of routers from InHand Networks, Inc. InHand Networks InRouter302 version 3.5.37 contains an operating system command injection vulnerability that could be exploited by an attacker to cause remote code execution with the help of a specially crafted...
NVIDIA vGPU Software Memory Misreference Vulnerability
NVIDIA vGPU Software is a management software from NVIDIA Corporation that provides GPU capabilities to virtual machines. The software supports multiple virtual machines accessing the host GPU, providing graphics performance and application compatibility for virtual machines. vGPU Software is...
JetBrains TeamCity Log Information Disclosure Vulnerability
JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic. The tool provides continuous unit testing, code quality analysis, and build issue analysis reports.JetBrains TeamCity versions prior to 2022.04 have a log information disclosure...
HCL Technologies HCL Sametime File Upload Vulnerability
HCL Sametime, a conferencing solution from HCL Technologies, has a security vulnerability in HCL Technologies HCL Sametime version 11.6. The vulnerability stems from the fact that the user SID in the application can be modified, which can be exploited to modify the SID to enable arbitrary file...
Microsoft Windows LDAP Remote Code Execution Vulnerability (CNVD-2022-72853)
Microsoft Windows is a desktop operating system from Microsoft Corporation. Microsoft Windows LDAP is vulnerable to remote code execution, which can be exploited by attackers to execute code on the target host...
Apache Tomcat Denial of Service Vulnerability (CNVD-2022-49970)
Apache Tomcat is a lightweight Web application server from the Apache Foundation in the United States. The program implements support for Servlet and JavaServer Page JSP. Apache Tomcat suffers from a denial-of-service vulnerability that stems from a flaw in the configuration of Tomcat open...
curl information leakage vulnerability
curl is a tool used to transfer data from and to servers. curl versions 7.82.0 to 7.83.1 are vulnerable to an information disclosure vulnerability that stems from the fact that libcurl incorrectly allows cookies to be set for top-level domains TLDs if the hostname has a trailing dot, which can te...
SourceCodester Car Rental Management System Arbitrary File Upload Vulnerability
Sourcecodester Car Rental Management System is a car rental management system from Sourcecodester, Inc. SourceCodester Car Rental Management System version 1.0 is vulnerable to an arbitrary file upload vulnerability, which originates from The vulnerability is caused by a lack of validation of...
SAP NetWeaver ABAP Server Cross-Site Scripting Vulnerability
SAP NetWeaver ABAP Server is a Web application server for SAP products from SAP Germany. A cross-site scripting vulnerability exists in SAP NetWeaver ABAP Server, which stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could exploit this...
Samsung SMR Input Validation Error Vulnerability (CNVD-2022-64254)
Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung mobile applications. Samsung SMR has an input validation error vulnerability that can be exploited by an attacker to initiate certain activities...
E2fsprogs out-of-bounds read/write vulnerability
E2fsprogs is a set of tools for maintaining ext2, ext3 and ext4 file systems. version 1.46.5 of E2fsprogs is vulnerable due to an out-of-bounds read-write issue in the application. An attacker could use this vulnerability to cause a segmentation error and execute arbitrary code via a specially...
ThoughtWorks GoCD path traversal vulnerability
ThoughtWorks GoCD is a free and open source CI/CD server from ThoughtWorks, Inc. A path traversal vulnerability exists in versions of ThoughtWorks GoCD prior to 21.3.0, which could be exploited by an attacker compromising the GoCD agent to upload malicious files to any directory on the GoCD serve...
Multiple Apple Products Vulnerabilities in Permissions Licensing and Access Control Issues
Apple macOS Big Sur is a mobile app from Apple. Apple macOS Monterey is the 18th major version of MacOS, Apple's desktop operating system for Macintosh. macOS Catalina is Apple's suite of Catalina is Apple's proprietary operating system developed specifically for Mac computers. Several Apple...
Microsoft Azure Site Recovery Information Disclosure Vulnerability (CNVD-2022-56588)
Microsoft Azure Site Recovery is a site recovery DRaaS from Microsoft Corporation USA. Microsoft Azure Site Recovery has an information disclosure vulnerability, and no details of the vulnerability are available...
Microsoft Windows Remote Desktop Protocol Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Windows Remote Desktop Protocol RDP, an application used by Microsoft to connect to remote Windows desktops. The vulnerability stems from the failure of a networked system or product to properly filter special elements of code segments...
MariaDB Denial of Service Vulnerability (CNVD-2022-65008)
MariaDB is a free and open source database management system from the MariaDB Foundation and a forked version of MySQL with the Maria storage engine. A security vulnerability exists in MariaDB Server v10.6 and lower, which stems from the inclusion of use-after-free in the component...
Webmin Cross-site Request Forgery Vulnerability (CNVD-2022-61344)
Webmin is a set of Web-based system administration tools for Unix-like operating systems from the Webmin community.Webmin version 1.973 is vulnerable to cross-site request forgery, which stems from the lack of token validation for cross-site request forgery in the scheduled Cron job function. An...
Owncloud ownCloud Access Control Error Vulnerability
Owncloud is a personal cloud storage solution from Owncloud, a U.S. company. versions prior to Owncloud 2.20 contain an access control error vulnerability that could be exploited by attackers to access the application's internal files...
D-Link DIR-878 Command Injection Vulnerability (CNVD-2022-38533)
The D-Link DIR-878 is a wireless router from D-Link, a Taiwan-based company. The D-Link DIR-878 is vulnerable to a command injection vulnerability that could be exploited by an unauthenticated LAN attacker to execute arbitrary system commands to control the system or interrupt services...
Open5GS Denial of Service Vulnerability (CNVD-2022-61342)
Open5Gs is a C open source implementation of 5G Core and Epc, the core network of the Lte/Nr network. A denial of service vulnerability exists in Open5GS version 2.3.6 and earlier, which stems from a buffer overflow in lib/sbi/message.c. A remote attacker could exploit this vulnerability to deny...
Trend Micro Antivirus for Mac Elevation of Privilege Vulnerability (CNVD-2022-55061)
Trend Micro Antivirus for Mac is a Mac-based antivirus software from Trend Micro, Inc. An elevation of privilege vulnerability exists in Trend Micro Antivirus for Mac version 11.5, which could be exploited to create a specially crafted file as a symbol that could lead to elevation of privilege li...
Bentley MicroStation CONNECT Code Execution Vulnerability (CNVD-2022-65624)
Bentley MicroStation CONNECT is a Cad software platform for 2D and 3D design and drafting.A code execution vulnerability exists in Bentley MicroStation CONNECT, which can be exploited by attackers to execute arbitrary code in the context of the current process...
Sophos UTM log information leakage vulnerability
Sophos UTM is a next-generation firewall. a security vulnerability existed prior to Sophos UTM 9.710, which stems from the fact that Confd log files contain SHA512crypt password hashes for local users including the root user with insecure access rights, which can be exploited by attackers to...
Open-xchange OX App Suite cross-site scripting vulnerability (CNVD-2022-28451)
Open-xchange OX App Suite is a set of Web-based cloud desktop environments from Open-Xchange Open-xchange USA. The environment allows users to manage email, tasks, files, etc. more intuitively. A security vulnerability exists in Open-xchange OX App Suite versions 7.10.5 and below, and no detailed...
Jenkins Kubernetes Continuous Deploy Plugin Permissions Licensing and Access Control Issues Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.The Jenkins Kubernetes Continuous Deploy...
UltraVNC has an unspecified vulnerability
UltraVNC is an open source remote terminal control software for the Windows platform. versions of UltraVNC prior to 1.3.8.0 have a security vulnerability in the DSM plug-in that can be exploited by a locally authenticated attacker to achieve Local Elevation of Privilege LPE on vulnerable systems...
TP-Link TL-WR886N Stack Overflow Vulnerability (CNVD-2022-20080)
The TP-Link TL-WR886N is a wireless router from China P&L. A stack overflow vulnerability exists in the TP-Link TL-WR886N /cloudconfig/routerpost/getregverifycode, which can be exploited by a remote attacker to submit a special request that can crash an application or can be used to execute...
Ming Out-of-Bounds Read Vulnerability
Ming is a Flash SWF output library written in C language. Ming has a security vulnerability that can be exploited by attackers to obtain sensitive information...
Huawei Emui and Magic UI Heap Buffer Overflow Vulnerability
Huawei Emui is a mobile operating system developed on Android. Magic Ui is a mobile operating system developed on Android. Huawei Emui and Magic UI are vulnerable to heap buffer overflow, which can be exploited by attackers to cause a denial of service...
Microsoft HEVC Video Extensions Remote Code Execution Vulnerability (CNVD-2022-59680)
Microsoft HEVC Video Extensions is a video extension application from Microsoft Corporation USA. Microsoft HEVC Video Extensions is a remote code execution vulnerability that can be exploited by attackers to execute arbitrary code on a system...
Microsoft HEVC Video Extensions Remote Code Execution Vulnerability (CNVD-2022-59682)
Microsoft HEVC Video Extensions is a video extension application from Microsoft Corporation USA. Microsoft HEVC Video Extensions is a remote code execution vulnerability that can be exploited by attackers to execute arbitrary code on a system...
Microsoft HEIF Image Extensions Remote Code Execution Vulnerability
Microsoft HEIF Image Extensions is a feature library for Microsoft Windows systems from Microsoft Corporation USA.Microsoft HEIF Image Extensions is vulnerable to remote code execution, which can be exploited by attackers to execute arbitrary code on the system...
Siemens RUGGEDCOM ROS Heap Buffer Overflow Vulnerability
Siemens RuggedCom ROS is an operating system used in the RuggedCom family of switches from Siemens, Germany. Siemens RUGGEDCOM ROS suffers from a heap buffer overflow vulnerability that can be exploited by attackers to cause a heap overflow...
Google Chrome WebShare memory misquoting vulnerability
Google Chrome is a web browser from Google, Inc. Google Chrome WebShare is vulnerable to a memory misreference vulnerability that results from a mix-up in the program's instructions for freeing memory, which could be exploited to execute arbitrary code on the system or cause a denial of service...
WordPress Crazy Bone plugin cross-site scripting vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability in WordPress Crazy Bone plugin 0.6.0 and earlier versions, which stems fr...
Home Owners Collection Management System存在未明漏洞
A security vulnerability exists in the Home Owners Collection Management System, a homeowner collection management system, which can be exploited by attackers to compromise user accounts via a crafted POST request...
JetBrains TeamCity Access Control Error Vulnerability (CNVD-2022-18622)
JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic.JetBrains TeamCity is vulnerable to an access control error that stems from the product's failure to validate data in XML-RPC requests and the identity of the user. An attacker could...
MODX Revolution code issue vulnerability
MODX Revolution is a PHP-based open source content management system CMS from the US company MODX. The system supports online collaboration, search engine optimization SEO, etc. MODX Revolution has a code issue vulnerability that can be exploited by attackers to execute arbitrary code by uploadin...
HUAWEI EMUI/Magic UI Denial of Service Vulnerability
HUAWEI EMUI is an Android-based mobile operating system developed by Huawei China. HUAWEI EMUI/Magic UI suffers from a denial-of-service vulnerability that can be exploited by attackers to perform DoS attacks and compromise service integrity...
TOTOLink A800R Command Injection Vulnerability
TOTOLink A800R is a wireless router from TotoLink, China.TOTOLink A800R V4.1.2cu.5137B20200730 is vulnerable to command injection, which can be exploited by attackers to execute arbitrary commands via the QUERYSTRING parameter...
IBM Sterling External Authentication Server and IBM Sterling Secure Proxy Denial of Service Vulnerability
IBM Sterling External Authentication Server and IBM Sterling Secure Proxy are both products of International Business Machines Corporation IBM. IBM Sterling External Authentication Server and IBM Sterling External Authentication Server and IBM Sterling Secure Proxy have a denial of service...
Vim Buffer Overflow Vulnerability (CNVD-2022-20695)
A buffer overflow vulnerability exists in Vim, a UNIX-based editor, which stems from a product src/regexpbt.c file that does not effectively check for memory bounds. An attacker could cause a buffer overflow via this vulnerability...
Envoy Resource Management Error Vulnerability (CNVD-2022-15542)
Envoy is an open source distributed proxy server. Envoy is vulnerable to a resource management error that occurs when configuring "envoyv3apifieldextensions.filters.network.tcpproxy.v3. tunnelingconfig" crashes and the downstream connection is disconnected while the upstream connection or http/2...
libsolv Heap Overflow Vulnerability (CNVD-2022-15950)
libsolv is a library for checking package dependencies. libsolv has a security vulnerability, and no details of the vulnerability are currently provided...
WikiDocs has unspecified vulnerabilities
WikiDocs is a database-free Markdown flat file Wiki engine from the personal developer Manuel Zavatta in Italy. WikiDocs suffers from a security vulnerability that stems from the fact that an attacker can exploit the vulnerability to upload malicious files via index.php using the image upload for...