Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2022/02/08 12:0 a.m.•32 views

Denial of Service Vulnerability in Multiple Siemens Industrial Products (CNVD-2022-10002)

SIMATIC Drive Controller family products are machines designed for production automation, combining the functionality of the SIMATIC S7-1500 CPU and the SINAMICS S120 drive control.SIMATIC S7-1200 CPU family products are designed for discrete and continuous control in industrial environments such...

7.5CVSS7.5AI score0.0164EPSS
Exploits0References1
CNVD
CNVD
•added 2022/02/03 12:0 a.m.•32 views

Oracle MySQL Input Validation Error Vulnerability (CNVD-2022-09141)

Oracle MySQL Server is a relational database from Oracle Corporation. An input validation error vulnerability exists in MySQL Server, which originates from an input validation error in the Server: Optimizer component in MySQL Server. An attacker can exploit the vulnerability to corrupt or delete...

6.3CVSS5.8AI score0.02686EPSS
Exploits0References1
CNVD
CNVD
•added 2022/02/03 12:0 a.m.•32 views

Adobe Acrobat and Reader DC Security Feature Issue Vulnerability

Adobe Acrobat and Reader DC is the American Adobe's PDF creation program. Adobe Acrobat and Reader DC suffers from a security signature issue vulnerability that inadequately validates user-supplied input. A remote attacker could exploit this vulnerability to trick a victim into opening a speciall...

4.3CVSS5.3AI score0.02474EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/28 12:0 a.m.•32 views

Expat integer overflow vulnerability

Expat is a fast streaming XML parser written in C. An integer overflow vulnerability exists in versions of Expat prior to 2.4.4, which stems from a boundary error when processing untrusted input and can be exploited by remote attackers to execute arbitrary code on the system...

7.5CVSS6.6AI score0.03992EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/27 12:0 a.m.•32 views

polkit pkexec elevation of privilege vulnerability

pkexec is a SUID root program that is installed on every major Linux distribution by default. polkit pkexec elevation of privilege vulnerability can be exploited to gain full root privileges on a host...

7.8CVSS3.8AI score0.94921EPSS
Exploits151
CNVD
CNVD
•added 2022/01/26 12:0 a.m.•32 views

Oracle MySQL Connectors Input Validation Error Vulnerability (CNVD-2022-15473)

Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Connectors is a driver for applications that use MySQL. versions 8.0.27 and earlier are vulnerable to an input validation error. An attacker could use this vulnerability to compromise Oracle MySQL...

6.6CVSS4AI score0.0132EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/24 12:0 a.m.•32 views

Oracle Java SE Input Validation Error Vulnerability (CNVD-2022-15481)

Oracle Java SE, an Oracle company, is used to develop and deploy Java applications on desktops, servers, and embedded devices and in real-time environments. Edition accessible data for unauthorized update, insert, or delete access...

5.3CVSS4.9AI score0.02755EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/24 12:0 a.m.•32 views

Oracle Java SE Input Validation Error Vulnerability (CNVD-2022-15484)

Oracle Java SE is an Oracle Corporation USA product for developing and deploying Java applications on desktops, servers, and embedded devices and in real-time environments.Oracle Java SE is vulnerable to an input validation error that could be exploited by an attacker to cause an unauthorized...

5.3CVSS3AI score0.08346EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/18 12:0 a.m.•32 views

marked denial of service vulnerability (CNVD-2022-15958)

marked is a Markdown parser and compiler written in JavaScript. marked has a security vulnerability that can be exploited by attackers to cause a regular expression denial of service ReDoS...

7.5CVSS4.8AI score0.02828EPSS
Exploits1References1
CNVD
CNVD
•added 2022/01/17 12:0 a.m.•32 views

Zabbix Sia Zabbix has an unspecified vulnerability

Zabbix Sia Zabbix is an open source monitoring system from the Latvian company Zabbix SIA Zabbix Sia. The system supports network monitoring, server monitoring, cloud monitoring, and application monitoring, etc. A security vulnerability exists in Zabbix Frontend, which stems from the fact that wi...

9.8CVSS3AI score0.95683EPSS
Exploits9References1
CNVD
CNVD
•added 2022/01/17 12:0 a.m.•32 views

Adobe Acrobat Reader DC integer overflow vulnerability

Acrobat Reader DC is an excellent PDF file reader developed by Adobe. Adobe Acrobat Reader DC is vulnerable to integer overflow, which can be exploited by attackers to execute arbitrary code in the context of the current user...

9.3CVSS6.6AI score0.09979EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/16 12:0 a.m.•32 views

Caldera Access Control Error Vulnerability (CNVD-2022-08044)

Caldera is a suite of software from Caldera France that provides color management, imaging and processing solutions for printer devices. Caldera suffers from an Access Control Error vulnerability in version 2.8.1 and earlier, which stems from the software's failure to properly segregate user...

8.1CVSS8AI score0.0119EPSS
Exploits2References1
CNVD
CNVD
•added 2022/01/14 12:0 a.m.•32 views

Pillow input validation error vulnerability

Pillow is a Python-based image processing library. Pillow is vulnerable to an input validation error prior to 9.0.0, which stems from a networked system or product that does not properly validate input data. An attacker could exploit this vulnerability to execute arbitrary expressions using the...

9.8CVSS4.8AI score0.03399EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/14 12:0 a.m.•32 views

Expat addBinding function buffer overflow vulnerability

Expat is a fast streaming XML parser written in C. A buffer overflow vulnerability exists in versions of Expat prior to 2.4.3, which stems from a boundary error in the addBinding in xmlparse.c when handling untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary...

9.8CVSS6.2AI score0.04829EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/14 12:0 a.m.•32 views

vim resource management error vulnerability (CNVD-2022-03942)

Vim, a UNIX-based editor, is vulnerable to a resource management error that stems from a heap-based buffer overflow. No detailed vulnerability details are currently available...

6.8CVSS3.2AI score0.01719EPSS
Exploits1References1
CNVD
CNVD
•added 2022/01/10 12:0 a.m.•32 views

Google Chrome Navigation security bypass vulnerability (CNVD-2022-65578)

Google Chrome is a web browser from Google, Inc. A security bypass vulnerability exists in Google Chrome Navigation, which can be exploited by attackers to bypass security restrictions...

6.5CVSS4.7AI score0.00793EPSS
Exploits1References1
CNVD
CNVD
•added 2022/01/10 12:0 a.m.•32 views

Google Chrome Web Serial security bypass vulnerability

Google Chrome is a web browser from Google, Inc. A security bypass vulnerability exists in Google Chrome Web Serial, which can be exploited by attackers to bypass security restrictions...

8.1CVSS4.9AI score0.01306EPSS
Exploits1References1
CNVD
CNVD
•added 2022/01/08 12:0 a.m.•32 views

vim out-of-bounds read vulnerability

Vim is an editor based on the UNIX platform. An out-of-bounds read vulnerability exists in Vim, which stems from a networked system or product that does not properly validate data boundaries when performing operations on memory, resulting in incorrect read and write operations being performed to...

7.8CVSS2.9AI score0.01739EPSS
Exploits1References1
CNVD
CNVD
•added 2022/01/08 12:0 a.m.•32 views

WordPress Cross-Site Scripting Vulnerability (CNVD-2022-03210)

WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress has a cross-site scripting vulnerability in versions prior to 5.8.3, which stems from a lack of...

8CVSS1.9AI score0.63418EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/07 12:0 a.m.•32 views

Apache Kylin Access Control Error Vulnerability

Apache Kylin is an open source distributed analytic data warehouse from the Apache Foundation. The product mainly provides SQL query interface and multidimensional analysis OLAP on top of Hadoop/Spark, etc. An access control error vulnerability exists in Apache kylin, which stems from allowing...

7.5CVSS2.1AI score0.02338EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/06 12:0 a.m.•32 views

Shopware Open Redirect Vulnerability

Shopware is a set of open source e-commerce software from the German company Shopware. shopware has an open redirect vulnerability in versions prior to 5.7.7, which stems from incomplete URL handling in shopware routing and can be exploited by attackers to redirect users to arbitrary websites...

6.8CVSS2.9AI score0.00774EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/04 12:0 a.m.•32 views

Wireshark Injection Vulnerability (CNVD-2022-11201)

Wireshark formerly Ethereal is a set of network packet analysis software from the Wireshark team. Gryphon dissector is one of the Gryphon protocol parsers. An attacker could exploit this vulnerability to cause a denial of service via packet injection or specially crafted capture files...

7.5CVSS4.3AI score0.03296EPSS
Exploits1References1
CNVD
CNVD
•added 2021/12/30 12:0 a.m.•32 views

Vim Resource Management Error Vulnerability (CNVD-2022-05064)

Vim is a UNIX-based editor. Vim is vulnerable to resource management errors, and no detailed vulnerability details are currently available...

7.8CVSS3.3AI score0.01621EPSS
Exploits1References1
CNVD
CNVD
•added 2021/12/22 12:0 a.m.•32 views

Blackmagic Design DaVinci Resolve Code Execution Vulnerability

Blackmagic Design DaVinci Resolve is an all-in-one software tool for editing, color correction, visual effects, motion graphics and audio post-production.A code execution vulnerability exists in Blackmagic Design DaVinci Resolve, which could be exploited by attackers to execute arbitrary code in...

9.8CVSS5.7AI score0.17945EPSS
Exploits1References1
CNVD
CNVD
•added 2021/12/15 12:0 a.m.•32 views

Bentley View JT File Parsing Stack Buffer Overflow Remote Code Execution Vulnerability

Bentley View is a free viewer from Bentley Systems, Inc. Bentley View JT file parsing stack buffer overflow remote code execution vulnerability is due to failure to properly validate the length of user-supplied data before copying it to the stack buffer. An attacker could exploit this vulnerabili...

7.8CVSS6.3AI score0.02041EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/09 12:0 a.m.•32 views

WordPress WPS Hide Login plugin authorization issue vulnerability

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. WordPress WPS Hide Login plugin has an authorization issue vulnerability in versions prior to 1.9.1, which ste...

7.5CVSS2.9AI score0.71532EPSS
Exploits5References1
CNVD
CNVD
•added 2021/12/01 12:0 a.m.•32 views

Workerman-ThinkPHP-Redis Cross-Site Scripting Vulnerability

Workerman-ThinkPHP-Redis is an open source project consisting of the Workerman framework, the ThinkPHP framework, and Redis.Workerman-ThinkPHP-Redis is vulnerable to a cross-site scripting vulnerability that originates in the file Controller.class.php, where the exit function will terminate the...

6.1CVSS1.1AI score0.00641EPSS
Exploits1References1
CNVD
CNVD
•added 2021/11/22 12:0 a.m.•32 views

LibreCad Buffer Overflow Vulnerability (CNVD-2021-92473)

A buffer error vulnerability exists in LibreCAD, an open source CAD computer-aided design application from the LibreCAD organization, in LibreCad libdxfrw, which stems from the failure of the product's dwgCompressor::copyCompBytes21 function to properly handle special input data. An attacker coul...

8.8CVSS3.3AI score0.02686EPSS
Exploits1References1
CNVD
CNVD
•added 2021/11/17 12:0 a.m.•32 views

Moodle Cross-Site Request Forgery Vulnerability (CNVD-2021-92541)

Moodle is a free and open source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. This could lead to cross-site request forgery attacks. No details of the vulnerability are currently available...

8.8CVSS4.6AI score0.00607EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/12 12:0 a.m.•32 views

Microsoft Windows Active Directory Elevation of Privilege Vulnerability

Microsoft Windows Active Directory is a centralized directory management service from Microsoft Corporation USA that is responsible for architecting large network environments. Microsoft Windows Active Directory has an elevation of privilege vulnerability that could be exploited by an attacker to...

7.5CVSS4.6AI score0.70207EPSS
Exploits9References1
CNVD
CNVD
•added 2021/11/11 12:0 a.m.•32 views

Multiple Siemens products with integer underflow vulnerability

Capital VSTAR is a complete solution. the Nucleus NET module integrates a range of standards-compliant networking and communications protocols, drivers and utilities to provide full-featured networking support in any embedded device. the Nucleus RTOS is a microkernel-based real-time operating...

9.1CVSS3.7AI score0.02106EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/01 12:0 a.m.•32 views

MediaWiki Permission License and Access Control Issues Vulnerability (CNVD-2021-84581)

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. Mediawiki suffers from a Permission Permission and Access Control Issue vulnerability that stems from the...

8.8CVSS8.5AI score0.01124EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/31 12:0 a.m.•32 views

Vim Buffer Overflow Vulnerability (CNVD-2022-05072)

Vim is a UNIX-based editor. Vim is vulnerable to a buffer overflow vulnerability that can be exploited by attackers to cause a denial of service or a code execution vulnerability...

7.8CVSS6AI score0.00601EPSS
Exploits1References1
CNVD
CNVD
•added 2021/10/27 12:0 a.m.•32 views

Adobe Bridge Resource Management Error Vulnerability

Adobe Bridge is a file viewer from the American company Audobee Adobe. Adobe Bridge suffers from a resource management error vulnerability. An attacker could exploit this vulnerability to execute arbitrary code...

7.8CVSS6.2AI score0.02EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/25 12:0 a.m.•32 views

Unspecified vulnerability exists in stb stb_image.h (CNVD-2021-100610)

stb is a single-file public domain library for C/C. stbimage.h is one of the image loaders. stb stbimage.h is vulnerable, and an attacker could use stbimage to crash the service or read up to 1024 bytes of non-contiguous heap data without controlling where it is read...

7.1CVSS2.5AI score0.0136EPSS
Exploits1References1
CNVD
CNVD
•added 2021/10/25 12:0 a.m.•32 views

WordPress code issue vulnerability (CNVD-2021-83670)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A code issue vulnerability exists in the WordPress plugin Catch Themes Demo Import in versions 1.7 a...

7.2CVSS7.2AI score0.55729EPSS
Exploits6References1
CNVD
CNVD
•added 2021/10/13 12:0 a.m.•32 views

MediaWiki Cross-Site Scripting Vulnerability (CNVD-2022-05529)

MediaWiki is a free and free-to-use web-based wiki engine from the US-based MediaWiki Foundation. A cross-site scripting vulnerability exists in versions of MediaWiki prior to 1.36.2, which stems from the fact that MediaWiki messages associated with a month are not escaped until they are used on ...

6.1CVSS3.8AI score0.01302EPSS
Exploits1References1
CNVD
CNVD
•added 2021/10/12 12:0 a.m.•32 views

TinyXML Infinite Loop Vulnerability

TinyXML is a C++ XML parser that can be easily integrated into other programs. An infinite loop vulnerability exists in TiXmlParsingData::Stamp in tinyxmlparser.cpp in TinyXML 2.6.2 and earlier. An attacker can exploit this vulnerability to cause a denial of service via a specially crafted XML...

7.5CVSS7.1AI score0.03055EPSS
Exploits1References1
CNVD
CNVD
•added 2021/10/08 12:0 a.m.•32 views

Adobe Acrobat Reader DC out-of-bounds read vulnerability

Adobe Acrobat Reader is a PDF viewer from Adobe. The software is used to print, sign and annotate PDFs. Adobe Acrobat Reader DC suffers from an out-of-bounds read vulnerability that can be exploited by attackers to locally elevate privileges in the context of the current user...

4.3CVSS4.8AI score0.01808EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/26 12:0 a.m.•32 views

Google Chrome Post-release Reuse Vulnerability (CNVD-2021-99288)

Chrome is a simple and efficient web browsing tool developed by Google. portals in versions prior to Google Chrome 94.0.4606.61 are vulnerable to post-release reuse. An attacker could exploit this vulnerability to be able to perform a sandbox escape via a crafted HTML page...

6.8CVSS2.9AI score0.11735EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2021/09/23 12:0 a.m.•32 views

FFmpeg Buffer Overflow Vulnerability (CNVD-2021-74088)

FFmpeg is the FFmpeg team's complete solution for recording, converting, and streaming audio and video. FFmpeg has a security vulnerability that could be exploited by an attacker to cause a denial of service or other unspecified impact...

8.8CVSS5AI score0.01195EPSS
Exploits1References1
CNVD
CNVD
•added 2021/09/22 12:0 a.m.•32 views

Google Chrome DevTools Information Disclosure Vulnerability (CNVD-2021-73423)

Google Chrome is a web browser from Google, Inc. Google Chrome DevTools is vulnerable to information disclosure. A remote attacker could exploit this vulnerability to obtain sensitive information...

4.3CVSS2.5AI score0.01072EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/15 12:0 a.m.•32 views

Eclipse Equinox has an unspecified vulnerability

Eclipse Equinox is a sub-project of the Eclipse Foundation that provides a certified implementation of the OSGi R4.x core framework specification. versions prior to Eclipse Equinox 4.21 have a security vulnerability that stems from the fact that if a p2 repository with HTTP is used, an attacker...

8.1CVSS1.9AI score0.01046EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/15 12:0 a.m.•32 views

Adobe Acrobat/Reader Heap Buffer Overflow Vulnerability (CNVD-2021-85263)

Adobe Reader also known as Acrobat Reader is a PDF document reader developed by Adobe. Adobe Acrobat is a PDF editor developed by Adobe. Adobe Acrobat/Reader is vulnerable to a heap buffer overflow. An attacker can exploit this vulnerability to execute arbitrary code...

7.8CVSS3.9AI score0.12499EPSS
Exploits1References1
CNVD
CNVD
•added 2021/09/10 12:0 a.m.•32 views

Libtiff buffer overflow vulnerability

Libtiff is a library for reading and writing files in the Tagged Image File Format abbreviated as TIFF.A buffer overflow vulnerability exists in LibTiff version 4.0.10. An attacker can exploit this vulnerability to cause a denial of service via the TIFFVGetField function in libtiff/tifdir.c...

6.5CVSS5.4AI score0.01456EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/07 12:0 a.m.•32 views

Vim Buffer Overflow Vulnerability (CNVD-2022-05074)

Vim is a UNIX-based editor. vim has a buffer overflow vulnerability, which stems from the use of retab in the vim software when the value of memory access is larger invalid, an attacker can use this vulnerability to cause a heap buffer overflow...

8.6CVSS3AI score0.00735EPSS
Exploits1References1
CNVD
CNVD
•added 2021/09/06 12:0 a.m.•32 views

Tuxera NTFS-3G Buffer Overflow Vulnerability (CNVD-2022-82655)

Tuxera NTFS-3G is an open source, cross-platform set of drivers from Tuxera Finland for reading and writing NTFS partitions.Tuxera NTFS-3G is vulnerable to a buffer overflow vulnerability that could be exploited by an attacker to crash an application or execute arbitrary code in the application...

7.8CVSS6.5AI score0.00418EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/01 12:0 a.m.•32 views

Google Chrome Media code execution vulnerability

Google Chrome is a web browser from Google Inc. A code execution vulnerability exists in Google Chrome Media. A remote attacker could use this vulnerability to execute arbitrary code on the system or cause a denial of service condition...

8.8CVSS5.4AI score0.04159EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/01 12:0 a.m.•32 views

Google Chrome Sign-In code execution vulnerability

Google Chrome is a web browser from Google, Inc. A code execution vulnerability exists in Google Chrome Sign-In. A remote attacker could use this vulnerability to execute arbitrary code on the system or cause a denial of service condition...

8.8CVSS5.5AI score0.04159EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/01 12:0 a.m.•32 views

Google Chrome Autofill Spoofing Vulnerability (CNVD-2021-67541)

Google Chrome is a web browser from Google, Inc. A spoofing vulnerability exists in Google Chrome Autofill. An attacker can exploit this vulnerability to perform spoofing...

6.5CVSS3AI score0.03468EPSS
Exploits0References1
Total number of security vulnerabilities5000