Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2022/02/08 12:0 a.m.•32 views

Siemens Simcenter Femap Out-of-Bounds Writing Vulnerability (CNVD-2022-10009)

Siemens Simcenter Femap is a cutting-edge engineering simulation application from Siemens, Germany. It is used to create, edit and import/reuse mesh-based finite element analysis models of complex products or systems. Siemens Simcenter Femap is vulnerable to an out-of-bounds write vulnerability...

7.8CVSS3AI score0.01293EPSS
Exploits0References1
CNVD
CNVD
•added 2022/02/08 12:0 a.m.•32 views

Insyde InsydeH2O Buffer Overflow Vulnerability (CNVD-2022-10280)

Insyde InsydeH2O is a C source from Insyde Software Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the traditional BIOS Basic Input/Output System. Operating System H2O UEFI firmware suffers from a buffer overflow vulnerability that could be exploite...

7.2CVSS5AI score0.00345EPSS
Exploits0References1
CNVD
CNVD
•added 2022/02/08 12:0 a.m.•32 views

Denial of Service Vulnerability in Multiple Siemens Industrial Products (CNVD-2022-10002)

SIMATIC Drive Controller family products are machines designed for production automation, combining the functionality of the SIMATIC S7-1500 CPU and the SINAMICS S120 drive control.SIMATIC S7-1200 CPU family products are designed for discrete and continuous control in industrial environments such...

7.5CVSS7.5AI score0.0164EPSS
Exploits0References1
CNVD
CNVD
•added 2022/02/03 12:0 a.m.•32 views

Oracle MySQL Input Validation Error Vulnerability (CNVD-2022-09141)

Oracle MySQL Server is a relational database from Oracle Corporation. An input validation error vulnerability exists in MySQL Server, which originates from an input validation error in the Server: Optimizer component in MySQL Server. An attacker can exploit the vulnerability to corrupt or delete...

6.3CVSS5.8AI score0.02686EPSS
Exploits0References1
CNVD
CNVD
•added 2022/02/03 12:0 a.m.•32 views

Adobe Acrobat and Reader DC Security Feature Issue Vulnerability

Adobe Acrobat and Reader DC is the American Adobe's PDF creation program. Adobe Acrobat and Reader DC suffers from a security signature issue vulnerability that inadequately validates user-supplied input. A remote attacker could exploit this vulnerability to trick a victim into opening a speciall...

4.3CVSS5.3AI score0.02474EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/28 12:0 a.m.•32 views

Expat integer overflow vulnerability

Expat is a fast streaming XML parser written in C. An integer overflow vulnerability exists in versions of Expat prior to 2.4.4, which stems from a boundary error when processing untrusted input and can be exploited by remote attackers to execute arbitrary code on the system...

7.5CVSS6.6AI score0.03992EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/27 12:0 a.m.•32 views

polkit pkexec elevation of privilege vulnerability

pkexec is a SUID root program that is installed on every major Linux distribution by default. polkit pkexec elevation of privilege vulnerability can be exploited to gain full root privileges on a host...

7.8CVSS3.8AI score0.94921EPSS
Exploits151
CNVD
CNVD
•added 2022/01/26 12:0 a.m.•32 views

Oracle MySQL Connectors Input Validation Error Vulnerability (CNVD-2022-15473)

Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Connectors is a driver for applications that use MySQL. versions 8.0.27 and earlier are vulnerable to an input validation error. An attacker could use this vulnerability to compromise Oracle MySQL...

6.6CVSS4AI score0.0132EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/24 12:0 a.m.•32 views

Oracle Java SE Input Validation Error Vulnerability (CNVD-2022-15481)

Oracle Java SE, an Oracle company, is used to develop and deploy Java applications on desktops, servers, and embedded devices and in real-time environments. Edition accessible data for unauthorized update, insert, or delete access...

5.3CVSS4.9AI score0.02755EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/24 12:0 a.m.•32 views

Oracle Java SE Input Validation Error Vulnerability (CNVD-2022-15484)

Oracle Java SE is an Oracle Corporation USA product for developing and deploying Java applications on desktops, servers, and embedded devices and in real-time environments.Oracle Java SE is vulnerable to an input validation error that could be exploited by an attacker to cause an unauthorized...

5.3CVSS3AI score0.08346EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/18 12:0 a.m.•32 views

marked denial of service vulnerability (CNVD-2022-15958)

marked is a Markdown parser and compiler written in JavaScript. marked has a security vulnerability that can be exploited by attackers to cause a regular expression denial of service ReDoS...

7.5CVSS4.8AI score0.02828EPSS
Exploits1References1
CNVD
CNVD
•added 2022/01/17 12:0 a.m.•32 views

Zabbix Sia Zabbix has an unspecified vulnerability

Zabbix Sia Zabbix is an open source monitoring system from the Latvian company Zabbix SIA Zabbix Sia. The system supports network monitoring, server monitoring, cloud monitoring, and application monitoring, etc. A security vulnerability exists in Zabbix Frontend, which stems from the fact that wi...

9.8CVSS3AI score0.95683EPSS
Exploits9References1
CNVD
CNVD
•added 2022/01/17 12:0 a.m.•32 views

Adobe Acrobat Reader DC integer overflow vulnerability

Acrobat Reader DC is an excellent PDF file reader developed by Adobe. Adobe Acrobat Reader DC is vulnerable to integer overflow, which can be exploited by attackers to execute arbitrary code in the context of the current user...

9.3CVSS6.6AI score0.09979EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/14 12:0 a.m.•32 views

vim resource management error vulnerability (CNVD-2022-03942)

Vim, a UNIX-based editor, is vulnerable to a resource management error that stems from a heap-based buffer overflow. No detailed vulnerability details are currently available...

6.8CVSS3.2AI score0.01719EPSS
Exploits1References1
CNVD
CNVD
•added 2022/01/14 12:0 a.m.•32 views

Expat addBinding function buffer overflow vulnerability

Expat is a fast streaming XML parser written in C. A buffer overflow vulnerability exists in versions of Expat prior to 2.4.3, which stems from a boundary error in the addBinding in xmlparse.c when handling untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary...

9.8CVSS6.2AI score0.04829EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/14 12:0 a.m.•32 views

Pillow input validation error vulnerability

Pillow is a Python-based image processing library. Pillow is vulnerable to an input validation error prior to 9.0.0, which stems from a networked system or product that does not properly validate input data. An attacker could exploit this vulnerability to execute arbitrary expressions using the...

9.8CVSS4.8AI score0.03399EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/10 12:0 a.m.•32 views

Google Chrome Web Serial security bypass vulnerability

Google Chrome is a web browser from Google, Inc. A security bypass vulnerability exists in Google Chrome Web Serial, which can be exploited by attackers to bypass security restrictions...

8.1CVSS4.9AI score0.01306EPSS
Exploits1References1
CNVD
CNVD
•added 2022/01/10 12:0 a.m.•32 views

Google Chrome Navigation security bypass vulnerability (CNVD-2022-65578)

Google Chrome is a web browser from Google, Inc. A security bypass vulnerability exists in Google Chrome Navigation, which can be exploited by attackers to bypass security restrictions...

6.5CVSS4.7AI score0.00793EPSS
Exploits1References1
CNVD
CNVD
•added 2022/01/08 12:0 a.m.•32 views

vim out-of-bounds read vulnerability

Vim is an editor based on the UNIX platform. An out-of-bounds read vulnerability exists in Vim, which stems from a networked system or product that does not properly validate data boundaries when performing operations on memory, resulting in incorrect read and write operations being performed to...

7.8CVSS2.9AI score0.01739EPSS
Exploits1References1
CNVD
CNVD
•added 2022/01/07 12:0 a.m.•32 views

Apache Geode Injection Vulnerability

Apache Geode is an Apache Foundation management platform for providing real-time and consistent access to data for data-intensive applications in distributed cloud architectures. security attributes prefixed with "sysprop-", "javax.net.ssl", or "security-" are vulnerable to logging of sensitive...

7.5CVSS2.6AI score0.02894EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/06 12:0 a.m.•32 views

Django Denial of Service Vulnerability (CNVD-2022-03215)

Django is the Django Foundation's set of Python-based language open source Web application framework . The framework includes object-oriented mapper, view system, template system, etc. Django version 2.2 before 2.2.26, version 3.2 before 3.2.11, and version 4.0 before 4.0.1 has a denial-of-servic...

7.5CVSS3.7AI score0.02397EPSS
Exploits0References1
CNVD
CNVD
•added 2022/01/04 12:0 a.m.•32 views

Wireshark Injection Vulnerability (CNVD-2022-11201)

Wireshark formerly Ethereal is a set of network packet analysis software from the Wireshark team. Gryphon dissector is one of the Gryphon protocol parsers. An attacker could exploit this vulnerability to cause a denial of service via packet injection or specially crafted capture files...

7.5CVSS4.3AI score0.03296EPSS
Exploits1References1
CNVD
CNVD
•added 2021/12/30 12:0 a.m.•32 views

Vim Resource Management Error Vulnerability (CNVD-2022-05064)

Vim is a UNIX-based editor. Vim is vulnerable to resource management errors, and no detailed vulnerability details are currently available...

7.8CVSS3.3AI score0.01621EPSS
Exploits1References1
CNVD
CNVD
•added 2021/12/22 12:0 a.m.•32 views

Blackmagic Design DaVinci Resolve Code Execution Vulnerability

Blackmagic Design DaVinci Resolve is an all-in-one software tool for editing, color correction, visual effects, motion graphics and audio post-production.A code execution vulnerability exists in Blackmagic Design DaVinci Resolve, which could be exploited by attackers to execute arbitrary code in...

9.8CVSS5.7AI score0.17945EPSS
Exploits1References1
CNVD
CNVD
•added 2021/12/20 12:0 a.m.•32 views

xorg-x11-server out-of-bounds access vulnerability (CNVD-2022-04968)

xorg-x11-server is an X Window System display server from the X.Org Foundation. xorg-x11-server 21.1.2 and versions prior to 1.20.14 have an out-of-bounds access vulnerability in the SProcScreenSaverSuspend function, which can be exploited by attackers to threaten data confidentiality, integrity,...

7.8CVSS6.3AI score0.00571EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/15 12:0 a.m.•32 views

Bentley View JT File Parsing Stack Buffer Overflow Remote Code Execution Vulnerability

Bentley View is a free viewer from Bentley Systems, Inc. Bentley View JT file parsing stack buffer overflow remote code execution vulnerability is due to failure to properly validate the length of user-supplied data before copying it to the stack buffer. An attacker could exploit this vulnerabili...

7.8CVSS6.3AI score0.02041EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/13 12:0 a.m.•32 views

Bentley View Information Disclosure Vulnerability (CNVD-2021-101970)

Bentley View is a free viewer from Bentley Systems, Inc. Bentley View is vulnerable to information disclosure, which could be exploited by attackers to obtain sensitive information...

4.3CVSS2.6AI score0.01644EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/09 12:0 a.m.•32 views

WordPress WPS Hide Login plugin authorization issue vulnerability

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. WordPress WPS Hide Login plugin has an authorization issue vulnerability in versions prior to 1.9.1, which ste...

7.5CVSS2.9AI score0.71532EPSS
Exploits5References1
CNVD
CNVD
•added 2021/12/08 12:0 a.m.•32 views

Auerswald Compact has an unspecified vulnerability

The Auerswald Compact Series is an Ict solution from Auerswald Germany. a security vulnerability exists in the Auerswald Compact Series that could be exploited by an attacker to access a web-based management application for full administrative access to the device...

10CVSS6.3AI score0.71979EPSS
Exploits6References1
CNVD
CNVD
•added 2021/12/01 12:0 a.m.•32 views

Workerman-ThinkPHP-Redis Cross-Site Scripting Vulnerability

Workerman-ThinkPHP-Redis is an open source project consisting of the Workerman framework, the ThinkPHP framework, and Redis.Workerman-ThinkPHP-Redis is vulnerable to a cross-site scripting vulnerability that originates in the file Controller.class.php, where the exit function will terminate the...

6.1CVSS1.1AI score0.00641EPSS
Exploits1References1
CNVD
CNVD
•added 2021/11/22 12:0 a.m.•32 views

LibreCad Buffer Overflow Vulnerability (CNVD-2021-92473)

A buffer error vulnerability exists in LibreCAD, an open source CAD computer-aided design application from the LibreCAD organization, in LibreCad libdxfrw, which stems from the failure of the product's dwgCompressor::copyCompBytes21 function to properly handle special input data. An attacker coul...

8.8CVSS3.3AI score0.02686EPSS
Exploits1References1
CNVD
CNVD
•added 2021/11/17 12:0 a.m.•32 views

Moodle Cross-Site Request Forgery Vulnerability (CNVD-2021-92541)

Moodle is a free and open source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. This could lead to cross-site request forgery attacks. No details of the vulnerability are currently available...

8.8CVSS4.6AI score0.00607EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/12 12:0 a.m.•32 views

Microsoft Windows Active Directory Elevation of Privilege Vulnerability

Microsoft Windows Active Directory is a centralized directory management service from Microsoft Corporation USA that is responsible for architecting large network environments. Microsoft Windows Active Directory has an elevation of privilege vulnerability that could be exploited by an attacker to...

7.5CVSS4.6AI score0.70207EPSS
Exploits9References1
CNVD
CNVD
•added 2021/11/11 12:0 a.m.•32 views

Multiple Siemens products with integer underflow vulnerability

Capital VSTAR is a complete solution. the Nucleus NET module integrates a range of standards-compliant networking and communications protocols, drivers and utilities to provide full-featured networking support in any embedded device. the Nucleus RTOS is a microkernel-based real-time operating...

9.1CVSS3.7AI score0.02106EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/01 12:0 a.m.•32 views

MediaWiki Permission License and Access Control Issues Vulnerability (CNVD-2021-84581)

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. Mediawiki suffers from a Permission Permission and Access Control Issue vulnerability that stems from the...

8.8CVSS8.5AI score0.01124EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/31 12:0 a.m.•32 views

Vim Buffer Overflow Vulnerability (CNVD-2022-05072)

Vim is a UNIX-based editor. Vim is vulnerable to a buffer overflow vulnerability that can be exploited by attackers to cause a denial of service or a code execution vulnerability...

7.8CVSS6AI score0.00601EPSS
Exploits1References1
CNVD
CNVD
•added 2021/10/27 12:0 a.m.•32 views

Adobe Bridge Resource Management Error Vulnerability

Adobe Bridge is a file viewer from the American company Audobee Adobe. Adobe Bridge suffers from a resource management error vulnerability. An attacker could exploit this vulnerability to execute arbitrary code...

7.8CVSS6.2AI score0.02EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/27 12:0 a.m.•32 views

Adobe Audition null pointer dereference vulnerability

Adobe Audition is an audio editor and post-production suite. Adobe Audition 14.4 and earlier versions are vulnerable to a null pointer dereference vulnerability that could be exploited by attackers to cause a denial of service for the application...

5.5CVSS4.9AI score0.01209EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/25 12:0 a.m.•32 views

Unspecified vulnerability exists in stb stb_image.h (CNVD-2021-100610)

stb is a single-file public domain library for C/C. stbimage.h is one of the image loaders. stb stbimage.h is vulnerable, and an attacker could use stbimage to crash the service or read up to 1024 bytes of non-contiguous heap data without controlling where it is read...

7.1CVSS2.5AI score0.0136EPSS
Exploits1References1
CNVD
CNVD
•added 2021/10/25 12:0 a.m.•32 views

WordPress code issue vulnerability (CNVD-2021-83670)

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A code issue vulnerability exists in the WordPress plugin Catch Themes Demo Import in versions 1.7 a...

7.2CVSS7.2AI score0.55729EPSS
Exploits6References1
CNVD
CNVD
•added 2021/10/13 12:0 a.m.•32 views

MediaWiki Cross-Site Scripting Vulnerability (CNVD-2022-05529)

MediaWiki is a free and free-to-use web-based wiki engine from the US-based MediaWiki Foundation. A cross-site scripting vulnerability exists in versions of MediaWiki prior to 1.36.2, which stems from the fact that MediaWiki messages associated with a month are not escaped until they are used on ...

6.1CVSS3.8AI score0.01302EPSS
Exploits1References1
CNVD
CNVD
•added 2021/10/12 12:0 a.m.•32 views

TinyXML Infinite Loop Vulnerability

TinyXML is a C++ XML parser that can be easily integrated into other programs. An infinite loop vulnerability exists in TiXmlParsingData::Stamp in tinyxmlparser.cpp in TinyXML 2.6.2 and earlier. An attacker can exploit this vulnerability to cause a denial of service via a specially crafted XML...

7.5CVSS7.1AI score0.03055EPSS
Exploits1References1
CNVD
CNVD
•added 2021/10/08 12:0 a.m.•32 views

Adobe Acrobat Reader DC out-of-bounds read vulnerability

Adobe Acrobat Reader is a PDF viewer from Adobe. The software is used to print, sign and annotate PDFs. Adobe Acrobat Reader DC suffers from an out-of-bounds read vulnerability that can be exploited by attackers to locally elevate privileges in the context of the current user...

4.3CVSS4.8AI score0.01808EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/26 12:0 a.m.•32 views

Google Chrome Post-release Reuse Vulnerability (CNVD-2021-99288)

Chrome is a simple and efficient web browsing tool developed by Google. portals in versions prior to Google Chrome 94.0.4606.61 are vulnerable to post-release reuse. An attacker could exploit this vulnerability to be able to perform a sandbox escape via a crafted HTML page...

6.8CVSS2.9AI score0.11735EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2021/09/23 12:0 a.m.•32 views

FFmpeg Buffer Overflow Vulnerability (CNVD-2021-74088)

FFmpeg is the FFmpeg team's complete solution for recording, converting, and streaming audio and video. FFmpeg has a security vulnerability that could be exploited by an attacker to cause a denial of service or other unspecified impact...

8.8CVSS5AI score0.01195EPSS
Exploits1References1
CNVD
CNVD
•added 2021/09/22 12:0 a.m.•32 views

Google Chrome DevTools Information Disclosure Vulnerability (CNVD-2021-73423)

Google Chrome is a web browser from Google, Inc. Google Chrome DevTools is vulnerable to information disclosure. A remote attacker could exploit this vulnerability to obtain sensitive information...

4.3CVSS2.5AI score0.01072EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/15 12:0 a.m.•32 views

Adobe Acrobat/Reader Heap Buffer Overflow Vulnerability (CNVD-2021-85263)

Adobe Reader also known as Acrobat Reader is a PDF document reader developed by Adobe. Adobe Acrobat is a PDF editor developed by Adobe. Adobe Acrobat/Reader is vulnerable to a heap buffer overflow. An attacker can exploit this vulnerability to execute arbitrary code...

7.8CVSS3.9AI score0.12499EPSS
Exploits1References1
CNVD
CNVD
•added 2021/09/15 12:0 a.m.•32 views

Eclipse Equinox has an unspecified vulnerability

Eclipse Equinox is a sub-project of the Eclipse Foundation that provides a certified implementation of the OSGi R4.x core framework specification. versions prior to Eclipse Equinox 4.21 have a security vulnerability that stems from the fact that if a p2 repository with HTTP is used, an attacker...

8.1CVSS1.9AI score0.01125EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/14 12:0 a.m.•32 views

Google Chrome Stack Buffer Overflow Vulnerability (CNVD-2021-92833)

Chrome is a simple and efficient web browsing tool developed by Google. a stack buffer overflow vulnerability exists in ANGLE in versions prior to Google Chrome 93.0.4577.82. An attacker could exploit this vulnerability to potentially exploit stack corruption via a crafted HTML page...

8.8CVSS4.4AI score0.00948EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/10 12:0 a.m.•32 views

Libtiff buffer overflow vulnerability

Libtiff is a library for reading and writing files in the Tagged Image File Format abbreviated as TIFF.A buffer overflow vulnerability exists in LibTiff version 4.0.10. An attacker can exploit this vulnerability to cause a denial of service via the TIFFVGetField function in libtiff/tifdir.c...

6.5CVSS5.4AI score0.01456EPSS
Exploits0References1
Total number of security vulnerabilities5000