131102 matches found
Siemens Simcenter Femap Out-of-Bounds Writing Vulnerability (CNVD-2022-10009)
Siemens Simcenter Femap is a cutting-edge engineering simulation application from Siemens, Germany. It is used to create, edit and import/reuse mesh-based finite element analysis models of complex products or systems. Siemens Simcenter Femap is vulnerable to an out-of-bounds write vulnerability...
Insyde InsydeH2O Buffer Overflow Vulnerability (CNVD-2022-10280)
Insyde InsydeH2O is a C source from Insyde Software Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the traditional BIOS Basic Input/Output System. Operating System H2O UEFI firmware suffers from a buffer overflow vulnerability that could be exploite...
Denial of Service Vulnerability in Multiple Siemens Industrial Products (CNVD-2022-10002)
SIMATIC Drive Controller family products are machines designed for production automation, combining the functionality of the SIMATIC S7-1500 CPU and the SINAMICS S120 drive control.SIMATIC S7-1200 CPU family products are designed for discrete and continuous control in industrial environments such...
Oracle MySQL Input Validation Error Vulnerability (CNVD-2022-09141)
Oracle MySQL Server is a relational database from Oracle Corporation. An input validation error vulnerability exists in MySQL Server, which originates from an input validation error in the Server: Optimizer component in MySQL Server. An attacker can exploit the vulnerability to corrupt or delete...
Adobe Acrobat and Reader DC Security Feature Issue Vulnerability
Adobe Acrobat and Reader DC is the American Adobe's PDF creation program. Adobe Acrobat and Reader DC suffers from a security signature issue vulnerability that inadequately validates user-supplied input. A remote attacker could exploit this vulnerability to trick a victim into opening a speciall...
Expat integer overflow vulnerability
Expat is a fast streaming XML parser written in C. An integer overflow vulnerability exists in versions of Expat prior to 2.4.4, which stems from a boundary error when processing untrusted input and can be exploited by remote attackers to execute arbitrary code on the system...
polkit pkexec elevation of privilege vulnerability
pkexec is a SUID root program that is installed on every major Linux distribution by default. polkit pkexec elevation of privilege vulnerability can be exploited to gain full root privileges on a host...
Oracle MySQL Connectors Input Validation Error Vulnerability (CNVD-2022-15473)
Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Connectors is a driver for applications that use MySQL. versions 8.0.27 and earlier are vulnerable to an input validation error. An attacker could use this vulnerability to compromise Oracle MySQL...
Oracle Java SE Input Validation Error Vulnerability (CNVD-2022-15481)
Oracle Java SE, an Oracle company, is used to develop and deploy Java applications on desktops, servers, and embedded devices and in real-time environments. Edition accessible data for unauthorized update, insert, or delete access...
Oracle Java SE Input Validation Error Vulnerability (CNVD-2022-15484)
Oracle Java SE is an Oracle Corporation USA product for developing and deploying Java applications on desktops, servers, and embedded devices and in real-time environments.Oracle Java SE is vulnerable to an input validation error that could be exploited by an attacker to cause an unauthorized...
marked denial of service vulnerability (CNVD-2022-15958)
marked is a Markdown parser and compiler written in JavaScript. marked has a security vulnerability that can be exploited by attackers to cause a regular expression denial of service ReDoS...
Zabbix Sia Zabbix has an unspecified vulnerability
Zabbix Sia Zabbix is an open source monitoring system from the Latvian company Zabbix SIA Zabbix Sia. The system supports network monitoring, server monitoring, cloud monitoring, and application monitoring, etc. A security vulnerability exists in Zabbix Frontend, which stems from the fact that wi...
Adobe Acrobat Reader DC integer overflow vulnerability
Acrobat Reader DC is an excellent PDF file reader developed by Adobe. Adobe Acrobat Reader DC is vulnerable to integer overflow, which can be exploited by attackers to execute arbitrary code in the context of the current user...
vim resource management error vulnerability (CNVD-2022-03942)
Vim, a UNIX-based editor, is vulnerable to a resource management error that stems from a heap-based buffer overflow. No detailed vulnerability details are currently available...
Expat addBinding function buffer overflow vulnerability
Expat is a fast streaming XML parser written in C. A buffer overflow vulnerability exists in versions of Expat prior to 2.4.3, which stems from a boundary error in the addBinding in xmlparse.c when handling untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary...
Pillow input validation error vulnerability
Pillow is a Python-based image processing library. Pillow is vulnerable to an input validation error prior to 9.0.0, which stems from a networked system or product that does not properly validate input data. An attacker could exploit this vulnerability to execute arbitrary expressions using the...
Google Chrome Web Serial security bypass vulnerability
Google Chrome is a web browser from Google, Inc. A security bypass vulnerability exists in Google Chrome Web Serial, which can be exploited by attackers to bypass security restrictions...
Google Chrome Navigation security bypass vulnerability (CNVD-2022-65578)
Google Chrome is a web browser from Google, Inc. A security bypass vulnerability exists in Google Chrome Navigation, which can be exploited by attackers to bypass security restrictions...
vim out-of-bounds read vulnerability
Vim is an editor based on the UNIX platform. An out-of-bounds read vulnerability exists in Vim, which stems from a networked system or product that does not properly validate data boundaries when performing operations on memory, resulting in incorrect read and write operations being performed to...
Apache Geode Injection Vulnerability
Apache Geode is an Apache Foundation management platform for providing real-time and consistent access to data for data-intensive applications in distributed cloud architectures. security attributes prefixed with "sysprop-", "javax.net.ssl", or "security-" are vulnerable to logging of sensitive...
Django Denial of Service Vulnerability (CNVD-2022-03215)
Django is the Django Foundation's set of Python-based language open source Web application framework . The framework includes object-oriented mapper, view system, template system, etc. Django version 2.2 before 2.2.26, version 3.2 before 3.2.11, and version 4.0 before 4.0.1 has a denial-of-servic...
Wireshark Injection Vulnerability (CNVD-2022-11201)
Wireshark formerly Ethereal is a set of network packet analysis software from the Wireshark team. Gryphon dissector is one of the Gryphon protocol parsers. An attacker could exploit this vulnerability to cause a denial of service via packet injection or specially crafted capture files...
Vim Resource Management Error Vulnerability (CNVD-2022-05064)
Vim is a UNIX-based editor. Vim is vulnerable to resource management errors, and no detailed vulnerability details are currently available...
Blackmagic Design DaVinci Resolve Code Execution Vulnerability
Blackmagic Design DaVinci Resolve is an all-in-one software tool for editing, color correction, visual effects, motion graphics and audio post-production.A code execution vulnerability exists in Blackmagic Design DaVinci Resolve, which could be exploited by attackers to execute arbitrary code in...
xorg-x11-server out-of-bounds access vulnerability (CNVD-2022-04968)
xorg-x11-server is an X Window System display server from the X.Org Foundation. xorg-x11-server 21.1.2 and versions prior to 1.20.14 have an out-of-bounds access vulnerability in the SProcScreenSaverSuspend function, which can be exploited by attackers to threaten data confidentiality, integrity,...
Bentley View JT File Parsing Stack Buffer Overflow Remote Code Execution Vulnerability
Bentley View is a free viewer from Bentley Systems, Inc. Bentley View JT file parsing stack buffer overflow remote code execution vulnerability is due to failure to properly validate the length of user-supplied data before copying it to the stack buffer. An attacker could exploit this vulnerabili...
Bentley View Information Disclosure Vulnerability (CNVD-2021-101970)
Bentley View is a free viewer from Bentley Systems, Inc. Bentley View is vulnerable to information disclosure, which could be exploited by attackers to obtain sensitive information...
WordPress WPS Hide Login plugin authorization issue vulnerability
WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. WordPress WPS Hide Login plugin has an authorization issue vulnerability in versions prior to 1.9.1, which ste...
Auerswald Compact has an unspecified vulnerability
The Auerswald Compact Series is an Ict solution from Auerswald Germany. a security vulnerability exists in the Auerswald Compact Series that could be exploited by an attacker to access a web-based management application for full administrative access to the device...
Workerman-ThinkPHP-Redis Cross-Site Scripting Vulnerability
Workerman-ThinkPHP-Redis is an open source project consisting of the Workerman framework, the ThinkPHP framework, and Redis.Workerman-ThinkPHP-Redis is vulnerable to a cross-site scripting vulnerability that originates in the file Controller.class.php, where the exit function will terminate the...
LibreCad Buffer Overflow Vulnerability (CNVD-2021-92473)
A buffer error vulnerability exists in LibreCAD, an open source CAD computer-aided design application from the LibreCAD organization, in LibreCad libdxfrw, which stems from the failure of the product's dwgCompressor::copyCompBytes21 function to properly handle special input data. An attacker coul...
Moodle Cross-Site Request Forgery Vulnerability (CNVD-2021-92541)
Moodle is a free and open source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. This could lead to cross-site request forgery attacks. No details of the vulnerability are currently available...
Microsoft Windows Active Directory Elevation of Privilege Vulnerability
Microsoft Windows Active Directory is a centralized directory management service from Microsoft Corporation USA that is responsible for architecting large network environments. Microsoft Windows Active Directory has an elevation of privilege vulnerability that could be exploited by an attacker to...
Multiple Siemens products with integer underflow vulnerability
Capital VSTAR is a complete solution. the Nucleus NET module integrates a range of standards-compliant networking and communications protocols, drivers and utilities to provide full-featured networking support in any embedded device. the Nucleus RTOS is a microkernel-based real-time operating...
MediaWiki Permission License and Access Control Issues Vulnerability (CNVD-2021-84581)
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. Mediawiki suffers from a Permission Permission and Access Control Issue vulnerability that stems from the...
Vim Buffer Overflow Vulnerability (CNVD-2022-05072)
Vim is a UNIX-based editor. Vim is vulnerable to a buffer overflow vulnerability that can be exploited by attackers to cause a denial of service or a code execution vulnerability...
Adobe Bridge Resource Management Error Vulnerability
Adobe Bridge is a file viewer from the American company Audobee Adobe. Adobe Bridge suffers from a resource management error vulnerability. An attacker could exploit this vulnerability to execute arbitrary code...
Adobe Audition null pointer dereference vulnerability
Adobe Audition is an audio editor and post-production suite. Adobe Audition 14.4 and earlier versions are vulnerable to a null pointer dereference vulnerability that could be exploited by attackers to cause a denial of service for the application...
Unspecified vulnerability exists in stb stb_image.h (CNVD-2021-100610)
stb is a single-file public domain library for C/C. stbimage.h is one of the image loaders. stb stbimage.h is vulnerable, and an attacker could use stbimage to crash the service or read up to 1024 bytes of non-contiguous heap data without controlling where it is read...
WordPress code issue vulnerability (CNVD-2021-83670)
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A code issue vulnerability exists in the WordPress plugin Catch Themes Demo Import in versions 1.7 a...
MediaWiki Cross-Site Scripting Vulnerability (CNVD-2022-05529)
MediaWiki is a free and free-to-use web-based wiki engine from the US-based MediaWiki Foundation. A cross-site scripting vulnerability exists in versions of MediaWiki prior to 1.36.2, which stems from the fact that MediaWiki messages associated with a month are not escaped until they are used on ...
TinyXML Infinite Loop Vulnerability
TinyXML is a C++ XML parser that can be easily integrated into other programs. An infinite loop vulnerability exists in TiXmlParsingData::Stamp in tinyxmlparser.cpp in TinyXML 2.6.2 and earlier. An attacker can exploit this vulnerability to cause a denial of service via a specially crafted XML...
Adobe Acrobat Reader DC out-of-bounds read vulnerability
Adobe Acrobat Reader is a PDF viewer from Adobe. The software is used to print, sign and annotate PDFs. Adobe Acrobat Reader DC suffers from an out-of-bounds read vulnerability that can be exploited by attackers to locally elevate privileges in the context of the current user...
Google Chrome Post-release Reuse Vulnerability (CNVD-2021-99288)
Chrome is a simple and efficient web browsing tool developed by Google. portals in versions prior to Google Chrome 94.0.4606.61 are vulnerable to post-release reuse. An attacker could exploit this vulnerability to be able to perform a sandbox escape via a crafted HTML page...
FFmpeg Buffer Overflow Vulnerability (CNVD-2021-74088)
FFmpeg is the FFmpeg team's complete solution for recording, converting, and streaming audio and video. FFmpeg has a security vulnerability that could be exploited by an attacker to cause a denial of service or other unspecified impact...
Google Chrome DevTools Information Disclosure Vulnerability (CNVD-2021-73423)
Google Chrome is a web browser from Google, Inc. Google Chrome DevTools is vulnerable to information disclosure. A remote attacker could exploit this vulnerability to obtain sensitive information...
Adobe Acrobat/Reader Heap Buffer Overflow Vulnerability (CNVD-2021-85263)
Adobe Reader also known as Acrobat Reader is a PDF document reader developed by Adobe. Adobe Acrobat is a PDF editor developed by Adobe. Adobe Acrobat/Reader is vulnerable to a heap buffer overflow. An attacker can exploit this vulnerability to execute arbitrary code...
Eclipse Equinox has an unspecified vulnerability
Eclipse Equinox is a sub-project of the Eclipse Foundation that provides a certified implementation of the OSGi R4.x core framework specification. versions prior to Eclipse Equinox 4.21 have a security vulnerability that stems from the fact that if a p2 repository with HTTP is used, an attacker...
Google Chrome Stack Buffer Overflow Vulnerability (CNVD-2021-92833)
Chrome is a simple and efficient web browsing tool developed by Google. a stack buffer overflow vulnerability exists in ANGLE in versions prior to Google Chrome 93.0.4577.82. An attacker could exploit this vulnerability to potentially exploit stack corruption via a crafted HTML page...
Libtiff buffer overflow vulnerability
Libtiff is a library for reading and writing files in the Tagged Image File Format abbreviated as TIFF.A buffer overflow vulnerability exists in LibTiff version 4.0.10. An attacker can exploit this vulnerability to cause a denial of service via the TIFFVGetField function in libtiff/tifdir.c...