131102 matches found
WordPress WPS Hide Login plugin authorization issue vulnerability
WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. WordPress WPS Hide Login plugin has an authorization issue vulnerability in versions prior to 1.9.1, which ste...
Auerswald Compact has an unspecified vulnerability
The Auerswald Compact Series is an Ict solution from Auerswald Germany. a security vulnerability exists in the Auerswald Compact Series that could be exploited by an attacker to access a web-based management application for full administrative access to the device...
Workerman-ThinkPHP-Redis Cross-Site Scripting Vulnerability
Workerman-ThinkPHP-Redis is an open source project consisting of the Workerman framework, the ThinkPHP framework, and Redis.Workerman-ThinkPHP-Redis is vulnerable to a cross-site scripting vulnerability that originates in the file Controller.class.php, where the exit function will terminate the...
LibreCad Buffer Overflow Vulnerability (CNVD-2021-92473)
A buffer error vulnerability exists in LibreCAD, an open source CAD computer-aided design application from the LibreCAD organization, in LibreCad libdxfrw, which stems from the failure of the product's dwgCompressor::copyCompBytes21 function to properly handle special input data. An attacker coul...
Moodle Cross-Site Request Forgery Vulnerability (CNVD-2021-92541)
Moodle is a free and open source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. This could lead to cross-site request forgery attacks. No details of the vulnerability are currently available...
Microsoft Windows Active Directory Elevation of Privilege Vulnerability
Microsoft Windows Active Directory is a centralized directory management service from Microsoft Corporation USA that is responsible for architecting large network environments. Microsoft Windows Active Directory has an elevation of privilege vulnerability that could be exploited by an attacker to...
Multiple Siemens products with integer underflow vulnerability
Capital VSTAR is a complete solution. the Nucleus NET module integrates a range of standards-compliant networking and communications protocols, drivers and utilities to provide full-featured networking support in any embedded device. the Nucleus RTOS is a microkernel-based real-time operating...
MediaWiki Permission License and Access Control Issues Vulnerability (CNVD-2021-84581)
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. Mediawiki suffers from a Permission Permission and Access Control Issue vulnerability that stems from the...
Vim Buffer Overflow Vulnerability (CNVD-2022-05072)
Vim is a UNIX-based editor. Vim is vulnerable to a buffer overflow vulnerability that can be exploited by attackers to cause a denial of service or a code execution vulnerability...
Adobe Bridge Resource Management Error Vulnerability
Adobe Bridge is a file viewer from the American company Audobee Adobe. Adobe Bridge suffers from a resource management error vulnerability. An attacker could exploit this vulnerability to execute arbitrary code...
Adobe Audition null pointer dereference vulnerability
Adobe Audition is an audio editor and post-production suite. Adobe Audition 14.4 and earlier versions are vulnerable to a null pointer dereference vulnerability that could be exploited by attackers to cause a denial of service for the application...
Unspecified vulnerability exists in stb stb_image.h (CNVD-2021-100610)
stb is a single-file public domain library for C/C. stbimage.h is one of the image loaders. stb stbimage.h is vulnerable, and an attacker could use stbimage to crash the service or read up to 1024 bytes of non-contiguous heap data without controlling where it is read...
WordPress code issue vulnerability (CNVD-2021-83670)
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A code issue vulnerability exists in the WordPress plugin Catch Themes Demo Import in versions 1.7 a...
MediaWiki Cross-Site Scripting Vulnerability (CNVD-2022-05529)
MediaWiki is a free and free-to-use web-based wiki engine from the US-based MediaWiki Foundation. A cross-site scripting vulnerability exists in versions of MediaWiki prior to 1.36.2, which stems from the fact that MediaWiki messages associated with a month are not escaped until they are used on ...
TinyXML Infinite Loop Vulnerability
TinyXML is a C++ XML parser that can be easily integrated into other programs. An infinite loop vulnerability exists in TiXmlParsingData::Stamp in tinyxmlparser.cpp in TinyXML 2.6.2 and earlier. An attacker can exploit this vulnerability to cause a denial of service via a specially crafted XML...
Adobe Acrobat Reader DC out-of-bounds read vulnerability
Adobe Acrobat Reader is a PDF viewer from Adobe. The software is used to print, sign and annotate PDFs. Adobe Acrobat Reader DC suffers from an out-of-bounds read vulnerability that can be exploited by attackers to locally elevate privileges in the context of the current user...
Google Chrome Post-release Reuse Vulnerability (CNVD-2021-99288)
Chrome is a simple and efficient web browsing tool developed by Google. portals in versions prior to Google Chrome 94.0.4606.61 are vulnerable to post-release reuse. An attacker could exploit this vulnerability to be able to perform a sandbox escape via a crafted HTML page...
FFmpeg Buffer Overflow Vulnerability (CNVD-2021-74088)
FFmpeg is the FFmpeg team's complete solution for recording, converting, and streaming audio and video. FFmpeg has a security vulnerability that could be exploited by an attacker to cause a denial of service or other unspecified impact...
Google Chrome DevTools Information Disclosure Vulnerability (CNVD-2021-73423)
Google Chrome is a web browser from Google, Inc. Google Chrome DevTools is vulnerable to information disclosure. A remote attacker could exploit this vulnerability to obtain sensitive information...
Adobe Acrobat/Reader Heap Buffer Overflow Vulnerability (CNVD-2021-85263)
Adobe Reader also known as Acrobat Reader is a PDF document reader developed by Adobe. Adobe Acrobat is a PDF editor developed by Adobe. Adobe Acrobat/Reader is vulnerable to a heap buffer overflow. An attacker can exploit this vulnerability to execute arbitrary code...
Eclipse Equinox has an unspecified vulnerability
Eclipse Equinox is a sub-project of the Eclipse Foundation that provides a certified implementation of the OSGi R4.x core framework specification. versions prior to Eclipse Equinox 4.21 have a security vulnerability that stems from the fact that if a p2 repository with HTTP is used, an attacker...
Google Chrome Stack Buffer Overflow Vulnerability (CNVD-2021-92833)
Chrome is a simple and efficient web browsing tool developed by Google. a stack buffer overflow vulnerability exists in ANGLE in versions prior to Google Chrome 93.0.4577.82. An attacker could exploit this vulnerability to potentially exploit stack corruption via a crafted HTML page...
Libtiff buffer overflow vulnerability
Libtiff is a library for reading and writing files in the Tagged Image File Format abbreviated as TIFF.A buffer overflow vulnerability exists in LibTiff version 4.0.10. An attacker can exploit this vulnerability to cause a denial of service via the TIFFVGetField function in libtiff/tifdir.c...
Vim Buffer Overflow Vulnerability (CNVD-2022-05074)
Vim is a UNIX-based editor. vim has a buffer overflow vulnerability, which stems from the use of retab in the vim software when the value of memory access is larger invalid, an attacker can use this vulnerability to cause a heap buffer overflow...
Tuxera NTFS-3G Buffer Overflow Vulnerability (CNVD-2022-82655)
Tuxera NTFS-3G is an open source, cross-platform set of drivers from Tuxera Finland for reading and writing NTFS partitions.Tuxera NTFS-3G is vulnerable to a buffer overflow vulnerability that could be exploited by an attacker to crash an application or execute arbitrary code in the application...
Google Chrome Media code execution vulnerability
Google Chrome is a web browser from Google Inc. A code execution vulnerability exists in Google Chrome Media. A remote attacker could use this vulnerability to execute arbitrary code on the system or cause a denial of service condition...
Google Chrome Autofill Spoofing Vulnerability (CNVD-2021-67541)
Google Chrome is a web browser from Google, Inc. A spoofing vulnerability exists in Google Chrome Autofill. An attacker can exploit this vulnerability to perform spoofing...
Google Chrome Sign-In code execution vulnerability
Google Chrome is a web browser from Google, Inc. A code execution vulnerability exists in Google Chrome Sign-In. A remote attacker could use this vulnerability to execute arbitrary code on the system or cause a denial of service condition...
F5 BIG IP APM OCSP Denial of Service Vulnerability
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. The F5 BIG IP APM OCSP denial of service vulnerability can be exploited by attackers to cause a denial of service DoS on the...
F5 BIG-IP iControl SOAP CSRF Vulnerability
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A CSRF vulnerability exists in F5 BIG-IP iControl SOAP, which could be exploited by an attacker to potentially trick...
SQLite Segmentation Error Vulnerability
SQLite is a self-sufficient, serverless, zero-configuration, transactional SQL database engine. idxGetTableInfo function in SQLite version 3.36.0 is vulnerable to a segmentation error. An attacker could exploit the vulnerability via a specially crafted SQL query to cause a denial of service...
Google Chrome Post-release Reuse Vulnerability (CNVD-2021-68453)
Chrome is a web browsing tool developed by Google. A post-release reuse vulnerability exists in WebRTC in versions of Google Chrome prior to 92.0.4515.159. An attacker could exploit this vulnerability to potentially cause heap corruption via a crafted HTML page...
Mozilla Firefox Resource Management Error Vulnerability (CNVD-2021-90322)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox is vulnerable to a resource management error vulnerability that originates from post-release usage in the media channel. No detailed vulnerability details are provided at this time...
Adobe Connect Security Feature Bypass Vulnerability
Adobe Connect is an online video conferencing software. A security feature bypass vulnerability exists in Adobe Connect 11.2.2 and earlier versions. The vulnerability stems from a violation of security design principles. No detailed vulnerability details are available at this time...
Exiv2 out-of-bounds read vulnerability (CNVD-2021-61439)
Exiv2 is a cross-platform C library and command-line utility for managing image metadata. an out-of-bounds read vulnerability exists in Exiv2 versions 0.27.4 and earlier. An attacker could exploit the vulnerability via specially crafted image files to cause a denial of service...
JetBrains YouTrack Encryption Issue Vulnerability
JetBrains YouTrack is a browser-based bug tracking and project management software from JetBrains Czech Republic. JetBrains YouTrack is vulnerable to an encryption issue prior to version 2021.2.16363, which stems from the software's use of the SHA-256 algorithm for password hashing. An attacker...
Unspecified Vulnerability in HCC Embedded InterNiche (CNVD-2021-59225)
HCC Embedded InterNiche is a newsletter software. A security vulnerability exists in HCC Embedded InterNiche stack versions prior to 4.3 and NicheLite versions prior to 4.3, which can be exploited by an attacker to cause an infinite loop that interrupts TCP/IP communication...
Industrial Light And Magic OpenEXR Buffer Overflow Vulnerability (CNVD-2022-19853)
OpenEXR is an image file format developed by Industrial Light and Magic LIM for high dynamic range HDR images. Industrial Light And Magic OpenEXR suffers from a buffer overflow vulnerability that stems from OpenEXR incorrectly handling certain formatted An attacker could exploit this vulnerabilit...
Nexus Control Panel Buffer Overflow Vulnerability (CNVD-2021-62180)
Swisslog Healthcare Nexus Panel, a medical device from Swisslog Healthcare, has a security vulnerability in versions prior to Nexus Control Panel 7.2.5.7. The vulnerability can be exploited to override the internal queue data structure, allowing for remote code execution...
Prosodical Thoughts Prosody Information Disclosure Vulnerability
Prosodical Thoughts Prosody is an open source application of Prosodical Thoughts. A modern XMPP communication server. Prosodical Thoughts Prosody is vulnerable to an information disclosure vulnerability that originates in muc.lib.lua in Prosody versions 0.11.0 through 0.11.9, which can be exploit...
Apple macOS Big Sur Buffer Overflow Vulnerability (CNVD-2021-102842)
Apple macOS Big Sur is a mobile application app from Apple Inc. Apple macOS Big Sur is vulnerable to a buffer overflow vulnerability that could be exploited by remote attackers to create a specially crafted font file and trick victims into opening it, triggering an out-of-bounds read error and...
Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66080)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server is a server operating system. An elevation-of-privilege vulnerability exists in the Remote Access Connection Manager in Microsoft...
Mozilla Firefox Resource Management Error Vulnerability (CNVD-2021-90105)
Mozilla Firefox is an open source Web browser from the Mozilla Foundation, U.S. Mozilla Firefox is vulnerable to a resource management error that stems from a post-release usage error in the outdated Cairo library. An attacker could exploit the vulnerability to create a specially crafted web page...
Adobe Acrobat/Reader Post-release Reuse Vulnerability (CNVD-2021-70146)
Adobe Acrobat is a PDF editing software developed by Adobe. Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat/Reader is vulnerable to a post-release reuse vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...
SQL Injection Vulnerability in RG-UAC Ruijie Unified Internet Behavior Management and Auditing System
Ruijie Unified Internet Behavior Management and Auditing System is an Internet behavior management and auditing product independently developed by Ruijie Networks. The RG-UAC Unified Internet Behavior Management and Audit System has a SQL injection vulnerability, which can be exploited by an...
Command execution vulnerability in Zhiyuan OA (CNVD-2021-51370)
Zhiyuan OA is a collaborative management software, a digital collaborative operation platform for medium-sized and large group organizations. A command execution vulnerability exists in Zhiyuan OA, which can be exploited by an attacker to execute arbitrary commands...
NETGEAR WAC104 Authentication Bypass Vulnerability
NETGEAR WAC104 is a wireless access point AP from Netgear, Inc. The NETGEAR WAC104 authentication bypass vulnerability can be exploited by an unauthenticated attacker to bypass the AP by placing...
NVIDIA GeForce Experience Cross-Site Scripting Vulnerability
NVIDIA GeForce Experience is a set of automatic graphics card update tools from Nvidia Corporation. A cross-site scripting vulnerability exists in NVIDIA GeForce Experience, which could be exploited by attackers to trick users into clicking on a maliciously formatted link in their browser and...
Unauthorized access vulnerability in HP Photosmart 5520 series
The HP Photosmart 5520 series is a mid-range inkjet printer. An unauthorized access vulnerability exists in the HP Photosmart 5520 series. An attacker could exploit the vulnerability to obtain sensitive information...
Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66099)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in the "Container Manager Service" of Microsoft...