131179 matches found
Microsoft Windows Server Service Information Disclosure Vulnerability
Microsoft Windows is a desktop operating system from Microsoft Corporation USA, and an information disclosure vulnerability exists in Microsoft Windows Server Service. The vulnerability stems from errors in the configuration of the network system or product during operation. An attacker could use...
WordPress Advanced Page Visit Counter plugin跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in versions of the WordPress Advanced Page Visit Counter plug...
Cisco RoomOS Software and Cisco TelePresence Collaboration Endpoint Software Redirection Vulnerability
Cisco RoomOS Software and Cisco TelePresence Collaboration Endpoint Software are both products of Cisco, a U.S. company.Cisco RoomOS Software is a set of automated management software for Cisco devices. Cisco TelePresence Collaboration Endpoint Software is a set of collaboration endpoint...
Cisco Firepower Threat Defense输入验证错误漏洞
Cisco Firepower Threat Defense is a suite of unified software from Cisco that provides next-generation firewall services.Cisco Firepower Threat Defense Software is vulnerable to an input validation error that could be exploited by an authenticated local attacker to inject XML into the command...
Monstaftp server-side request forgery vulnerability
Monstaftp is a modern Web interface for FTP. version v2.10.3 of Monstaftp is vulnerable to server-side request forgery, which stems from the product's failure to properly validate user input and can be exploited by attackers to probe server intranet resources...
MISP Cross-Site Scripting Vulnerability (CNVD-2022-64091)
MISP is an open source software solution. The product is used to collect, store, distribute, and share network security metrics and has features such as threat network security event analysis and malware analysis. cross-site scripting vulnerability exists in versions prior to MISP 2.4.158, which...
Samsung SMR Device Heap Buffer Overflow Vulnerability
Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung mobile applications. A heap buffer overflow vulnerability exists in Samsung SMR devices, which can be exploited by an attacker to cause a buffer overflow and execute arbitrary code on the system...
Cisco IOS XE Elevation of Privilege Vulnerability (CNVD-2022-55149)
Cisco IOS XE is a set of operating systems developed by Cisco for its network devices.Cisco IOS XE has an elevation of privilege vulnerability that can be exploited by attackers to execute arbitrary commands as root...
RiteCMS path traversal vulnerability
RiteCMS is a web CMS. A path traversal vulnerability exists in RiteCM, which can be exploited by an authenticated attacker to delete any file in the web root directory...
Siemens SCALANCE X-300 Switch Family Devices Cross-Site Scripting Vulnerability
SCALANCE X switches are used to connect industrial components such as programmable logic controllers PLCs or human machine interfaces HMIs.SIPLUS extreme is designed for reliable operation under extreme conditions. A cross-site scripting vulnerability exists in Siemens SCALANCE X-300 Switch Famil...
KevinLAB Building Energy Management System跨站请求伪造漏洞
KevinLAB Building Energy Management System is a building energy management system from KevinLAB Korea.A cross-site request forgery vulnerability exists in KevinLAB Building Energy Management System version 4ST BEMS 1.0.0 and is currently No detailed vulnerability details are available...
jc21 Nginx Proxy Manager Cross-Site Scripting Vulnerability
jc21 Nginx Proxy Manager is a graphical user interface for managing Nginx servers. jc21 Nginx Proxy Manager versions prior to 2.9.17 contain a cross-site scripting vulnerability that stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could...
Schneider Electric ConneXium Network Manager Software Denial of Service Vulnerability
Schneider Electric ConneXium Network Manager Software, an industrial Ethernet network management software from Schneider Electric, France, is vulnerable to a denial of service in Schneider Electric ConneXium Network Manager Software03.23 and earlier versions contain a denial of service...
TotoLink EX300_v2 Command Injection Vulnerability
TotoLink EX300 is a 300 Mbps wireless N range extender from TotoLink China.TotoLink EX300v2 V4.0.3c.140B20210429 is vulnerable to command injection, which can be exploited by unauthenticated attackers to remotely execute code as root via MitM attack...
WordPress WP-DownloadManager plugin cross-site scripting vulnerability
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress WP-DownloadManager plugin version 1.68.6...
TOTOLINK N600R Command Injection Vulnerability (CNVD-2022-53560)
TotoLink N600R is a wireless router from TotoLink, Taiwan, China. TotoLink N600R is vulnerable to command injection, which can be exploited by attackers via the exportOvpn interface of cstecgi.cgi...
Google Android Elevation of Privilege Vulnerability (CNVD-2022-22949)
Google Android is a Linux-based open source operating system from Google, Inc. An elevation-of-privilege vulnerability exists in Google Android due to a code logic error in kbasejduserbufpinpages in malikbasemem.c. error. An attacker could exploit this vulnerability to elevate local privileges...
Jenkins Extended Choice Parameter Plugin任意文件读取漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins Extended Choice Parameter Plugin...
Totolink X5000R Command Injection Vulnerability
Totolink X5000R is a router from China-based Jion Electronics Totolink. a command injection vulnerability exists in Totolink X5000R v9.1.0u.6118B20201102, which stems from a failure of the tz parameter in the setNtpCfg function to properly filter the special element of the constructed command. An...
WordPress Page Builder KingComposer plugin access control error vulnerability
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Page Builder KingComposer plugin version...
JetBrains TeamCity Code Issue Vulnerability (CNVD-2022-20140)
JetBrains TeamCity is a set of distributed build management and continuous integration tools from JetBrains Czech Republic. The tool provides continuous unit testing, code quality analysis, and build issue analysis reporting. JetBrains TeamCity is vulnerable to a code issue that could be exploite...
GPAC Buffer Overflow Vulnerability (CNVD-2022-22320)
GPAC is an open source multimedia framework focused on modularity and standards compliance. GPAC suffers from a buffer overflow vulnerability that can be exploited by attackers to corrupt system memory via manually debugged illegitimate input...
Mattermost Server Buffer Overflow Vulnerability
Mattermost Server is an open source messaging platform from Mattermost, Inc. A buffer overflow vulnerability exists in Mattermost server. POST body to crash the server...
Adobe After Effects Buffer Overflow Vulnerability (CNVD-2022-22099)
Adobe After Effects is a suite of visual effects and motion graphics software from Adobe, Inc. A buffer overflow vulnerability exists in Adobe After Effects, which stems from a failure to properly validate data boundaries when performing operations on memory, and can be exploited by remote...
NETGEAR WAC120 Cross-Site Scripting Vulnerability
Netgear NETGEAR WAC120 is a wireless access point AP from Netgear, Inc. A cross-site scripting vulnerability exists in the Netgear WAC120 AC Access Point, which stems from unauthenticated cross-site scripting XSS could lead to a variety of attacks, such as session hijacking or even clipboard...
Google Chrome Omnibox code execution vulnerability
Google Chrome is a web browser from Google, Inc. A code execution vulnerability exists in Google Chrome Omnibox, which is caused by a confusion in the program's instructions for freeing memory and can be exploited by attackers to execute arbitrary code on the system or cause a denial of service...
JetBrains TeamCity XML External Entity Handling Vulnerability
JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic. The tool provides continuous unit testing, code quality analysis, and build issue analysis reporting.A security vulnerability exists in JetBrains TeamCity, which stems from the...
Linux kernel has unspecified vulnerabilities (CNVD-2022-17770)
Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable to a security flaw that could be exploited by an attacker to inject data into a victim's TCP session or terminate that session...
Reolink RLC-410W OS Command Injection Vulnerability
Reolink Rlc-410W is a Wifi security camera from Reolink China. The Reolink RLC-410W suffers from an OS command injection vulnerability. An attacker can exploit this vulnerability to cause command execution by sending a specially crafted HTTP request...
librenms Information Disclosure Vulnerability (CNVD-2022-12751)
Librenms is a PHP and MySQL based open source network monitoring system from the Librenms community. The system features custom alerts, auto-discovery of network environments and automatic updates. librenms suffers from an information disclosure vulnerability that stems from allowing users with...
Tenda Router AX12 Buffer Overflow Vulnerability
Tenda Ax12 is a dual-band Gigabit Wifi 6 wireless router from Tenda, China.A security vulnerability exists in the Tenda Router AX12, which stems from a buffer overflow vulnerability in the sub 422CE4 function of the page goform setIPv6Status, which can be exploited by an attacker to cause a denia...
Linux kernel buffer overflow vulnerability (CNVD-2022-68616)
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel buffer overflow vulnerability, which is caused by a failure of the Transparent Inter-Process Communication TIPC module to properly boundary check. An attacker could exploit the vulnerability...
WordPress NextScripts:Social Networks Auto-Poster插件跨站脚本漏洞
NextScripts:Social Networks Auto-Poster WordPress plugin is vulnerable to a cross-site scripting vulnerability in versions prior to 4.3.24. The vulnerability stems from the fact that log requests are not escaped before being exported to the relevant administrative The vulnerability stems from the...
Bentley Systems MicroStation Resource Management Error Vulnerability (CNVD-2022-16147)
Bentley Systems MicroStation is a Cad software platform for 2D and 3D design and drafting from Bentley Systems, USA. A resource management error vulnerability exists in Bentley Systems MicroStation, which can be exploited by an attacker to execute code in the context of the current process...
vim buffer overflow vulnerability (CNVD-2022-20799)
Vim is a UNIX-based editor. buffer overflow vulnerability exists in versions prior to vim 8.2, which stems from a networked system or product that does not properly validate data boundaries when performing operations on memory, resulting in incorrect read and write operations being performed to...
Moodle Cross-Site Request Forgery Vulnerability (CNVD-2022-08151)
Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A cross-site request forgery vulnerability exists in Moodle 3.11 through 3.11.4, 3.10 through 3.10.8, and 3.9 through 3.9.11, which ste...
Adobe Illustrator Buffer Overflow Vulnerability (CNVD-2022-07642)
Adobe Illustrator is a set of vector-based image creation software from the American company Odobi Adobe. A buffer overflow vulnerability exists in Adobe?Illustrator. An attacker could use this vulnerability to trick a victim into opening a carefully constructed file, triggering an out-of-bounds...
Unspecified Vulnerability in Moddable SDK
Moddable SDK is a set of software development kits SDKs for IoT embedded software development from the US company Moddable. A security vulnerability exists in the Moddable SDK, which stems from the discovery that Moddable SDK v11.5.0 contains a SEGV vulnerability via the xs source xsDataView.c in...
JerryScript js-parser-expr.c denial-of-service vulnerability
JerryScript is a lightweight JavaScript engine from the JerryScript project.JerryScript has a denial of service vulnerability in version 3.0.0, which stems from an assertion failure in /jerry-core/parser/js/js-parser-expr.c. An attacker could use this vulnerability to launch a denial of service...
Linux kernel elevation of privilege vulnerability (CNVD-2022-68560)
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel has a security vulnerability that can be exploited by attackers to bypass Linux kernel restrictions through Cgroup Fd Writing to elevate privileges...
Oracle WebLogic Server Input Validation Error Vulnerability (CNVD-2022-05874)
Oracle WebLogic Server is an application services middleware from Oracle for cloud and traditional environments that provides a modern, lightweight development platform that supports full lifecycle management of applications from development to production and simplifies application deployment and...
Jenkins Badge Plugin Cross-Site Scripting Vulnerability
Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . Jenkins Badge Plugin in version 1.9 and earlier suffers from a cross-site scripting vulnerability that stems from a lac...
Apache Dubbo Deserialization Vulnerability (CNVD-2022-05106)
Apache Dubbo is a lightweight Java-based RPC remote procedure call framework from the Apache Foundation in the United States. The product provides interface-based remote calling, fault tolerance and load balancing, and automatic service registration and discovery. Apache Dubbo in version 3.2.11 a...
Adobe Acrobat, Adobe Acrobat Reader buffer overflow vulnerability
Adobe Acrobat is a set of PDF file editing and conversion tools from Adobe. Adobe Acrobat and Reader is vulnerable to a buffer overflow vulnerability that stems from a boundary error when processing PDF files. An unauthenticated, remote attacker could trick a victim into opening a specially craft...
Google Android Input Validation Error Vulnerability (CNVD-2022-06152)
Google Android is a Linux-based open-source operating system from Google, Inc. Google Android 11 is vulnerable to an input validation error that originates when a network system or product does not properly validate input data. An attacker could exploit the vulnerability to improperly validate th...
Apache Kylin server-side request forgery vulnerability
Apache Kylin is an open source distributed analytic data warehouse from the Apache Foundation. The product mainly provides Hadoop/Spark on top of the SQL query interface and multidimensional analysis OLAP and other functions. Apache kylin has a server-side request forgery vulnerability, which ste...
WordPress Booster for WooCommerce plugin cross-site scripting vulnerability
WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. A cross-site scripting vulnerability exists in versions of the WordPress Booster for WooCommerce plugin prior to 5.4.9. createproductsxmlresult parameter is escaped and filtered, an attacker can...
Wireshark Injection Vulnerability (CNVD-2022-11201)
Wireshark formerly Ethereal is a set of network packet analysis software from the Wireshark team. Gryphon dissector is one of the Gryphon protocol parsers. An attacker could exploit this vulnerability to cause a denial of service via packet injection or specially crafted capture files...
Netgear RAX43 Command Injection Vulnerability
Netgear RAX43 is a wireless router from Netgear, Inc. A command injection vulnerability exists in Netgear RAX43, which stems from the inclusion of a command injection vulnerability. The readycloud cgi application is vulnerable to command injection in the name parameter. No details of the...
Adobe Dimension memory corruption vulnerability
Adobe Dimension is a set of 2D and 3D composite design tools from Adobe, Inc. A memory corruption vulnerability exists in Adobe Dimension, which can be exploited by attackers to cause arbitrary code to be executed in the context of the current user...