131102 matches found
Tenda AC1200 Command Injection Vulnerability
Tenda AC1200 is a wireless router from Tenda, China.A command injection vulnerability exists in the IPsecLocalNet and IPsecRemoteNet parameters of the Tenda AC1200 setIPsecTunnelList function. An attacker can exploit this vulnerability to perform command injection...
Google Chrome Security Bypass Vulnerability (CNVD-2022-85084)
Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome, which is caused by insufficient data validation in the bypass file system. An attacker could use this vulnerability to bypass security restrictions...
Oracle MySQL Denial of Service Vulnerability (CNVD-2022-91134)
Oracle MySQL is a relational database from Oracle Corporation. A denial of service vulnerability exists in the Server: Optimizer component of Oracle MySQL. An attacker can exploit this vulnerability to compromise MySQL Server by accessing the network over multiple protocols and cause it to hang o...
Dell GeoDrive DLL Hijacking Vulnerability
Dell GeoDrive is a free application from Dell Inc. It provides access to Dell EMC ECS and Atmos storage from Microsoft Windows desktops and servers. A DLL hijacking vulnerability exists in Dell GeoDrive versions prior to 2.2.3, which can be exploited by an attacker to execute arbitrary code on a...
Adobe ColdFusion XML External Entity Injection Vulnerability
Adobe ColdFusion is a rapid application development platform from Adobe, which includes an integrated development environment and scripting language. The platform includes an integrated development environment and scripting language.Adobe ColdFusion has an XML external entity injection...
Adobe ColdFusion XML External Entity Injection Vulnerability (CNVD-2023-08756)
Adobe ColdFusion is a rapid application development platform from Adobe, which includes an integrated development environment and scripting language. The platform includes an integrated development environment and scripting language.Adobe ColdFusion has an XML external entity injection...
Microsoft Windows USB Serial Driver Information Disclosure Vulnerability
Microsoft Windows is a set of operating systems for personal devices from Microsoft Corporation USA.Microsoft Windows USB Serial Driver is vulnerable to information disclosure, which stems from insufficient protection of sensitive information on network systems or products, and can be exploited b...
Microsoft Windows ALPC Elevation of Privilege Vulnerability
Microsoft Windows ALPC is a process-to-process communication tool for high-speed messaging from Microsoft, Inc. An elevation of privilege vulnerability exists in Microsoft Windows ALPC, which stems from improper privilege assignment in the application and can be exploited by an attacker to cause ...
Microsoft DWM Core Library privilege elevation vulnerability
Microsoft DWM Core Library is a core library. An elevation of privilege vulnerability exists in Microsoft Windows DWM Core Library, which stems from the presence of improper privilege assignment in the application and can be exploited by an attacker to cause an elevation of privilege...
TOTOLINK NR1800X UploadCustomModule Buffer Overflow Vulnerability
TOTOLINK NR1800X is an outstanding 5G NR indoor Wi-Fi and SIP CPE from China-based Gion Electronics TOTOLINK, designed to provide fast and easy deployment of NR fixed data services for homes and offices.A buffer overflow vulnerability exists in TOTOLINK NR1800X V9.1.0u.6279B20210910 version, whic...
Tacitine Firewall EN6200 Command Injection Vulnerability
Tacitine Firewall EN6200 is a series of firewalls from Tacitine. The Tacitine Firewall EN6200 suffers from a command injection vulnerability that stems from improper control of code generation in the web-based management interface of the Tacitine-Firewall. An unauthenticated, remote attacker coul...
WordPress GS Testimonial Slider plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2022-66020)
Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications and forms. The solution supports mobile content management, marketing and sales campaign management, and multi-site management, etc. Adobe Experience Manager is...
VM2 Remote Code Execution Vulnerability
VM2 is a sandbox that can run untrusted code with built-in modules for whitelisted nodes. versions of VM2 prior to 3.9.11 have a remote code execution vulnerability that can be exploited by an attacker to bypass sandbox protection in order to gain remote code execution privileges on the host...
Huawei HarmonyOS Conditional Competition Vulnerability
Huawei HarmonyOS is an operating system from Huawei, a Chinese company that provides a microkernel-based, distributed operating system. A conditional contention vulnerability exists in Huawei HarmonyOS, which stems from improper handling of concurrent accesses when concurrent code needs to access...
Online Employee Leave Management System跨站请求伪造漏洞
Online Employee Leave Management System is an employee leave management system that provides an employee and management platform to efficiently manage leave departures and approvals. The vulnerability can be exploited by attackers to disguise user identity and send malicious requests...
Apache OFBiz Code Injection Vulnerability (CNVD-2023-03918)
Apache OFBiz is an enterprise resource planning ERP system from the Apache Foundation. A code injection vulnerability exists in Apache OFBiz 18.12.05 and earlier versions, which stems from an error in Birt and can be exploited by attackers to remotely execute code...
IBM Sterling B2B Integrator Licensing Issue Vulnerability (CNVD-2022-61908)
IBM Sterling B2B Integrator is a suite of software from IBM USA that integrates important B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with different partner communities. IBM Sterling B2B Integrator Standard Edition has an...
Adobe Acrobat Reader Resource Management Error Vulnerability (CNVD-2022-56977)
Adobe Acrobat Reader is a PDF viewer from Adobe, a U.S. company. The software is used to print, sign, and annotate PDFs. Adobe Acrobat Reader is vulnerable to a resource management error that stems from post-release reuse, resulting in a memory leak. No details of the vulnerability are currently...
Wyse Management Suite has an unspecified vulnerability (CNVD-2022-56660)
Wyse Management Suite is a scalable solution for managing and optimizing Wyse endpoints from Dell, Inc. The product includes centralized management of Wyse endpoints, asset tracking and automated device discovery.Wyse Management Suite 3.6.1 and prior versions contain a security vulnerability that...
IBM CICS TX Advanced Access Control Error Vulnerability
IBM CICS TX Advanced is a comprehensive, single transaction runtime package from IBM USA. It can provide a cloud-native deployment model for standalone applications. An Access Control Error vulnerability exists in IBM CICS TX Advanced version 11.1, which stems from a failure to set a security...
F5 BIG-IP and BIG-IQ iControl SOAP input validation error vulnerability
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. An input validation error vulnerability exists in F5 BIG-IP and BIG-IQ iControl SOAP, which can be exploited by an...
LibreOffice encryption problem vulnerability
LibreOffice is an open source office software suite from The Document Foundation tdf. The product includes applications such as Writer text documents, Calc spreadsheets, and Impress presentations.LibreOffice is vulnerable to an encryption problem that stems from LibreOffice using weak...
Oracle MySQL Server PAM Auth Component Input Validation Error Vulnerability
Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Server is one of the database server components, and an input validation error vulnerability exists in Oracle MySQL 8.0.28 and earlier versions, which originates in the PAM Auth component of MySQL...
Moodle Input Validation Error Vulnerability (CNVD-2022-54916)
Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment.Moodle suffers from an input validation error vulnerability that stems from insufficient cleanup of SCORM tracking details, which can b...
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-56593)
Microsoft Azure Site Recovery is a site recovery DRaaS from Microsoft Corporation USA. Microsoft Azure Site Recovery has an elevation of privilege vulnerability, and no details of the vulnerability are available...
Dell BSAFE Crypto-C Micro Edition and Dell BSAFE Micro Edition Suite Input Validation Error Vulnerability (CNVD-2022-84619)
Dell BSAFE Micro Edition Suite is a development kit that provides encryption, certificate and transport layer security for c/c applications, devices, systems, etc. Dell BSAFE is a security software product that supports encryption algorithms, certificate chain validation and transport layer...
Tenda M3 formSetAccessCodeInfo function stack overflow vulnerability
Tenda M3 is an access controller from Tenda, China. Tenda M3 V1.0.0.12 is vulnerable to a stack overflow vulnerability, which stems from the formSetAccessCodeInfo function info parameter not checking the length of the input data. An attacker could exploit this vulnerability to cause a denial of...
Tenda M3 formMasterMng function stack overflow vulnerability
Tenda M3 is an access control from Tenda, a Chinese company. Tenda M3 V1.0.0.12 version has a stack overflow vulnerability, which stems from the formMasterMng function url parameter not checking its length for input data. An attacker could exploit this vulnerability to cause a denial of service...
LDAP Account Manager Injection Vulnerability (CNVD-2022-53544)
LDAP Account Manager is a web front-end for managing entries e.g., users, groups, DHCP settings stored in the LDAP directory.An injection vulnerability exists in LDAP Account Manager LAM versions prior to 8.0, which stems from faulty access control and could be exploited by an attacker to pass th...
WordPress Login using WordPress Users plugin跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. cross-site scripting vulnerability exists in versions prior to WordPress Login using WordPress Users plugin...
Unspecified vulnerability in Secheron SEPCOS Control and Protection Relay
Secheron SEPCOS Control and Protection Relay is a relay from Secheron. Control and protect your DC panels and contact lines from short circuits and other electrical faults, and benefit from enhanced communication capabilities.A security vulnerability exists in the Secheron SEPCOS Control and...
Jenkins Image Tag Parameter Plugin Cross-Site Scripting Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plug-ins to support building, deploying, and automating any project. cross-site scripting vulnerability exists in Jenkins Image Tag Parameter Plug...
Jenkins Filesystem List Parameter Plugin Cross-Site Scripting Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. Jenkins Plugin is an application that provides hundreds of plug-ins to support building, deploying, and automating any project. Jenkins Filesystem List Parameter Plugin version 0.0.7 and earlier versions...
WUZHI CMS SQL Injection Vulnerability (CNVD-2022-59014)
WUZHI CMS is a PHP and MySQL-based open source content management system CMS from WUZHI. v4.1.0 of WUZHI CMS is vulnerable to SQL injection, which can be exploited to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php. parameter in...
SourceCodester Bank Management System SQL Injection Vulnerability
Bank Management System is a bank management system. SourceCodester Bank Management System is vulnerable to SQL injection, which can be exploited by attackers to execute illegal SQL commands to steal sensitive database data...
Adobe Premiere Pro memory corruption vulnerability
Adobe Premiere Pro is a set of non-linear editing video editing software from Adobe. Adobe Premiere Pro version 15.4 and earlier versions contain a security vulnerability that could be exploited by attackers to execute arbitrary code in the context of the current user...
Online Car Wash Booking System SQL注入漏洞(CNVD-2022-53349)
Online Car Wash Booking System is an online car wash booking system by Carlo Montero, a personal developer. Online Car Wash Booking System v1.0 is vulnerable to SQL injection, which originates from /ocwbs/admin/vehicles/ managevehicle.php?id=The page lacks validation for external input SQL...
Huawei HarmonyOS Permission Mismanagement Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security vulnerability that stems from a mismanagement of privileges in the HwSEServiceAPP. An attacker exploited the...
Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2023-06865)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a buffer overflow vulnerability that stems from a boundary error related to a register allocation issue in WASM for arm64. A remote attacker could exploit this vulnerabilit...
Open Automation Software OAS Platform访问控制错误漏洞
Open Automation Software OAS Platform is an industrial Internet of Things IoT suite from Open Automation Software, Inc. An access control error vulnerability exists in Open Automation Software OAS Platform version V16.00.0112, which stems from an external configuration control issue with the OAS...
Pix-Link MiniRouter 28K.MiniRouter.20190211 Cross-Site Scripting Vulnerability (CNVD-2022-77885)
Pix-Link MiNi Router 28K.MiniRouter.20190211 is a router from Pix-Link China.Pix-Link MiniRouter 28K.MiniRouter.20190211 suffers from a cross-site scripting vulnerability, which stems from an unhandled security key parameter. An attacker could exploit the vulnerability to execute JavaScript code ...
Oracle E-Business Suite Access Control Error Vulnerability
Oracle Corporation Oracle is the world's largest provider of information management software and services, founded in 1977, headquartered in Redwood shore, California, United States, open to the world oracle certification. Oracle E-Business Suite E-Business Suite is the United States Oracle Oracl...
IBM Sterling Secure Proxy Trust Management Issue Vulnerability
IBM Sterling Secure Proxy is an application proxy used by International Business Machines Corporation IBM to secure the transfer of files in an organization's unprotected zone DMZ.IBM Sterling Secure Proxy version 6.0.3 and IBM Secure External Authentication Server version 6.0.3 contain a trust...
WordPress BulletProof Securitys plugin跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plug-in. WordPress BulletProof Securitys plugin versions prior to 6.1 have a cross-site scripting vulnerability that...
Spring Framework Denial of Service Vulnerability (CNVD-2022-68890)
Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework . The framework helps developers build high-quality applications.Spring Framework versions prior to 5.3.20, 5.2.22 contain a denial-of-service vulnerability. An attacker can exploit this...
Apache Tomcat Denial of Service Vulnerability (CNVD-2022-49970)
Apache Tomcat is a lightweight Web application server from the Apache Foundation in the United States. The program implements support for Servlet and JavaServer Page JSP. Apache Tomcat suffers from a denial-of-service vulnerability that stems from a flaw in the configuration of Tomcat open...
TOTOLINK N600R Command Injection Vulnerability (CNVD-2022-53553)
TOTOLINK N600R is a wireless router from Taiwan-based TOTOLINK, which is vulnerable to a command injection attack via the devicename parameter in /etting/setDeviceName...
Microsoft Windows Server Service Information Disclosure Vulnerability
Microsoft Windows is a desktop operating system from Microsoft Corporation USA, and an information disclosure vulnerability exists in Microsoft Windows Server Service. The vulnerability stems from errors in the configuration of the network system or product during operation. An attacker could use...
Unspecified vulnerability in Siemens SICAM P850 and SICAM P855 Devices (CNVD-2022-36397)
The SICAM P850 Multifunctional Measurement Device is used to collect, visualize, evaluate and transmit electrical measurement variables such as AC current, AC voltage, frequency, power, harmonics, etc. The SICAM P855 Multifunctional Device is used to collect, display and transmit measured...