131102 matches found
dynamicMarkt SQL Injection Vulnerability (CNVD-2022-67151)
dynamicMarkt is a software. dynamicMarkt 3.10 and earlier versions are vulnerable to SQL injection, which stems from a missing filter escape for SQL data in the parent parameter of index,php. An attacker could use this vulnerability to execute illegal SQL commands to steal sensitive database data...
LibreHealth EHR Cross-Site Scripting Vulnerability (CNVD-2022-62206)
LibreHealth EHR is a clinically-focused electronic health record EHR system designed to be easy to use out of the box and customizable for use in a variety of healthcare settings. The navigation.php page lacks filtering and escaping for parameters. An attacker could exploit this vulnerability to...
Barco Control Room Cross-Site Scripting Vulnerability (CNVD-2022-61399)
Barco Control Room is a visualization and collaboration solution from Barco Belgium. Used to build control rooms, a cross-site scripting vulnerability exists in the Barco Control Room Management Suite web application prior to version 3.14. The vulnerability stems from the...
HUAWEI HarmonyOS Input Validation Error Vulnerability (CNVD-2022-66177)
HUAWEI HarmonyOS is an operating system from China's Huawei HUAWEI. HUAWEI HarmonyOS 2.0 is vulnerable to an input validation error, which can be exploited by attackers to cause elevation of privilege...
Owl Labs Meeting Owl Information Disclosure Vulnerability
Owl Labs Meeting Owl is a video conferencing device from Owl Labs, Inc. Equipped with a series of cameras and microphones, it captures 360-degree video and audio and automatically focuses on the speaker, making meetings more dynamic and inclusive.Owl Labs Meeting Owl version 5.2.0.15 contains an...
WordPress VikBooking Hotel Booking Engine
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress VikBooking Hotel Booking Engine...
Apache Tika Denial of Service Vulnerability (CNVD-2022-73491)
Apache Tika is a collection of content extraction tools from the Apache Foundation that integrates POI an open source library that uses Java programs to provide read and write functionality for Microsoft Office format documents, Pdfbox a pure Java class library for reading and creating PDF...
InHand Networks InRouter302 OS Command Injection Vulnerability (CNVD-2022-59175)
InHand Networks InRouter Series is a series of routers from InHand Networks, Inc. InHand Networks InRouter302 version 3.5.37 contains an operating system command injection vulnerability that could be exploited by an attacker to cause remote code execution with the help of a specially crafted...
NVIDIA vGPU Software Memory Misreference Vulnerability
NVIDIA vGPU Software is a management software from NVIDIA Corporation that provides GPU capabilities to virtual machines. The software supports multiple virtual machines accessing the host GPU, providing graphics performance and application compatibility for virtual machines. vGPU Software is...
Cybozu Garoon Cross-Site Scripting Vulnerability (CNVD-2022-54343)
Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. A cross-site scripting vulnerability exists in Cybozu Garoon, which stems from insufficient cleaning of...
HCL Technologies HCL Sametime File Upload Vulnerability
HCL Sametime, a conferencing solution from HCL Technologies, has a security vulnerability in HCL Technologies HCL Sametime version 11.6. The vulnerability stems from the fact that the user SID in the application can be modified, which can be exploited to modify the SID to enable arbitrary file...
JetBrains TeamCity Log Information Disclosure Vulnerability
JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic. The tool provides continuous unit testing, code quality analysis, and build issue analysis reports.JetBrains TeamCity versions prior to 2022.04 have a log information disclosure...
Microsoft Windows LDAP Remote Code Execution Vulnerability (CNVD-2022-72853)
Microsoft Windows is a desktop operating system from Microsoft Corporation. Microsoft Windows LDAP is vulnerable to remote code execution, which can be exploited by attackers to execute code on the target host...
Cambium Networks cnMaestro OS Command Injection Vulnerability (CNVD-2022-64237)
Cambium Networks cnMaestro is a cloud-based or native software platform from Cambium Networks for secure end-to-end network control. Cambium Networks cnMaestro suffers from an operating system command injection vulnerability. An attacker could exploit this vulnerability to upload specially crafte...
SourceCodester Car Rental Management System Arbitrary File Upload Vulnerability
Sourcecodester Car Rental Management System is a car rental management system from Sourcecodester, Inc. SourceCodester Car Rental Management System version 1.0 is vulnerable to an arbitrary file upload vulnerability, which originates from The vulnerability is caused by a lack of validation of...
AMD System Management Unit Denial of Service Vulnerability (CNVD-2022-63547)
AMD System Management Unit SMU is a system management unit of AMD, Inc. A denial of service vulnerability exists in AMD System Management Unit, which can be exploited by attackers to cause a denial of resources or a denial of service...
SAP NetWeaver ABAP Server Cross-Site Scripting Vulnerability
SAP NetWeaver ABAP Server is a Web application server for SAP products from SAP Germany. A cross-site scripting vulnerability exists in SAP NetWeaver ABAP Server, which stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could exploit this...
Car Driving School Management System SQL Injection Vulnerability (CNVD-2022-65321)
Car Driving School Management System is a driving school management system. SQL injection vulnerability exists in Car Driving School Managment System, which originates from /cdsms/classes/Master.php?f=delete The vulnerability is caused by the lack of filtering and escaping of SQL data in the id...
Samsung SMR Input Validation Error Vulnerability (CNVD-2022-64254)
Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung mobile applications. Samsung SMR has an input validation error vulnerability that can be exploited by an attacker to initiate certain activities...
Desire2Learn Learning Management System Access Control Error Vulnerability
An access control error vulnerability exists in Desire2Learn Learning Management System, a learning management system from Desire2Learn Canada, due to improper access controls. A remote attacker could disable the "Disable Right Click Control"...
ThoughtWorks GoCD path traversal vulnerability
ThoughtWorks GoCD is a free and open source CI/CD server from ThoughtWorks, Inc. A path traversal vulnerability exists in versions of ThoughtWorks GoCD prior to 21.3.0, which could be exploited by an attacker compromising the GoCD agent to upload malicious files to any directory on the GoCD serve...
E2fsprogs out-of-bounds read/write vulnerability
E2fsprogs is a set of tools for maintaining ext2, ext3 and ext4 file systems. version 1.46.5 of E2fsprogs is vulnerable due to an out-of-bounds read-write issue in the application. An attacker could use this vulnerability to cause a segmentation error and execute arbitrary code via a specially...
Multiple Apple Products Vulnerabilities in Permissions Licensing and Access Control Issues
Apple macOS Big Sur is a mobile app from Apple. Apple macOS Monterey is the 18th major version of MacOS, Apple's desktop operating system for Macintosh. macOS Catalina is Apple's suite of Catalina is Apple's proprietary operating system developed specifically for Mac computers. Several Apple...
Microsoft Azure Site Recovery Information Disclosure Vulnerability (CNVD-2022-56588)
Microsoft Azure Site Recovery is a site recovery DRaaS from Microsoft Corporation USA. Microsoft Azure Site Recovery has an information disclosure vulnerability, and no details of the vulnerability are available...
Microsoft Windows Remote Desktop Protocol Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft Windows Remote Desktop Protocol RDP, an application used by Microsoft to connect to remote Windows desktops. The vulnerability stems from the failure of a networked system or product to properly filter special elements of code segments...
MariaDB Denial of Service Vulnerability (CNVD-2022-65008)
MariaDB is a free and open source database management system from the MariaDB Foundation and a forked version of MySQL with the Maria storage engine. A security vulnerability exists in MariaDB Server v10.6 and lower, which stems from the inclusion of use-after-free in the component...
Owncloud ownCloud Access Control Error Vulnerability
Owncloud is a personal cloud storage solution from Owncloud, a U.S. company. versions prior to Owncloud 2.20 contain an access control error vulnerability that could be exploited by attackers to access the application's internal files...
D-Link DIR-878 Command Injection Vulnerability (CNVD-2022-38533)
The D-Link DIR-878 is a wireless router from D-Link, a Taiwan-based company. The D-Link DIR-878 is vulnerable to a command injection vulnerability that could be exploited by an unauthenticated LAN attacker to execute arbitrary system commands to control the system or interrupt services...
Open5GS Denial of Service Vulnerability (CNVD-2022-61342)
Open5Gs is a C open source implementation of 5G Core and Epc, the core network of the Lte/Nr network. A denial of service vulnerability exists in Open5GS version 2.3.6 and earlier, which stems from a buffer overflow in lib/sbi/message.c. A remote attacker could exploit this vulnerability to deny...
cocoapods-downloader command injection vulnerability
cocoapods-downloader is a small library. It is used to download files from remote controls in folders. cocoapods-downloader versions prior to 1.6.2 have a security vulnerability that stems from the presence of command injection in the hg parameter. An attacker calling the download function could...
Trend Micro Antivirus for Mac Elevation of Privilege Vulnerability (CNVD-2022-55061)
Trend Micro Antivirus for Mac is a Mac-based antivirus software from Trend Micro, Inc. An elevation of privilege vulnerability exists in Trend Micro Antivirus for Mac version 11.5, which could be exploited to create a specially crafted file as a symbol that could lead to elevation of privilege li...
Bentley MicroStation CONNECT Code Execution Vulnerability (CNVD-2022-65624)
Bentley MicroStation CONNECT is a Cad software platform for 2D and 3D design and drafting.A code execution vulnerability exists in Bentley MicroStation CONNECT, which can be exploited by attackers to execute arbitrary code in the context of the current process...
WordPress Amelia Plugin Cross-Site Scripting Vulnerability
WordPress is a set of blogging platform developed by Wordpress Foundation using PHP language. WordPress plugin is an application plugin for WordPress. WordPress Amelia Plugin 1.0.46 and earlier versions are vulnerable to a cross-site scripting vulnerability that stems from the program's failure t...
Sophos UTM log information leakage vulnerability
Sophos UTM is a next-generation firewall. a security vulnerability existed prior to Sophos UTM 9.710, which stems from the fact that Confd log files contain SHA512crypt password hashes for local users including the root user with insecure access rights, which can be exploited by attackers to...
Jenkins Kubernetes Continuous Deploy Plugin Permissions Licensing and Access Control Issues Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.The Jenkins Kubernetes Continuous Deploy...
Huawei Emui and Magic UI Heap Buffer Overflow Vulnerability
Huawei Emui is a mobile operating system developed on Android. Magic Ui is a mobile operating system developed on Android. Huawei Emui and Magic UI are vulnerable to heap buffer overflow, which can be exploited by attackers to cause a denial of service...
TP-Link TL-WR886N Stack Overflow Vulnerability (CNVD-2022-20080)
The TP-Link TL-WR886N is a wireless router from China P&L. A stack overflow vulnerability exists in the TP-Link TL-WR886N /cloudconfig/routerpost/getregverifycode, which can be exploited by a remote attacker to submit a special request that can crash an application or can be used to execute...
Ming Out-of-Bounds Read Vulnerability
Ming is a Flash SWF output library written in C language. Ming has a security vulnerability that can be exploited by attackers to obtain sensitive information...
Microsoft Windows Common Log File System Driver Information Disclosure Vulnerability (CNVD-2022-84602)
Microsoft Windows Common Log File System Driver is a Common Log File System CLFS API from Microsoft that provides a common log file subsystem that can be used by dedicated client applications and shared by multiple clients to optimize log access. An information disclosure vulnerability exists in...
Microsoft HEVC Video Extensions Remote Code Execution Vulnerability (CNVD-2022-59682)
Microsoft HEVC Video Extensions is a video extension application from Microsoft Corporation USA. Microsoft HEVC Video Extensions is a remote code execution vulnerability that can be exploited by attackers to execute arbitrary code on a system...
Microsoft HEIF Image Extensions Remote Code Execution Vulnerability
Microsoft HEIF Image Extensions is a feature library for Microsoft Windows systems from Microsoft Corporation USA.Microsoft HEIF Image Extensions is vulnerable to remote code execution, which can be exploited by attackers to execute arbitrary code on the system...
WordPress YOP Poll Plugin Cross-Site Scripting Vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress YOP Poll Plugin versions prior to 6.3.5, which stems...
Siemens RUGGEDCOM ROS Heap Buffer Overflow Vulnerability
Siemens RuggedCom ROS is an operating system used in the RuggedCom family of switches from Siemens, Germany. Siemens RUGGEDCOM ROS suffers from a heap buffer overflow vulnerability that can be exploited by attackers to cause a heap overflow...
TerraMasterTOS Command Injection Vulnerability
TerraMaster is a world-renowned professional storage brand. TerraMasterTOS command injection vulnerability can be exploited by attackers to gain server privileges...
Google Chrome WebShare memory misquoting vulnerability
Google Chrome is a web browser from Google, Inc. Google Chrome WebShare is vulnerable to a memory misreference vulnerability that results from a mix-up in the program's instructions for freeing memory, which could be exploited to execute arbitrary code on the system or cause a denial of service...
WordPress Crazy Bone plugin cross-site scripting vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability in WordPress Crazy Bone plugin 0.6.0 and earlier versions, which stems fr...
Home Owners Collection Management System存在未明漏洞
A security vulnerability exists in the Home Owners Collection Management System, a homeowner collection management system, which can be exploited by attackers to compromise user accounts via a crafted POST request...
JetBrains TeamCity Access Control Error Vulnerability (CNVD-2022-18622)
JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic.JetBrains TeamCity is vulnerable to an access control error that stems from the product's failure to validate data in XML-RPC requests and the identity of the user. An attacker could...
HUAWEI EMUI/Magic UI Denial of Service Vulnerability
HUAWEI EMUI is an Android-based mobile operating system developed by Huawei China. HUAWEI EMUI/Magic UI suffers from a denial-of-service vulnerability that can be exploited by attackers to perform DoS attacks and compromise service integrity...
MODX Revolution code issue vulnerability
MODX Revolution is a PHP-based open source content management system CMS from the US company MODX. The system supports online collaboration, search engine optimization SEO, etc. MODX Revolution has a code issue vulnerability that can be exploited by attackers to execute arbitrary code by uploadin...