131102 matches found
SAP NetWeaver File Upload Vulnerability (CNVD-2024-13535)
SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform mainly for SAP applications to provide development and runtime environment. A file upload vulnerability exists in SAP NetWeaver, which stems from the application's lack of effective...
Customer Support System SQL Injection Vulnerability (CNVD-2024-14031)
Customer Support System is a customer support system by oretnom23 Personal Developer that helps a particular business or company to provide customer support after a customer has purchased a product from them. Customer Support System suffers from a SQL injection vulnerability that originates from...
Unspecified Vulnerability in Oracle MySQL (CNVD-2024-11122)
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL for MySQL Server version 8.0.35 and earlier, version 8.2.0 and earlier. An attacker can exploit this...
Unspecified Vulnerability in Oracle MySQL (CNVD-2024-11123)
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL for MySQL Server version 8.0.35 and earlier, version 8.2.0 and earlier. An attacker can exploit this...
Fortinet FortiSIEM Operating System Command Injection Vulnerability (CNVD-2024-13100)
Fortinet FortiSIEM is a suite of security information and event management systems from the American company Fiat Fortinet. The system includes features such as asset discovery, workflow automation and unified management. Fortinet FortiSIEM suffers from an operating system command injection...
Multiple Mozilla Products Spoofing Vulnerabilities
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A...
Microsoft .NET Denial of Service Vulnerability (CNVD-2024-02713)
Microsoft .NET is a software framework dedicated to agile software development, rapid application development, platform-agnosticism, and web transparency. A denial of service vulnerability exists in Microsoft .NET, which can be exploited by attackers to cause a denial of service...
Weak Password Vulnerability in Cloud Mirror Network Asset Vulnerability Scanning System of DeepTrust Technology Co.
CloudMirror Network Asset Vulnerability Scanning System is a new generation of vulnerability risk management products independently developed by DeepSense, combining years of practical experience in vulnerability mining and security services, to help users check the vulnerability risks of assets ...
Dell DM5500 Operating System Command Injection Vulnerability
The Dell DM5500 is an integrated solution from Dell, Inc. It provides industry-leading deduplication, data protection solutions and multi-cloud capabilities. The Dell DM5500 suffers from an operating system command injection vulnerability that stems from a failure to properly filter construct...
Foxit Reader Memory Misreference Vulnerability (CNVD-2023-96091)
Foxit Reader is a Chinese Foxit Foxit company's a PDF document reader. A memory misreference vulnerability exists in Foxit Reader before version 12.1.2.15356, which can be exploited by an attacker to execute arbitrary code on the system...
Siemens OPC UA Modeling Editor (SiOME) XML External Entity Injection Vulnerability
Siemens OPC UA Modeling Editor SiOME is a free tool to create OPC UA information models or map existing companion specifications. An XML external entity injection vulnerability exists in Siemens OPC UA Modeling Editor SiOME, which can be exploited by an attacker to interfere with the application'...
Unsynchronized Access to Shared Data Vulnerability in Multiple Siemens Products in a Multi-Threaded Context
The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers.The SCALANCE W products are wireless communication devices for connecting industrial components, such as Programmable Logic Controllers PLCs or Human Machine Interfaces HMIs, that comply with the IEEE 802.11...
Google Android elevation of privilege vulnerability (CNVD-2023-96074)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain elevated privileges on the system...
Command Injection Vulnerability in Cisco IOS XE
Cisco IOS XE Software is an operating system from Cisco, Inc. A single operating system for enterprise wired and wireless access, aggregation, core and WAN, Cisco IOS XE reduces business and network complexity. Cisco IOS XE suffers from a command injection vulnerability that stems from insufficie...
Microsoft Office Graphics Elevation of Privilege Vulnerability
Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. An elevation of privilege vulnerability exists in Microsoft Office Graphics. An attacker can exploit this...
Microsoft Skype for Business elevation of privilege vulnerability (CNVD-2023-92201)
Microsoft Skype for Business Server is a secure and unified communications platform from Microsoft that provides instant messaging IM, audio and video calling, online conferencing, online status messages, and sharing capabilities. An elevation of privilege vulnerability exists in Microsoft Skype...
Open5GS Access Control Error Vulnerability
Open5GS is an open source implementation in C of 5G Core and Epc, the core network of the Lte/Nr network. An Access Control Error vulnerability exists in Open5GS version 2.4.10 and earlier, which stems from a lack of authentication, and can be exploited by an attacker to send an HTTP request to a...
Google Chrome Media Memory Misreference Vulnerability
Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in Google Chrome Media, which can be exploited by an attacker to perform arbitrary read/write operations via specially crafted HTML pages...
Linux kernel elevation of privilege vulnerability (CNVD-2023-70082)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from an elevation of privilege vulnerability that can be exploited by an attacker to cause a local elevation of privilege...
Google Chrome Extensions Memory Misreference Vulnerability (CNVD-2023-65152)
Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 116.0.5845.96, which stems from a mix-up of instructions responsible for freeing memory in Extensions. A remote attacker can exploit this vulnerability...
CrafterCMS is an open source headless CMS for enterprise-level websites and other content-driven digital experiences, especially those that are high-performance, large-scale and ultra-secure. CrafterCMS suffers from a cross-site scripting vulnerability in versions 3.1.0 through 3.1.27 and 4.0.0 through 4.0.2. The vulnerability is due to improper neutralization of inputs during page generation allowing for reflected XSS.No detailed vulnerability details are available at this time.
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
Adobe Acrobat Reader Input Validation Error Vulnerability (CNVD-2023-71750)
Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDF. An input validation error vulnerability exists in Adobe Acrobat Reader, which can be exploited by an attacker to cause a denial of service in the application...
Microsoft Office Visio Remote Code Execution Vulnerability
Microsoft Office Visio is responsible for drawing flowcharts and schematic diagrams in the Office software series of the American Microsoft Microsoft company. A remote code execution vulnerability exists in Microsoft Office Visio, which can be exploited by an attacker to execute arbitrary code on...
Huawei HarmonyOS Security Restriction Bypass Vulnerability (CNVD-2023-70288)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a security restriction bypass vulnerability that stems from the use of insecure signatures in the osulogin module, which can be...
IBM Security Verify Access Input Validation Error Vulnerability (CNVD-2023-68778)
IBM Security Verify Access ISAM is a service from International Business Machines IBM that improves user access security. The service enables secure and simple access to platforms such as web, mobile, IoT and cloud technologies through the use of risk-based access, single sign-on, integrated acce...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2023-65510)
Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to cause unauthorized MySQL Server hangs or frequent repeated crashes, as well as unauthorized read access to a subset of MySQL Serve...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2023-65502)
Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server 8.0.27 and prior versions, which can be exploited by an attacker to cause unauthorized MySQL Server hangs or frequent and repeated crashes full DOS...
Microsoft SharePoint Server Security Feature Bypass Vulnerability (CNVD-2023-72194)
Microsoft SharePoint Server is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A security...
Microsoft SharePoint Server Remote Code Execution Vulnerability (CNVD-2023-72195)
Microsoft SharePoint Server is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A remote code...
Microsoft Excel Information Disclosure Vulnerability (CNVD-2023-80153)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. An information disclosure vulnerability exists in Microsoft Excel, which can be exploited by attackers to obtain sensitive information...
Apache Struts Denial of Service Vulnerability (CNVD-2023-55422)
Apache Struts is the United States Apache Apache Foundation, an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2. Apache Struts denial of service...
Google Chrome Type Mixing Vulnerability
Google Chrome is a web browser from Google, an American company. A type mixing vulnerability exists in versions of Google Chrome prior to 114.0.5735.110, which can be exploited by an attacker to execute arbitrary code on a system or cause an application to crash...
Wireshark Denial of Service Vulnerability (CNVD-2023-62288)
Wireshark formerly known as Ethereal is a set of network packet analysis software from the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. Wireshark suffers from a denial of service vulnerability that stems from not properly...
Apache JSPWiki cross-site scripting vulnerability (CNVD-2023-43867)
Apache JSPWiki is the United States Apache Apache Foundation of a Java, Servlet and JSP-based open source WikiWiki engine to build . A cross-site scripting vulnerability exists in Apache JSPWiki versions prior to 2.12.0. The vulnerability stems from the application's lack of effective filtering a...
Google Chrome DevTools memory misreference vulnerability (CNVD-2023-43874)
Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions prior to Google Chrome 113.0.5672.126, which stems from a confusion in the DevTools instruction responsible for freeing memory. An attacker could use this vulnerability to...
Microsoft Excel Code Execution Vulnerability (CNVD-2023-80165)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...
Google Chrome OS Inputs Code Execution Vulnerability
Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in Google Chrome OS Inputs, which can be exploited by an attacker to execute arbitrary code or cause a denial of service condition on a system...
Linux Kernel RxRPC Competition Condition Issue Vulnerability
Linux Kernel is an open source operating system. A contention condition vulnerability exists in Linux Kernel RxRPC processing, which can be exploited by a local attacker to submit a special request that can kernel contextually execute arbitrary code and elevate privileges...
Linux Kernel af_can.c Denial of Service Vulnerability
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A denial of service vulnerability exists in the Linux Kernel that stems from a null pointer dereference issue found in the CAN protocol in net/can/afcan.c. mlpriv may not be...
Campcodes Advanced Online Voting System SQL Injection Vulnerability (CNVD-2023-29412)
Campcodes Advanced Online Voting System is an online voting system. Campcodes Advanced Online Voting System v1.0 is vulnerable to SQL injection. The vulnerability stems from the lack of validation of external input SQL statements in the parameter id of the file /admin/ballotup.php, which can be...
Adobe InCopy Resource Management Error Vulnerability (CNVD-2023-29805)
Adobe InCopy is a text editing software for authoring by Adobe, Inc. Adobe InCopy suffers from a resource management error vulnerability that stems from a mix-up in the program's instructions responsible for freeing memory. An attacker could exploit this vulnerability to cause arbitrary code...
Google Chrome Browser History Buffer Overflow Vulnerability
Google Chrome is a web browser from Google, an American company. A buffer overflow vulnerability exists in Google Chrome Browser History, which can be exploited by an attacker to cause the buffer to overflow and execute arbitrary code on the system, or cause the application to crash...
Foxit PDF Reader Remote Code Execution Vulnerability (CNVD-2023-23565)
Foxit PDF Reader is China Foxit Foxit company a PDF reader. A remote code execution vulnerability exists in Foxit PDF Reader, which can be exploited by an attacker to execute arbitrary code in the context of the current process...
Adobe Dimension Heap Buffer Overflow Vulnerability (CNVD-2023-25109)
Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. Adobe Dimension suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...
Adobe Experience Manager URL redirection vulnerability (CNVD-2023-45907)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A URL...
Oracle MySQL Server Denial of Service Vulnerability (CNVD-2023-67110)
Oracle MySQL Server is a relational database from Oracle Corporation. A denial of service vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to cause unauthorized MySQL Server hangs or frequent repeated crashes...
Mozilla Thunderbird and Firefox Arbitrary Code Execution Vulnerability
Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP, POP mail protocols and HTML mail format. An arbitrary code execution vulnerability exists in Mozilla Thunderbird versions prior to...
Login Bypass Vulnerability in Nacos
Nacos is an open source project, maintained and contributed code by the community. Nacos suffers from a login bypass vulnerability that can be exploited by an attacker to copy successful login packets and log in other users...
LibTIFF out-of-bounds read vulnerability (CNVD-2023-15759)
LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. The library contains a number of command-line tools for processing TIFF files. libTIFF suffers from an out-of-bounds read vulnerability that stems from a boundary error in tiffcrop at tools/tiffcrop.c:3400 when...
Oracle WebLogic Server Information Disclosure Vulnerability (CNVD-2023-08437)
Oracle WebLogic Server is an Oracle Oracle application service middleware for cloud and traditional environments, which provides a modern lightweight development platform that supports the entire lifecycle management of applications from development to production and simplifies application...