131102 matches found
Google Chrome DevTools memory misreference vulnerability (CNVD-2023-43874)
Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions prior to Google Chrome 113.0.5672.126, which stems from a confusion in the DevTools instruction responsible for freeing memory. An attacker could use this vulnerability to...
Microsoft Excel Code Execution Vulnerability (CNVD-2023-80165)
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system...
Google Chrome OS Inputs Code Execution Vulnerability
Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in Google Chrome OS Inputs, which can be exploited by an attacker to execute arbitrary code or cause a denial of service condition on a system...
Linux Kernel RxRPC Competition Condition Issue Vulnerability
Linux Kernel is an open source operating system. A contention condition vulnerability exists in Linux Kernel RxRPC processing, which can be exploited by a local attacker to submit a special request that can kernel contextually execute arbitrary code and elevate privileges...
Linux Kernel af_can.c Denial of Service Vulnerability
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A denial of service vulnerability exists in the Linux Kernel that stems from a null pointer dereference issue found in the CAN protocol in net/can/afcan.c. mlpriv may not be...
Campcodes Advanced Online Voting System SQL Injection Vulnerability (CNVD-2023-29412)
Campcodes Advanced Online Voting System is an online voting system. Campcodes Advanced Online Voting System v1.0 is vulnerable to SQL injection. The vulnerability stems from the lack of validation of external input SQL statements in the parameter id of the file /admin/ballotup.php, which can be...
Adobe InCopy Resource Management Error Vulnerability (CNVD-2023-29805)
Adobe InCopy is a text editing software for authoring by Adobe, Inc. Adobe InCopy suffers from a resource management error vulnerability that stems from a mix-up in the program's instructions responsible for freeing memory. An attacker could exploit this vulnerability to cause arbitrary code...
Google Chrome Browser History Buffer Overflow Vulnerability
Google Chrome is a web browser from Google, an American company. A buffer overflow vulnerability exists in Google Chrome Browser History, which can be exploited by an attacker to cause the buffer to overflow and execute arbitrary code on the system, or cause the application to crash...
Foxit PDF Reader Remote Code Execution Vulnerability (CNVD-2023-23565)
Foxit PDF Reader is China Foxit Foxit company a PDF reader. A remote code execution vulnerability exists in Foxit PDF Reader, which can be exploited by an attacker to execute arbitrary code in the context of the current process...
Adobe Dimension Heap Buffer Overflow Vulnerability (CNVD-2023-25109)
Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. Adobe Dimension suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...
Adobe Experience Manager URL redirection vulnerability (CNVD-2023-45907)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A URL...
Oracle MySQL Server Denial of Service Vulnerability (CNVD-2023-67110)
Oracle MySQL Server is a relational database from Oracle Corporation. A denial of service vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to cause unauthorized MySQL Server hangs or frequent repeated crashes...
Mozilla Thunderbird and Firefox Arbitrary Code Execution Vulnerability
Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP, POP mail protocols and HTML mail format. An arbitrary code execution vulnerability exists in Mozilla Thunderbird versions prior to...
Login Bypass Vulnerability in Nacos
Nacos is an open source project, maintained and contributed code by the community. Nacos suffers from a login bypass vulnerability that can be exploited by an attacker to copy successful login packets and log in other users...
LibTIFF out-of-bounds read vulnerability (CNVD-2023-15759)
LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. The library contains a number of command-line tools for processing TIFF files. libTIFF suffers from an out-of-bounds read vulnerability that stems from a boundary error in tiffcrop at tools/tiffcrop.c:3400 when...
Oracle WebLogic Server Information Disclosure Vulnerability (CNVD-2023-08437)
Oracle WebLogic Server is an Oracle Oracle application service middleware for cloud and traditional environments, which provides a modern lightweight development platform that supports the entire lifecycle management of applications from development to production and simplifies application...
Online Food Ordering System index.php Cross-Site Scripting Vulnerability
Online Food Ordering System is an online food ordering system. A cross-site scripting vulnerability exists in Online Food Ordering System, which is caused by a lack of effective filtering and escaping of user-supplied data in the page parameter of index.php page, which can be exploited by attacke...
Microsoft Edge Elevation of Privilege Vulnerability (CNVD-2023-76764)
Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain elevated privileges on the system...
Siretta QUARTZ-GOLD Buffer Overflow Vulnerability (CNVD-2023-17066)
Siretta QUARTZ-GOLD is an industrial router with multiple features and services.A buffer overflow vulnerability exists in Siretta QUARTZ-GOLD, which can be exploited by attackers to cause arbitrary command execution by sending specially crafted network packets...
F5 BIG-IP APM Virtual Server Open Redirect Vulnerability
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. An open redirection vulnerability exists in the F5 BIG-IP APM virtual server, which can be exploited by an unauthenticated...
Microsoft Office Remote Code Execution Vulnerability (CNVD-2023-18287)
Microsoft Office is a suite of office software based on the Windows operating system developed by Microsoft. A remote code execution vulnerability exists in Microsoft Office. An attacker could exploit this vulnerability to execute code on the target host...
Microsoft Windows Kernel Elevation of Privilege Vulnerability (CNVD-2023-18290)
Microsoft Windows is a windowed operating system developed by Microsoft Corporation in the United States. An elevation of privilege vulnerability exists in Microsoft Windows Kernel. An attacker can exploit this vulnerability to elevate privileges...
Siemens Automation License Manager File Name or Path External Control Vulnerability
The Automation License Manager ALM centrally manages license keys for various Siemens software products. Software products that require a license key automatically report this requirement to ALM. When ALM finds a valid license key for the software, the software can be used according to the end-us...
Siemens JT Open, JT Utilities and Solid Edge Memory Corruption Vulnerability
JT Open Toolkit is an application programming interface API for software developers who support JT, a publicly released data format developed by Siemens Digital Industry Software and widely used for communication, visualization, digital modeling and various other purposes.Solid Edge is a portfoli...
Siemens SINEC INS Path Traversal Vulnerability (CNVD-2023-02707)
SINEC INS Infrastructure Network Services is a web-based application that combines various network services in a single tool. This simplifies the installation and management of all network services related to industrial networks.A path traversal vulnerability exists in Siemens SINEC INS, which...
Wireshark has an unspecified vulnerability (CNVD-2023-04534)
Wireshark formerly known as Ethereal is a network packet analysis software from the Wireshark team. The software's function is to intercept network packets and display detailed data for analysis.Wireshark has a security vulnerability that stems from an infinite loop in the BPv6, OpenFlow, and Kaf...
Microsoft 3D Builder Remote Code Execution Vulnerability (CNVD-2023-04325)
Microsoft 3D Builder, a tool for creating models and 3D printing from Microsoft USA, has a security vulnerability. No details of the vulnerability are currently available...
Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2023-03061)
Mozilla Firefox is an open source web browser from the Mozilla Foundation, U.S. A buffer overflow vulnerability exists in Mozilla Firefox, which can be exploited by unauthenticated attackers to execute arbitrary code...
Mozilla Firefox code issue vulnerability (CNVD-2023-05207)
Mozilla Firefox is an open source Web browser from the Mozilla Foundation, U.S. A code issue vulnerability exists in Mozilla Firefox, which stems from an error in the product's handling of JavaScript dialog boxes. A remote attacker could exploit the vulnerability to perform a spoofing attack...
Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2023-03062)
Mozilla Firefox is an open source web browser from the Mozilla Foundation. Mozilla Firefox suffers from a buffer overflow vulnerability that stems from an uninitialized pointer being freed in lginit. A remote attacker could exploit this vulnerability to execute arbitrary code...
Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2023-03066)
Mozilla Firefox is an open source Web browser from the Mozilla Foundation. Mozilla Firefox is vulnerable to buffer overflow, a memory corruption type of vulnerability in the software that can be exploited by attackers to execute arbitrary code...
School Dormitory Management System SQL Injection Vulnerability
School Dormitory Management System is a school dormitory management system. A SQL injection vulnerability exists in School Dormitory Management System version 1.0, which stems from an unknown function in its Admin Login component that allows an attacker to perform SQL injection...
OpenImageIO Code Execution Vulnerability (CNVD-2023-01790)
A code execution vulnerability exists in the OpenImageIO IFFOutput::close function, which is an image read/write library that also provides tools and applications. An attacker can use this vulnerability to cause a heap buffer overflow via a specially crafted ImageOutput object when the "xmax"...
Google Android Denial of Service Vulnerability (CNVD-2023-07664)
Google Android is a Linux-based open-source operating system from the US company Google. Google Android suffers from a denial-of-service vulnerability, which is caused by a flaw in messaging. By sending a specially crafted request, an attacker can exploit this vulnerability to cause a denial of...
Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2023-15828)
Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications and forms. The solution supports mobile content management, marketing and sales campaign management, and multi-site management, etc. A cross-site scripting vulnerabilit...
Siemens Industrial Product Denial of Service Vulnerability (CNVD-2022-87982)
SIMATIC Drive Controllers for the automation of production machines combine the functionality of SIMATIC S7-1500 CPUs with that of SINAMICS S120 drive controls.SIMATIC ET 200SP Open Controller is the PC-based version of the SIMATIC S7-1500 controller. Includes optional visualization features and...
Siemens Parasolid out-of-bounds write vulnerability (CNVD-2022-87979)
An out-of-bounds write vulnerability exists in Siemens Parasolid, a geometric modeling kernel from Siemens, Germany, due to an out-of-bounds write beyond the end of the allocation structure contained in a specially crafted XB file parsed by the affected application. The vulnerability allows an...
IBM WebSphere MQ Denial of Service Vulnerability (CNVD-2022-87643)
IBM WebSphere MQ is a system from International Business Machines IBM, Inc. A denial-of-service vulnerability exists in IBM WebSphere MQ version 7.1. A remote attacker could use this vulnerability to bypass security configuration settings and cause a denial of service...
WordPress Ultimate Member plugin remote code execution vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A remote code execution...
Google Chrome Security Bypass Vulnerability (CNVD-2023-08259)
Google Chrome is a web browser from Google, Inc. A security bypass vulnerability exists in Google Chrome, which stems from insufficient untrusted input validation in CORS. An attacker could exploit this vulnerability to bypass security restrictions...
WordPress Ultimate Member plugin remote code execution vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A remote code execution...
SolarWinds Security Event Manager Cross-Site Scripting Vulnerability
SolarWinds Security Event Manager SolarWinds SEM is an American SolarWinds Inc. for forensics and troubleshooting, as well as a tool to help you manage log data. A cross-site scripting vulnerability exists in SolarWinds Security Event Manager versions prior to 2022.4. The vulnerability stems from...
NETGEAR R7000P openvpn_push1 buffer overflow vulnerability
NETGEAR R7000P is a wireless router from NETGEAR, Inc. A buffer overflow vulnerability exists in NETGEAR R7000P firmware version V1.3.1.64, which stems from a lack of length validation of data input to the openvpnpush1 parameter, which could be exploited by an attacker to cause a denial of servic...
WordPress Ask Me plugin cross-site request forgery vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
Google TensorFlow Input Validation Error Vulnerability (CNVD-2023-15776)
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. An input validation error vulnerability exists in Google TensorFlow, which stems from an empty input to SparseFillEmptyRowsGrad. The vulnerability can be exploited to cause the program to crash...
PHPGurukul Blood Donor Management System Cross-Site Scripting Vulnerability
The PHPGurukul Blood Donor Management System is a blood donor management system from PHPGurukul, USA. A cross-site scripting vulnerability exists in version 1.0 of the Phpgurukul Blood Donor Management System, which stems from a lack of effective filtering and escaping of user-supplied data at Ad...
Google TensorFlow buffer overflow vulnerability (CNVD-2022-80696)
Google TensorFlow is an end-to-end open source platform for machine learning from Google Google. Google TensorFlow is vulnerable to a buffer overflow vulnerability that originates when an operation with a specified input size receives a different number of inputs, and the executor will crash. No...
Foxit PDF Reader Memory Misquoting Vulnerability (CNVD-2023-07826)
Foxit PDF Reader is a PDF reader from Foxit China. Foxit PDF Reader version 12.0.1.12430 is vulnerable to a memory misquoting vulnerability that can be exploited by attackers to cause arbitrary code execution...
Wireshark Denial of Service Vulnerability (CNVD-2023-62294)
Wireshark formerly known as Ethereal is a set of network packet analysis software from the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. Wireshark suffers from a denial of service vulnerability that stems from not properly...
Google Chrome Security Bypass Vulnerability (CNVD-2022-85089)
Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome, which stems from insufficient data validation in Extensions. An attacker could use this vulnerability to bypass security restrictions...