131102 matches found
Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2023-03062)
Mozilla Firefox is an open source web browser from the Mozilla Foundation. Mozilla Firefox suffers from a buffer overflow vulnerability that stems from an uninitialized pointer being freed in lginit. A remote attacker could exploit this vulnerability to execute arbitrary code...
Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2023-03066)
Mozilla Firefox is an open source Web browser from the Mozilla Foundation. Mozilla Firefox is vulnerable to buffer overflow, a memory corruption type of vulnerability in the software that can be exploited by attackers to execute arbitrary code...
School Dormitory Management System SQL Injection Vulnerability
School Dormitory Management System is a school dormitory management system. A SQL injection vulnerability exists in School Dormitory Management System version 1.0, which stems from an unknown function in its Admin Login component that allows an attacker to perform SQL injection...
OpenImageIO Code Execution Vulnerability (CNVD-2023-01790)
A code execution vulnerability exists in the OpenImageIO IFFOutput::close function, which is an image read/write library that also provides tools and applications. An attacker can use this vulnerability to cause a heap buffer overflow via a specially crafted ImageOutput object when the "xmax"...
Google Android Denial of Service Vulnerability (CNVD-2023-07664)
Google Android is a Linux-based open-source operating system from the US company Google. Google Android suffers from a denial-of-service vulnerability, which is caused by a flaw in messaging. By sending a specially crafted request, an attacker can exploit this vulnerability to cause a denial of...
Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2023-15828)
Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications and forms. The solution supports mobile content management, marketing and sales campaign management, and multi-site management, etc. A cross-site scripting vulnerabilit...
Siemens Industrial Product Denial of Service Vulnerability (CNVD-2022-87982)
SIMATIC Drive Controllers for the automation of production machines combine the functionality of SIMATIC S7-1500 CPUs with that of SINAMICS S120 drive controls.SIMATIC ET 200SP Open Controller is the PC-based version of the SIMATIC S7-1500 controller. Includes optional visualization features and...
Siemens Parasolid out-of-bounds write vulnerability (CNVD-2022-87979)
An out-of-bounds write vulnerability exists in Siemens Parasolid, a geometric modeling kernel from Siemens, Germany, due to an out-of-bounds write beyond the end of the allocation structure contained in a specially crafted XB file parsed by the affected application. The vulnerability allows an...
WordPress Ultimate Member plugin remote code execution vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A remote code execution...
Google Chrome Security Bypass Vulnerability (CNVD-2023-08259)
Google Chrome is a web browser from Google, Inc. A security bypass vulnerability exists in Google Chrome, which stems from insufficient untrusted input validation in CORS. An attacker could exploit this vulnerability to bypass security restrictions...
WordPress Ultimate Member plugin remote code execution vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A remote code execution...
SolarWinds Security Event Manager Cross-Site Scripting Vulnerability
SolarWinds Security Event Manager SolarWinds SEM is an American SolarWinds Inc. for forensics and troubleshooting, as well as a tool to help you manage log data. A cross-site scripting vulnerability exists in SolarWinds Security Event Manager versions prior to 2022.4. The vulnerability stems from...
Apartment Visitor Management System SQL Injection Vulnerability
Apartment Visitor Management System is an Apartment Visitor Management System by Carlo Montero Personal Developer. Apartment Visitor Management System v1.0 suffers from a SQL injection vulnerability, which originates from the lack of validity filtering of special characters in /avms/index.php,...
WordPress Ask Me plugin cross-site request forgery vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
Google TensorFlow Input Validation Error Vulnerability (CNVD-2023-15776)
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. An input validation error vulnerability exists in Google TensorFlow, which stems from an empty input to SparseFillEmptyRowsGrad. The vulnerability can be exploited to cause the program to crash...
PHPGurukul Blood Donor Management System Cross-Site Scripting Vulnerability
The PHPGurukul Blood Donor Management System is a blood donor management system from PHPGurukul, USA. A cross-site scripting vulnerability exists in version 1.0 of the Phpgurukul Blood Donor Management System, which stems from a lack of effective filtering and escaping of user-supplied data at Ad...
Google TensorFlow buffer overflow vulnerability (CNVD-2022-80696)
Google TensorFlow is an end-to-end open source platform for machine learning from Google Google. Google TensorFlow is vulnerable to a buffer overflow vulnerability that originates when an operation with a specified input size receives a different number of inputs, and the executor will crash. No...
Foxit PDF Reader Memory Misquoting Vulnerability (CNVD-2023-07826)
Foxit PDF Reader is a PDF reader from Foxit China. Foxit PDF Reader version 12.0.1.12430 is vulnerable to a memory misquoting vulnerability that can be exploited by attackers to cause arbitrary code execution...
Wireshark Denial of Service Vulnerability (CNVD-2023-62294)
Wireshark formerly known as Ethereal is a set of network packet analysis software from the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. Wireshark suffers from a denial of service vulnerability that stems from not properly...
Google Chrome Security Bypass Vulnerability (CNVD-2022-85089)
Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome, which stems from insufficient data validation in Extensions. An attacker could use this vulnerability to bypass security restrictions...
Linux kernel resource management error vulnerability (CNVD-2022-72086)
Linux kernel is the kernel used by the Linux Foundation's open source operating system, Linux. Linux kernel is vulnerable to a security flaw that affects the function l2capconndel in the component Bluetooth's file net/bluetooth/l2capcore.c. The operation leads to free post-use. No detailed...
Oracle MySQL Server Denial of Service Vulnerability (CNVD-2022-87657)
Oracle MySQL Server is a relational database from Oracle Corporation USA. A denial-of-service vulnerability exists in the Server: Optimizer component of Oracle MySQL Server. An attacker can exploit the vulnerability to access the network via multiple protocols, which can compromise MySQL Server a...
Oracle MySQL Server Denial of Service Vulnerability (CNVD-2023-06476)
Oracle MySQL Server is a relational database from Oracle Corporation USA. A denial-of-service vulnerability exists in the Oracle MySQL Server InnoDB component. An attacker can exploit the vulnerability to access the network via multiple protocols, which can compromise MySQL Server and cause MySQL...
Microsoft Windows Connected User Experiences and Telemetry Privilege Elevation Vulnerability
An elevation of privilege vulnerability exists in Microsoft Windows Connected User Experiences and Telemetry, a set of operating systems for personal devices from Microsoft Corporation USA. An attacker could exploit the vulnerability to cause an elevation of privilege...
SAP 3D Visual Enterprise Author Buffer Overflow Vulnerability (CNVD-2022-69696)
SAP 3D Visual Enterprise Author is a desktop application from SAP Germany for managing 2D, 3D, animation, video and audio assets. SAP 3D Visual Enterprise Author suffers from a buffer overflow vulnerability that stems from a lack of proper memory management and could be exploited by an attacker t...
Microsoft Windows Win32K Elevation of Privilege Vulnerability
Microsoft Windows Win32k is a system file for Windows multi-user management from Microsoft Corporation USA.Microsoft Windows Win32K has an elevation of privilege vulnerability, which stems from improper privilege assignment in the application and can be exploited by an attacker to cause an...
SAP 3D Visual Enterprise Author .cur Buffer Overflow Vulnerability
SAP 3D Visual Enterprise Author is a desktop application for managing 2D, 3D, animation, video and audio assets from SAP. A buffer overflow vulnerability exists in SAP 3D Visual Enterprise Author version 9, which stems from a lack of proper memory management. An attacker can exploit the...
Microsoft Windows Hyper-V Elevation of Privilege Vulnerability
Microsoft Windows Hyper-V is an application from Microsoft Corporation USA. A system hypervisor virtualization technology that enables desktop virtualization, Microsoft Windows Hyper-V has an elevation of privilege vulnerability that stems from improper privilege assignment in the application and...
Autodesk AutoCAD PDF File Buffer Overflow Vulnerability
Autodesk AutoCAD is a professional set of 3D drawing software from Autodesk, Inc. A buffer overflow vulnerability exists in versions prior to Autodesk AutoCAD 2023.1.1, which stems from an unhandled exception in parsing maliciously crafted PDF files, and can be exploited by attackers to cause a...
MediaWiki Cross-Site Scripting Vulnerability
MediaWiki is a free and free-to-use web-based wiki engine from the U.S. Wikimedia MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. MediaWiki has a cross-site scripting vulnerability that can be exploited by attackers to inject...
Huawei HarmonyOS Storage Vectors Out-of-Bounds Read Vulnerability
Huawei HarmonyOS is an operating system from Huawei, a Chinese company that provides a microkernel-based distributed operating system. An out-of-bounds read vulnerability exists in Huawei HarmonyOS, which stems from an out-of-bounds array read in the storage dimension module. An attacker could...
Multiple MediaTek chip cpu dvfs local privilege elevation vulnerabilities
MediaTek Inc. is the world's fourth largest fab semiconductor company and a market leader in mobile devices, smart home applications, wireless connectivity technologies and IoT products, with approximately 1.5 billion devices with MediaTek chips available worldwide each year. Several MediaTek chi...
IBM Robotic Process Automation Access Control Error Vulnerability (CNVD-2022-68277)
IBM Robotic Process Automation is a robotic process automation product from International Business Machines IBM. It helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. An Access Control Error vulnerability exists in IBM Robotic Process Automation...
Food Ordering Management System SQL Injection Vulnerability
Food Ordering Management System is a food ordering management system from Carlo Montero's personal developer. The Food Ordering Management System is vulnerable to SQL injection, which stems from the lack of validation of external input SQL statements by username, and can be exploited by attackers...
NextAuth.js authorization issue vulnerability
NextAuth.js is an authentication for Next.js. NextAuth.js version v3.0.2 is vulnerable to authorization issues, which can be exploited by attackers to perform unauthorized actions...
fwupd information disclosure vulnerability
fwupd is a plugin that supports firmware updates for session software on Linux platforms. fwupd 1.8.5 previously contained an information disclosure vulnerability that stemmed from the fact that when creating an OPERATOR user account on BMC, the redfish plugin saved the automatically generated...
Simple Exam Reviewer Management System Arbitrary File Upload Vulnerability
Simple Exam Reviewer Management System is a simple examiner management system. version 1.0 of Simple Exam Reviewer Management System is vulnerable to arbitrary file uploads, which stem from the lack of valid authentication of uploaded files on the configuration file page. An authenticated attacke...
NETGEAR R7000 Buffer Overflow Vulnerability (CNVD-2022-69163)
The NETGEAR R7000 is a wireless router from NETGEAR. A buffer overflow vulnerability exists in the NETGEAR R7000V1.0.11.13410.2.119 version, which originates from a stack overflow vulnerability due to strncat via the wl binary in the firmware that is susceptible to buffer overflow. An attacker ca...
ZFile arbitrary file upload vulnerability
ZFile is a Java-based online web development program open-sourced by zfile-dev. ZFile v4.1.1 contains an arbitrary file upload vulnerability that stems from a lack of validation of uploaded files in its component /file/upload/1. An attacker could exploit this vulnerability to upload malicious fil...
Vim Resource Management Error Vulnerability (CNVD-2022-68077)
Vim is a cross-platform text editor. A resource management error vulnerability exists in versions prior to Vim 9.0.0579 that stems from reuse after release. No details of the vulnerability are provided at this time...
Adobe InDesign Buffer Overflow Vulnerability (CNVD-2022-66017)
Adobe InDesign, a set of typesetting and editing applications from Adobe, has a buffer overflow vulnerability that originates from out-of-bounds reads and could lead to a memory leak. An attacker could use the vulnerability to execute unauthorized commands and could gain system privileges to...
Adobe Bridge Buffer Overflow Vulnerability (CNVD-2022-64964)
Adobe Bridge is a file viewer from Adobe. Adobe Bridge is vulnerable to a buffer overflow vulnerability that stems from an out-of-bounds write vulnerability that could be exploited to execute arbitrary code in the context of the current user...
Tenda AC1206 Buffer Overflow Vulnerability (CNVD-2022-78510)
Tenda AC1206 is a wireless through-the-wall king gigabit router from Tenda China. Tenda AC1206 version V15.03.06.23 is vulnerable to a buffer overflow vulnerability caused by incorrect boundary checking of the formSetClientState function. An attacker could exploit this vulnerability to overflow t...
WellCMS Cross-site Request Forgery Vulnerability
WellCMS is an open source, billion-load, mobile-leaning, lightweight, super-responsive, high-load CMS that is the best choice for large data volumes and high concurrent access websites. Users - Create User - Add New User does not sufficiently verify that the request is from a trusted user. An...
Wyse Management Suite has an unspecified vulnerability (CNVD-2022-56657)
Wyse Management Suite is a scalable solution for managing and optimizing Wyse endpoints from Dell, Inc. The product includes centralized Wyse endpoint management, asset tracking, and automated device discovery.Wyse Management Suite 3.6.1 and prior versions contain a security vulnerability that...
Siemens Teamcenter Command Injection Vulnerability
Teamcenter software is a modern, adaptable product lifecycle management PLM system that connects people and processes across functional silos through digital threads to enable innovation.Siemens Teamcenter is vulnerable to a command injection vulnerability that could be exploited by attackers to...
F5 BIG-IP APM null pointer pointer dereference vulnerability
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A null pointer pointer dereference vulnerability exists in F5 BIG-IP APM, which stems from undisclosed traffic when configuri...
F5 BIG-IP HTTP2 profile denial of service vulnerability
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A denial of service vulnerability exists in the F5 BIG-IP HTTP2 profile, which stems from the fact that when configuring the...
D-Link DSL-3782 Buffer Overflow Vulnerability (CNVD-2022-56666)
The D-Link DSL-3782 is a wireless router from AUO D-Link of Taiwan, China. The D-Link DSL-3782 suffers from a buffer overflow vulnerability that stems from a stack-based buffer overflow in the getAttrValue method. No detailed vulnerability details are provided at this time...
Adobe Acrobat and Adobe Reader Resource Management Error Vulnerability (CNVD-2022-56129)
Adobe Acrobat and Adobe Reader are the United States of America Odo than Adobe company's products. Adobe Acrobat is a set of PDF file editing and conversion tools. Adobe Reader is a set of PDF document reading software. Adobe Acrobat and Adobe Reader there are resource management error...