Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2021/10/14 12:0 a.m.•31 views

Intel SGX SDK Input Validation Error Vulnerability

The Intel SGX SDK is a software development kit based on SGX Intel Software Security Extensions technology from Intel U.S.A. An input validation error vulnerability exists in the Intel SGX SDK, which was reported by Intel in the Intel Software Protection Extensions SGX Software Development Kit SD...

6.7CVSS2AI score0.0032EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/14 12:0 a.m.•31 views

Microsoft SharePoint Server Spoofing Vulnerability (CNVD-2022-59598)

Microsoft SharePoint is a suite of enterprise business collaboration platforms from Microsoft Corporation USA. Microsoft SharePoint Server is vulnerable to spoofing and no details of the vulnerability are currently available...

7.6CVSS1.5AI score0.01304EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/14 12:0 a.m.•31 views

Redmine Information Disclosure Vulnerability (CNVD-2022-10738)

Redmine is an open source web-based project management and defect tracking tool. The product provides project management, issue tracking, and role-based access control, among other features.A security vulnerability exists in Redmine, which stems from a configuration or other error in the operatio...

5.3CVSS1.7AI score0.01127EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/13 12:0 a.m.•31 views

Microsoft SharePoint Server Information Disclosure Vulnerability (CNVD-2021-82955)

Microsoft Office and Microsoft SharePoint are both products of Microsoft Corporation USA. Microsoft SharePoint is an enterprise business collaboration platform. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and...

5CVSS1AI score0.02209EPSS
Exploits0
CNVD
CNVD
•added 2021/10/13 12:0 a.m.•31 views

MediaWiki Denial of Service Vulnerability (CNVD-2022-05528)

MediaWiki is a free and free-to-use web-based wiki engine from the US-based Wikimedia MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems.MediaWiki has a denial of service vulnerability in versions prior to 1.36.2, which stems from...

7.5CVSS4.4AI score0.01646EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/11 12:0 a.m.•31 views

Zammad Information Disclosure Vulnerability (CNVD-2021-81948)

Zammad is a ticket management software from Zammad, a German company. versions prior to Zammad 4.1.1 have security vulnerabilities that allow attackers to discover application secrets and obtain sensitive information through the API...

4CVSS4.1AI score0.00853EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2021/10/09 12:0 a.m.•31 views

IBM Sterling File Gateway Information Disclosure Vulnerability (CNVD-2021-78437)

IBM Sterling File Gateway is an application for transferring files between internal and external partners, allowing you to more securely and reliably transfer files with trading partners.An information disclosure vulnerability exists in IBM Sterling File Gateway version 6.0.1.0-6.1.0.2. An attack...

4.3CVSS3.2AI score0.00951EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/08 12:0 a.m.•31 views

FATEK Automation WinProladder Resource Management Error Vulnerability

FATEK Automation WinProladder is a PLC from FATEK Automation in China.FATEK Automation WinProladder is vulnerable to resource management errors, which can be exploited by attackers to execute arbitrary code via malformed project files...

6.8CVSS6.4AI score0.00959EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2021/09/23 12:0 a.m.•31 views

FFmpeg integer overflow vulnerability (CNVD-2021-80286)

FFmpeg is the FFmpeg team's complete solution for recording, converting, and streaming audio and video. ffmpeg suffers from an integer overflow vulnerability that could be exploited by an attacker to cause a denial of service or other unspecified impact...

8.8CVSS6.4AI score0.01182EPSS
Exploits1References1
CNVD
CNVD
•added 2021/09/22 12:0 a.m.•31 views

Google Chrome Tab Strip code execution vulnerability

Google Chrome is a web browser from Google, Inc. A code execution vulnerability exists in Google Chrome Tab Strip. A remote attacker could use this vulnerability to execute arbitrary code on the system or cause a denial of service condition...

8.8CVSS5.1AI score0.01222EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/22 12:0 a.m.•31 views

Google Chrome Blink graphics security bypass vulnerability

Google Chrome is a web browser from Google, Inc. A security bypass vulnerability exists in Google Chrome Blink graphics. An attacker could exploit this vulnerability to bypass security restrictions...

2.9AI score
Exploits0References1
CNVD
CNVD
•added 2021/09/22 12:0 a.m.•31 views

Google Chrome file system API code execution vulnerability

Google Chrome is a web browser from Google, Inc. A code execution vulnerability exists in the File System API in versions of Google Chrome prior to 94.0.4606.54. A remote attacker could use this vulnerability to execute arbitrary code on the system or cause a denial of service condition...

8.8CVSS6.7AI score0.01349EPSS
Exploits1References1
CNVD
CNVD
•added 2021/09/22 12:0 a.m.•31 views

Google Chrome Task Manager code execution vulnerability

Google Chrome is a web browser from Google, Inc. A code execution vulnerability exists in Google Chrome Task Manager. A remote attacker could use this vulnerability to execute arbitrary code on the system or cause a denial of service condition...

8.8CVSS5.1AI score0.00877EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/16 12:0 a.m.•31 views

vim post-release reuse vulnerability (CNVD-2021-99302)

Vim is a powerful and highly customizable text editor, an improved version of vi that improves upon and adds many features to Vi. vim version 8.2.3425 is vulnerable to a post-release reuse vulnerability. An attacker could exploit this vulnerability to execute code...

8.2CVSS4.2AI score0.01626EPSS
Exploits1References1
CNVD
CNVD
•added 2021/09/15 12:0 a.m.•31 views

Adobe Acrobat/Reader null pointer dereference vulnerability (CNVD-2021-87306)

Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat is a PDF editing software developed by Adobe. Adobe Acrobat/Reader is vulnerable to a null pointer dereference. An attacker can exploit this vulnerability to cause a denial of service...

5.5CVSS3.5AI score0.01881EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/15 12:0 a.m.•31 views

Adobe Acrobat/Reader Stack Buffer Overflow Vulnerability (CNVD-2021-94916)

Adobe Reader also known as Acrobat Reader is a PDF document reader developed by Adobe. Adobe Acrobat is a PDF editor developed by Adobe. Adobe Acrobat/Reader is vulnerable to a stack buffer overflow. An attacker can exploit this vulnerability to execute arbitrary code...

6.1CVSS5.3AI score0.02509EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/15 12:0 a.m.•31 views

Adobe Acrobat/Reader Out-of-Bounds Writing Vulnerability (CNVD-2021-94918)

Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat is a PDF editing software developed by Adobe. Adobe Acrobat/Reader suffers from an out-of-bounds write vulnerability. An attacker can exploit the vulnerability to cause a memory leak...

7.8CVSS5.1AI score0.76055EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/14 12:0 a.m.•31 views

Google Chrome memory out-of-bounds access vulnerability

Chrome is a simple and efficient web browsing tool developed by Google. ANGLE in versions prior to Google Chrome 93.0.4577.82 suffers from a memory out-of-bounds access vulnerability. An attacker could exploit this vulnerability to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS4.4AI score0.0098EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/11 12:0 a.m.•31 views

Delta Electronics DOPSoft 2 Out-of-Bounds Write Vulnerability

Delta Electronics DOPSoft is a set of human-machine interface HMI software from Delta Electronics in Taiwan, China. An out-of-bounds write vulnerability exists in Delta Electronics DOPSoft 2, which can be exploited by an attacker to execute code in the context of the current process...

7.8CVSS7.7AI score0.77892EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/07 12:0 a.m.•31 views

Tuxera NTFS-3G Buffer Overflow Vulnerability (CNVD-2021-72272)

Tuxera NTFS-3G is Finland's Tuxera company's set of open source , cross-platform for supporting NTFS partition read and write drivers . The Tuxera NTFS-3G buffer overflow vulnerability can be exploited by an attacker to potentially cause a heap buffer overflow, which could lead to a memory leak,...

7.8CVSS8AI score0.00503EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/02 12:0 a.m.•31 views

libssh buffer overflow vulnerability (CNVD-2021-71262)

Libssh is a C development package from the Libssh organization for accessing SSH services, which can execute remote commands, file transfers, and provide a secure transport channel for remote programs. libssh is vulnerable to a buffer overflow vulnerability, which stems from the fact that libssh...

6.5CVSS3.1AI score0.04683EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/01 12:0 a.m.•31 views

Google Chrome TabStrip buffer overflow vulnerability

Google Chrome is a web browser from Google, Inc. A buffer overflow vulnerability exists in Google Chrome TabStrip. The vulnerability is caused by incorrect bounds checking in TabStrip. A remote attacker could exploit the vulnerability to cause a buffer overflow and execute arbitrary code on the...

8.8CVSS3.9AI score0.04456EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/21 12:0 a.m.•31 views

SIEMENS SINEMA Remote Connect Server Code Execution Vulnerability

Siemens SINEMA Remote Connect Server is a remote network management platform from Siemens, a German company. The platform is primarily used to remotely access, maintain, control, and diagnose the underlying network. SIEMENS SINEMA Remote Connect Server is vulnerable to a code execution...

7.8CVSS3.5AI score0.00242EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/19 12:0 a.m.•31 views

GPAC Project on Advanced Content Integer Overflow Vulnerability (CNVD-2021-64078)

GPAC Project on Advanced Content is an open source cross-platform library that implements the MPEG-4 system standard and provides tools for media playback, vector graphics, and 3D rendering. an integer overflow vulnerability exists in the MPEG-4 decoding functionality in GPAC Project on Advanced...

8.8CVSS3.3AI score0.0201EPSS
Exploits1References1
CNVD
CNVD
•added 2021/08/11 12:0 a.m.•31 views

Siemens Jt2go and Teamcenter Visualization null pointer dereference vulnerability

Siemens Jt2go is a JT file viewer. Siemens Teamcenter Visualization is a software that provides team collaboration capabilities for designing 2D and 3D scenes. a security vulnerability exists in Siemens Jt2go and Teamcenter Visualization, which stems from the fact that when parsing specially...

5.5CVSS2.9AI score0.00818EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/10 12:0 a.m.•31 views

Linux kernel information disclosure vulnerability (CNVD-2021-68182)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that can be exploited by an attacker to read uninitialized memory...

3.3CVSS5.5AI score0.00308EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/10 12:0 a.m.•31 views

Exiv2 out-of-bounds read vulnerability (CNVD-2021-61795)

Exiv2 is a cross-platform C++ library and command line utility for managing image metadata. An out-of-bounds read vulnerability exists in Exiv2 0.27.4 and earlier versions. An attacker could use this vulnerability to cause a denial of service via a specially crafted image file...

5.5CVSS6AI score0.00984EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/06 12:0 a.m.•31 views

Cisco Small Business RV340 and Cisco Small Business Command Injection Vulnerabilities

The Cisco Small Business RV340 and the Cisco Small Business are both products of Cisco, Inc.The Cisco Small Business RV340 is a router. Cisco Small Business RV340 is a router, a hardware device that connects two or more networks and acts as a gateway between networks.Cisco Small Business is a...

9.8CVSS9.7AI score0.09065EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/06 12:0 a.m.•31 views

Cisco Small Business RV160 and RV260 Series VPN Routers Remote Command Execution Vulnerability

The Cisco Small Business RV160 and RV260 are is a router. A remote command execution vulnerability exists in the Cisco Small Business RV160 and RV260 series VPN routers. An attacker could exploit the vulnerability to execute arbitrary commands on an affected device...

10CVSS9.4AI score0.02033EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/05 12:0 a.m.•31 views

Liferay Portal and Liferay DXP Cross-Site Scripting Vulnerability (CNVD-2021-62969)

Liferay Portal and Liferay DXP are both products of Liferay, a J2EE-based portal solution that uses EJB and JMS technologies and serves as a web publishing and shared workspace, enterprise collaboration platform, social network, etc. Liferay DXP is a digital experience collaboration platform...

6.1CVSS6.2AI score0.0098EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/04 12:0 a.m.•31 views

Nexus Control Panel Licensing Issue Vulnerability

Swisslog Healthcare Nexus Panel, a medical device from Swisslog Healthcare, has a security vulnerability in versions prior to Nexus Control Panel 7.2.5.7. The vulnerability stems from an improper method used to bind a local service to a port on the device interface. An attacker could use this...

7.8CVSS2.8AI score0.01841EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/04 12:0 a.m.•31 views

Huawei HarmonyOS security bypass vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company that provides a microkernel-based distributed operating system. Huawei HarmonyOS has a security vulnerability that can be exploited by local attackers to cause a memory overwrite...

7.8CVSS3.1AI score0.00177EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/03 12:0 a.m.•31 views

MikroTik RouterOS Assertion Failure Vulnerability

MikroTik RouterOS is a Linux-based router operating system developed by MikroTik Latvia.An assertion failure vulnerability exists in MikroTik RouterOS, which stems from an authentication error in the product's /ram/pckg/security/nova/bin/ipsec process. An attacker could exploit this vulnerability...

6.5CVSS3.6AI score0.02142EPSS
Exploits1References1
CNVD
CNVD
•added 2021/07/22 12:0 a.m.•31 views

TYPO3 Cross-Site Scripting Vulnerability (CNVD-2022-17986)

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Typo3 association.TYPO3 suffers from a cross-site scripting vulnerability that stems from the fact that the QueryGenerator and QueryView components are vulnerable to reflected and persistent cross-sit...

6.4CVSS2.4AI score0.00598EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/21 12:0 a.m.•31 views

Oracle Database Server has an unspecified vulnerability (CNVD-2022-09810)

Oracle Database Server is a relational database management system from Oracle Corporation USA. A security vulnerability exists in the Advanced Networking Option component of Oracle Database Server versions 12.1.0.2, 12.2.0.1, and 19c, which could be exploited to cause an attacker to take over...

8.3CVSS4.3AI score0.025EPSS
Exploits5References1
CNVD
CNVD
•added 2021/07/21 12:0 a.m.•31 views

Oracle MySQL Server Denial of Service Vulnerability (CNVD-2021-54025)

Oracle MySQL Server, a relational database from Oracle Corporation, has a security vulnerability in the Server: Memcached component of Oracle MySQL Server 8.0.25 and earlier. An attacker can exploit this vulnerability to cause a partial denial of service on MySQL Server...

4CVSS3.4AI score0.02312EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/21 12:0 a.m.•31 views

Oracle MySQL Server has an unspecified vulnerability (CNVD-2021-54026)

Oracle MySQL Server is a relational database from Oracle Corporation USA. An unspecified vulnerability exists in the InnoDB component of Oracle MySQL Server 8.0.25 and earlier. An attacker could exploit this vulnerability to affect confidentiality...

4.1CVSS4.5AI score0.00456EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/21 12:0 a.m.•31 views

Oracle MySQL Server Denial of Service Vulnerability

Oracle MySQL Server mysqld is the MySQL server, the main program that performs most of the work in a MySQL installation. A security vulnerability exists in the Server: Replication component in Oracle MySQL Server 5.7.34, 8.0.25 and earlier versions. An attacker can exploit this vulnerability to...

5.9CVSS5.5AI score0.01879EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/20 12:0 a.m.•31 views

Google Chrome WebSerial use-after-release vulnerability

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome WebSerial, which allows remote attackers to potentially attack via specially crafted HTML pages using heap corruption...

8.8CVSS4.5AI score0.01312EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/20 12:0 a.m.•31 views

Google Chrome V8 Type Obfuscation Vulnerability (CNVD-2021-60535)

Google Chrome is a web browser from Google, Inc. Google Chrome V8 has a security vulnerability that could be exploited by remote attackers to conduct potential attacks via specially crafted HTML pages using heap corruption...

8.8CVSS3.9AI score0.04737EPSS
Exploits2References1
CNVD
CNVD
•added 2021/07/19 12:0 a.m.•31 views

Microsoft Windows Print Spooler Remote Code Execution Vulnerability (CNVD-2022-10026)

Microsoft Windows Print Spooler is a print backend processor component of Microsoft Corporation USA.A remote code execution vulnerability exists in Microsoft Windows Print Spooler, which can be exploited by attackers to run arbitrary code with SYSTEM privileges...

9.8CVSS7AI score0.45423EPSS
Exploits1References1
CNVD
CNVD
•added 2021/07/15 12:0 a.m.•31 views

Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66089)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA.Microsoft Windows is a set of operating systems for personal devices.Microsoft Windows Server is a set of server operating systems. An elevation of privilege vulnerability exists in Win32k in Microsoft...

7.8CVSS3.7AI score0.01294EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/14 12:0 a.m.•31 views

Adobe Acrobat/Reader Post-release Reuse Vulnerability (CNVD-2021-70145)

Adobe Acrobat is a PDF editing software developed by Adobe. Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat/Reader is vulnerable to a post-release reuse vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...

9.3CVSS4AI score0.66052EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/14 12:0 a.m.•31 views

Adobe Illustrator 2021 Post-release Reuse Vulnerability

Adobe Illustrator 2021 is a vector graphics software. Adobe Illustrator 2021 25.2.3 and earlier versions are vulnerable to a post-release reuse vulnerability. An attacker could exploit this vulnerability to read arbitrary file systems...

5.5CVSS5AI score0.01834EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/09 12:0 a.m.•31 views

LJCMS SQL Injection Vulnerability

LJCMS is a free and open source content management system. SQL injection vulnerability exists in LJCMS, which can be exploited by attackers to obtain sensitive database information...

7.5CVSS3.5AI score0.01254EPSS
Exploits1References1
CNVD
CNVD
•added 2021/07/08 12:0 a.m.•31 views

Envoy has an unspecified vulnerability (CNVD-2021-58572)

Envoy is an open source distributed proxy server. Envoy suffers from a security vulnerability that can be exploited by attackers to cause a denial of service due to null references...

7.5CVSS4.4AI score0.01738EPSS
Exploits0References1
CNVD
CNVD
•added 2021/07/06 12:0 a.m.•31 views

SQL Injection Vulnerability in Hunan Qiangzhi Academic Affairs System

hereinafter referred to as the "Company" is a national high-tech enterprise and a service provider of informationization for domestic universities. A SQL injection vulnerability exists in the Hunan Qiangzhi Academic Affairs System, which can be exploited by attackers to obtain sensitive informati...

7.5AI score
Exploits0
CNVD
CNVD
•added 2021/06/30 12:0 a.m.•31 views

Google Golang has an unspecified vulnerability

Google Golang is a statically strongly typed, compiled language from Google, U.S. A security vulnerability exists in Google Golang that could be exploited by attackers to cause a panic or unrecoverable fatal error and lead to a denial of service condition...

7.5CVSS3.9AI score0.034EPSS
Exploits1References1
CNVD
CNVD
•added 2021/06/19 12:0 a.m.•31 views

Google Chrome suffers from an information disclosure vulnerability (CNVD-2021-47672)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from an information disclosure vulnerability. A remote attacker can exploit the vulnerability to obtain potentially sensitive information from process memory via specially crafted PDF files...

5.5CVSS6.4AI score0.01208EPSS
Exploits0References1
CNVD
CNVD
•added 2021/06/09 12:0 a.m.•31 views

Unauthorized Access Vulnerability in Yawcam

YawcamWin7 Camera Software official version is a camera capture, YawcamWin7 Camera Software easily help users to outdoor accurate live playback, and YawcamWin7 Camera Software official version can also be played on the screen for fast interception, and save it in a local file and other functions...

6.7AI score
Exploits0
Total number of security vulnerabilities5000