131102 matches found
Exim Backlink Vulnerability
Exim is an open source messaging agent MTA running on Unix systems that routes, forwards and delivers mail. Exim suffers from a security vulnerability that exists as a result of the following issue with symbolic links in the Exim log directory. An attacker can exploit the vulnerability to overwri...
Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66101)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in the "Container Manager Service" of Microsoft...
Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66100)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in the "Container Manager Service" of Microsoft...
OpenEXR DwaCompressor Heap Buffer Overflow Vulnerability
OpenEXR is an image file format for high dynamic range HDR images. a heap buffer overflow vulnerability exists in OpenEXR DwaCompressor. An attacker could exploit this vulnerability to cause a program crash using an application compiled with OpenEXR...
jonfinley Monitorr authorization bypass vulnerability
jonfinley Monitorr is a jonfinley open source application. Used for webfront will display the status of any Web application or service in real time. monitorr version 1.7.6m has an authorization bypass vulnerability, which can be exploited by attackers to create valid credentials...
Vaadin flow path traversal vulnerability
Vaadin flow is a software application. the Vaadin platform is a Java framework for building modern websites that look great, perform well and keep you and your users happy. A path traversal vulnerability exists in vaadin: flow-server versions 2.0.0 through 2.4.1, which can be exploited by an...
File Upload Vulnerability in FineReport of SailSoft Software Ltd.
FineReport is the leading enterprise-class Web reporting tool. A file upload vulnerability exists in FineReport from SailSoft Software Ltd. that can be exploited by an attacker to upload arbitrary files...
Microsoft Windows and Windows Server Denial of Service Vulnerability (CNVD-2021-71948)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. A denial of service vulnerability exists in the "TCP/IP driver" in Microsoft Windows and Windows Server,...
Microsoft Windows and Windows Server Remote Code Execution Vulnerability (CNVD-2021-71409)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. A remote code execution vulnerability exists in the Network File System in Microsoft Windows and Windows...
Microsoft Windows and Windows Server Remote Code Execution Vulnerability (CNVD-2021-58239)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server is a server operating system. Microsoft Windows and Windows Server have a remote code execution vulnerability that can be exploited by...
Apple Xcode has an unspecified vulnerability
Apple Xcode is an integrated development environment provided by Apple for developers to develop applications for Mac OS X and iOS. Apple Xcode 12.4 contains a security vulnerability that could be exploited by attackers to access arbitrary files on the host device...
Microsoft Windows/Windows Server Information Disclosure Vulnerability (CNVD-2021-63296)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA, Microsoft Windows is an operating system for personal devices, and Microsoft Windows Server is a server operating system. The Microsoft Windows/Windows Server TPM device driver is vulnerable to...
Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66110)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server is a server operating system. Microsoft Windows/Windows Server Win32k has an elevation of privilege vulnerability that could be exploit...
Microsoft Windows/Windows Server Information Disclosure Vulnerability (CNVD-2021-63317)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server is a server operating system. Microsoft Windows/Windows Server has an information disclosure vulnerability that can be exploited by an...
Microsoft Windows/Windows Server Information Disclosure Vulnerability (CNVD-2021-63318)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server is a server operating system. Microsoft Windows/Windows Server has an information disclosure vulnerability that can be exploited by an...
Microsoft Windows/Windows Server Remote Code Execution Vulnerability (CNVD-2021-62489)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server is a server operating system. A remote code execution vulnerability exists in Microsoft Windows/Windows Server. The vulnerability stems...
Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-68747)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows/Windows Server. The vulnerability...
Microsoft Windows/Windows Server Information Disclosure Vulnerability (CNVD-2021-63329)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. Microsoft Windows/Windows Server is vulnerable to an information disclosure vulnerability that originates...
Microsoft Windows and Windows Server Elevation of Privilege Vulnerability (CNVD-2021-61781)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows and Windows Server,...
Buffer Overflow Vulnerability in Multiple NETGEAR Products (CNVD-2021-57173)
The NETGEAR R6700, among others, is a wireless router from NETGEAR. A buffer overflow vulnerability exists in multiple NETGEAR products. The vulnerability originates when a network system or product performs an operation on memory without properly validating data boundaries, resulting in an...
SweetScape 010 Editor Integer Overflow Vulnerability
010 Editor is a professional text editor and hexadecimal editor for quickly and easily editing the contents of any file on your computer. SweetScape 010 Editor 9.0.1 suffers from an integer overflow vulnerability during variable initialization. An attacker can exploit this vulnerability to cause ...
VMware Fusion Virtual Machine Side Remote Code Execution Vulnerability
VMware Fusion is a virtual machine software for the Mac operating system from VMware. A remote code execution vulnerability exists on the virtual machine side of VMware Fusion, which can be exploited by an attacker to execute arbitrary code on all virtual machines with VMware Tools installed via...
Busybox Code Execution Vulnerability
BusyBox is a set of applications containing several linux commands and tools maintained by Ukrainian software developer Denis Vlasenko. A security vulnerability exists in the 'busybox wget' mini-application in Busybox, which stems from the program's failure to validate SSL certificates. An attack...
Microsoft SharePoint Remote Elevation of Privilege Vulnerability (CNVD-2018-07005)
Microsoft Project Server 2013 SP1 and SharePoint Enterprise Server 2016 are both products of Microsoft Corporation.Microsoft Project Server 2013 SP1 is a suite of project management solutions for project portfolio management PPM and Microsoft Project Server 2013 SP1 is a project management soluti...
CloudMe Buffer Overflow Vulnerability
CloudMe is a file storage service that includes cloud storage, file synchronization, and client browsing software. A buffer overflow vulnerability exists in CloudMe. A remote attacker could exploit this vulnerability to execute arbitrary code...
Microsoft Windows Color Management Module Information Disclosure Vulnerability
Microsoft Windows is a series of operating systems released by Microsoft Corporation in the U.S. Color Management Module Icm32.dll is one of these color management modules. An information disclosure vulnerability exists in Color Management Module Icm32.dll in Microsoft Windows 7 SP1, Windows Serv...
Primetek Primefaces Remote Code Execution Vulnerability
Primetek Primefaces is an open source use in the Java EE system UI library . A remote code execution vulnerability exists in version 5.x of Primetek Primefaces. A remote attacker could exploit this vulnerability to execute code...
Foscam C1 Indoor HD Camera DDNS Client Buffer Overflow Vulnerability (CNVD-2017-34263)
Foscam C1 Indoor HD Camera is a wireless high-definition IP camera from Foscam, China.DDNS client is one of the dynamic domain name service clients. A buffer overflow vulnerability exists in the DDNS client in the Foscam C1 Indoor HD Camera. When DDNS is turned on, an attacker can exploit this...
Apache Sling Servlets Post Cross-Site Scripting Vulnerability
Apache Sling API is the United States Apache Apache Software Foundation's set of frameworks for building Web applications. Apache Sling Servlets Post is one of the container. A security vulnerability exists in the Javascript method Sling.evalString in Apache Sling Servlets Post versions prior to...
Cairo denial of service vulnerability
Cairo is a cross-platform open source vector graphics library developed by software developers Carl Worth and Behdad Esfahbod, which supports doing 2D drawings in multiple contexts and provides high-quality display and printouts. A denial of service vulnerability exists in Cairo version 1.15.4. A...
Microsoft Office Remote Code Execution Vulnerability (CNVD-2017-07394)
Microsoft Office is a suite of office software based on the Windows operating system developed by Microsoft. A remote code execution vulnerability exists in Microsoft Office due to the program not properly handling objects in memory. A remote attacker could exploit this vulnerability by tricking ...
Bottle CRLF Injection Vulnerability
Bottle is a lightweight Python web framework developed by German software developer Marcel Hellkamp, which provides a file with path mapping, templates, simple database access and other web framework components. A security vulnerability exists in the 'redirect' function in Bottle version 0.12.10 ...
BlueZ buffer overflow vulnerability (CNVD-2016-11954)
BlueZ is an official Bluetooth stack for Linux. A buffer overflow vulnerability exists in the 'commandsdump' function in the original 'tools/parser/csr.c' file in BlueZ version 5.42, which stems from the lack of a buffer boundary check for the The vulnerability stems from a lack of buffer bounds...
Dracut Local Information Disclosure Vulnerability
Dracut is an initramfs infrastructure that is primarily used to create initramfs images. Dracut suffers from a local information disclosure vulnerability that can be exploited by an attacker to obtain sensitive information...
Unspecified Vulnerability in Oracle Fusion Middleware NetBeans Component
Oracle Fusion Middleware Oracle Fusion Middleware is a set of Oracle's business innovation platform for enterprise and cloud environments, which provides middleware, software collections, etc. NetBeans is one of the components that includes an open source development environment and application...
Microsoft Internet Explorer Information Disclosure Vulnerability
Microsoft Internet Explorer IE is a Web browser developed by the American company Microsoft and is the default browser that comes with the Windows operating system. An information leakage vulnerability exists in Microsoft IE versions 9 through 11, which arises from the program's failure to proper...
libdwarf Local Buffer Overflow Vulnerability
libdwarf is a set of tools for reading and writing DWARF2 debugging information. A local buffer overflow vulnerability exists in libdwarf. Due to the program failing to perform proper boundary checking on user-submitted input. An attacker could exploit this vulnerability to execute arbitrary code...
WordPress Cross-Site Scripting Vulnerability (CNVD-2016-00258)
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Software Foundation. WordPress suffers from a cross-site scripting vulnerability that allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to gain...
Symantec Endpoint Protection Manager-RU6-MP3 Arbitrary Java Code Execution Vulnerability
Symantec Endpoint Protection Manager is a centralized manager for Symantec's enterprise-class antivirus software. An arbitrary Java code execution vulnerability exists in Symantec Endpoint Protection Manager version 12.1 prior to 12.1-RU6-MP3, which allows remote attackers to execute arbitrary Ja...
Lighttpd 'http_auth.c' Security Bypass Vulnerability
Lighttpd is an open source web server. A security bypass vulnerability exists in Lighttpd that allows remote attackers to bypass security restrictions and perform unauthorized operations...
FastCGI denial of service vulnerability
FastCGI is a protocol that allows interactive programs to communicate with a Web server, the Fast Common Gateway Interface Fast Common Gateway Interface. A denial of service vulnerability exists in FastCGI 2.4.0, which allows remote attackers to cause a denial of service via a large number of...
Apache Spark Deserialization Vulnerability
Apache Spark is a large-scale data processing engine that supports acyclic data streaming and in-memory computing from the Apache Foundation. Apache Spark suffers from a deserialization vulnerability. The vulnerability stems from the Spark History Web UI's overly lax Jackson deserialization of...
Vercel Next.js Privilege Bypass Vulnerability
Next.js is Vercel open source a React framework. Vercel Next.js suffers from a privilege bypass vulnerability that stems from the fact that if authorization checking occurs in middleware, an attacker can use the vulnerability to bypass authorization checking...
Google Chrome Code Execution Vulnerability (CNVD-2025-00209)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that is caused by an out-of-bounds write in V8. An attacker can exploit the vulnerability to execute arbitrary code on the system...
Unspecified Vulnerability in Oracle VM VirtualBox (CNVD-2024-20434)
Oracle Virtualization and Oracle VM VirtualBox are both products of Oracle Corporation.Oracle Virtualization is a suite of virtualization solutions. The product is used to unify the management of the entire hardware and software system from the application to the disk, can be achieved from the...
Unspecified Vulnerability in Adobe Commerce (CNVD-2024-19007)
Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. A security vulnerability exists in Adobe Commerce that can be exploited by an attacker with elevated privileges to potentially abuse the vulnerability t...
Apache Zeppelin Code Injection Vulnerability (CNVD-2024-17938)
Apache Zeppelin is a Web-based open source laptop application from the Apache USA Foundation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin suffers from a code injection vulnerability that stems from the application's failure to properly filter...
IBM Cloud Pak for Business Automation Access Control Error Vulnerability (CNVD-2024-16917)
IBM Cloud Pak for Business Automation is a modular set of integrated software components from International Business Machines IBM, built for any hybrid cloud, designed to automate work and accelerate business growth. An access control error vulnerability exists in IBM Cloud Pak for Business...
IBM WebSphere Application Server Liberty Cross-Site Scripting Vulnerability (CNVD-2024-15727)
IBM WebSphere Application Server Liberty is a Java application server from International Business Machines IBM built on top of the Open Liberty project. A cross-site scripting vulnerability exists in IBM WebSphere Application Server Liberty versions 23.0.0.3 through 24.0.0.3, which stems from the...
Apache Airflow Trust Management Issues Vulnerability (CNVD-2024-13571)
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow suffers from a trust management issue vulnerability that stems from...