131102 matches found
Uriparser Resource Management Error Vulnerability
Uriparser is a Uri parsing and processing library written in C89 that strictly conforms to Rfc 3986. uriparser is vulnerable to a resource management error that stems from uriparser prior to 0.9.6 performing invalid free operations in uriNormalizeSyntax. No detailed vulnerability details are...
Discourse Input Validation Error Vulnerability (CNVD-2022-05507)
Discourse is an open source community discussion platform. The platform includes community, email, and chat room features.Discourse is vulnerable to an input validation error that could be exploited to trigger a denial of service attack via the /message-bus/diagnostics path...
Minio MinIO has an unspecified vulnerability
Minio MinIO is an open source object storage server from MinIO USA. The product supports building infrastructure for machine learning, analytics, and application data workloads.MinIO has a security vulnerability that stems from the fact that MinIO is a native application for Kubernetes cloud...
Apple macOS High Sierra Elevation of Privilege Vulnerability (CNVD-2022-15493)
Apple macOS High Sierra is a proprietary operating system developed by Apple for Mac computers. Apple macOS High Sierra is vulnerable to a security flaw that could be exploited by attackers to execute non-executable text files via SMB shares...
NumPy buffer overflow vulnerability
NumPy is a Python scientific computing package. NumPy version 1.9 is vulnerable to a buffer overflow vulnerability caused by the lack of a limit on array length in the PyArrayNewFromDescrint function in ctor .c, which leads to a buffer overflow vulnerability that can be exploited to cause a denia...
NumPy has an unspecified vulnerability
NumPy is a Python scientific computing package. The product supports a large number of dimensional arrays and matrices, while providing a large library of mathematical functions for data operations. numPy 1.19 has a security vulnerability that stems from a null pointer dereference vulnerability i...
Teeworlds buffer overflow vulnerability
Teeworlds is an online multiplayer shooter game. Teeworlds suffers from a buffer overflow vulnerability that originates when a networked system or product performs an operation on memory that does not properly validate data boundaries, resulting in an incorrect read or write operation being...
fastadmin code problem vulnerability
fastadmin is a set of ThinkPHP and Bootstrap-based web backend development framework. fastadmin has a security vulnerability that stems from the fact that Fastadmin v1.2.1 is affected by a file upload vulnerability that allows execution of arbitrary code via shell access. No details of the...
Google Chrome Resource Management Error Vulnerability (CNVD-2022-01696)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a resource management error vulnerability that stems from post-free use in the UI. No details of the vulnerability are provided at this time...
Linux kernel has unspecified vulnerabilities (CNVD-2022-10716)
Linux kernel is the kernel used by the Linux Foundation's open-source operating system Linux. Linux kernel is vulnerable and can be exploited by attackers to bypass Linux kernel restrictions and gain privileges via the Frozen EBPF Map Race...
Google Go buffer overflow vulnerability
Google Go is a statically strongly-typed, compiled, concurrently-typed, and garbage collected programming language from the U.S. company Google Google. A security vulnerability exists in ImportedSymbols, which stems from importing symbols for Open or OpenFat in Go's debug macho and accessing memo...
CKEditor Cross-Site Scripting Vulnerability (CNVD-2021-93368)
CKEditor is a set of open source, web-based text editors.A cross-site scripting vulnerability exists in CKEditor, which allows attackers to bypass content cleanup to inject misformatted HTML, which could lead to the execution of JavaScript code. No detailed vulnerability details are currently...
Google Chrome service workers security bypass vulnerability
Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google chrome, which is caused by improper design or implementation during the development of code for a web system or product. A remote attacker could exploit the vulnerability to bypass security restrictions...
Google Chrome post-release reuse vulnerability (CNVD-2022-12742)
Chrome is a simple and efficiently designed web browsing tool developed by Google. A post-release reuse vulnerability exists in Storage Foundation in Google Chrome versions prior to 96.0.4664.45. An attacker can potentially exploit heap corruption via a crafted HTML page...
Samba Input Validation Error Vulnerability (CNVD-2021-87030)
Samba is the standard Windows interoperability suite for Linux and Unix. samba is vulnerable to an input validation error, which stems from a flaw found in the way samba implements DCE/RPC. If a client of the Samba server sends a very large DCE/RPC request and chooses to segment it, an attacker...
Incorrect Input Validation Vulnerability in Multiple Siemens Products
Capital VSTAR is a complete solution. the Nucleus NET module integrates a range of standards-compliant networking and communications protocols, drivers and utilities to provide full-featured networking support in any embedded device. the Nucleus RTOS is a microkernel-based real-time operating...
Google Android Kernel Component Elevation of Privilege Vulnerability (CNVD-2021-101423)
Android is a Linux-based open source operating system developed by Google Inc. and the Open Handheld Alliance OHA for short. an elevation of privilege vulnerability exists in the Kernel component of Google Android, which could be exploited by an attacker to cause a local elevation of privilege...
Google Android Framework Elevation of Privilege Vulnerability (CNVD-2021-101445)
Android is a Linux-based open source operating system developed by Google Inc. and the Open Handheld Alliance OHA for short. an elevation of privilege vulnerability exists in the Framework component of Google Android version 12. No detailed vulnerability details are available...
Nvidia vGPU Software code issue vulnerability
Nvidia vGPU Software is a management software for providing GPU functionality to virtual machines from Nvidia, Inc. NVIDIA vGPU software is vulnerable to a code issue that could be exploited by an attacker to dereference NULL pointers and cause a denial of service...
GitLab Cross-Site Scripting Vulnerability (CNVD-2021-91184)
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features.GitLab CE/EE is vulnerable to a cross-site scripting vulnerability that could b...
Adobe Bridge null pointer dereference vulnerability
Adobe Bridge is a free digital asset management application from Adobe. 11.1.1 and earlier versions of Adobe Bridge are vulnerable to a null pointer dereference vulnerability that could be exploited by attackers to cause a memory leak...
Google Chrome Post-release Reuse Vulnerability (CNVD-2021-84814)
Chrome is a web browsing tool developed by Google.A post-release reuse vulnerability exists in Dev Tools in versions of Google Chrome prior to 95.0.4638.54. An attacker could exploit this vulnerability to potentially exploit heap corruption via a crafted HTML page...
Oracle MySQL Server Input Validation Error Vulnerability (CNVD-2021-80261)
A security vulnerability exists in the Server: Optimizer component of Oracle MySQL Server 8.0.25 and earlier versions. An attacker could exploit this vulnerability to perform a denial of service DoS attack...
Oracle VM VirtualBox Denial of Service Vulnerability (CNVD-2021-81790)
Oracle VM VirtualBox is a virtual machine management software from Oracle. A denial of service vulnerability exists in the Core component of Oracle VM VirtualBox versions prior to 6.1.28, which can be exploited by an attacker to cause Oracle VM VirtualBox to hang or crash frequently and repeatedl...
Oracle Database Server Denial of Service Vulnerability
Oracle Database Server is a relational database management system from Oracle Corporation USA. The database management system provides data management, distributed processing, etc. A denial of service vulnerability exists in the Core RDBMS component of Oracle Database Server versions 12.1.0.2,...
GoAhead file upload vulnerability
GoAhead is an open source small embedded web server from Embedthis Software, U.S. GoAhead is vulnerable to a file upload vulnerability that stems from incomplete filter processing in the file upload filter. An attacker could exploit this vulnerability to import untrusted environment variables int...
Intel SGX SDK Input Validation Error Vulnerability
The Intel SGX SDK is a software development kit based on SGX Intel Software Security Extensions technology from Intel U.S.A. An input validation error vulnerability exists in the Intel SGX SDK, which was reported by Intel in the Intel Software Protection Extensions SGX Software Development Kit SD...
Microsoft SharePoint Server Spoofing Vulnerability (CNVD-2022-59598)
Microsoft SharePoint is a suite of enterprise business collaboration platforms from Microsoft Corporation USA. Microsoft SharePoint Server is vulnerable to spoofing and no details of the vulnerability are currently available...
Redmine Information Disclosure Vulnerability (CNVD-2022-10738)
Redmine is an open source web-based project management and defect tracking tool. The product provides project management, issue tracking, and role-based access control, among other features.A security vulnerability exists in Redmine, which stems from a configuration or other error in the operatio...
Microsoft SharePoint Server Information Disclosure Vulnerability (CNVD-2021-82955)
Microsoft Office and Microsoft SharePoint are both products of Microsoft Corporation USA. Microsoft SharePoint is an enterprise business collaboration platform. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and...
MediaWiki Denial of Service Vulnerability (CNVD-2022-05528)
MediaWiki is a free and free-to-use web-based wiki engine from the US-based Wikimedia MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems.MediaWiki has a denial of service vulnerability in versions prior to 1.36.2, which stems from...
Zammad Information Disclosure Vulnerability (CNVD-2021-81948)
Zammad is a ticket management software from Zammad, a German company. versions prior to Zammad 4.1.1 have security vulnerabilities that allow attackers to discover application secrets and obtain sensitive information through the API...
OpenSNS SQL Blind Betting Vulnerability
OpenSNS is a comprehensive social software developed by Thinking Sky. A SQL blind injection vulnerability exists in the cid parameter in /Controller/ChinaCityController.class.php in OpenSNS version 6.1.0. An attacker can exploit this vulnerability to obtain sensitive database information...
FATEK Automation WinProladder Resource Management Error Vulnerability
FATEK Automation WinProladder is a PLC from FATEK Automation in China.FATEK Automation WinProladder is vulnerable to resource management errors, which can be exploited by attackers to execute arbitrary code via malformed project files...
VMware vCenter Server Reverse Proxy Bypass Vulnerability
VMware vCenter Server is a suite of server and virtualization management software from Vmware, Inc. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructures. vCenter Server is vulnerable to a rever...
FFmpeg integer overflow vulnerability (CNVD-2021-80286)
FFmpeg is the FFmpeg team's complete solution for recording, converting, and streaming audio and video. ffmpeg suffers from an integer overflow vulnerability that could be exploited by an attacker to cause a denial of service or other unspecified impact...
Google Chrome Tab Strip code execution vulnerability
Google Chrome is a web browser from Google, Inc. A code execution vulnerability exists in Google Chrome Tab Strip. A remote attacker could use this vulnerability to execute arbitrary code on the system or cause a denial of service condition...
Google Chrome Blink graphics security bypass vulnerability
Google Chrome is a web browser from Google, Inc. A security bypass vulnerability exists in Google Chrome Blink graphics. An attacker could exploit this vulnerability to bypass security restrictions...
Google Chrome file system API code execution vulnerability
Google Chrome is a web browser from Google, Inc. A code execution vulnerability exists in the File System API in versions of Google Chrome prior to 94.0.4606.54. A remote attacker could use this vulnerability to execute arbitrary code on the system or cause a denial of service condition...
Google Chrome Task Manager code execution vulnerability
Google Chrome is a web browser from Google, Inc. A code execution vulnerability exists in Google Chrome Task Manager. A remote attacker could use this vulnerability to execute arbitrary code on the system or cause a denial of service condition...
Adobe Acrobat/Reader null pointer dereference vulnerability (CNVD-2021-87306)
Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat is a PDF editing software developed by Adobe. Adobe Acrobat/Reader is vulnerable to a null pointer dereference. An attacker can exploit this vulnerability to cause a denial of service...
Adobe Acrobat/Reader Stack Buffer Overflow Vulnerability (CNVD-2021-94916)
Adobe Reader also known as Acrobat Reader is a PDF document reader developed by Adobe. Adobe Acrobat is a PDF editor developed by Adobe. Adobe Acrobat/Reader is vulnerable to a stack buffer overflow. An attacker can exploit this vulnerability to execute arbitrary code...
Adobe Acrobat/Reader Out-of-Bounds Writing Vulnerability (CNVD-2021-94918)
Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat is a PDF editing software developed by Adobe. Adobe Acrobat/Reader suffers from an out-of-bounds write vulnerability. An attacker can exploit the vulnerability to cause a memory leak...
Google Chrome memory out-of-bounds access vulnerability
Chrome is a simple and efficient web browsing tool developed by Google. ANGLE in versions prior to Google Chrome 93.0.4577.82 suffers from a memory out-of-bounds access vulnerability. An attacker could exploit this vulnerability to potentially exploit heap corruption via a crafted HTML page...
Delta Electronics DOPSoft 2 Out-of-Bounds Write Vulnerability
Delta Electronics DOPSoft is a set of human-machine interface HMI software from Delta Electronics in Taiwan, China. An out-of-bounds write vulnerability exists in Delta Electronics DOPSoft 2, which can be exploited by an attacker to execute code in the context of the current process...
Mozilla Rust Memory Corruption Vulnerability (CNVD-2022-01151)
A security vulnerability in Rust gfwx crate before 0.3.0, a general-purpose, compiled programming language from the Mozilla Foundation, stems from a limitation in ImageChunkMut's lack of sending or synchronization features, and could be exploited by an attacker to cause data contention and memory...
Tuxera NTFS-3G Buffer Overflow Vulnerability (CNVD-2021-72272)
Tuxera NTFS-3G is Finland's Tuxera company's set of open source , cross-platform for supporting NTFS partition read and write drivers . The Tuxera NTFS-3G buffer overflow vulnerability can be exploited by an attacker to potentially cause a heap buffer overflow, which could lead to a memory leak,...
libssh buffer overflow vulnerability (CNVD-2021-71262)
Libssh is a C development package from the Libssh organization for accessing SSH services, which can execute remote commands, file transfers, and provide a secure transport channel for remote programs. libssh is vulnerable to a buffer overflow vulnerability, which stems from the fact that libssh...
Google Chrome TabStrip buffer overflow vulnerability
Google Chrome is a web browser from Google, Inc. A buffer overflow vulnerability exists in Google Chrome TabStrip. The vulnerability is caused by incorrect bounds checking in TabStrip. A remote attacker could exploit the vulnerability to cause a buffer overflow and execute arbitrary code on the...
LedgerSMB Cross-Site Scripting Vulnerability (CNVD-2021-101203)
LedgerSMB is a free web-based double-entry bookkeeping system with quoting, ordering, invoicing, projects, time cards, inventory management, shipping, etc. A cross-site scripting vulnerability exists in LedgerSMB, which stems from the application's failure to check the origin of HTML fragments...