Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2022/01/10 12:0 a.m.•31 views

Uriparser Resource Management Error Vulnerability

Uriparser is a Uri parsing and processing library written in C89 that strictly conforms to Rfc 3986. uriparser is vulnerable to a resource management error that stems from uriparser prior to 0.9.6 performing invalid free operations in uriNormalizeSyntax. No detailed vulnerability details are...

5.5CVSS2.7AI score0.01131EPSS
Exploits1References1
CNVD
CNVD
•added 2022/01/06 12:0 a.m.•31 views

Discourse Input Validation Error Vulnerability (CNVD-2022-05507)

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features.Discourse is vulnerable to an input validation error that could be exploited to trigger a denial of service attack via the /message-bus/diagnostics path...

6.8CVSS3.8AI score0.00828EPSS
Exploits1References1
CNVD
CNVD
•added 2021/12/29 12:0 a.m.•31 views

Minio MinIO has an unspecified vulnerability

Minio MinIO is an open source object storage server from MinIO USA. The product supports building infrastructure for machine learning, analytics, and application data workloads.MinIO has a security vulnerability that stems from the fact that MinIO is a native application for Kubernetes cloud...

8.8CVSS8.6AI score0.35462EPSS
Exploits3References1
CNVD
CNVD
•added 2021/12/27 12:0 a.m.•31 views

Apple macOS High Sierra Elevation of Privilege Vulnerability (CNVD-2022-15493)

Apple macOS High Sierra is a proprietary operating system developed by Apple for Mac computers. Apple macOS High Sierra is vulnerable to a security flaw that could be exploited by attackers to execute non-executable text files via SMB shares...

7.8CVSS5.9AI score0.00234EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/21 12:0 a.m.•31 views

NumPy buffer overflow vulnerability

NumPy is a Python scientific computing package. NumPy version 1.9 is vulnerable to a buffer overflow vulnerability caused by the lack of a limit on array length in the PyArrayNewFromDescrint function in ctor .c, which leads to a buffer overflow vulnerability that can be exploited to cause a denia...

5.3CVSS4.8AI score0.01074EPSS
Exploits1References1
CNVD
CNVD
•added 2021/12/21 12:0 a.m.•31 views

NumPy has an unspecified vulnerability

NumPy is a Python scientific computing package. The product supports a large number of dimensional arrays and matrices, while providing a large library of mathematical functions for data operations. numPy 1.19 has a security vulnerability that stems from a null pointer dereference vulnerability i...

5.3CVSS2.1AI score0.01154EPSS
Exploits1References1
CNVD
CNVD
•added 2021/12/19 12:0 a.m.•31 views

Teeworlds buffer overflow vulnerability

Teeworlds is an online multiplayer shooter game. Teeworlds suffers from a buffer overflow vulnerability that originates when a networked system or product performs an operation on memory that does not properly validate data boundaries, resulting in an incorrect read or write operation being...

7.8CVSS4.4AI score0.01382EPSS
Exploits1References1
CNVD
CNVD
•added 2021/12/15 12:0 a.m.•31 views

fastadmin code problem vulnerability

fastadmin is a set of ThinkPHP and Bootstrap-based web backend development framework. fastadmin has a security vulnerability that stems from the fact that Fastadmin v1.2.1 is affected by a file upload vulnerability that allows execution of arbitrary code via shell access. No details of the...

10CVSS4.3AI score0.02095EPSS
Exploits1References1
CNVD
CNVD
•added 2021/12/08 12:0 a.m.•31 views

Google Chrome Resource Management Error Vulnerability (CNVD-2022-01696)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a resource management error vulnerability that stems from post-free use in the UI. No details of the vulnerability are provided at this time...

8.8CVSS8.4AI score0.01237EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/02 12:0 a.m.•31 views

Linux kernel has unspecified vulnerabilities (CNVD-2022-10716)

Linux kernel is the kernel used by the Linux Foundation's open-source operating system Linux. Linux kernel is vulnerable and can be exploited by attackers to bypass Linux kernel restrictions and gain privileges via the Frozen EBPF Map Race...

4.7CVSS5.9AI score0.00186EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/24 12:0 a.m.•31 views

Google Go buffer overflow vulnerability

Google Go is a statically strongly-typed, compiled, concurrently-typed, and garbage collected programming language from the U.S. company Google Google. A security vulnerability exists in ImportedSymbols, which stems from importing symbols for Open or OpenFat in Go's debug macho and accessing memo...

7.5CVSS2.4AI score0.04372EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/18 12:0 a.m.•31 views

CKEditor Cross-Site Scripting Vulnerability (CNVD-2021-93368)

CKEditor is a set of open source, web-based text editors.A cross-site scripting vulnerability exists in CKEditor, which allows attackers to bypass content cleanup to inject misformatted HTML, which could lead to the execution of JavaScript code. No detailed vulnerability details are currently...

8.2CVSS2.2AI score0.01257EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/17 12:0 a.m.•31 views

Google Chrome service workers security bypass vulnerability

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google chrome, which is caused by improper design or implementation during the development of code for a web system or product. A remote attacker could exploit the vulnerability to bypass security restrictions...

6.5CVSS4.7AI score0.00911EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/16 12:0 a.m.•31 views

Google Chrome post-release reuse vulnerability (CNVD-2022-12742)

Chrome is a simple and efficiently designed web browsing tool developed by Google. A post-release reuse vulnerability exists in Storage Foundation in Google Chrome versions prior to 96.0.4664.45. An attacker can potentially exploit heap corruption via a crafted HTML page...

8.8CVSS8.8AI score0.00813EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/12 12:0 a.m.•31 views

Samba Input Validation Error Vulnerability (CNVD-2021-87030)

Samba is the standard Windows interoperability suite for Linux and Unix. samba is vulnerable to an input validation error, which stems from a flaw found in the way samba implements DCE/RPC. If a client of the Samba server sends a very large DCE/RPC request and chooses to segment it, an attacker...

7.5CVSS2.3AI score0.01953EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/11 12:0 a.m.•31 views

Incorrect Input Validation Vulnerability in Multiple Siemens Products

Capital VSTAR is a complete solution. the Nucleus NET module integrates a range of standards-compliant networking and communications protocols, drivers and utilities to provide full-featured networking support in any embedded device. the Nucleus RTOS is a microkernel-based real-time operating...

9.1CVSS1AI score0.01578EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/02 12:0 a.m.•31 views

Google Android Kernel Component Elevation of Privilege Vulnerability (CNVD-2021-101423)

Android is a Linux-based open source operating system developed by Google Inc. and the Open Handheld Alliance OHA for short. an elevation of privilege vulnerability exists in the Kernel component of Google Android, which could be exploited by an attacker to cause a local elevation of privilege...

7.8CVSS4.4AI score0.01047EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/02 12:0 a.m.•31 views

Google Android Framework Elevation of Privilege Vulnerability (CNVD-2021-101445)

Android is a Linux-based open source operating system developed by Google Inc. and the Open Handheld Alliance OHA for short. an elevation of privilege vulnerability exists in the Framework component of Google Android version 12. No detailed vulnerability details are available...

7.8CVSS5AI score0.0012EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/02 12:0 a.m.•31 views

Nvidia vGPU Software code issue vulnerability

Nvidia vGPU Software is a management software for providing GPU functionality to virtual machines from Nvidia, Inc. NVIDIA vGPU software is vulnerable to a code issue that could be exploited by an attacker to dereference NULL pointers and cause a denial of service...

5.5CVSS5.3AI score0.00212EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/01 12:0 a.m.•31 views

GitLab Cross-Site Scripting Vulnerability (CNVD-2021-91184)

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features.GitLab CE/EE is vulnerable to a cross-site scripting vulnerability that could b...

8.7CVSS4.2AI score0.60729EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/27 12:0 a.m.•31 views

Adobe Bridge null pointer dereference vulnerability

Adobe Bridge is a free digital asset management application from Adobe. 11.1.1 and earlier versions of Adobe Bridge are vulnerable to a null pointer dereference vulnerability that could be exploited by attackers to cause a memory leak...

5.5CVSS4AI score0.0131EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/21 12:0 a.m.•31 views

Google Chrome Post-release Reuse Vulnerability (CNVD-2021-84814)

Chrome is a web browsing tool developed by Google.A post-release reuse vulnerability exists in Dev Tools in versions of Google Chrome prior to 95.0.4638.54. An attacker could exploit this vulnerability to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS3.6AI score0.00875EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/20 12:0 a.m.•31 views

Oracle MySQL Server Input Validation Error Vulnerability (CNVD-2021-80261)

A security vulnerability exists in the Server: Optimizer component of Oracle MySQL Server 8.0.25 and earlier versions. An attacker could exploit this vulnerability to perform a denial of service DoS attack...

4.9CVSS4.4AI score0.01655EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/20 12:0 a.m.•31 views

Oracle VM VirtualBox Denial of Service Vulnerability (CNVD-2021-81790)

Oracle VM VirtualBox is a virtual machine management software from Oracle. A denial of service vulnerability exists in the Core component of Oracle VM VirtualBox versions prior to 6.1.28, which can be exploited by an attacker to cause Oracle VM VirtualBox to hang or crash frequently and repeatedl...

5.5CVSS5.8AI score0.00379EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/20 12:0 a.m.•31 views

Oracle Database Server Denial of Service Vulnerability

Oracle Database Server is a relational database management system from Oracle Corporation USA. The database management system provides data management, distributed processing, etc. A denial of service vulnerability exists in the Core RDBMS component of Oracle Database Server versions 12.1.0.2,...

4CVSS3.3AI score0.00813EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2021/10/16 12:0 a.m.•31 views

GoAhead file upload vulnerability

GoAhead is an open source small embedded web server from Embedthis Software, U.S. GoAhead is vulnerable to a file upload vulnerability that stems from incomplete filter processing in the file upload filter. An attacker could exploit this vulnerability to import untrusted environment variables int...

9.8CVSS1.5AI score0.5946EPSS
Exploits2References1
CNVD
CNVD
•added 2021/10/14 12:0 a.m.•31 views

Intel SGX SDK Input Validation Error Vulnerability

The Intel SGX SDK is a software development kit based on SGX Intel Software Security Extensions technology from Intel U.S.A. An input validation error vulnerability exists in the Intel SGX SDK, which was reported by Intel in the Intel Software Protection Extensions SGX Software Development Kit SD...

6.7CVSS2AI score0.0032EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/14 12:0 a.m.•31 views

Microsoft SharePoint Server Spoofing Vulnerability (CNVD-2022-59598)

Microsoft SharePoint is a suite of enterprise business collaboration platforms from Microsoft Corporation USA. Microsoft SharePoint Server is vulnerable to spoofing and no details of the vulnerability are currently available...

7.6CVSS1.5AI score0.01304EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/14 12:0 a.m.•31 views

Redmine Information Disclosure Vulnerability (CNVD-2022-10738)

Redmine is an open source web-based project management and defect tracking tool. The product provides project management, issue tracking, and role-based access control, among other features.A security vulnerability exists in Redmine, which stems from a configuration or other error in the operatio...

5.3CVSS1.7AI score0.01127EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/13 12:0 a.m.•31 views

Microsoft SharePoint Server Information Disclosure Vulnerability (CNVD-2021-82955)

Microsoft Office and Microsoft SharePoint are both products of Microsoft Corporation USA. Microsoft SharePoint is an enterprise business collaboration platform. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and...

5CVSS1AI score0.02209EPSS
Exploits0
CNVD
CNVD
•added 2021/10/13 12:0 a.m.•31 views

MediaWiki Denial of Service Vulnerability (CNVD-2022-05528)

MediaWiki is a free and free-to-use web-based wiki engine from the US-based Wikimedia MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems.MediaWiki has a denial of service vulnerability in versions prior to 1.36.2, which stems from...

7.5CVSS4.4AI score0.01646EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/11 12:0 a.m.•31 views

Zammad Information Disclosure Vulnerability (CNVD-2021-81948)

Zammad is a ticket management software from Zammad, a German company. versions prior to Zammad 4.1.1 have security vulnerabilities that allow attackers to discover application secrets and obtain sensitive information through the API...

4CVSS4.1AI score0.00853EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2021/10/09 12:0 a.m.•31 views

OpenSNS SQL Blind Betting Vulnerability

OpenSNS is a comprehensive social software developed by Thinking Sky. A SQL blind injection vulnerability exists in the cid parameter in /Controller/ChinaCityController.class.php in OpenSNS version 6.1.0. An attacker can exploit this vulnerability to obtain sensitive database information...

9.8CVSS9.6AI score0.01239EPSS
Exploits1References1
CNVD
CNVD
•added 2021/10/08 12:0 a.m.•31 views

FATEK Automation WinProladder Resource Management Error Vulnerability

FATEK Automation WinProladder is a PLC from FATEK Automation in China.FATEK Automation WinProladder is vulnerable to resource management errors, which can be exploited by attackers to execute arbitrary code via malformed project files...

6.8CVSS6.4AI score0.00959EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2021/09/24 12:0 a.m.•31 views

VMware vCenter Server Reverse Proxy Bypass Vulnerability

VMware vCenter Server is a suite of server and virtualization management software from Vmware, Inc. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructures. vCenter Server is vulnerable to a rever...

7.5CVSS4.4AI score0.06334EPSS
Exploits2References1
CNVD
CNVD
•added 2021/09/23 12:0 a.m.•31 views

FFmpeg integer overflow vulnerability (CNVD-2021-80286)

FFmpeg is the FFmpeg team's complete solution for recording, converting, and streaming audio and video. ffmpeg suffers from an integer overflow vulnerability that could be exploited by an attacker to cause a denial of service or other unspecified impact...

8.8CVSS6.4AI score0.01182EPSS
Exploits1References1
CNVD
CNVD
•added 2021/09/22 12:0 a.m.•31 views

Google Chrome Tab Strip code execution vulnerability

Google Chrome is a web browser from Google, Inc. A code execution vulnerability exists in Google Chrome Tab Strip. A remote attacker could use this vulnerability to execute arbitrary code on the system or cause a denial of service condition...

8.8CVSS5.1AI score0.01222EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/22 12:0 a.m.•31 views

Google Chrome Blink graphics security bypass vulnerability

Google Chrome is a web browser from Google, Inc. A security bypass vulnerability exists in Google Chrome Blink graphics. An attacker could exploit this vulnerability to bypass security restrictions...

2.9AI score
Exploits0References1
CNVD
CNVD
•added 2021/09/22 12:0 a.m.•31 views

Google Chrome file system API code execution vulnerability

Google Chrome is a web browser from Google, Inc. A code execution vulnerability exists in the File System API in versions of Google Chrome prior to 94.0.4606.54. A remote attacker could use this vulnerability to execute arbitrary code on the system or cause a denial of service condition...

8.8CVSS6.7AI score0.01349EPSS
Exploits1References1
CNVD
CNVD
•added 2021/09/22 12:0 a.m.•31 views

Google Chrome Task Manager code execution vulnerability

Google Chrome is a web browser from Google, Inc. A code execution vulnerability exists in Google Chrome Task Manager. A remote attacker could use this vulnerability to execute arbitrary code on the system or cause a denial of service condition...

8.8CVSS5.1AI score0.00877EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/15 12:0 a.m.•31 views

Adobe Acrobat/Reader null pointer dereference vulnerability (CNVD-2021-87306)

Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat is a PDF editing software developed by Adobe. Adobe Acrobat/Reader is vulnerable to a null pointer dereference. An attacker can exploit this vulnerability to cause a denial of service...

5.5CVSS3.5AI score0.01881EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/15 12:0 a.m.•31 views

Adobe Acrobat/Reader Stack Buffer Overflow Vulnerability (CNVD-2021-94916)

Adobe Reader also known as Acrobat Reader is a PDF document reader developed by Adobe. Adobe Acrobat is a PDF editor developed by Adobe. Adobe Acrobat/Reader is vulnerable to a stack buffer overflow. An attacker can exploit this vulnerability to execute arbitrary code...

6.1CVSS5.3AI score0.02509EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/15 12:0 a.m.•31 views

Adobe Acrobat/Reader Out-of-Bounds Writing Vulnerability (CNVD-2021-94918)

Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat is a PDF editing software developed by Adobe. Adobe Acrobat/Reader suffers from an out-of-bounds write vulnerability. An attacker can exploit the vulnerability to cause a memory leak...

7.8CVSS5.1AI score0.76055EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/14 12:0 a.m.•31 views

Google Chrome memory out-of-bounds access vulnerability

Chrome is a simple and efficient web browsing tool developed by Google. ANGLE in versions prior to Google Chrome 93.0.4577.82 suffers from a memory out-of-bounds access vulnerability. An attacker could exploit this vulnerability to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS4.4AI score0.0098EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/11 12:0 a.m.•31 views

Delta Electronics DOPSoft 2 Out-of-Bounds Write Vulnerability

Delta Electronics DOPSoft is a set of human-machine interface HMI software from Delta Electronics in Taiwan, China. An out-of-bounds write vulnerability exists in Delta Electronics DOPSoft 2, which can be exploited by an attacker to execute code in the context of the current process...

7.8CVSS7.7AI score0.77892EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/08 12:0 a.m.•31 views

Mozilla Rust Memory Corruption Vulnerability (CNVD-2022-01151)

A security vulnerability in Rust gfwx crate before 0.3.0, a general-purpose, compiled programming language from the Mozilla Foundation, stems from a limitation in ImageChunkMut's lack of sending or synchronization features, and could be exploited by an attacker to cause data contention and memory...

7CVSS2.8AI score0.00344EPSS
Exploits1References1
CNVD
CNVD
•added 2021/09/07 12:0 a.m.•31 views

Tuxera NTFS-3G Buffer Overflow Vulnerability (CNVD-2021-72272)

Tuxera NTFS-3G is Finland's Tuxera company's set of open source , cross-platform for supporting NTFS partition read and write drivers . The Tuxera NTFS-3G buffer overflow vulnerability can be exploited by an attacker to potentially cause a heap buffer overflow, which could lead to a memory leak,...

7.8CVSS8AI score0.00503EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/02 12:0 a.m.•31 views

libssh buffer overflow vulnerability (CNVD-2021-71262)

Libssh is a C development package from the Libssh organization for accessing SSH services, which can execute remote commands, file transfers, and provide a secure transport channel for remote programs. libssh is vulnerable to a buffer overflow vulnerability, which stems from the fact that libssh...

6.5CVSS3.1AI score0.04683EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/01 12:0 a.m.•31 views

Google Chrome TabStrip buffer overflow vulnerability

Google Chrome is a web browser from Google, Inc. A buffer overflow vulnerability exists in Google Chrome TabStrip. The vulnerability is caused by incorrect bounds checking in TabStrip. A remote attacker could exploit the vulnerability to cause a buffer overflow and execute arbitrary code on the...

8.8CVSS3.9AI score0.04456EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/25 12:0 a.m.•31 views

LedgerSMB Cross-Site Scripting Vulnerability (CNVD-2021-101203)

LedgerSMB is a free web-based double-entry bookkeeping system with quoting, ordering, invoicing, projects, time cards, inventory management, shipping, etc. A cross-site scripting vulnerability exists in LedgerSMB, which stems from the application's failure to check the origin of HTML fragments...

9.6CVSS1.4AI score0.03014EPSS
Exploits0References1
Total number of security vulnerabilities5000