131102 matches found
Google Chrome Input Validation Error Vulnerability (CNVD-2023-65155)
Google Chrome is a web browser from Google, an American company. An input validation error vulnerability exists in Google Chrome prior to version 116.0.5845.96, which stems from insufficient input validation in XML, and can be exploited by remote attackers to bypass file access restrictions via a...
Microsoft Office Visio Remote Code Execution Vulnerability (CNVD-2023-85901)
Microsoft Office Visio is responsible for drawing flowcharts and schematic diagrams in the Office software series of the American Microsoft Microsoft company. A remote code execution vulnerability exists in Microsoft Office Visio, which can be exploited by an attacker to execute arbitrary code on...
Cisco AsyncOS Input Validation Error Vulnerability
Cisco AsyncOS is a product of Cisco, Inc.Cisco AsyncOS is an operating system for Cisco devices. An input validation error vulnerability exists in Cisco AsyncOS that stems from improper detection of malicious traffic when the traffic is encoded in a specific content format, which can be exploited...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2023-65506)
Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which can be exploited by attackers to cause unauthorized MySQL server hangs or frequent and repeated crashes full DOS...
Siemens RUGGEDCOM ROX cross-site scripting vulnerability (CNVD-2023-55710)
RUGGEDCOM products offer a degree of robustness and reliability that sets the standard for communication networks deployed in harsh environments. A cross-site scripting vulnerability exists in Siemens RUGGEDCOM ROX, which can be exploited by attackers to execute malicious javascript code by...
Authentication Bypass Vulnerability in DSL-224 Version 3.0.10 of AUO Electronic Devices (Shanghai) Co.
AUO Electronic Devices Shanghai Co. DSL-224 is a wireless router from China's AUO D-Link. An authentication bypass vulnerability exists in the AUO DSL-224 version 3.0.10, which stems from an improper restriction of too many authentication attempts. An attacker could exploit the vulnerability to...
Microsoft Windows DNS Remote Code Execution Vulnerability (CNVD-2023-44304)
Microsoft Windows DNS is a domain name resolution service from Microsoft. The Domain Name System DNS is one of the industry-standard suite of protocols that encompasses TCP/IP, and DNS clients and DNS servers work together to provide name resolution services for computers and users that map...
Apache Fineract Server Request Forgery Vulnerability
Apache Fineract is an open source system for platformizing core banking systems. A reliable, robust and affordable financial services solution for entrepreneurs, financial institutions and service providers. A server-side request forgery vulnerability exists in Apache Fineract versions 1.4 throug...
Adobe Dimension Out-of-Bounds Read Vulnerability (CNVD-2023-21656)
Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. Adobe Dimension suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context of the current user...
Apache Dubbo code issue vulnerability (CNVD-2023-23551)
Apache Dubbo is a lightweight Java-based RPC remote procedure call framework from the Apache Foundation in the United States. The product provides interface-based remote calling, fault tolerance and load balancing, and automatic service registration and discovery.A security vulnerability exists i...
Dell PowerPath Management Appliance Command Injection Vulnerability
The Dell PowerPath Management Appliance is a PowerPath host management application from Dell Inc. that offers two models: a virtual machine-based appliance and a Docker containerized appliance. A command injection vulnerability exists in Dell PowerPath Management Appliance versions 3.3, 3.2, 3.1,...
Siemens Tecnomatix Plant Simulation Out-of-Bounds Write Vulnerability (CNVD-2023-10617)
Siemens Tecnomatix Plant Simulation is an object-oriented, graphical, integrated modeling and simulation tool. An out-of-bounds write vulnerability exists in Siemens Tecnomatix Plant Simulation due to an affected application containing an out-of-bounds write beyond the end of the allocated buffer...
LS ELECTRIC XBC-DN32U Access Control Error Vulnerability
LS ELECTRIC XBC-DN32U is a PLC programmable logic controller from LS ELECTRIC Korea. LS ELECTRIC XBC-DN32U version 01.80 is vulnerable to an access control error, which could be exploited to remotely set the function to lock out the user from reading data from the device...
Dell EMC Unity Encryption Issue Vulnerability
Dell EMC Unity is a unified storage array product from Dell, a U.S. company. versions prior to Dell EMC Unity 5.2.0.0.5.173 have an encryption issue vulnerability that stems from the use of corrupted encryption algorithms, which can be exploited by a remote, unauthenticated attacker to obtain...
Apache Sling JNDI Injection Vulnerability
Apache Sling is the United States Apache Apache Foundation of a Java platform for open source Web framework. Designed to meet the JSR-170 content repository such as Apache Jackrabbit to create content-centric applications. Apache Sling JCR Base versions prior to 3.1.12 JNDI injection vulnerabilit...
Microsoft Office Information Disclosure Vulnerability (CNVD-2023-18285)
Microsoft Office is a suite of office software developed by Microsoft Corporation based on the Windows operating system.Microsoft Office suffers from an information disclosure vulnerability. An attacker can exploit the vulnerability to execute arbitrary code by combining it with other...
Google Android elevation of privilege vulnerability (CNVD-2023-12020)
Google Android is a Linux-based open source operating system from Google. An elevation of privilege vulnerability exists in the enforceVisualVoicemailPackage of PhoneInterfaceManager.java in Google Android version 13.0, which stems from a privilege bypass issue. An attacker can exploit the...
F5 F5OS command injection vulnerability
F5 F5OS-A and F5 F5OS-C are both products of F5 Inc. F5 F5OS-A is an operating system software. f5 F5OS-C is an operating system software on VELOS hardware. f5 F5OS has a command injection vulnerability that can be exploited by attackers to trick administrators into uploading a file with a specia...
Siretta QUARTZ-GOLD OS Command Injection Vulnerability (CNVD-2023-17093)
Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta.The Siretta QUARTZ-GOLD is vulnerable to an operating system command injection vulnerability that could be exploited by an attacker to cause arbitrary command execution by sending a crafted network reque...
Siretta QUARTZ-GOLD OS Command Injection Vulnerability (CNVD-2023-17084)
Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta.The Siretta QUARTZ-GOLD is vulnerable to OS command injection, which can be exploited by attackers to cause arbitrary commands to be executed by sending crafted HTTP requests...
Microsoft Office Visio Information Disclosure Vulnerability
Microsoft Office Visio is responsible for drawing flowcharts and schematic diagrams in the Office software series of the American Microsoft Microsoft company. An information disclosure vulnerability exists in Microsoft Office Visio. An attacker can exploit this vulnerability to obtain sensitive...
SAP Host Agent Access Control Error Vulnerability
SAP Host Agent is a set of agent programs from SAP that supports a number of lifecycle management tasks such as operating system monitoring, database monitoring and system instance monitoring. An Access Control Error vulnerability exists in SAP Host Agent versions 7.21 and 7.22, which arises from...
SAP BusinessObjects Analysis (Edition For Olap) Code Injection Vulnerability
SAP BusinessObjects Analysis Edition For Olap is a query and analysis tool from SAP, a German company used to analyze an organization's multidimensional data. A code injection vulnerability exists in SAP BusinessObjects Analysis Edition For Olap, which stems from the failure of a network system o...
Microsoft 3D Builder Remote Code Execution Vulnerability (CNVD-2023-04327)
Microsoft 3D Builder, a tool for creating models and 3D printing from Microsoft USA, has a security vulnerability. No details of the vulnerability are currently available...
Tenda A15 security_5g parameter stack overflow vulnerability
Tenda A15 is a WiFi extender from Tenda, a Chinese company. A stack overflow vulnerability exists in the Tenda A15 security5g parameter, which originates from a lack of length checking of input data in the security5g parameter of /goform/WifiBasicSet, which can be exploited by an attacker to...
Tenda A15 wrlPwd parameter stack overflow vulnerability
Tenda A15 is a WiFi extender from Tenda China. A stack overflow vulnerability exists in the Tenda A15 wrlPwd parameter, which is caused by incorrect boundary checking performed by /goform/WifiBasicSet. By sending an excessively long string using the wrlPwd parameter, a remote attacker could explo...
Google Chrome Security Special Issue Vulnerability
Google Chrome is a web browser from Google, an American company. A vulnerability exists in Google Chrome prior to version 91.0.4472.77 due to a security specialization issue that stems from insufficient enforcement of content security policies. An attacker could exploit this vulnerability to bypa...
Tenda i22 Buffer Overflow Vulnerability
The Tenda i22 is a wireless access point from Tenda China. A buffer overflow vulnerability exists in the Tenda i22 /goform/setcfm, which can be exploited by a remote attacker to submit a special request that can execute arbitrary code in the system context or crash the application...
OpenImageIO Out-of-Bounds Write Vulnerability
OpenImageIO is an image read/write library, along with a number of tools and applications. OpenImageIO suffers from an out-of-bounds write vulnerability, which is caused by an out-of-bounds write flaw in the OpenImageIO::addexixitemtospec function. An attacker could use this vulnerability to...
Adobe Illustrator out-of-bounds read vulnerability (CNVD-2023-07316)
Adobe Illustrator is a vector-based image creation software from Adobe. Adobe Illustrator has an out-of-bounds read vulnerability that can be exploited by attackers to bypass mitigation measures such as ASLR and cause sensitive memory leaks...
Microsoft Office Graphics remote code execution vulnerability (CNVD-2022-89427)
Microsoft Graphics Component is a graphics driver component of Microsoft Corporation USA.A remote code execution vulnerability exists in Microsoft Office Graphics. An attacker could exploit this vulnerability to execute code on the target host...
Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2023-15825)
Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications and forms. The solution supports mobile content management, marketing and sales campaign management, and multi-site management, etc. A cross-site scripting vulnerabilit...
Google Android elevation of privilege vulnerability (CNVD-2023-04551)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to a logic error in the getBackgroundRestrictionExceptionReason code of AppRestrictionController.java, which can be exploited by an attacker to elevate...
IBM WebSphere MQ Denial of Service Vulnerability (CNVD-2022-87643)
IBM WebSphere MQ is a system from International Business Machines IBM, Inc. A denial-of-service vulnerability exists in IBM WebSphere MQ version 7.1. A remote attacker could use this vulnerability to bypass security configuration settings and cause a denial of service...
GNU Emacs Command Injection Vulnerability
GNU Emacs is a family of text editors from the GNU community in the U.S. A command injection vulnerability exists in GNU Emacs version 28.2 and earlier, which stems from lib-src/etags.c's use of system C library functions when implementing the ctags program. An attacker could exploit the...
Discourse Information Disclosure Vulnerability
Discourse is an open source community discussion platform. The platform includes community, email, and chat room features.An information disclosure vulnerability exists in versions of Discourse prior to 2.8.13, prior to 2.9.0.beta14, and prior to 2.9.0.tests-passed beta14. The vulnerability stems...
Discourse Information Disclosure Vulnerability (CNVD-2022-85501)
Discourse is an open source community discussion platform. The platform includes features such as community, email and chat rooms. An information disclosure vulnerability exists in Discourse versions 2.8.1 and earlier, and 2.9.0.beta.13 and earlier. An attacker can exploit this vulnerability to...
Google Chrome Security Bypass Vulnerability (CNVD-2023-08409)
Google Chrome is a web browser from Google, Inc. A security bypass vulnerability exists in Google Chrome, which stems from insufficient policy enforcement in the pop-up blocker. An attacker could exploit this vulnerability to bypass security restrictions...
D-Link DIR-878 Access Control Error Vulnerability
D-Link DIR-878 is a wireless router from D-Link China.The D-Link DIR-878 firmware version 1.02B05 contains an access control error vulnerability, which stems from the existence of incorrect access control. An attacker could use this vulnerability to log in with a blank password...
Google TensorFlow Input Validation Error Vulnerability (CNVD-2023-15781)
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. Google TensorFlow is vulnerable to an input validation error that could be exploited by attackers to crash the program...
ChurchInfo Arbitrary File Upload Vulnerability
ChurchInfo is a free church database program from the ChurchInfo team that helps churches track members, families, groups, pledges, and payments. An arbitrary file upload vulnerability exists in ChurchInfo versions 1.2.13 and later, 1.3.0 and earlier. The vulnerability stems from the application'...
Google TensorFlow has an unspecified vulnerability (CNVD-2022-81226)
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A security vulnerability exists in Google TensorFlow, which stems from an error that can be raised if a numpy array is created with the shape of one element being zero and the sum of the other elements...
WBCE CMS Section Header Field Cross-Site Scripting Vulnerability
WBCE CMS is an open source content management system CMS based on PHP and MySQL. A cross-site scripting vulnerability exists in WBCE CMS v1.5.4 and its previous versions, which stems from the lack of effective filtering and escaping of user-supplied data in the Section Header field of the Show...
Siemens syngo Dynamics has an unspecified vulnerability
Siemens syngo Dynamics is a cardiovascular imaging and information solution from Siemens, a German company designed to be a centralized digital hub for complete cardiovascular services. Designed to be a centralized digital hub for complete cardiovascular services, Siemens syngo Dynamics suffers...
Intel Advanced Link Analyzer Elevation of Privilege Vulnerability
Intel Advanced Link Analyzer is an advanced link analyzer from Intel Corporation USA. Intel Advanced Link Analyzer Pro versions prior to 22.2 and Standard edition prior to 22.1.1 are vulnerable to elevation of privilege, which can be exploited by attackers to perform local elevation of privilege...
Siemens JT2Go and Teamcenter Visualization Buffer Overflow Vulnerability
JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML, and available JT, VFZ, CGM, and TIF data. teamcenter Visualization enables companies to enhance their product lifecycle management PLM environments with a comprehensive family of visualization solutions. The...
IBM MQ Input Validation Error Vulnerability (CNVD-2023-08771)
IBM MQ IBM WebSphere MQ is a messaging middleware product from International Business Machines IBM, Inc. The product provides a reliable, authenticated messaging backbone primarily for service-oriented architectures SOA.IBM MQ has an input validation error vulnerability that could be exploited by...
D-Link DIR-823G Command Injection Vulnerability (CNVD-2023-21667)
D-Link DIR-823G is a wireless router from D-Link China.D-Link DIR-823G v1.0.2 is vulnerable to command injection, which can be exploited by attackers to execute arbitrary commands via specially crafted packets...
Apache Dubbo Hession Deserialization Vulnerability
Apache Dubbo is a microservice development framework that provides two key capabilities for RPC communication and microservice governance.Apache Dubbo Hession is vulnerable to deserialization, which can be exploited by attackers to execute arbitrary code on the target server...
Google Pixel has unspecified vulnerabilities
Google Pixel is a smartphone from the U.S. company Google Google. Google Pixel has a security vulnerability that stems from a use-after-release flaw in the dllistremovenode in TBD caused by a competing condition, which can be exploited by local attackers to escalate privileges...