131102 matches found
Google Android Information Disclosure Vulnerability (CNVD-2023-84090)
Google Android is a Linux-based open source operating system from Google. Google Android has an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...
Apache Airflow Information Disclosure Vulnerability (CNVD-2023-85609)
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow versions 2.4.0 to 2.7.0 information leakage vulnerability , the...
Apache Airflow Authorization Problem Vulnerability (CNVD-2023-80561)
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow suffers from an authorization issue vulnerability that stems from...
Microsoft Windows Layer 2 Tunneling Protocol Remote Code Execution Vulnerability (CNVD-2023-81878)
Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. A remote code execution vulnerability exists in the Microsoft Windows Layer 2 Tunneling Protocol, which can be exploited by an attacker to remotely execute code...
Microsoft Message Queuing Remote Code Execution Vulnerability
Microsoft Message Queuing is the solution for implementing asynchronous and synchronous scenarios that require high performance. A remote code execution vulnerability exists in Microsoft Message Queuing, which could be exploited by an attacker to execute arbitrary code on a system...
Arbitrary Code Execution Vulnerability in Various Apple Products (CNVD-2023-68416)
iOS is a mobile operating system developed by Apple. iPadOS is a family of mobile operating systems developed by Apple based on iOS. watchOS is the operating system for Apple Watch. Arbitrary code execution vulnerability exists in several Apple products, which can be exploited by an attacker to...
Microsoft Edge Elevation of Privilege Vulnerability (CNVD-2023-76760)
Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain elevated privileges on the system...
Google Chrome Input Validation Error Vulnerability (CNVD-2023-64445)
Google Chrome is a web browser from Google, an American company. An input validation error vulnerability exists in versions of Google Chrome prior to 106.0.5249.62, which stems from insufficient DevTools data validation. A remote attacker can exploit this vulnerability by sending a malicious HTTP...
Google Chrome Input Validation Error Vulnerability (CNVD-2023-65155)
Google Chrome is a web browser from Google, an American company. An input validation error vulnerability exists in Google Chrome prior to version 116.0.5845.96, which stems from insufficient input validation in XML, and can be exploited by remote attackers to bypass file access restrictions via a...
Microsoft Office Visio Remote Code Execution Vulnerability (CNVD-2023-85901)
Microsoft Office Visio is responsible for drawing flowcharts and schematic diagrams in the Office software series of the American Microsoft Microsoft company. A remote code execution vulnerability exists in Microsoft Office Visio, which can be exploited by an attacker to execute arbitrary code on...
Cisco AsyncOS Input Validation Error Vulnerability
Cisco AsyncOS is a product of Cisco, Inc.Cisco AsyncOS is an operating system for Cisco devices. An input validation error vulnerability exists in Cisco AsyncOS that stems from improper detection of malicious traffic when the traffic is encoded in a specific content format, which can be exploited...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2023-65506)
Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which can be exploited by attackers to cause unauthorized MySQL server hangs or frequent and repeated crashes full DOS...
Siemens RUGGEDCOM ROX cross-site scripting vulnerability (CNVD-2023-55710)
RUGGEDCOM products offer a degree of robustness and reliability that sets the standard for communication networks deployed in harsh environments. A cross-site scripting vulnerability exists in Siemens RUGGEDCOM ROX, which can be exploited by attackers to execute malicious javascript code by...
Authentication Bypass Vulnerability in DSL-224 Version 3.0.10 of AUO Electronic Devices (Shanghai) Co.
AUO Electronic Devices Shanghai Co. DSL-224 is a wireless router from China's AUO D-Link. An authentication bypass vulnerability exists in the AUO DSL-224 version 3.0.10, which stems from an improper restriction of too many authentication attempts. An attacker could exploit the vulnerability to...
Apache Fineract Server Request Forgery Vulnerability
Apache Fineract is an open source system for platformizing core banking systems. A reliable, robust and affordable financial services solution for entrepreneurs, financial institutions and service providers. A server-side request forgery vulnerability exists in Apache Fineract versions 1.4 throug...
Adobe Dimension Out-of-Bounds Read Vulnerability (CNVD-2023-21656)
Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. Adobe Dimension suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context of the current user...
Apache Dubbo code issue vulnerability (CNVD-2023-23551)
Apache Dubbo is a lightweight Java-based RPC remote procedure call framework from the Apache Foundation in the United States. The product provides interface-based remote calling, fault tolerance and load balancing, and automatic service registration and discovery.A security vulnerability exists i...
Dell PowerPath Management Appliance Command Injection Vulnerability
The Dell PowerPath Management Appliance is a PowerPath host management application from Dell Inc. that offers two models: a virtual machine-based appliance and a Docker containerized appliance. A command injection vulnerability exists in Dell PowerPath Management Appliance versions 3.3, 3.2, 3.1,...
Siemens Tecnomatix Plant Simulation Out-of-Bounds Write Vulnerability (CNVD-2023-10617)
Siemens Tecnomatix Plant Simulation is an object-oriented, graphical, integrated modeling and simulation tool. An out-of-bounds write vulnerability exists in Siemens Tecnomatix Plant Simulation due to an affected application containing an out-of-bounds write beyond the end of the allocated buffer...
LS ELECTRIC XBC-DN32U Access Control Error Vulnerability
LS ELECTRIC XBC-DN32U is a PLC programmable logic controller from LS ELECTRIC Korea. LS ELECTRIC XBC-DN32U version 01.80 is vulnerable to an access control error, which could be exploited to remotely set the function to lock out the user from reading data from the device...
Dell EMC Unity Encryption Issue Vulnerability
Dell EMC Unity is a unified storage array product from Dell, a U.S. company. versions prior to Dell EMC Unity 5.2.0.0.5.173 have an encryption issue vulnerability that stems from the use of corrupted encryption algorithms, which can be exploited by a remote, unauthenticated attacker to obtain...
Apache Sling JNDI Injection Vulnerability
Apache Sling is the United States Apache Apache Foundation of a Java platform for open source Web framework. Designed to meet the JSR-170 content repository such as Apache Jackrabbit to create content-centric applications. Apache Sling JCR Base versions prior to 3.1.12 JNDI injection vulnerabilit...
Microsoft Office Information Disclosure Vulnerability (CNVD-2023-18285)
Microsoft Office is a suite of office software developed by Microsoft Corporation based on the Windows operating system.Microsoft Office suffers from an information disclosure vulnerability. An attacker can exploit the vulnerability to execute arbitrary code by combining it with other...
Google Android elevation of privilege vulnerability (CNVD-2023-12020)
Google Android is a Linux-based open source operating system from Google. An elevation of privilege vulnerability exists in the enforceVisualVoicemailPackage of PhoneInterfaceManager.java in Google Android version 13.0, which stems from a privilege bypass issue. An attacker can exploit the...
IBM Infosphere Information Server Cross-Site Scripting Vulnerability (CNVD-2023-08069)
IBM InfoSphere Information Server is a data integration platform from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Infosphere Information Server version 11.7, which stems from the presence of cross-site scripting that could be exploited by an attacker to...
F5 F5OS command injection vulnerability
F5 F5OS-A and F5 F5OS-C are both products of F5 Inc. F5 F5OS-A is an operating system software. f5 F5OS-C is an operating system software on VELOS hardware. f5 F5OS has a command injection vulnerability that can be exploited by attackers to trick administrators into uploading a file with a specia...
Siretta QUARTZ-GOLD OS Command Injection Vulnerability (CNVD-2023-17093)
Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta.The Siretta QUARTZ-GOLD is vulnerable to an operating system command injection vulnerability that could be exploited by an attacker to cause arbitrary command execution by sending a crafted network reque...
Siretta QUARTZ-GOLD OS Command Injection Vulnerability (CNVD-2023-17084)
Siretta QUARTZ-GOLD is a high-speed dual-port Gigabit Ethernet industrial router from Siretta.The Siretta QUARTZ-GOLD is vulnerable to OS command injection, which can be exploited by attackers to cause arbitrary commands to be executed by sending crafted HTTP requests...
Microsoft Office Visio Information Disclosure Vulnerability
Microsoft Office Visio is responsible for drawing flowcharts and schematic diagrams in the Office software series of the American Microsoft Microsoft company. An information disclosure vulnerability exists in Microsoft Office Visio. An attacker can exploit this vulnerability to obtain sensitive...
SAP Host Agent Access Control Error Vulnerability
SAP Host Agent is a set of agent programs from SAP that supports a number of lifecycle management tasks such as operating system monitoring, database monitoring and system instance monitoring. An Access Control Error vulnerability exists in SAP Host Agent versions 7.21 and 7.22, which arises from...
SAP BusinessObjects Analysis (Edition For Olap) Code Injection Vulnerability
SAP BusinessObjects Analysis Edition For Olap is a query and analysis tool from SAP, a German company used to analyze an organization's multidimensional data. A code injection vulnerability exists in SAP BusinessObjects Analysis Edition For Olap, which stems from the failure of a network system o...
Microsoft 3D Builder Remote Code Execution Vulnerability (CNVD-2023-04327)
Microsoft 3D Builder, a tool for creating models and 3D printing from Microsoft USA, has a security vulnerability. No details of the vulnerability are currently available...
Tenda A15 security_5g parameter stack overflow vulnerability
Tenda A15 is a WiFi extender from Tenda, a Chinese company. A stack overflow vulnerability exists in the Tenda A15 security5g parameter, which originates from a lack of length checking of input data in the security5g parameter of /goform/WifiBasicSet, which can be exploited by an attacker to...
Tenda A15 wrlPwd parameter stack overflow vulnerability
Tenda A15 is a WiFi extender from Tenda China. A stack overflow vulnerability exists in the Tenda A15 wrlPwd parameter, which is caused by incorrect boundary checking performed by /goform/WifiBasicSet. By sending an excessively long string using the wrlPwd parameter, a remote attacker could explo...
Google Chrome Security Special Issue Vulnerability
Google Chrome is a web browser from Google, an American company. A vulnerability exists in Google Chrome prior to version 91.0.4472.77 due to a security specialization issue that stems from insufficient enforcement of content security policies. An attacker could exploit this vulnerability to bypa...
Tenda i22 Buffer Overflow Vulnerability
The Tenda i22 is a wireless access point from Tenda China. A buffer overflow vulnerability exists in the Tenda i22 /goform/setcfm, which can be exploited by a remote attacker to submit a special request that can execute arbitrary code in the system context or crash the application...
OpenImageIO Out-of-Bounds Write Vulnerability
OpenImageIO is an image read/write library, along with a number of tools and applications. OpenImageIO suffers from an out-of-bounds write vulnerability, which is caused by an out-of-bounds write flaw in the OpenImageIO::addexixitemtospec function. An attacker could use this vulnerability to...
Adobe Illustrator out-of-bounds read vulnerability (CNVD-2023-07316)
Adobe Illustrator is a vector-based image creation software from Adobe. Adobe Illustrator has an out-of-bounds read vulnerability that can be exploited by attackers to bypass mitigation measures such as ASLR and cause sensitive memory leaks...
Microsoft Office Graphics remote code execution vulnerability (CNVD-2022-89427)
Microsoft Graphics Component is a graphics driver component of Microsoft Corporation USA.A remote code execution vulnerability exists in Microsoft Office Graphics. An attacker could exploit this vulnerability to execute code on the target host...
Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2023-15825)
Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications and forms. The solution supports mobile content management, marketing and sales campaign management, and multi-site management, etc. A cross-site scripting vulnerabilit...
Google Android elevation of privilege vulnerability (CNVD-2023-04551)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to a logic error in the getBackgroundRestrictionExceptionReason code of AppRestrictionController.java, which can be exploited by an attacker to elevate...
Tenda i22 formWifiMacFilterGet function buffer overflow vulnerability
Tenda i22 is a wireless access point from Tenda, China. Tenda i22 is vulnerable to a buffer overflow vulnerability, which stems from a lack of length validation of input data in the index parameter of the formWifiMacFilterGet function. An attacker could exploit this vulnerability to cause a denia...
GNU Emacs Command Injection Vulnerability
GNU Emacs is a family of text editors from the GNU community in the U.S. A command injection vulnerability exists in GNU Emacs version 28.2 and earlier, which stems from lib-src/etags.c's use of system C library functions when implementing the ctags program. An attacker could exploit the...
Discourse Information Disclosure Vulnerability
Discourse is an open source community discussion platform. The platform includes community, email, and chat room features.An information disclosure vulnerability exists in versions of Discourse prior to 2.8.13, prior to 2.9.0.beta14, and prior to 2.9.0.tests-passed beta14. The vulnerability stems...
Discourse Information Disclosure Vulnerability (CNVD-2022-85501)
Discourse is an open source community discussion platform. The platform includes features such as community, email and chat rooms. An information disclosure vulnerability exists in Discourse versions 2.8.1 and earlier, and 2.9.0.beta.13 and earlier. An attacker can exploit this vulnerability to...
Google Chrome Security Bypass Vulnerability (CNVD-2023-08409)
Google Chrome is a web browser from Google, Inc. A security bypass vulnerability exists in Google Chrome, which stems from insufficient policy enforcement in the pop-up blocker. An attacker could exploit this vulnerability to bypass security restrictions...
D-Link DIR-878 Access Control Error Vulnerability
D-Link DIR-878 is a wireless router from D-Link China.The D-Link DIR-878 firmware version 1.02B05 contains an access control error vulnerability, which stems from the existence of incorrect access control. An attacker could use this vulnerability to log in with a blank password...
ChurchInfo Arbitrary File Upload Vulnerability
ChurchInfo is a free church database program from the ChurchInfo team that helps churches track members, families, groups, pledges, and payments. An arbitrary file upload vulnerability exists in ChurchInfo versions 1.2.13 and later, 1.3.0 and earlier. The vulnerability stems from the application'...
WBCE CMS Section Header Field Cross-Site Scripting Vulnerability
WBCE CMS is an open source content management system CMS based on PHP and MySQL. A cross-site scripting vulnerability exists in WBCE CMS v1.5.4 and its previous versions, which stems from the lack of effective filtering and escaping of user-supplied data in the Section Header field of the Show...
Google TensorFlow has an unspecified vulnerability (CNVD-2022-81226)
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A security vulnerability exists in Google TensorFlow, which stems from an error that can be raised if a numpy array is created with the shape of one element being zero and the sum of the other elements...