131102 matches found
D-Link DIR-2150 Buffer Overflow Vulnerability
D-Link DIR-2150 is a wireless router device from D-Link. D-Link DIR-2150c is vulnerable to a buffer overflow, which can be exploited by attackers to execute code in the root context...
Siemens Simcenter Femap and Parasolid Out-of-Bounds Writing Vulnerability (CNVD-2022-62980)
Parasolid is a 3D geometric modeling tool that supports a variety of techniques, including solid modeling, direct editing, and free-form/sheet modeling.Simcenter Femap is an advanced simulation application for creating, editing, and examining finite element models of complex products or...
LibTIFF Buffer Overflow Vulnerability (CNVD-2022-72097)
LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. The library contains a number of command-line tools for handling TIFF files. libTIFF suffers from a security vulnerability that stems from a stack buffer overflow flaw found in the main function of tiffcp.c. An...
Libraw has an unspecified vulnerability
Libraw is a C library for processing RAW CRW/CR2,NEF,RAF,DNG,andothers format images from Libraw, which supports various operating systems. libraw has a security vulnerability that stems from a memory corruption in the crxFreeSubbandData function when processing cr3 files. No detailed vulnerabili...
SQlite has an unspecified vulnerability (CNVD-2022-62229)
SQLite is a lightweight database that is an ACID-compliant relational database management system. a security vulnerability exists in SQlite version 3.31.1, which stems from a potential null pointer dereference discovered in INTERSEC query processing. No details of the vulnerability are currently...
DedeCMS Cross-Site Scripting Vulnerability (CNVD-2022-62223)
DedeCMS 织梦内容管理系统 is a PHP-based open source content management system CMS from China's Zhuo Zhuo Network Desdev. The system features content publishing, content management, content editing and content retrieval.A security vulnerability exists in DedeCMS version V5.7.97, which was discovered to...
LibTIFF Resource Management Error Vulnerability (CNVD-2022-72099)
LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. The library contains a number of command-line tools for working with TIFF files.A security vulnerability exists in LibTIFF version 4.4.0rc1, which stems from a double-release or corruption found in rotateImage in...
OpenSSL has a denial of service vulnerability
OpenSSL is an open source general-purpose cryptographic library capable of implementing the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. A denial of service vulnerability exists in OpenSSL due to an error in the BNmodsqrt function that calculates the square root of a...
Ingredients Stock Management System SQL Injection Vulnerability
Ingredients Stock Management System is an ingredient stock management system by Carlo Montero. v1.0 of the Ingredients Stock Management System is vulnerable to SQL injection, which originates from the /classes/Master .php?f=deletewaste location has an SQL injection issue with the id parameter. No...
JIZHICMS Cross-site Request Forgery Vulnerability (CNVD-2022-59206)
JIZHICMS 極致网络科技 JIZHICMS is an open source content management system CMS from China JIZHICMS. version v2.3.1 of JIZHICMS has a security vulnerability that stems from the existence of a CSRF vulnerability that can add administrators. No detailed vulnerability details are available at this time...
IBM Workload Scheduler has an unspecified vulnerability
IBM Workload Scheduler is a set of enterprise task scheduling software from IBM Corporation of the United States. The software automates the control of workloads. IBM Workload Scheduler has a security vulnerability. No details of the vulnerability are currently available...
LibTIFF input validation error vulnerability
LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. The library contains a number of command-line tools for working with TIFF files.A security vulnerability in the LibTIFF tiffcrop utility stems from the existence of a faulty input validation flaw that could be...
Vim Resource Management Error Vulnerability (CNVD-2022-68092)
Vim is a cross-platform text editor. versions of Vim prior to 9.0.0213 are vulnerable to a resource management error that stems from post-release reuse. No detailed vulnerability details are currently available...
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-67842)
Microsoft Azure Site Recovery ASR is a DRaaS provided by Azure for cloud and hybrid cloud architectures. Microsoft Azure Site Recovery suffers from an elevation of privilege vulnerability. An attacker could exploit this vulnerability to elevate privileges...
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-84111)
Microsoft Azure Site Recovery is a site recovery DRaaS from Microsoft for cloud and hybrid cloud architectures. Microsoft Azure Site Recovery is vulnerable to an elevation of privilege vulnerability that stems from a program's failure to properly invoke a high-level native procedure. An attacker...
Siemens SCALANCE product has an unspecified vulnerability (CNVD-2022-56474)
SCALANCE M-800, MUM-800 and S615 and RUGGEDCOM RM1224 industrial routers are used for secure remote access to plants over mobile networks e.g. GPRS or UMTS with integrated security features of firewalls to prevent unauthorized access, and VPNs to protect data transmission.SCALANCE SC-600 devices...
Google Android Information Disclosure Vulnerability (CNVD-2022-71980)
Google Android is a Linux-based open source operating system from Google, Inc. Google Android is vulnerable to an information disclosure vulnerability caused by a vulnerability in method PVRSRVBridgePMRPDumpSymbolicAddr. An attacker could use this vulnerability to obtain sensitive information...
Google Android elevation of privilege vulnerability (CNVD-2022-65633)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability. The vulnerability stems from an incorrect programmatic call to an advanced native procedure. An attacker can exploit this vulnerability to execute arbitra...
IBM Robotic Process Automation Information Disclosure Vulnerability (CNVD-2022-56974)
IBM Robotic Process Automation is a robotic process automation product from IBM, Inc. It helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. IBM Robotic Process Automation suffers from an information disclosure vulnerability that stems from...
IBM DataPower Gateway XML External Entity Injection Vulnerability (CNVD-2022-56970)
IBM DataPower Gateway is a set of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interface API, web, service-oriented architecture SOA, B2B, and cloud workloads. The platform protects, integrates, and optimizes access across channe...
Apple iOS and iPadOS Input Validation Error Vulnerability
Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer. An input validation error vulnerability exists in Apple iOS before 15.6 and iPadOS before 15.6, which stems fr...
Oracle WebLogic Server Core Component Input Validation Error Vulnerability
Oracle WebLogic Server is a product of Oracle Corporation. Oracle WebLogic Server is an application services middleware for cloud and traditional environments that provides a modern, lightweight development platform that supports the entire lifecycle management of applications from development to...
Oracle MySQL Server Federated Component Denial of Service Vulnerability
Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Server is one of the database server components, and a denial-of-service vulnerability exists in Oracle MySQL Server. An attacker can use this vulnerability to cause MySQL Server to hang or crash...
Oracle MySQL Server InnoDB Component Denial of Service Vulnerability
Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Server is one of the database server components, and a denial-of-service vulnerability exists in Oracle MySQL 8.0.29 and earlier versions, which stems from the presence of The vulnerability is caus...
Apache SkyWalking Denial of Service Vulnerability
Apache SkyWalking is an application performance monitor from the Apache Foundation that is primarily used in environments such as microservices, cloud-native and container-based. A denial of service vulnerability exists in Apache SkyWalking NodeJS Agent prior to version 0.5.1, which stems from an...
Pexip Infinity Input Validation Error Vulnerability (CNVD-2022-54743)
Pexip Infinity Pexip Video Conferencing Cloud Collaboration Platform is a video conferencing cloud collaboration platform from the Norwegian company Pexip. Pexip Infinity is vulnerable to an input validation error that could be exploited by attackers to trigger a software abort, resulting in a...
Adobe InDesign Buffer Overflow Vulnerability (CNVD-2022-55646)
Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. Adobe InDesign suffers from a buffer overflow vulnerability that stems from a lack of proper validation of user-supplied data, which can be exploited by an attacker to cause a read to exceed the en...
WordPress plugin WP User Manager Information Disclosure Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...
H3C SSL VPN Cross-Site Scripting Vulnerability
H3C SSL VPN is a secure session layer VPN from China's Xinhua San H3C. A cross-site scripting vulnerability exists in H3C SSL VPN 2022-07-10 and prior versions, which can be exploited by remote attackers to allow wnm/login/login.json svpnlang cross-site scripting attacks...
Projectworlds Online Hotel Booking System SQL Injection Vulnerability (CNVD-2022-58410)
Projectworlds Online Hotel Booking System is a hotel online booking system from Projectworlds. A SQL injection vulnerability exists in Projectworlds Online Hotel Booking System version 1.0. The vulnerability stems from a lack of validation of the roomname parameter against an externally entered S...
HUAWEI HarmonyOS Denial of Service Vulnerability (CNVD-2022-53576)
HUAWEI HarmonyOS is an operating system from the Chinese company Huawei HUAWEI. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in the HUAWEI HarmonyOS AI business component, which stems from hiaiserver not doing strict legitimacy...
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-56593)
Microsoft Azure Site Recovery is a site recovery DRaaS from Microsoft Corporation USA. Microsoft Azure Site Recovery has an elevation of privilege vulnerability, and no details of the vulnerability are available...
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-57200)
Microsoft Azure Site Recovery is a site recovery DRaaS from the U.S. company Microsoft for cloud and hybrid cloud architectures. Microsoft Azure Site Recovery has an elevation of privilege vulnerability that could be exploited by an attacker to gain elevated privileges on the system...
WordPress plugin User Login Log cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
Google Android Information Disclosure Vulnerability (CNVD-2022-61748)
Google Android is a Linux-based open source operating system from Google, Inc. Google Android is vulnerable to an information disclosure vulnerability caused by a lack of The vulnerability is caused by a lack of permission checking in the getSubscriptionProperty of SubscriptionController.java. An...
Huawei HarmonyOS null pointer vulnerability
Huawei HarmonyOS is an operating system from Huawei, a Chinese company that provides a microkernel-based, distributed operating system. Huawei HarmonyOS contains a security vulnerability that could be exploited by attackers to compromise device availability...
Multiple MediaTek Chip WLAN Driver Input Validation Error Vulnerability
MediaTek Inc. is the world's fourth largest fab-based semiconductor company and a leader in the markets of mobile terminals, smart home applications, wireless connectivity and Internet of Things IoT products, with approximately 1.5 billion units of end products with built-in MediaTek chips hittin...
WordPress Ninja Forms Contact Form plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
Cybozu Garoon Input Validation Error Vulnerability (CNVD-2022-69531)
Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, E-mail, bookmark, scheduler, bulletin board, document management, etc. An input validation error vulnerability exists in the Space component of Cybozu Garoon versions 4.0.0 to 5.5.1. An authenticated...
Vim Resource Management Error Vulnerability (CNVD-2022-68093)
Vim is a cross-platform text editor. versions prior to Vim 9.0 are vulnerable to a resource management error that stems from the existence of post-release reuse. An attacker could exploit the vulnerability to potentially cause program crashes, arbitrary code execution, etc...
TOTOLINK T6 FUN_00413f80 Function Stack Overflow Vulnerability
TOTOLINK T6 is a wireless dual-band router from China Gion Electronics TOTOLINK. version V4.1.9cu.5179B20201015 of TOTOLINK T6 suffers from a buffer overflow vulnerability, which stems from the password parameter in the FUN00413f80 function not checking its length for input data. A remote attacke...
Wordpress Plugin swfupload object injection vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. Wordpress Plugin swfupload...
Jenkins Plugin GitLab Cross-Site Scripting Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exis...
TrueConf Server Cross-Site Scripting Vulnerability (CNVD-2022-53542)
TrueConf Server is a self-hosted and secure video collaboration platform from the Russian company TrueConf. version 4.3.7 of TrueConf Server is vulnerable to a cross-site scripting vulnerability that originates from unknown code in the file /admin/conferences/get-all-status/, with the parameter...
Huawei MindSpore Community numeric error vulnerability
Huawei MindSpore Community is an open source deep learning framework from Huawei China.A numerical error vulnerability exists in versions prior to Huawei MindSpore Community 1.3.0, which stems from the fact that when performing the initialization operation of the Split operator, if a dimension in...
Library Management System File Upload Vulnerability
Library Management System is a library management system with QR code attendance and automatic library card generation. version 1.0 of Library Management System is vulnerable to file uploads due to a lack of validation of uploaded files in the parameter image in the file /card/index.php. The...
Schneider Electric Geo SCADA Mobile Information Disclosure Vulnerability
Schneider Electric Geo SCADA Mobile is a mobile extension from Schneider Electric, a French company. It provides real-time remote access to critical SCADA data, allowing system users to monitor performance while "on the go," increasing employee productivity and improving overall system performanc...
GLPI SQL Injection Vulnerability (CNVD-2022-58234)
GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, telephones, and even toner...
WordPress Icegram plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. icegram is a subscription plugin used in it. WordPress plugin is an...
Vim Denial of Service Vulnerability (CNVD-2022-60677)
Vim is a cross-platform text editor. a denial-of-service vulnerability exists in versions of Vim prior to 8.2, which stems from the presence of a NULL pointer dereference in the program. An attacker could exploit this vulnerability to cause a denial of service attack...