131102 matches found
Linux kernel memory misreference vulnerability
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A memory misreference vulnerability exists in Linux kernel 6.0.9 and prior versions. An attacker can exploit the vulnerability to launch a denial of service attack or execute...
D-Link DIR-878 Access Control Error Vulnerability
D-Link DIR-878 is a wireless router from D-Link China.The D-Link DIR-878 firmware version 1.02B05 contains an access control error vulnerability, which stems from the existence of incorrect access control. An attacker could use this vulnerability to log in with a blank password...
ZTE MF286R Buffer Overflow Vulnerability
The ZTE MF286R is a wireless router from ZTE Corporation China.A buffer overflow vulnerability previously existed in the ZTE MF286R mf286rb07 version, which stems from the lack of input validation of the wifi interface parameters and can be exploited by attackers to conduct denial of service...
D-Link DIR-882 sub_46D180 function buffer overflow vulnerability
D-Link DIR-882 is a wireless router from D-Link, China. D-Link DIR-882 firmware versions 1.10B02 and 1.20B06 contain a buffer overflow vulnerability that stems from the lack of length validation of input data in the sub46D180 function wanwanphyifname parameter, which could be exploited by an...
ChurchInfo Arbitrary File Upload Vulnerability
ChurchInfo is a free church database program from the ChurchInfo team that helps churches track members, families, groups, pledges, and payments. An arbitrary file upload vulnerability exists in ChurchInfo versions 1.2.13 and later, 1.3.0 and earlier. The vulnerability stems from the application'...
Bouncy Castle BC Code Issue Vulnerability
Bouncy Castle BC is a cryptographic library for C and Java applications organized by Bouncy Castle. A code issue vulnerability exists in Bouncy Castle BC-FJA versions prior to 1.0.2.4, which stems from a temporary key used by the BC-FJA FIPS module that may be zeroed out while the module is still...
Google TensorFlow has an unspecified vulnerability (CNVD-2022-81226)
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A security vulnerability exists in Google TensorFlow, which stems from an error that can be raised if a numpy array is created with the shape of one element being zero and the sum of the other elements...
WBCE CMS Section Header Field Cross-Site Scripting Vulnerability
WBCE CMS is an open source content management system CMS based on PHP and MySQL. A cross-site scripting vulnerability exists in WBCE CMS v1.5.4 and its previous versions, which stems from the lack of effective filtering and escaping of user-supplied data in the Section Header field of the Show...
Siemens syngo Dynamics has an unspecified vulnerability
Siemens syngo Dynamics is a cardiovascular imaging and information solution from Siemens, a German company designed to be a centralized digital hub for complete cardiovascular services. Designed to be a centralized digital hub for complete cardiovascular services, Siemens syngo Dynamics suffers...
Intel Advanced Link Analyzer Elevation of Privilege Vulnerability
Intel Advanced Link Analyzer is an advanced link analyzer from Intel Corporation USA. Intel Advanced Link Analyzer Pro versions prior to 22.2 and Standard edition prior to 22.1.1 are vulnerable to elevation of privilege, which can be exploited by attackers to perform local elevation of privilege...
Siemens JT2Go and Teamcenter Visualization Buffer Overflow Vulnerability
JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML, and available JT, VFZ, CGM, and TIF data. teamcenter Visualization enables companies to enhance their product lifecycle management PLM environments with a comprehensive family of visualization solutions. The...
D-Link DIR-823G Command Injection Vulnerability (CNVD-2023-21667)
D-Link DIR-823G is a wireless router from D-Link China.D-Link DIR-823G v1.0.2 is vulnerable to command injection, which can be exploited by attackers to execute arbitrary commands via specially crafted packets...
Google Pixel has unspecified vulnerabilities
Google Pixel is a smartphone from the U.S. company Google Google. Google Pixel has a security vulnerability that stems from a use-after-release flaw in the dllistremovenode in TBD caused by a competing condition, which can be exploited by local attackers to escalate privileges...
Adobe Dimension out-of-bounds read vulnerability
Adobe Dimension is a suite of 2D and 3D compositing design tools from Adobe, Inc. An out-of-bounds read vulnerability exists in versions prior to Adobe Dimension 3.4.6, which stems from an out-of-bounds read vulnerability when parsing constructed files, which could result in reading beyond the en...
Google Chrome has an unspecified vulnerability
Google Chrome is a web browser from Google, Inc. A security vulnerability exists in versions of Google Chrome prior to 106.0.5249.119, which stems from an improper implementation in the customization tab and could be exploited by remote attackers to spoof the content of the Omnibox URL bar via a...
Microsoft Windows NTLM Spoofing Vulnerability
Microsoft Windows is a set of operating systems for personal devices from the U.S. Microsoft Windows NTLM has a spoofing vulnerability that could be exploited by an attacker to compromise the confidentiality of the system...
Adobe ColdFusion Path Traversal Vulnerability (CNVD-2023-08751)
Adobe ColdFusion is a rapid application development platform from Adobe, which includes an integrated development environment and scripting language. The platform includes an integrated development environment and scripting language.Adobe ColdFusion contains a path traversal vulnerability, which...
Microsoft Windows WLAN Service privilege elevation vulnerability
Microsoft Windows is a set of operating systems for personal devices from Microsoft Corporation USA.An elevation of privilege vulnerability exists in Microsoft Windows WLAN Service, which stems from improper privilege assignment in the application and can be exploited by an attacker to cause an...
SAP 3D Visual Enterprise Author .cur Denial of Service Vulnerability
SAP 3D Visual Enterprise Author is a desktop application for managing 2D, 3D, animation, video and audio assets from SAP. A denial of service vulnerability exists in SAP 3D Visual Enterprise Author version 9, which stems from a lack of proper memory management, and can be exploited by an attacker...
Microsoft Windows DWM Core Library privilege elevation vulnerability
Microsoft Windows is a set of operating systems for personal devices from Microsoft Corporation USA.An elevation of privilege vulnerability exists in the Microsoft Windows DWM Core Library, which stems from the presence of improper privilege assignments in applications and can be exploited by...
Microsoft Windows COM Event System Service privilege elevation vulnerability
Microsoft Windows is a set of operating systems for personal devices from Microsoft Corporation USA.An elevation of privilege vulnerability exists in the Microsoft Windows COM Event System Service, which stems from improper privilege assignment in applications and can be exploited by attackers to...
Apache Airflow code issue vulnerability
Apache Airflow is an open source platform for creating, managing, and monitoring workflows from the Apache Foundation. Apache Airflow 2.4.1 and earlier versions have a code issue vulnerability that stems from the failure of deactivated users to prevent authenticated users from continuing to use t...
Zyxel CloudCNM SecuManager axiros Default Account Vulnerability
Zyxel ZyXEL CloudCNM SecuManager is a suite of network management software from Zyxel Taiwan, China. Zyxel CloudCNM SecuManager suffers from axiros default account vulnerability, which can be exploited by remote attackers to submit a special request for unauthorized access to the system...
Sensio Labs Twig Path Traversal Vulnerability
Sensio Labs Twig is a PHP templating engine from Sensio Labs, France, which supports custom tags and filters and creates DSLs. A path traversal vulnerability exists in Sensio Labs Twig 1.0.0 and later, versions prior to 1.44.7, 2.0.0 and later, versions prior to 2.15.3, and 3.0.0 and later,...
Tenda TX3 has an unspecified vulnerability
Tenda TX3 is a wireless router from Tenda China.A security vulnerability exists in Tenda TX3 USTX3V1.0brV16.03.13.11 version, which stems from compareparentcontroltime being vulnerable to heap-based buffer overflow. No detailed vulnerability details are currently available...
Google Chrome Survey Memory Misreference Vulnerability (CNVD-2022-88285 )
Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 106.0.5249.62, which stems from a confusion in the instructions responsible for freeing memory in Survey. An attacker could exploit the vulnerability t...
Genivia Dlt-daemon Buffer Overflow Vulnerability
Dlt-daemon is the DLT communication interface for Genivia's ECU. It collects and buffers log messages from one or more DLT users running on the ECU and makes them available to DLT clients upon request. A buffer overflow vulnerability exists in Genivia Dlt-daemon 2.18.8 and prior versions, which...
Veritas System Recovery Authorization Issues Vulnerability
Veritas System Recovery is a system recovery software from Veritas, USA. The software provides Windows systems with the ability to recover damaged systems without reinstalling the system. An authorization issue vulnerability exists in Veritas System Recovery VSR 18.0 and later, versions prior to...
Rocket.Chat SQL Injection Vulnerability
Rocket.Chat, an open source team chat software, is vulnerable to SQL injection, which stems from the application's lack of validation of externally entered SQL statements. An attacker could exploit the vulnerability to retrieve a reset password token via 2fa secret or 2fa secret...
ISC BIND Buffer Overflow Vulnerability
ISC BIND is the United States ISC company's set of open source software that implements the DNS protocol. ISC BIND suffers from a buffer overflow vulnerability that originates when reusing an HTTP connection to request statistics from the stats channel, where the length of the contents of...
Adobe InCopy Buffer Overflow Vulnerability (CNVD-2023-05231)
Adobe InCopy is an application from Adobe for professional word processing. Adobe InCopy 17.3 and 16.4.2 and previous versions are vulnerable to a buffer overflow vulnerability that could be exploited by attackers to execute arbitrary code in the context of the current user...
D-Link DIR-2150 Buffer Overflow Vulnerability
D-Link DIR-2150 is a wireless router device from D-Link. D-Link DIR-2150c is vulnerable to a buffer overflow, which can be exploited by attackers to execute code in the root context...
Siemens Simcenter Femap and Parasolid Out-of-Bounds Writing Vulnerability (CNVD-2022-62980)
Parasolid is a 3D geometric modeling tool that supports a variety of techniques, including solid modeling, direct editing, and free-form/sheet modeling.Simcenter Femap is an advanced simulation application for creating, editing, and examining finite element models of complex products or...
Libraw has an unspecified vulnerability
Libraw is a C library for processing RAW CRW/CR2,NEF,RAF,DNG,andothers format images from Libraw, which supports various operating systems. libraw has a security vulnerability that stems from a memory corruption in the crxFreeSubbandData function when processing cr3 files. No detailed vulnerabili...
SQlite has an unspecified vulnerability (CNVD-2022-62229)
SQLite is a lightweight database that is an ACID-compliant relational database management system. a security vulnerability exists in SQlite version 3.31.1, which stems from a potential null pointer dereference discovered in INTERSEC query processing. No details of the vulnerability are currently...
DedeCMS Cross-Site Scripting Vulnerability (CNVD-2022-62223)
DedeCMS 织梦内容管理系统 is a PHP-based open source content management system CMS from China's Zhuo Zhuo Network Desdev. The system features content publishing, content management, content editing and content retrieval.A security vulnerability exists in DedeCMS version V5.7.97, which was discovered to...
LibTIFF Resource Management Error Vulnerability (CNVD-2022-72099)
LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. The library contains a number of command-line tools for working with TIFF files.A security vulnerability exists in LibTIFF version 4.4.0rc1, which stems from a double-release or corruption found in rotateImage in...
Ingredients Stock Management System SQL Injection Vulnerability
Ingredients Stock Management System is an ingredient stock management system by Carlo Montero. v1.0 of the Ingredients Stock Management System is vulnerable to SQL injection, which originates from the /classes/Master .php?f=deletewaste location has an SQL injection issue with the id parameter. No...
OpenSSL has a denial of service vulnerability
OpenSSL is an open source general-purpose cryptographic library capable of implementing the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. A denial of service vulnerability exists in OpenSSL due to an error in the BNmodsqrt function that calculates the square root of a...
JIZHICMS Cross-site Request Forgery Vulnerability (CNVD-2022-59206)
JIZHICMS 極致网络科技 JIZHICMS is an open source content management system CMS from China JIZHICMS. version v2.3.1 of JIZHICMS has a security vulnerability that stems from the existence of a CSRF vulnerability that can add administrators. No detailed vulnerability details are available at this time...
LibTIFF input validation error vulnerability
LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. The library contains a number of command-line tools for working with TIFF files.A security vulnerability in the LibTIFF tiffcrop utility stems from the existence of a faulty input validation flaw that could be...
Vim Resource Management Error Vulnerability (CNVD-2022-68092)
Vim is a cross-platform text editor. versions of Vim prior to 9.0.0213 are vulnerable to a resource management error that stems from post-release reuse. No detailed vulnerability details are currently available...
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-67842)
Microsoft Azure Site Recovery ASR is a DRaaS provided by Azure for cloud and hybrid cloud architectures. Microsoft Azure Site Recovery suffers from an elevation of privilege vulnerability. An attacker could exploit this vulnerability to elevate privileges...
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-84111)
Microsoft Azure Site Recovery is a site recovery DRaaS from Microsoft for cloud and hybrid cloud architectures. Microsoft Azure Site Recovery is vulnerable to an elevation of privilege vulnerability that stems from a program's failure to properly invoke a high-level native procedure. An attacker...
Siemens SCALANCE product has an unspecified vulnerability (CNVD-2022-56474)
SCALANCE M-800, MUM-800 and S615 and RUGGEDCOM RM1224 industrial routers are used for secure remote access to plants over mobile networks e.g. GPRS or UMTS with integrated security features of firewalls to prevent unauthorized access, and VPNs to protect data transmission.SCALANCE SC-600 devices...
Google Android Information Disclosure Vulnerability (CNVD-2022-71980)
Google Android is a Linux-based open source operating system from Google, Inc. Google Android is vulnerable to an information disclosure vulnerability caused by a vulnerability in method PVRSRVBridgePMRPDumpSymbolicAddr. An attacker could use this vulnerability to obtain sensitive information...
IBM Robotic Process Automation Information Disclosure Vulnerability (CNVD-2022-56974)
IBM Robotic Process Automation is a robotic process automation product from IBM, Inc. It helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. IBM Robotic Process Automation suffers from an information disclosure vulnerability that stems from...
IBM DataPower Gateway XML External Entity Injection Vulnerability (CNVD-2022-56970)
IBM DataPower Gateway is a set of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interface API, web, service-oriented architecture SOA, B2B, and cloud workloads. The platform protects, integrates, and optimizes access across channe...
Apple iOS and iPadOS Input Validation Error Vulnerability
Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer. An input validation error vulnerability exists in Apple iOS before 15.6 and iPadOS before 15.6, which stems fr...
Oracle WebLogic Server Core Component Input Validation Error Vulnerability
Oracle WebLogic Server is a product of Oracle Corporation. Oracle WebLogic Server is an application services middleware for cloud and traditional environments that provides a modern, lightweight development platform that supports the entire lifecycle management of applications from development to...