131102 matches found
Command Execution Vulnerability in Cacti
Cacti is a set of network traffic monitoring based on PHP, MySQL, SNMP and RRDTool development of graphical analysis tools . Cacti has a command execution vulnerability that can be exploited by an attacker to execute arbitrary commands...
Synology DiskStation Manager Path Traversal Vulnerability (CNVD-2022-67856)
Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology Inc. of Taiwan, China. The operating system manages information such as data, files, photos, music, and more. A path traversal vulnerability exists in Synology DiskStation Manager DSM, whi...
Apache Xalan Input Validation Error Vulnerability
Apache Xalan is an open source software library from the Apache Foundation USA. Apache Xalan Java XSLT Stock in Input Validation Error vulnerability stems from an integer truncation issue when processing malicious XSLT stylesheets. The vulnerability can be exploited to corrupt Java class files...
Clinics Patient Management System SQL Injection Vulnerability
Clinics Patient Management System is a clinic patient management system. A SQL injection vulnerability exists in Clinics Patient Management System version 2.0, which originates from a parameter username that can be exploited to execute illegal SQL commands...
Google Chrome V8 Improper Implementation Vulnerability (CNVD-2021-99260)
Chrome is a simple and efficient web browsing tool developed by Google. versions prior to Google Chrome 95.0.4638.69 are vulnerable to a V8 improper implementation. An attacker could exploit this vulnerability to potentially cause heap corruption via a crafted HTML page...
jQuery cross-site scripting vulnerability (CNVD-2021-26411)
jQuery is a set of open source , cross-browser JavaScript library . The library simplifies the operation between HTML and JavaScript , and has a modular , plug-in extensions and other features . A cross-site scripting vulnerability exists in versions of jQuery prior to 3.5.0. The vulnerability...
Out-of-bounds write vulnerability in multiple Adobe products (CNVD-2022-46968)
Adobe Acrobat is a set of PDF file editing and conversion tools.Adobe Reader is a set of PDF document reading software. Multiple Adobe products have out-of-bounds write vulnerabilities that can be exploited by an attacker to execute arbitrary code in the context of the current user...
showdoc .shtml file upload vulnerability
showdoc is an open source tool for IT teams to share documents online. showdoc versions prior to v2.10.4 are vulnerable to file uploads, which stem from the lack of effective detection of .shtml file extensions in the application's file upload feature. An attacker could use this vulnerability to...
F5 BIG-IP Denial of Service Vulnerability (CNVD-2023-75597)
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management and other functions. A denial of service vulnerability exists in F5 BIG-IP, which can be exploited by attackers to cause a denial o...
Apache Tomcat has an unspecified vulnerability
Apache Tomcat is a lightweight Web application server from the Apache Foundation. Apache Tomcat has a security vulnerability that could be exploited by an attacker to potentially compromise the confidentiality, availability, or integrity of the system. No details of the vulnerability are availabl...
MongoDB buffer overflow vulnerability
MongoDB is a document-oriented database management system from MongoDB, Inc. MongoDB suffers from a buffer overflow vulnerability, which can be exploited by attackers to cause a denial of service...
Google Android permission permission and access control issue vulnerability (CNVD-2022-47678)
Google Android is a Linux-based open-source operating system from the U.S. company Google. Google Android is vulnerable to permission and access control issues, which can be exploited by attackers to cause local privilege escalation...
Google Android iaxxx-codec.c elevation of privilege vulnerability
Google Android is a Linux-based open source operating system from the Google Open Handheld Consortium Google. Google Android iaxxx-codec.c suffers from an elevation of privilege vulnerability. An attacker can exploit this vulnerability to cause a local elevation of privilege...
Apache HTTP Server Denial of Service Vulnerability (CNVD-2025-16603)
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A denial of service vulnerability exists in Apache HTTP Server, which stems from a modproxyhttp2 assertion failure that can be...
Linux Kernel Denial of Service Vulnerability (CNVD-2024-14766)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A denial of service attack vulnerability exists in the Linux Kernel. The vulnerability is due to a memory leak found in ctnetlinkcreateconntrack in...
CasaOS Encryption Issues Vulnerabilities
CasaOS is a simple, easy-to-use and elegant open source home cloud system. A cryptographic issue vulnerability exists in versions of CasaOS prior to 0.4.4. The vulnerability stems from a poor choice of JWT algorithm and can be exploited by an attacker to craft arbitrary JWTs and access functions...
ZTE MF286R Command Injection Vulnerability
The ZTE MF286R is a wireless router from China's ZTE Corporation ZTE. A command injection vulnerability exists in the ZTE Mobile MF286R NordicMF286RB06, which stems from insufficient validation of input parameters and can be exploited by an attacker to execute arbitrary commands...
Google Android Buffer Overflow Vulnerability (CNVD-2022-47673)
Google Android is a Linux-based open source operating system from Google, Inc. Google Android suffers from a buffer overflow vulnerability, which stems from a lack of privilege checks in the ims service, and can be exploited by attackers to cause local privilege escalation...
ZTE MC801A Command Injection Vulnerability
The ZTE MC801A is a 5g indoor WiFi router from China's ZTE ZTE. The ZTE MC801A suffers from an input validation vulnerability in the handling of multiple network parameters, which can be exploited by a remote attacker to submit a special request that can be used in the application context to...
Arbitrary File Read Vulnerability in DPtech SSL VPN of Hangzhou Dipu Technology Co.
Ltd. is a high-tech enterprise integrating R&D, production and sales in the field of network, security and application delivery. Ltd. DPtech SSL VPN suffers from an arbitrary file read vulnerability, which can be exploited by attackers to obtain sensitive information...
Linux kernel has unspecified vulnerabilities (CNVD-2022-21810)
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel 5.16.12 previously had a security vulnerability where the endpoint index was not validated and could be manipulated by the host for out-of-array access. No detailed vulnerability details are...
Oracle GraalVM Input Validation Error Vulnerability (CNVD-2022-15477)
Oracle GraalVM is a set of on-the-fly compilers written in the Java language from Oracle Corporation USA.GraalVM Enterprise Edition is the enterprise version of GraalVM.An input validation error vulnerability exists in Oracle GraalVM due to an Oracle GraalVM Enterprise Edition has incorrect input...
Apache Kylin Input Validation Error Vulnerability
Apache Kylin is an open source distributed analytic data warehouse from the Apache Foundation. The product mainly provides SQL query interface on top of Hadoop/Spark and multi-dimensional analysis OLAP and other functions. Apache kylin has an input validation error vulnerability, which stems from...
Unspecified Vulnerability in Apache HTTP Server (CNVD-2021-44765)
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. There is a security vulnerability in Apache HTTP Server, no details of the vulnerability are provided at this time...
GeoServer Arbitrary File Upload Vulnerability
GeoServer is an open source software server written in Java. Allows users to share and edit geospatial data. An arbitrary file upload vulnerability exists in GeoServer versions prior to 2.23.4 and 2.24.1, which stems from the application's lack of effective authentication of uploaded files. An...
ISC BIND input validation error vulnerability
ISC BIND is a set of open source software from ISC that implements the DNS protocol. ISC BIND is vulnerable to an input validation error, which could be exploited by an attacker to cause a query to the wrong server, returning an error message to the client...
Atlassian Fisheye and Crucible Brute Force Exploits
Atlassian Fisheye is a suite of source code deep viewing software.Atlassian Crucible is a suite of code review tools. Atlassian Fisheye and Crucible are vulnerable to a brute force vulnerability due to a failure to check whether a user has exceeded their maximum failed login limit. An attacker...
Google Android permission permission and access control issue vulnerability (CNVD-2022-47676)
Google Android is a Linux-based open-source operating system from the U.S. company Google. Google Android is vulnerable to permission and access control issues, which can be exploited by attackers to cause local privilege escalation...
jQuery cross-site scripting vulnerability (CNVD-2021-28270)
jQuery is the United States John Resig programmer of a set of open source , cross-browser JavaScript library . The library simplifies the operation between HTML and JavaScript , and has a modular , plug-in extensions and other features . A cross-site scripting vulnerability exists in versions of...
Google Chrome Skia Denial of Service Vulnerability (CNVD-2016-07581)
Google Skia is the United States Google Google company's an open source and C + + based graphics library , it can be used in Mozilla Firefox, Google Chrome and other browsers , but also available in the Android open mobile platform . A denial of service vulnerability exists in the SkPath.cpp file...
ABB MicroSCADA Pro SYS600 Code Execution Vulnerability
ABB MicroSCADA Pro SYS600 is a suite of monitoring and data acquisition software from ABB Switzerland. The software is used for substation automation, SCADA electrical, distribution management applications and industrial power management. ABB MicroSCADA Pro SYS600 suffers from a code execution...
Samsung SecTelephonyProvider Information Disclosure Vulnerability (CNVD-2022-70741)
Samsung SecTelephonyProvider is a Telephony service for Samsung mobile devices that provides support for the Telephony Application Programming Interface TAPI.An information disclosure vulnerability exists in Samsung SecTelephonyProvider, which stems from a lack of protection for EventType in...
Apache Calcite Clickjacking Vulnerability
Apache Calcite is a dynamic data management framework that has many of the features of a typical database management system, such as SQL parsing, SQL validation, SQL query optimization, SQL generation, and data connection queries. clickjacking vulnerability exists in versions of Apache Calcite...
vBulletin forumrunner/includes/moderation.php SQL Injection Vulnerability
VBulletin is a powerful, flexible and fully customizable suite of forum programs. A SQL injection vulnerability exists in the forumrunner/includes/moderation.php file in versions of vBulletin prior to 4.2.2 Patch Level 5 and prior to 4.2.3 Patch Level 1. A remote attacker can exploit this...
IBM AIX Elevation of Privilege Vulnerability (CNVD-2023-00805)
IBM AIX is an open standards-based UNIX operating system developed by International Business Machines IBM for the IBM Power architecture. IBM AIX has an elevation of privilege vulnerability that can be exploited by attackers to gain root privileges...
Linux kernel resource management error vulnerability (CNVD-2022-69186)
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel is vulnerable due to a confusion in mm/rmap.c, the instruction responsible for freeing memory. An attacker could use this vulnerability to cause a crash, arbitrary code execution, etc...
F5 BIG-IP iControl REST Authentication Bypass Vulnerability
F5 BIG-IP is an application delivery platform that integrates traffic management, DNS, inbound and outbound rules, web application firewall, web gateway, load balancing and other functions. F5 BIG-IP iControl REST authentication bypass vulnerability, the vulnerability is due to the authentication...
squirrel SQL Injection Vulnerability
squirrel is the stable version of the programming language SQUIRREL 3.2. A security vulnerability exists in squirrel version 3.2, which stems from the lack of a specific sqreservestack call to threadcall in sqbaselib.cpp. No detailed vulnerability details are currently available...
Linux kernel memory corruption vulnerability (CNVD-2022-55071)
Linux kernel is the kernel used by the Linux Foundation's open-source operating system Linux. Linux kernel is vulnerable to a memory corruption vulnerability that originates in drivers/hid/hid-elo.c in the Linux kernel, which is a memory leak for a certain hidparse error condition and can be...
MikroTik RouterOS Integer Underflow Vulnerability
MikroTik RouterOS is a Linux-based router operating system developed by the Latvian company MikroTik. The system can be deployed in a PC to enable it to provide router functionality. An integer underflow vulnerability exists in the SMB server in versions of MikroTik RouterOS prior to 6.45.5, whic...
Apache HTTP Server Uninitialized Memory Vulnerability
Apache HTTP Server is the United States Apache Software Apache Software Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A security vulnerability exists in Apache HTTP Server versions 2.4.0 through 2.4.41, which stems from modproxyft...
OpenSSH user enumeration vulnerability (CNVD-2018-20962)
OpenSSH OpenBSD Secure Shell is a set of connection tools for secure access to remote computers maintained by the OpenBSD Project Group. The tools are an open source implementation of the SSH protocol and support encryption of all transmissions, effectively blocking eavesdropping, connection...
OpenSSH User Enumeration Vulnerability (CNVD-2018-20960)
OpenSSH OpenBSD Secure Shell is a set of connection tools for secure access to remote computers maintained by the OpenBSD Project Group. The tools are an open source implementation of the SSH protocol and support encryption of all transmissions, effectively blocking eavesdropping, connection...
Stable Diffusion WebUI Remote Command Execution Vulnerability
Stable Diffusion WebUI is an AI image processing tool developed by AUTOMATIC1111 based on the Stable Diffusion AI model, which supports file creation and image creation. A remote command execution vulnerability in Stable Diffusion WebUI, which is caused by not filtering user input when installing...
Apache Commons FileUpload Denial of Service Vulnerability (CNVD-2023-23552)
Apache Commons FileUpload is the United States Apache Apache Foundation of a file can be uploaded to the Servlet and Web applications package. A denial of service vulnerability exists in Apache Commons FileUpload versions prior to 1.5, which stems from a failure to limit the number of requests an...
Unauthorized Access Vulnerability in Joomla!
Joomla! is a globally recognized content management system. An unauthorized access vulnerability exists in Joomla! versions 4.0.0 through 4.2.7. The vulnerability is due to an incorrect access check in the affected versions, which can be exploited by an attacker to gain unauthorized access to the...
Linux has a binary vulnerability
Linux is an open source Unix-like operating system. Linux has a binary vulnerability that can be exploited by attackers to elevate privileges...
Apache Hadoop Elevation of Privilege Vulnerability (CNVD-2022-51055)
Apache Hadoop is an open source distributed systems infrastructure from the Apache Foundation. The product is capable of distributed processing of large amounts of data and is highly reliable, scalable, and fault-tolerant. an elevation of privilege vulnerability exists in Apache Hadoop, which ste...
Google Android permission permission and access control issue vulnerability (CNVD-2022-47677)
Google Android is a Linux-based open-source operating system from the U.S. company Google. Google Android is vulnerable to permission and access control issues, which can be exploited by attackers to cause local privilege escalation...
Command Execution Vulnerability in Mingguo Security Gateway of Hangzhou ACE Information Technology Co. Ltd (CNVD-2022-25740)
MingGuard Security Gateway builds a next-generation security protection system with full-process defense and integrates traditional firewall, intrusion detection, intrusion prevention system, anti-virus gateway, Internet behavior control, VPN gateway, threat intelligence, and other security modul...