131102 matches found
Ingredients Stock Management System SQL Injection Vulnerability
Ingredients Stock Management System is an ingredient stock management system by Carlo Montero. v1.0 of the Ingredients Stock Management System is vulnerable to SQL injection, which originates from the /classes/Master .php?f=deletewaste location has an SQL injection issue with the id parameter. No...
OpenSSL has a denial of service vulnerability
OpenSSL is an open source general-purpose cryptographic library capable of implementing the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. A denial of service vulnerability exists in OpenSSL due to an error in the BNmodsqrt function that calculates the square root of a...
JIZHICMS Cross-site Request Forgery Vulnerability (CNVD-2022-59206)
JIZHICMS 極致网络科技 JIZHICMS is an open source content management system CMS from China JIZHICMS. version v2.3.1 of JIZHICMS has a security vulnerability that stems from the existence of a CSRF vulnerability that can add administrators. No detailed vulnerability details are available at this time...
LibTIFF input validation error vulnerability
LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. The library contains a number of command-line tools for working with TIFF files.A security vulnerability in the LibTIFF tiffcrop utility stems from the existence of a faulty input validation flaw that could be...
Vim Resource Management Error Vulnerability (CNVD-2022-68092)
Vim is a cross-platform text editor. versions of Vim prior to 9.0.0213 are vulnerable to a resource management error that stems from post-release reuse. No detailed vulnerability details are currently available...
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-67842)
Microsoft Azure Site Recovery ASR is a DRaaS provided by Azure for cloud and hybrid cloud architectures. Microsoft Azure Site Recovery suffers from an elevation of privilege vulnerability. An attacker could exploit this vulnerability to elevate privileges...
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-84111)
Microsoft Azure Site Recovery is a site recovery DRaaS from Microsoft for cloud and hybrid cloud architectures. Microsoft Azure Site Recovery is vulnerable to an elevation of privilege vulnerability that stems from a program's failure to properly invoke a high-level native procedure. An attacker...
Siemens SCALANCE product has an unspecified vulnerability (CNVD-2022-56474)
SCALANCE M-800, MUM-800 and S615 and RUGGEDCOM RM1224 industrial routers are used for secure remote access to plants over mobile networks e.g. GPRS or UMTS with integrated security features of firewalls to prevent unauthorized access, and VPNs to protect data transmission.SCALANCE SC-600 devices...
Google Android Information Disclosure Vulnerability (CNVD-2022-71980)
Google Android is a Linux-based open source operating system from Google, Inc. Google Android is vulnerable to an information disclosure vulnerability caused by a vulnerability in method PVRSRVBridgePMRPDumpSymbolicAddr. An attacker could use this vulnerability to obtain sensitive information...
IBM Robotic Process Automation Information Disclosure Vulnerability (CNVD-2022-56974)
IBM Robotic Process Automation is a robotic process automation product from IBM, Inc. It helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. IBM Robotic Process Automation suffers from an information disclosure vulnerability that stems from...
IBM DataPower Gateway XML External Entity Injection Vulnerability (CNVD-2022-56970)
IBM DataPower Gateway is a set of security and integration platforms from IBM USA designed specifically for mobile, cloud, application programming interface API, web, service-oriented architecture SOA, B2B, and cloud workloads. The platform protects, integrates, and optimizes access across channe...
Apple iOS and iPadOS Input Validation Error Vulnerability
Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer. An input validation error vulnerability exists in Apple iOS before 15.6 and iPadOS before 15.6, which stems fr...
Oracle WebLogic Server Core Component Input Validation Error Vulnerability
Oracle WebLogic Server is a product of Oracle Corporation. Oracle WebLogic Server is an application services middleware for cloud and traditional environments that provides a modern, lightweight development platform that supports the entire lifecycle management of applications from development to...
Oracle MySQL Server InnoDB Component Denial of Service Vulnerability
Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Server is one of the database server components, and a denial-of-service vulnerability exists in Oracle MySQL 8.0.29 and earlier versions, which stems from the presence of The vulnerability is caus...
Oracle MySQL Server Federated Component Denial of Service Vulnerability
Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Server is one of the database server components, and a denial-of-service vulnerability exists in Oracle MySQL Server. An attacker can use this vulnerability to cause MySQL Server to hang or crash...
Apache SkyWalking Denial of Service Vulnerability
Apache SkyWalking is an application performance monitor from the Apache Foundation that is primarily used in environments such as microservices, cloud-native and container-based. A denial of service vulnerability exists in Apache SkyWalking NodeJS Agent prior to version 0.5.1, which stems from an...
Pexip Infinity Input Validation Error Vulnerability (CNVD-2022-54743)
Pexip Infinity Pexip Video Conferencing Cloud Collaboration Platform is a video conferencing cloud collaboration platform from the Norwegian company Pexip. Pexip Infinity is vulnerable to an input validation error that could be exploited by attackers to trigger a software abort, resulting in a...
Adobe InDesign Buffer Overflow Vulnerability (CNVD-2022-55646)
Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. Adobe InDesign suffers from a buffer overflow vulnerability that stems from a lack of proper validation of user-supplied data, which can be exploited by an attacker to cause a read to exceed the en...
WordPress plugin WP User Manager Information Disclosure Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...
Pexip Infinity Resource Management Error Vulnerability
Pexip Infinity Pexip Video Conferencing Cloud Collaboration Platform is a video conferencing cloud collaboration platform from Pexip, a Norwegian company. Pexip Infinity is vulnerable to a resource management error that could be exploited by attackers to cause the system to consume excessive...
H3C SSL VPN Cross-Site Scripting Vulnerability
H3C SSL VPN is a secure session layer VPN from China's Xinhua San H3C. A cross-site scripting vulnerability exists in H3C SSL VPN 2022-07-10 and prior versions, which can be exploited by remote attackers to allow wnm/login/login.json svpnlang cross-site scripting attacks...
Projectworlds Online Hotel Booking System SQL Injection Vulnerability (CNVD-2022-58410)
Projectworlds Online Hotel Booking System is a hotel online booking system from Projectworlds. A SQL injection vulnerability exists in Projectworlds Online Hotel Booking System version 1.0. The vulnerability stems from a lack of validation of the roomname parameter against an externally entered S...
HUAWEI HarmonyOS Denial of Service Vulnerability (CNVD-2022-53576)
HUAWEI HarmonyOS is an operating system from the Chinese company Huawei HUAWEI. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in the HUAWEI HarmonyOS AI business component, which stems from hiaiserver not doing strict legitimacy...
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-56593)
Microsoft Azure Site Recovery is a site recovery DRaaS from Microsoft Corporation USA. Microsoft Azure Site Recovery has an elevation of privilege vulnerability, and no details of the vulnerability are available...
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-57200)
Microsoft Azure Site Recovery is a site recovery DRaaS from the U.S. company Microsoft for cloud and hybrid cloud architectures. Microsoft Azure Site Recovery has an elevation of privilege vulnerability that could be exploited by an attacker to gain elevated privileges on the system...
WordPress plugin User Login Log cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
Google Android Information Disclosure Vulnerability (CNVD-2022-61748)
Google Android is a Linux-based open source operating system from Google, Inc. Google Android is vulnerable to an information disclosure vulnerability caused by a lack of The vulnerability is caused by a lack of permission checking in the getSubscriptionProperty of SubscriptionController.java. An...
Huawei HarmonyOS null pointer vulnerability
Huawei HarmonyOS is an operating system from Huawei, a Chinese company that provides a microkernel-based, distributed operating system. Huawei HarmonyOS contains a security vulnerability that could be exploited by attackers to compromise device availability...
Multiple MediaTek Chip WLAN Driver Input Validation Error Vulnerability
MediaTek Inc. is the world's fourth largest fab-based semiconductor company and a leader in the markets of mobile terminals, smart home applications, wireless connectivity and Internet of Things IoT products, with approximately 1.5 billion units of end products with built-in MediaTek chips hittin...
Cybozu Garoon Input Validation Error Vulnerability (CNVD-2022-69531)
Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, E-mail, bookmark, scheduler, bulletin board, document management, etc. An input validation error vulnerability exists in the Space component of Cybozu Garoon versions 4.0.0 to 5.5.1. An authenticated...
Vim Resource Management Error Vulnerability (CNVD-2022-68093)
Vim is a cross-platform text editor. versions prior to Vim 9.0 are vulnerable to a resource management error that stems from the existence of post-release reuse. An attacker could exploit the vulnerability to potentially cause program crashes, arbitrary code execution, etc...
TOTOLINK T6 FUN_00413f80 Function Stack Overflow Vulnerability
TOTOLINK T6 is a wireless dual-band router from China Gion Electronics TOTOLINK. version V4.1.9cu.5179B20201015 of TOTOLINK T6 suffers from a buffer overflow vulnerability, which stems from the password parameter in the FUN00413f80 function not checking its length for input data. A remote attacke...
Wordpress Plugin swfupload object injection vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. Wordpress Plugin swfupload...
Jenkins Plugin GitLab Cross-Site Scripting Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exis...
Huawei MindSpore Community numeric error vulnerability
Huawei MindSpore Community is an open source deep learning framework from Huawei China.A numerical error vulnerability exists in versions prior to Huawei MindSpore Community 1.3.0, which stems from the fact that when performing the initialization operation of the Split operator, if a dimension in...
TrueConf Server Cross-Site Scripting Vulnerability (CNVD-2022-53539)
TrueConf Server is a self-hosted and secure video collaboration platform from the Russian company TrueConf. version 4.3.7 of TrueConf Server contains a cross-site scripting vulnerability that can be exploited by remote attackers to perform basic cross-site scripting DOM attacks...
TrueConf Server Cross-Site Scripting Vulnerability
TrueConf Server is a self-hosted and secure video collaboration platform from the Russian company TrueConf. version 4.3.7 of TrueConf Server is vulnerable to a cross-site scripting vulnerability that could be exploited by attackers to execute arbitrary HTML and script code in the user's browser...
Library Management System File Upload Vulnerability
Library Management System is a library management system with QR code attendance and automatic library card generation. version 1.0 of Library Management System is vulnerable to file uploads due to a lack of validation of uploaded files in the parameter image in the file /card/index.php. The...
Schneider Electric Geo SCADA Mobile Information Disclosure Vulnerability
Schneider Electric Geo SCADA Mobile is a mobile extension from Schneider Electric, a French company. It provides real-time remote access to critical SCADA data, allowing system users to monitor performance while "on the go," increasing employee productivity and improving overall system performanc...
GLPI SQL Injection Vulnerability (CNVD-2022-58234)
GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, telephones, and even toner...
WordPress Icegram plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. icegram is a subscription plugin used in it. WordPress plugin is an...
Vim Denial of Service Vulnerability (CNVD-2022-60677)
Vim is a cross-platform text editor. a denial-of-service vulnerability exists in versions of Vim prior to 8.2, which stems from the presence of a NULL pointer dereference in the program. An attacker could exploit this vulnerability to cause a denial of service attack...
Vim Buffer Overflow Vulnerability (CNVD-2022-68096)
Vim is a cross-platform text editor. buffer overflow vulnerability exists in versions of Vim prior to 8.2, which stems from a boundary error in the msgouttransattr function when handling untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary code on the system...
Mozilla Firefox Resource Management Error Vulnerability (CNVD-2023-06510)
Mozilla Firefox is an open source web browser from the Mozilla Foundation. Mozilla Firefox is vulnerable to a resource management error, which is caused by a confusion in the program's instructions for freeing memory. An attacker could exploit the vulnerability to cause the program to crash,...
BigBlueButton Cross-Site Scripting Vulnerability (CNVD-2022-62183)
BigBlueButton is BigBlueButton community of a set of open source Web conferencing system . A cross-site scripting vulnerability exists in BigBlueButton v2.4.7 and earlier versions, which stems from a lack of checksum filtering of user-supplied and output data in the chat feature. An attacker can...
MELAG FTP Server authorization issue vulnerability
MELAG FTP Server, an FTP server from MELAG Germany, is vulnerable to an authorization issue in MELAG FTP Server version 2.2.0.4, which stems from improper file permission management and could be exploited to cause the "Everyone" group to read local FTP configuration file, which includes informati...
IBM CICS TX Standard and Advanced Operating System Command Injection Vulnerability
IBM CICS TX Standard and Advanced is a comprehensive, single transaction runtime package from IBM USA. It can provide a cloud-native deployment model for standalone applications. IBM CICS TX Standard and Advanced is vulnerable to operating system command injection, which can be exploited by...
Jfinal CMS SQL Injection Vulnerability (CNVD-2022-58382)
Jfinal CMS is a java development of powerful information consulting website , using a simple and powerful JFinal as the web framework , template engine with beetl, database with mysql, front-end bootstrap framework. Jfinal CMS version v5.1.0 has a SQL injection vulnerability that originates from...
Google Android Information Disclosure Vulnerability* (CNVD-2022-53378)
Google Android is a Linux-based open-source operating system from the U.S. company Google Google. Google Android Kernel is vulnerable to an information disclosure vulnerability that could be exploited by attackers to cause local information disclosure without additional execution privileges...
NUUO Network Video Recorder Cross-Site Scripting Vulnerability
NUUO Network Video Recorder is a network video recorder from NUUO in Taiwan, China. A cross-site scripting vulnerability exists in NUUO Network Video Recorder NVRsolo v03.06.02, which can be exploited by an attacker to execute JavaScript code on the client side...