131102 matches found
IBM Spectrum Virtualize Information Disclosure Vulnerability (CNVD-2023-40603)
IBM Spectrum Virtualize is a block storage virtualization system from International Business Machines IBM, Inc. that increases the data value, security and simplicity of new and existing storage infrastructures. An information disclosure vulnerability exists in IBM Spectrum Virtualize version 8.5...
Rockwell Automation ArmorStart ST Cross-Site Scripting Vulnerability (CNVD-2023-44291)
Rockwell Automation ArmorStart ST is a simple and cost-effective solution for machine-side control architectures from Rockwell Automation. A cross-site scripting vulnerability exists in Rockwell Automation ArmorStart ST, which can be exploited by an attacker to view and modify sensitive data or...
Lost and Found Information System index.php File SQL Injection Vulnerability
Lost and Found Information System is a lost and found information system. A SQL injection vulnerability exists in Lost and Found Information System v1.0, which originates from the parameter cid in the file items/index.php that lacks validation of externally entered SQL statements. An attacker can...
Apache CouchDB Information Disclosure Vulnerability
Apache CouchDB is the United States Apache Apache Foundation's use of Erlang development of a document-oriented database system. An information disclosure vulnerability exists in Apache CouchDB, which stems from the fact that design documents with matching document IDs from databases on the same...
Schneider Electric StruxureWare Data Center Expert Access Control Error Vulnerability (CNVD-2023-37593)
Schneider Electric StruxureWare Data Center Expert is a monitoring software from the French company Schneider Electric Schneider Electric. It is suitable for a variety of organizations to monitor their company-wide power, cooling, security, and environment. An access control error vulnerability...
Google Chrome Buffer Overflow Vulnerability (CNVD-2023-43887)
Google Chrome is a web browser from Google, and Skia is an open source 2D graphics library that provides common APIs that work on a variety of hardware and software platforms. A buffer overflow vulnerability exists in Skia in versions of Google Chrome prior to 112.0.5615.137. An attacker could...
Arbitrary File Download Vulnerability in Human Resources Information Management System of Beijing Hongjing Century Software Co.
Beijing Hongjing Century Software Co., Ltd. is a company that focuses on the research and development and application promotion of human resources and talent management digital intelligence digitalization and intelligence products for state-owned enterprises and institutions, and is the leader of...
Google Chrome navigation security bypass vulnerability (CNVD-2023-67085)
Google Chrome is a web browser from Google, an American company. Google Chrome navigation security bypass vulnerability, which stems from an incorrect security UI in Navigation. An attacker can exploit this vulnerability to bypass security restrictions...
D-Link DIR-3040 Buffer Overflow Vulnerability
D-Link DIR-3040 is a router from China Youxun D-Link Inc. The D-Link DIR-3040 is vulnerable to a buffer overflow vulnerability caused by a failure to properly boundary check the MiniDLNA service. An attacker could exploit this vulnerability to execute arbitrary code on the system...
Apache Archiva Cross-Site Scripting Vulnerability (CNVD-2023-23556)
Apache Archiva is a suite of software from the Apache Foundation for managing one or more remote stores. A cross-site scripting vulnerability exists in versions of Apache Archiva prior to 2.0 to 2.2.10. The vulnerability creates directory names that lack effective filtering and escaping of...
Delta Electronics InfraSuite Device Master Path Traversal Vulnerability (CNVD-2023-23884)
Delta Electronics InfraSuite Device Master is Delta Electronics' device for simplifying and automating critical equipment monitoring. A path traversal vulnerability exists in Delta Electronics InfraSuite Device Master versions prior to 1.0.5, which can be exploited by an attacker to read local...
Google Pixel bta_av_co.cc file buffer overflow vulnerability
Google Pixel is a smartphone from Google, Inc. A buffer overflow vulnerability exists in Google Pixel, which stems from a boundary error in the processing of data in BtaAvCo::GetNextSourceDataPacket in btaavco.cc, and could be exploited by an attacker to cause information disclosure...
IBM Security Guardium Information Disclosure Vulnerability (CNVD-2023-20082)
IBM Security Guardium is a suite of platforms from International Business Machines IBM that provide data protection capabilities. The platform includes features such as customizable UI, report management and streamlined audit process building.IBM Security Guardium Key Lifecycle Manager is...
NETGEAR RBR750 dev_name Parameter Command Injection Vulnerability
The NETGEAR RBR750 is a home WiFi system from NETGEAR. The NETGEAR RBR750 version 4.6.8.5 suffers from a command injection vulnerability that stems from the devname parameter failing to properly filter constructed command special characters, commands, and so on. An attacker could exploit this...
Adobe Dimension Out-of-Bounds Read Vulnerability (CNVD-2023-25106)
Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. Adobe Dimension suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context of the current user...
Adobe Dimension out-of-bounds write vulnerability (CNVD-2023-21650)
Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. Adobe Dimension suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-45900)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Adobe Dimension Out-of-Bounds Read Vulnerability (CNVD-2023-21654)
Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. Adobe Dimension suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context of the current user...
Adobe Substance 3D Stager out-of-bounds write vulnerability (CNVD-2023-43893)
Adobe Substance 3D Stager is a virtual 3D studio from the American company Audobee Adobe. Adobe Substance 3D Stager suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...
Adobe Dimension Heap Buffer Overflow Vulnerability (CNVD-2023-21653)
Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. Adobe Dimension suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...
Siemens Tecnomatix Plant Simulation Memory Corruption Vulnerability
Siemens Tecnomatix Plant Simulation is an industrial control device from Siemens, Germany. Using the function of discrete event simulation for production volume analysis and optimization, and thus improve the manufacturing system performance. A memory corruption vulnerability exists in versions...
Google Chrome V8 Type Obfuscation Vulnerability (CNVD-2023-17527)
Google Chrome is a web browser from Google, Inc. A type obfuscation vulnerability exists in versions prior to Google Chrome 111.0.5563.64, which stems from a type obfuscation issue in V8. An attacker could use this vulnerability to cause heap corruption via specially crafted HTML pages...
Google Chrome DevTools Resource Management Error Vulnerability (CNVD-2023-17525)
Google Chrome is a web browser from Google, Inc. A security vulnerability exists in versions prior to Google Chrome 111.0.5563.64, which stems from a confusion in the DevTools component's instructions for freeing memory. A remote attacker could exploit the vulnerability to cause heap corruption v...
Dell PowerPath Management Appliance Licensing Issue Vulnerability
Dell PowerPath Management Appliance is a PowerPath host management application from Dell USA that offers two models: a virtual machine-based appliance and a Docker containerized appliance. dell PowerPath Management Appliance Licensing Issues Vulnerability. An attacker could use this vulnerability...
IBM QRadar SIEM Information Disclosure Vulnerability (CNVD-2023-11693)
IBM QRadar SIEM is a solution from IBM that leverages security intelligence to protect assets and information from advanced threats. IBM QRadar SIEM versions 7.4 and 7.5 contain an information disclosure vulnerability that originates when a non-tenant user assigned a domain-specific security...
Adobe Animate Memory Misreference Vulnerability
Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. Adobe Animate suffers from a memory misreference vulnerability that originates from a mix-up in the program's instructions responsible for freeing memory. An attacker could exploit this vulnerability to...
IBM WebSphere Application Server encryption problem vulnerability
IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. IBM WebSphere Application Server versions 8.5 and 9.0 ha...
Huawei HarmonyO SHwContacts module logic bypass vulnerability
Huawei HarmonyOS is an operating system from Huawei China. Huawei HarmonyO SHwContacts module is vulnerable to a logical bypass vulnerability that could be exploited by attackers to compromise data integrity...
D-Link DIR-825 Buffer Overflow Vulnerability (CNVD-2023-21665)
D-Link DIR-825 is a router from D-Link, a Chinese company. D-Link DIR-825 v1.33.0.44ebdd4-embedded and previous versions are vulnerable to a buffer overflow vulnerability, which is caused by a boundary error when handling untrusted input, and can be exploited to execute arbitrary code against the...
Schneider Electric SoMachine HVAC Buffer Overflow Vulnerability
Schneider Electric SoMachine HVAC is a suite of programming software dedicated to Schneider Electric logic controllers from the French company Schneider Electric Schneider Electric. A buffer overflow vulnerability exists in Schneider Electric SoMachine HVAC, which can be exploited by a remote...
Siretta QUARTZ-GOLD Directory Traversal Vulnerability
Siretta QUARTZ-GOLD is an industrial router with multiple features and services.A directory traversal vulnerability exists in Siretta QUARTZ-GOLD, which can be exploited by attackers to cause arbitrary file deletion by sending specially crafted network packets...
F5 BIG-IP Edge Client for Windows Command Execution Vulnerability
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A command execution vulnerability exists in F5 BIG-IP Edge Client for Windows, which can be exploited by attackers to execute...
Oracle VM VirtualBox has an unspecified vulnerability (CNVD-2023-05477)
A security vulnerability exists in Oracle VM VirtualBox, a virtual machine management software from Oracle Corporation. A low privilege attacker can compromise Oracle VM VirtualBox by logging into the infrastructure where Oracle VM VirtualBox is executing...
Unspecified Vulnerability in Siemens S7-1500 CPU devices
SIMATIC drive controllers are designed for the automation of production machines, combining the functionality of the SIMATIC S7-1500 CPU and the SINAMICS S120 drive control.The SIMATIC S7-1500 CPU products are designed for discrete and continuous control in industrial environments such as global...
Microsoft Office Visio Remote Code Execution Vulnerability (CNVD-2023-85905)
Microsoft Office Visio is responsible for drawing flowcharts and schematic diagrams in the Office software series of the American Microsoft Microsoft company. A remote code execution vulnerability exists in Microsoft Office Visio, which can be exploited by an attacker to execute arbitrary code on...
Microsoft 3D Builder Remote Code Execution Vulnerability (CNVD-2023-04319)
Microsoft 3D Builder is a tool for creating models and 3D printing from Microsoft USA. a security vulnerability exists in Microsoft 3D Builder. No details of the vulnerability are currently available...
Microsoft 3D Builder Remote Code Execution Vulnerability (CNVD-2023-04321)
Microsoft 3D Builder, a tool for creating models and 3D printing from Microsoft USA, has a security vulnerability. No details of the vulnerability are currently available...
Microsoft 3D Builder Remote Code Execution Vulnerability (CNVD-2023-04329)
Microsoft 3D Builder, a tool for creating models and 3D printing from Microsoft USA, has a security vulnerability. No details of the vulnerability are currently available...
IBM Sterling B2B Integrator Cross-Site Scripting Vulnerability (CNVD-2023-05238)
IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. A cross-site scripting...
Tenda A15 ssid parameter stack overflow vulnerability
Tenda A15 is a WiFi extender from Tenda, China. A stack overflow vulnerability exists in the Tenda A15 ssid parameter, which stems from a lack of length checking of input data in the ssid parameter of /goform/WifiBasicSet, and can be exploited by attackers to execute arbitrary code on the system...
Mozilla Firefox Access Control Error Vulnerability (CNVD-2023-03068)
Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. An access control error vulnerability exists in Mozilla Firefox, which stems from the Remote Agent used in WebDriver not validating the Host or Origin header. An attacker could exploit the vulnerability to force...
FlatPress Cross-Site Scripting Vulnerability (CNVD-2023-06527)
FlatPress is a Php-based blogging system from the FlatPress community that does not require database support. A cross-site scripting vulnerability exists in FlatPress, which stems from a problem with an unknown part of the admin/panels/entry/admin.entry.list.php file in the Admin Area component...
Ghost Information Disclosure Vulnerability
Ghost is the Singapore Ghost Foundation a set of open source headless content management system written in JavaScript . Ghost has a security vulnerability that can be exploited by remote attackers to submit special requests and obtain sensitive information...
phpRedisAdmin Cross-Site Request Forgery Vulnerability
phpRedisAdmin is an individual developer's web administration page for managing Redis. A security vulnerability exists in phpRedisAdmin versions prior to 1.17.3 that originates from an unknown section and manipulates to cause cross-site request forgery. No details of the vulnerability are availab...
OpenImageIO Code Execution Vulnerability (CNVD-2023-01793)
A code execution vulnerability exists in the IFFOutput::close function of OpenImageIO v2.4.4.2, an image read/write library that also provides tools and applications. An attacker could use this vulnerability to cause a heap buffer overflow via a specially crafted ImageOutput object when the "ymax...
Google Pixel buffer overflow vulnerability (CNVD-2023-01493)
The Google Pixel is a smartphone from Google, Inc. The vulnerability can be exploited by attackers to execute unauthorized commands, which can gain system privileges and then perform various illegal operations...
Google Android elevation of privilege vulnerability (CNVD-2023-07675)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to elevate privileges...
Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2022-91159)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
ZTE ZXHN-H108NS Stack Buffer Overflow Vulnerability
The ZTE ZXHN-H108NS is a wireless router from China's ZTE Corporation ZTE. The ZTE ZXHN-H108NS suffers from a stack buffer overflow vulnerability that can be exploited by remote attackers to cause the device to crash...
Tenda W6-S Stack Overflow Vulnerability
Tenda W6-S is a router from Tenda, a Chinese company. Tenda W6-S is vulnerable to a stack overflow vulnerability that can be exploited by attackers to cause a denial of service...