Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2022/11/17 12:0 a.m.•28 views

Apache Airflow Input Validation Error Vulnerability (CNVD-2022-78860)

Apache Airflow is an open source platform for creating, managing, and monitoring workflows from the Apache Foundation. The platform features scalable and dynamic monitoring.Apache Airflow versions prior to 2.4.3 are vulnerable to an input validation error that stems from an open redirect in the...

6.1CVSS2.8AI score0.81836EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/15 12:0 a.m.•28 views

IBM Cloud Pak for Security has an unspecified vulnerability (CNVD-2022-78136)

IBM Cloud Pak for Security is an application from International Business Machines IBM, Inc. an open security platform that connects to your existing data sources to generate deeper insights and enables you to take automated actions faster.IBM Cloud Pak for Security CP4S has a security vulnerabili...

8.8CVSS3.2AI score0.00875EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/08 12:0 a.m.•28 views

Huawei HarmonyOS Licensing Issue Vulnerability (CNVD-2023-13080)

Huawei HarmonyOS is an operating system from Huawei China. It provides a microkernel-based distributed operating system. Huawei HarmonyOS is vulnerable to an authorization issue, which stems from a lax verification of power module permissions. An attacker could exploit the vulnerability to cause...

7.5CVSS2.5AI score0.00439EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/05 12:0 a.m.•28 views

IBM Robotic Process Automation Licensing Issue Vulnerability (CNVD-2022-77512)

IBM Robotic Process Automation is a robotic process automation product from International Business Machines IBM, Inc. It helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. IBM Robotic Process Automation versions 21.0.1, 21.0.2, 21.0.3, 21.0.4, a...

7.5CVSS2.5AI score0.0046EPSS
Exploits0References1
CNVD
CNVD
•added 2022/11/04 12:0 a.m.•28 views

Apache Airflow Cross-Site Scripting Vulnerability (CNVD-2022-74073)

Apache Airflow is a community-created platform for programmatically authoring, scheduling, and monitoring workflows. a cross-site scripting vulnerability exists in versions of Apache Airflow prior to 2.4.2. The vulnerability is related to the affected version not properly filtering user input. Th...

3.7AI score0.01435EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2022/11/02 12:0 a.m.•28 views

Apple tvOS Buffer Overflow Vulnerability (CNVD-2022-74081)

Apple tvOS is a smart TV operating system from Apple, Inc. A security vulnerability exists in Apple tvOS, which stems from an application that could cause the system to unexpectedly terminate or write to kernel memory. No details of the vulnerability are currently available...

3.1AI score0.00253EPSS
Exploits0Affected Software3
CNVD
CNVD
•added 2022/10/31 12:0 a.m.•28 views

Corel CorelDRAW Graphics Suite buffer overflow vulnerability (CNVD-2023-29426)

Corel CorelDRAW Graphics Suite is a vector graphics creation tool from Corel. A buffer overflow vulnerability exists in Corel CorelDRAW Graphics Suite, which can be exploited by attackers to execute code in the context of the current process...

7.8AI score0.00873EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2022/10/19 12:0 a.m.•28 views

Oracle MySQL Denial of Service Vulnerability (CNVD-2022-91135)

Oracle MySQL is a relational database from Oracle Corporation. A denial of service vulnerability exists in the InnoDB component of Oracle MySQL. An attacker can exploit this vulnerability to compromise MySQL Server by accessing the network over multiple protocols and perform unauthorized creation...

6.5CVSS5.8AI score0.01027EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/18 12:0 a.m.•28 views

OTFCC Buffer Overflow Vulnerability (CNVD-2023-11780)

OTFCC is a C library and utility open sourced by Caryll. It is used to parse and write OpenType font files.OTFCC 0.10.4 and earlier versions have a buffer overflow vulnerability that stems from /release-x64/otfccdump 0x6b558f a boundary error when processing untrusted input, which can be exploite...

6.5CVSS5AI score0.00717EPSS
Exploits1References1
CNVD
CNVD
•added 2022/10/14 12:0 a.m.•28 views

Microsoft Windows Graphics Component has an elevation of privilege vulnerability

Microsoft Graphics Component is a graphics driver component of Microsoft Corporation USA.An elevation of privilege vulnerability exists in Microsoft Windows Graphics Component. An attacker could exploit the vulnerability to elevate privileges...

7.8CVSS4.1AI score0.00575EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/14 12:0 a.m.•28 views

Zimbra Collaboration Suite uncheck Cross-Site Scripting Vulnerability

Synacor Zimbra Collaboration Suite ZCS is an open source collaboration suite from Synacor, USA. The product includes WebMail, Calendar, Address Book and more. A cross-site scripting vulnerability exists in Zimbra Collaboration Suite version 8.8.15, which stems from the lack of effective filtering...

6.1CVSS6.2AI score0.0041EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/14 12:0 a.m.•28 views

Adobe Dimension code execution vulnerability

Adobe Dimension is a set of 2D and 3D composite design tools from Adobe, Inc. A code execution vulnerability exists in versions prior to Adobe Dimension 3.4.6, which stems from a "use-after-release" vulnerability that could be exploited to execute arbitrary code in the current user context...

7.8CVSS5.7AI score0.00389EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/14 12:0 a.m.•28 views

Adobe ColdFusion Path Traversal Vulnerability (CNVD-2023-08753)

Adobe ColdFusion is a rapid application development platform from Adobe, which includes an integrated development environment and scripting language. Adobe ColdFusion is vulnerable to a path traversal vulnerability, which stems from an improper restriction of pathnames to restricted directories,...

4.9CVSS2.7AI score0.45022EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/14 12:0 a.m.•28 views

Microsoft Windows Kernel privilege elevation vulnerability

Microsoft Windows Kernel is the kernel of the Windows operating system from Microsoft Corporation USA. Microsoft Windows Kernel contains an elevation of privilege vulnerability that can be exploited by attackers to elevate privileges...

5.6AI score0.0091EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2022/10/14 12:0 a.m.•28 views

Tenda AX1803 fromSysToolReboot Function Cross-Site Request Forgery Vulnerability

Tenda AX1803 is a dual-band Gigabit WIFI6 router from Tenda China. A cross-site request forgery vulnerability exists in the Tenda AX1803 firmware, version USAX1803v2.0brv1.0.0.12994CNZGYD014, which exists in the /bin/tdhttpd file fromSysToolReboot function/goform/SysToolReboot page. An attacker...

6.5CVSS6.3AI score0.00325EPSS
Exploits1References1
CNVD
CNVD
•added 2022/10/13 12:0 a.m.•28 views

Microsoft Graphics Component privilege elevation vulnerability

Microsoft Graphics Component is a graphics driver component of Microsoft Corporation USA.An elevation of privilege vulnerability exists in Microsoft Graphics Component, which stems from improper privilege assignment in the application and can be exploited by an attacker to cause an elevation of...

3.4AI score0.0732EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2022/10/13 12:0 a.m.•28 views

Microsoft Windows COM Event System Service privilege elevation vulnerability

Microsoft Windows is a set of operating systems for personal devices from Microsoft Corporation USA.An elevation of privilege vulnerability exists in the Microsoft Windows COM Event System Service, which stems from improper privilege assignment in applications and can be exploited by attackers to...

5.5AI score0.01777EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2022/10/13 12:0 a.m.•28 views

Microsoft Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability

Microsoft Windows Server Remotely Accessible Registry Keys is vulnerable to information disclosure, which results from inadequate protection of sensitive information on network systems or products. The vulnerability is caused by inadequate protection of sensitive information in network systems or...

3.5AI score0.01506EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2022/10/13 12:0 a.m.•28 views

Microsoft Windows CD-ROM File System Driver Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the Windows CD-ROM File System Driver, which stems from the failure of a network system or product to properly filter special elements in the external input data used to construct code segments. The vulnerability can be exploited by an attacker to...

4.9AI score0.56269EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2022/10/13 12:0 a.m.•28 views

Democritus Project d8s-lists Code Execution Vulnerability

Democritus Project is a collection of simple, effective, modular, well-tested and well-documented features from Democritus. A backdoor vulnerability exists in Democritus Project d8s-lists version 0.1.0, which stems from the presence of a potential code execution package, democritus-dicts, inserte...

9.8CVSS9.6AI score0.01168EPSS
Exploits1References1
CNVD
CNVD
•added 2022/10/13 12:0 a.m.•28 views

SAP 3D Visual Enterprise Author .vds Buffer Overflow Vulnerability

SAP 3D Visual Enterprise Author is a desktop application for managing 2D, 3D, animation, video and audio assets from SAP. A buffer overflow vulnerability exists in SAP 3D Visual Enterprise Author version 9, which stems from a lack of proper memory management and can be exploited by an attacker to...

7.8CVSS7.9AI score0.00362EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/10 12:0 a.m.•28 views

Discourse DiscoTOC Cross-Site Scripting Vulnerability

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features.A cross-site scripting vulnerability exists in versions prior to Discourse DiscoTOC 2.1.0, which stems from the lack of escaping and filtering of input data on pages that can...

5.4CVSS2.2AI score0.00372EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/10 12:0 a.m.•28 views

Singularity Image Format Encryption Problem Vulnerability

Singularity Image Format is a compressed squashfs file system from Singularity that has a block organization structure, including metadata and definition files for containers, first labels, partition contents, signatures if they exist, and, of course, the containers for the binaries themselves...

9.8CVSS2.1AI score0.00477EPSS
Exploits0References1
CNVD
CNVD
•added 2022/10/10 12:0 a.m.•28 views

ZoneMinder Cross-Site Scripting Vulnerability (CNVD-2022-68293)

ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, etc. ZoneMinder has a cross-site scripting vulnerability, which stems from a lack of input validation and can be exploited by attackers to execute code...

7.6CVSS4AI score0.03689EPSS
Exploits4References1
CNVD
CNVD
•added 2022/10/08 12:0 a.m.•28 views

Vim Resource Management Error Vulnerability (CNVD-2022-68074)

Vim is a cross-platform text editor. A security vulnerability exists in Vim versions prior to 9.0.0614, which stems from a confusion in the instruction in the didsetstringoption function that the program is responsible for freeing memory. An attacker can exploit the vulnerability to potentially...

7.8CVSS7.8AI score0.00489EPSS
Exploits1References1
CNVD
CNVD
•added 2022/09/30 12:0 a.m.•28 views

Bytebase licensing issue vulnerability

Bytebase is Bytebase's open source web-based, zero-configuration, dependency-free database schema change and version control management tool for DevOps teams. projects", which can be exploited by an attacker to view "projects" created by "Admin"...

4.3CVSS2.8AI score0.00537EPSS
Exploits1References1
CNVD
CNVD
•added 2022/09/30 12:0 a.m.•28 views

Cisco IOS XE SD-WAN Software and SD-WAN Software Path Traversal Vulnerability

Cisco IOS XE SD-WAN Software and Cisco SD-WAN are both products of Cisco U.S.A. Cisco IOS XE SD-WAN Software is a software for network management software-defined networking applied to the Cisco IOS XE network operating system. The Cisco IOS XE SD-WAN and Cisco SD-WAN are vulnerable to a path...

4AI score0.00195EPSS
Exploits0Affected Software5
CNVD
CNVD
•added 2022/09/29 12:0 a.m.•28 views

Aruba Networks ArubaOS and InstantOS Command Execution Vulnerabilities

ArubaOS is the network operating system for Aruba Mobility Controllers, Mobility Masters, and controller-managed Access Points APs.InstantOS is an Arch Linux-based distribution. A command execution vulnerability exists in Aruba Networks ArubaOS and InstantOS. The vulnerability stems from the...

7.8CVSS8.9AI score0.00771EPSS
Exploits0References1
CNVD
CNVD
•added 2022/09/28 12:0 a.m.•28 views

Kitty Code Execution Vulnerability

kitty is a fast, feature-rich, GPU-based terminal emulator developed by kovidgoyal. A code execution vulnerability exists in versions prior to Kitty 0.26.2 that stems from insufficient validation in the desktop notification escape sequence and can be exploited by an attacker to cause execution of...

7.8CVSS7.7AI score0.00499EPSS
Exploits1References1
CNVD
CNVD
•added 2022/09/28 12:0 a.m.•28 views

Apple macOS Monterey Logic Error Vulnerability

Apple macOS Monterey is the 18th major release of Apple's macOS for the Macintosh desktop operating system. Apple macOS Monterey suffers from a logic error vulnerability that stems from a logic error issue in the application, which can be exploited by an attacker to gain unauthorized Bluetooth...

5.5CVSS5.4AI score0.00244EPSS
Exploits0References1
CNVD
CNVD
•added 2022/09/28 12:0 a.m.•28 views

QEMU Denial of Service Vulnerability (CNVD-2022-84157)

QEMU Quick Emulator is a set of emulation processor software from Fabrice Bellard, a French personal developer. QEMU VNC server has a denial of service vulnerability, which stems from an integer underflow in the processing of ClientCutText messages in extended format, which can be exploited by an...

6.5CVSS3.3AI score0.0114EPSS
Exploits0References1
CNVD
CNVD
•added 2022/09/28 12:0 a.m.•28 views

Rocket.Chat Information Disclosure Vulnerability (CNVD-2022-69164)

Rocket.Chat is an open source team chat software. Rocket.Chat suffers from an information disclosure vulnerability that stems from the presence of a clear-text transfer of sensitive information related to an oauth token, causing the oauth token to be leaked in the product. An attacker could explo...

6.5CVSS6.1AI score0.00551EPSS
Exploits1References1
CNVD
CNVD
•added 2022/09/26 12:0 a.m.•28 views

Tenda i9 formWifiMacFilterSet function buffer overflow vulnerability

Tenda i9 is an enterprise wireless AP device. tenda i9 formWifiMacFilterSet function function buffer overflow vulnerability can be exploited by attackers to cause a denial of service DoS via specially crafted strings...

7.5CVSS5.3AI score0.00756EPSS
Exploits0References1
CNVD
CNVD
•added 2022/09/26 12:0 a.m.•28 views

Tenda i9 formwrlSSIDset function buffer overflow vulnerability

Tenda i9 is an enterprise wireless AP device. a buffer overflow vulnerability exists in the Tenda i9 formwrlSSIDset function, which can be exploited by attackers to cause a denial of service DoS via a specially crafted string...

7.5CVSS5.1AI score0.00746EPSS
Exploits0References1
CNVD
CNVD
•added 2022/09/26 12:0 a.m.•28 views

Apache Kafka Denial of Service Vulnerability

Apache Kafka is an open source distributed streaming platform from the Apache Foundation in the United States. The platform is capable of capturing real-time data and is used to build applications that react in real-time to changes in the data stream. Apache Kafka suffers from a denial-of-service...

3.7AI score0.0125EPSS
Exploits0Affected Software4
CNVD
CNVD
•added 2022/09/23 12:0 a.m.•28 views

Adobe Bridge Resource Management Error Vulnerability (CNVD-2022-66013)

Adobe Bridge is a file viewer from Adobe. Adobe Bridge is vulnerable to a resource management error, which stems from the impact of post-release reuse and can be exploited by attackers to execute arbitrary code in the context of the current user...

7.8CVSS5.3AI score0.0043EPSS
Exploits0References1
CNVD
CNVD
•added 2022/09/23 12:0 a.m.•28 views

Adobe InDesign product buffer overflow vulnerability

Adobe InDesign, a set of typesetting and editing applications from Adobe, has a buffer overflow vulnerability that originates from out-of-bounds reads and could lead to a memory leak. An attacker can remotely execute arbitrary code through this vulnerability...

5.5CVSS5.3AI score0.00448EPSS
Exploits0References1
CNVD
CNVD
•added 2022/09/20 12:0 a.m.•28 views

Google TensorFlow Denial of Service Vulnerability (CNVD-2023-10608)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A denial-of-service vulnerability exists in Google TensorFlow, which stems from the fact that FakeQuantWithMinMaxVars will fail to assert if it is given a tensor of non-zero rank min or max. An attacker...

7.5CVSS4.7AI score0.00383EPSS
Exploits0References1
CNVD
CNVD
•added 2022/09/20 12:0 a.m.•28 views

Google TensorFlow Input Validation Error Vulnerability (CNVD-2023-10611)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. An input validation error vulnerability exists in Google TensorFlow, which stems from a segmentation error that occurs if QuantizedAdd is given a tensor of non-zero rank mininput or maxinput. An attacke...

7.5CVSS4.6AI score0.00409EPSS
Exploits0References1
CNVD
CNVD
•added 2022/09/20 12:0 a.m.•28 views

Google TensorFlow Denial of Service Vulnerability (CNVD-2023-10601)

Google TensorFlow is an end-to-end open source platform for machine learning from Google. Google TensorFlow has a denial-of-service vulnerability that can be exploited by attackers to trigger a denial-of-service attack...

7.5CVSS4.4AI score0.00383EPSS
Exploits0References1
CNVD
CNVD
•added 2022/09/20 12:0 a.m.•28 views

Tenda RX9 Pro setIPv6Status buffer overflow vulnerability

Tenda RX9 Pro is a wireless router from Tenda, China. Tenda RX9 Pro is vulnerable to a buffer overflow vulnerability caused by a lack of length checking of incoming data by setIPv6Status, which could be exploited by an attacker to cause code execution or denial of service...

9.8CVSS9.5AI score0.00976EPSS
Exploits1References1
CNVD
CNVD
•added 2022/09/20 12:0 a.m.•28 views

Google TensorFlow Denial of Service Vulnerability (CNVD-2023-10600)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A denial-of-service vulnerability exists in Google TensorFlow, which stems from the fact that when AudioSummaryV2 receives an input samplerate containing multiple elements, it gives an assertion failure...

7.5CVSS3.4AI score0.00396EPSS
Exploits0References1
CNVD
CNVD
•added 2022/09/14 12:0 a.m.•28 views

Siemens Simcenter Femap and Parasolid Out-of-Bounds Reading Vulnerability (CNVD-2022-62978)

Parasolid is a 3D geometric modeling tool that supports a variety of techniques, including solid modeling, direct editing, and free-form/sheet modeling.Simcenter Femap is an advanced simulation application for creating, editing, and examining finite element models of complex products or...

7.8CVSS2.1AI score0.00241EPSS
Exploits0References1
CNVD
CNVD
•added 2022/09/07 12:0 a.m.•28 views

Huawei HarmonyOS Path Traversal Vulnerability (CNVD-2022-64982)

Huawei HarmonyOS is an operating system from Huawei China Inc. A path traversal vulnerability exists in Huawei HarmonyOS, which stems from the failure of the number identification module to properly filter special elements in the path of a resource or file. An attacker could exploit this...

7.5CVSS3.1AI score0.00721EPSS
Exploits0References1
CNVD
CNVD
•added 2022/09/02 12:0 a.m.•28 views

LibTIFF Buffer Overflow Vulnerability (CNVD-2022-72100)

LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. The library contains a number of command-line tools for working with TIFF files.A security vulnerability exists in LibTIFF, which stems from a heap buffer overflow flaw found in the TIFFReadRawDataStriped function o...

6.5CVSS2AI score0.00985EPSS
Exploits1References1
CNVD
CNVD
•added 2022/08/31 12:0 a.m.•28 views

QEMU Denial of Service Vulnerability (CNVD-2022-84158)

QEMU Quick Emulator is a set of emulated processor software from Fabrice Bellard, a French personal developer. QEMU has a denial of service vulnerability, which stems from a deadlock problem in its AHCI controller during a software reset ahciresetport while processing host-to-device registration...

4.4CVSS2.4AI score0.0019EPSS
Exploits0References1
CNVD
CNVD
•added 2022/08/24 12:0 a.m.•28 views

Linksys MR8300 OS Command Injection Vulnerability

Linksys MR8300 is a high-performance tri-band router from Linksys, Inc. The Linksys MR8300 Router version 1.0 contains an operating system command injection vulnerability, which stems from the fact that by specifying a username and password when registering for DDNS services, an attacker could us...

8.8CVSS5.4AI score0.00609EPSS
Exploits0References1
CNVD
CNVD
•added 2022/08/24 12:0 a.m.•28 views

Apache Flume input validation error vulnerability

Apache Flume is a distributed, reliable and available service from the Apache Foundation, USA. Used to efficiently collect, aggregate, and move large amounts of log data, versions of Apache Flume prior to 1.4.0 through 1.10.0 contain a security vulnerability that stems from vulnerability to remot...

9.8CVSS2.5AI score0.0231EPSS
Exploits0References1
CNVD
CNVD
•added 2022/08/12 12:0 a.m.•28 views

Adobe Acrobat Reader Buffer Overflow Vulnerability (CNVD-2022-58463)

Adobe Acrobat Reader is a PDF viewer from Adobe, Inc. The software is used to print, sign, and annotate PDFs. Adobe Acrobat Reader is vulnerable to a buffer overflow vulnerability that stems from a lack of proper validation of user-supplied data, which could result in reading beyond the end of th...

5.5CVSS4AI score0.02453EPSS
Exploits0References1
CNVD
CNVD
•added 2022/08/12 12:0 a.m.•28 views

Microsoft Azure Site Recovery Remote Code Execution Vulnerability (CNVD-2022-67840)

Microsoft Azure Site Recovery ASR is a DRaaS provided by Azure for cloud and hybrid cloud architectures. a remote code execution vulnerability exists in Microsoft Azure Site Recovery. An attacker could exploit this vulnerability to execute code on the target host...

7.2CVSS3AI score0.01881EPSS
Exploits0References1
Total number of security vulnerabilities5000