131102 matches found
Adobe Dimension Out-of-Bounds Read Vulnerability (CNVD-2023-25106)
Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. Adobe Dimension suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context of the current user...
Adobe Dimension out-of-bounds write vulnerability (CNVD-2023-21650)
Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. Adobe Dimension suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-45900)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Adobe Dimension Out-of-Bounds Read Vulnerability (CNVD-2023-21654)
Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. Adobe Dimension suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context of the current user...
Adobe Substance 3D Stager out-of-bounds write vulnerability (CNVD-2023-43893)
Adobe Substance 3D Stager is a virtual 3D studio from the American company Audobee Adobe. Adobe Substance 3D Stager suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...
Adobe Dimension Heap Buffer Overflow Vulnerability (CNVD-2023-21653)
Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. Adobe Dimension suffers from a heap buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...
Siemens Tecnomatix Plant Simulation Memory Corruption Vulnerability
Siemens Tecnomatix Plant Simulation is an industrial control device from Siemens, Germany. Using the function of discrete event simulation for production volume analysis and optimization, and thus improve the manufacturing system performance. A memory corruption vulnerability exists in versions...
Google Chrome V8 Type Obfuscation Vulnerability (CNVD-2023-17527)
Google Chrome is a web browser from Google, Inc. A type obfuscation vulnerability exists in versions prior to Google Chrome 111.0.5563.64, which stems from a type obfuscation issue in V8. An attacker could use this vulnerability to cause heap corruption via specially crafted HTML pages...
Google Chrome DevTools Resource Management Error Vulnerability (CNVD-2023-17525)
Google Chrome is a web browser from Google, Inc. A security vulnerability exists in versions prior to Google Chrome 111.0.5563.64, which stems from a confusion in the DevTools component's instructions for freeing memory. A remote attacker could exploit the vulnerability to cause heap corruption v...
Dell PowerPath Management Appliance Licensing Issue Vulnerability
Dell PowerPath Management Appliance is a PowerPath host management application from Dell USA that offers two models: a virtual machine-based appliance and a Docker containerized appliance. dell PowerPath Management Appliance Licensing Issues Vulnerability. An attacker could use this vulnerability...
IBM QRadar SIEM Information Disclosure Vulnerability (CNVD-2023-11693)
IBM QRadar SIEM is a solution from IBM that leverages security intelligence to protect assets and information from advanced threats. IBM QRadar SIEM versions 7.4 and 7.5 contain an information disclosure vulnerability that originates when a non-tenant user assigned a domain-specific security...
Adobe Animate Memory Misreference Vulnerability
Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. Adobe Animate suffers from a memory misreference vulnerability that originates from a mix-up in the program's instructions responsible for freeing memory. An attacker could exploit this vulnerability to...
IBM WebSphere Application Server encryption problem vulnerability
IBM WebSphere Application Server WAS is an application server product from International Business Machines IBM. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM WebSphere software platform. IBM WebSphere Application Server versions 8.5 and 9.0 ha...
Huawei HarmonyO SHwContacts module logic bypass vulnerability
Huawei HarmonyOS is an operating system from Huawei China. Huawei HarmonyO SHwContacts module is vulnerable to a logical bypass vulnerability that could be exploited by attackers to compromise data integrity...
D-Link DIR-825 Buffer Overflow Vulnerability (CNVD-2023-21665)
D-Link DIR-825 is a router from D-Link, a Chinese company. D-Link DIR-825 v1.33.0.44ebdd4-embedded and previous versions are vulnerable to a buffer overflow vulnerability, which is caused by a boundary error when handling untrusted input, and can be exploited to execute arbitrary code against the...
Schneider Electric SoMachine HVAC Buffer Overflow Vulnerability
Schneider Electric SoMachine HVAC is a suite of programming software dedicated to Schneider Electric logic controllers from the French company Schneider Electric Schneider Electric. A buffer overflow vulnerability exists in Schneider Electric SoMachine HVAC, which can be exploited by a remote...
Siretta QUARTZ-GOLD Directory Traversal Vulnerability
Siretta QUARTZ-GOLD is an industrial router with multiple features and services.A directory traversal vulnerability exists in Siretta QUARTZ-GOLD, which can be exploited by attackers to cause arbitrary file deletion by sending specially crafted network packets...
F5 BIG-IP Edge Client for Windows Command Execution Vulnerability
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A command execution vulnerability exists in F5 BIG-IP Edge Client for Windows, which can be exploited by attackers to execute...
Oracle VM VirtualBox has an unspecified vulnerability (CNVD-2023-05477)
A security vulnerability exists in Oracle VM VirtualBox, a virtual machine management software from Oracle Corporation. A low privilege attacker can compromise Oracle VM VirtualBox by logging into the infrastructure where Oracle VM VirtualBox is executing...
Unspecified Vulnerability in Siemens S7-1500 CPU devices
SIMATIC drive controllers are designed for the automation of production machines, combining the functionality of the SIMATIC S7-1500 CPU and the SINAMICS S120 drive control.The SIMATIC S7-1500 CPU products are designed for discrete and continuous control in industrial environments such as global...
Microsoft Office Visio Remote Code Execution Vulnerability (CNVD-2023-85905)
Microsoft Office Visio is responsible for drawing flowcharts and schematic diagrams in the Office software series of the American Microsoft Microsoft company. A remote code execution vulnerability exists in Microsoft Office Visio, which can be exploited by an attacker to execute arbitrary code on...
Siemens Automation License Manager Path Traversal Vulnerability
The Automation License Manager ALM centrally manages license keys for various Siemens software products. Software products that require a license key automatically report this requirement to ALM. When ALM finds a valid license key for the software, the software can be used according to the end-us...
Microsoft 3D Builder Remote Code Execution Vulnerability (CNVD-2023-04319)
Microsoft 3D Builder is a tool for creating models and 3D printing from Microsoft USA. a security vulnerability exists in Microsoft 3D Builder. No details of the vulnerability are currently available...
Microsoft 3D Builder Remote Code Execution Vulnerability (CNVD-2023-04321)
Microsoft 3D Builder, a tool for creating models and 3D printing from Microsoft USA, has a security vulnerability. No details of the vulnerability are currently available...
Microsoft 3D Builder Remote Code Execution Vulnerability (CNVD-2023-04329)
Microsoft 3D Builder, a tool for creating models and 3D printing from Microsoft USA, has a security vulnerability. No details of the vulnerability are currently available...
IBM Sterling B2B Integrator Cross-Site Scripting Vulnerability (CNVD-2023-05238)
IBM Sterling B2B Integrator is a suite of software from International Business Machines IBM that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. A cross-site scripting...
Tenda A15 ssid parameter stack overflow vulnerability
Tenda A15 is a WiFi extender from Tenda, China. A stack overflow vulnerability exists in the Tenda A15 ssid parameter, which stems from a lack of length checking of input data in the ssid parameter of /goform/WifiBasicSet, and can be exploited by attackers to execute arbitrary code on the system...
Mozilla Firefox Access Control Error Vulnerability (CNVD-2023-03068)
Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. An access control error vulnerability exists in Mozilla Firefox, which stems from the Remote Agent used in WebDriver not validating the Host or Origin header. An attacker could exploit the vulnerability to force...
FlatPress Cross-Site Scripting Vulnerability (CNVD-2023-06527)
FlatPress is a Php-based blogging system from the FlatPress community that does not require database support. A cross-site scripting vulnerability exists in FlatPress, which stems from a problem with an unknown part of the admin/panels/entry/admin.entry.list.php file in the Admin Area component...
Ghost Information Disclosure Vulnerability
Ghost is the Singapore Ghost Foundation a set of open source headless content management system written in JavaScript . Ghost has a security vulnerability that can be exploited by remote attackers to submit special requests and obtain sensitive information...
phpRedisAdmin Cross-Site Request Forgery Vulnerability
phpRedisAdmin is an individual developer's web administration page for managing Redis. A security vulnerability exists in phpRedisAdmin versions prior to 1.17.3 that originates from an unknown section and manipulates to cause cross-site request forgery. No details of the vulnerability are availab...
OpenImageIO Code Execution Vulnerability (CNVD-2023-01793)
A code execution vulnerability exists in the IFFOutput::close function of OpenImageIO v2.4.4.2, an image read/write library that also provides tools and applications. An attacker could use this vulnerability to cause a heap buffer overflow via a specially crafted ImageOutput object when the "ymax...
Google Pixel buffer overflow vulnerability (CNVD-2023-01493)
The Google Pixel is a smartphone from Google, Inc. The vulnerability can be exploited by attackers to execute unauthorized commands, which can gain system privileges and then perform various illegal operations...
Google Android elevation of privilege vulnerability (CNVD-2023-07675)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to elevate privileges...
Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2022-91159)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
ZTE ZXHN-H108NS Stack Buffer Overflow Vulnerability
The ZTE ZXHN-H108NS is a wireless router from China's ZTE Corporation ZTE. The ZTE ZXHN-H108NS suffers from a stack buffer overflow vulnerability that can be exploited by remote attackers to cause the device to crash...
Tenda W6-S Stack Overflow Vulnerability
Tenda W6-S is a router from Tenda, a Chinese company. Tenda W6-S is vulnerable to a stack overflow vulnerability that can be exploited by attackers to cause a denial of service...
Tenda W6-S Denial of Service Vulnerability
Tenda W6-S is a router from Tenda, China.A denial of service vulnerability exists in Tenda W6-S, which can be exploited by attackers to reboot the device and cause a denial of service...
Google Chrome Security Bypass Vulnerability (CNVD-2023-08261)
Google Chrome is a web browser from Google, Inc. A security bypass vulnerability exists in Google Chrome, which stems from inadequate validation of untrusted input in downloads. An attacker could exploit this vulnerability to bypass security restrictions...
VMware Tools for Windows Denial of Service Vulnerability
VMware Tools for Windows 10.0.0 and later, but prior to version 12.1.5, contain a denial of service vulnerability. A denial of service vulnerability exists in the VM3DMP driver, which is caused by improper input validation in the VM3DMP driver and can be exploited by an attacker with local user...
Google Chrome Security Bypass Vulnerability (CNVD-2023-08260)
Google Chrome is a web browser from Google, Inc. A security bypass vulnerability exists in Google Chrome, which is caused by insufficient policy enforcement in DevTools. An attacker could exploit this vulnerability to bypass security restrictions...
Unspecified Vulnerability in Epson TM-C3500 and TM-C7500
The Epson TM-C3500 and Epson TM-C7500 are both printers from the Japanese company Epson. A security vulnerability exists in Epson TM-C3500 and TM-C7500 firmware version WAM31500, which can be exploited by an attacker to bypass authentication...
Apartment Visitor Management System SQL Injection Vulnerability
Apartment Visitor Management System is an Apartment Visitor Management System by Carlo Montero Personal Developer. Apartment Visitor Management System v1.0 suffers from a SQL injection vulnerability, which originates from the lack of validity filtering of special characters in /avms/index.php,...
ARM Mali GPU Driver Competitive Conditions Vulnerability
ARM Mali GPU Driver is an email driver from ARM UK. A competitive condition vulnerability exists in ARM Mali GPU Driver version 2022-06-29 and earlier, which stems from TOCTOU having a competitive condition that allows an unprivileged user to perform an incorrect GPU processing operation to acces...
Digital Alert Systems DASDEC EAS Cross-Site Scripting Vulnerability
Digital Alert Systems DASDEC EAS is a digital alert system from Digital Alert Systems in the United States. A cross-site scripting vulnerability exists in all current versions of Digital Alert Systems DASDEC, which stems from a lack of effective filtering and escaping of user-supplied data on an...
GE CIMPLICITY HMI/SCADA Software Buffer Overflow Vulnerability
GE CIMPLICITY HMI/SCADA Software is an automated industrial platform from General Electric GE. It provides true client-server visualization and control from a single machine to plant locations around the world, helping to manage operations and improve decision making. A buffer overflow...
AeroCMS SQL Injection Vulnerability
AeroCMS is a content management system from AeroCMS, Inc. A security vulnerability exists in AeroCMS v0.0.1, which stems from the edit parameter of its admincategories.php component allowing an attacker to implement SQL injection resulting in access to database information. No detailed...
Fusiondirectory Cross-Site Scripting Vulnerability
FusionDIrectory is a FusionDIrectory open source application. Used to ensure that the user's identity management security. A cross-site scripting vulnerability exists in Fusiondirectory version 1.3. The vulnerability stems from a lack of effective filtering and escaping of user-supplied data, whi...
ZTE MF286R Buffer Overflow Vulnerability
The ZTE MF286R is a wireless router from ZTE Corporation China.A buffer overflow vulnerability previously existed in the ZTE MF286R mf286rb07 version, which stems from the lack of input validation of the wifi interface parameters and can be exploited by attackers to conduct denial of service...
Karmasis Infraskope Agent Access Control Error Vulnerability
Karmasis Infraskope Agent is an application logger from Karmasis. An Access Control Error vulnerability exists in Karmasis Infraskope Agent versions prior to 7.10.00, which stems from improper access control in the application and can be exploited by an attacker to corrupt the page listing the...