131102 matches found
Siemens RUGGEDCOM ROS integer overflow vulnerability
Siemens RuggedCom ROS is an operating system used in the RuggedCom family of switches from Siemens Germany. Siemens RUGGEDCOM ROS is vulnerable to an integer overflow vulnerability that could be exploited by an attacker to request large amounts of data, resulting in the allocation of smaller data...
Microsoft Azure Site Recovery Code Injection Vulnerability (CNVD-2022-17998)
Microsoft Azure Site Recovery is a site recovery DRaaS from Microsoft Corporation for cloud and hybrid cloud architectures. Microsoft Azure Site Recovery is vulnerable to code injection. No details of the vulnerability are currently available...
Pytorch-Lightning Code Injection Vulnerability
Pytorch-Lightning is an open source lightweight PyTorch wrapper for high-performance Ai research. Used for high-performance Ai research, Pytorch-Lightning is vulnerable to a code injection vulnerability that could be exploited to inject code into the GitHub repository...
Espruino Buffer Overflow Vulnerability (CNVD-2022-20168)
Espruino is a JavaScript interpreter. It is designed for devices with only 128kB flash and 8kB RAM. espruino 2v11 has a security vulnerability that stems from src/jsvar.c containing a stack buffer overflow. No details of the vulnerability are currently available...
MariaDB code issue vulnerability
MariaDB is a free and open source database management system from the MariaDB Mariadb Foundation and a version of the MySQL branch that uses the Maria storage engine.A code issue vulnerability exists in MariaDB, which stems from the fact that the product allows certain SELECT statements to cause...
IPCOMM ipDIO Cross-Site Scripting Vulnerability (CNVD-2022-20535)
IPCOMM ipDIO is a remote control communication device from IPCOMM Germany. It is used to record digital and analog inputs and control digital outputs. A cross-site scripting vulnerability exists in IPCOMM ipDIO that allows an unauthenticated, remote attacker to exploit the vulnerability to...
Liferay Portal and Liferay DXP Cross-Site Scripting Vulnerability (CNVD-2022-19498)
Liferay Portal and Liferay DXP are both products of Liferay, a J2EE-based portal solution that uses EJB and JMS technologies and serves as a web publishing and shared workspace, enterprise collaboration platform, social network, etc. Liferay DXP is a digital experience collaboration platform...
Google Chrome Cast UI memory error reference vulnerability
Google Chrome is a web browser from Google, Inc. A memory mis-reference vulnerability exists in the Google Chrome Cast UI, which is caused by a mix-up in the program's instructions for freeing memory, and can be exploited to cause the program to crash and execute arbitrary code...
Elasticsearch permission permission and access control issues vulnerability
Elasticsearch is a set of open source distributed RESTful search engine built on Lucene from the Dutch company Elasticsearch. The product is mainly used in cloud computing and supports data indexing using JSON over HTTP. Elasticsearch is vulnerable to privilege permission and access control issue...
Elasticsearch Kibana Cross-Site Scripting Vulnerability (CNVD-2022-23464)
A cross-site scripting vulnerability exists in Elasticsearch Kibana, an open source, browser-based analysis and search Elasticsearch dashboard tool from Elasticsearch Netherlands, which stems from a lack of filtering and escaping of user data in the data preview pane. An attacker could exploit th...
WordPress Drag & Drop Contact Form Plugin Arbitrary File Download Vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An arbitrary file download vulnerability exists in Wordpress Drag & Drop Contact Form Plugin 1.0.5 and earlier...
WordPress WP Review Slider plugin SQL injection vulnerability
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blogging sites on PHP and MySQL servers.WordPress WP Review Slider plugin version 11.0 before the SQL injection vulnerability, the vulnerability stems fr...
JetBrains TeamCity Cross-Site Scripting Vulnerability (CNVD-2022-15943)
JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Czech Republic. The tool provides continuous unit testing, code quality analysis, and build issue analysis reporting.JetBrains TeamCity contains a cross-site scripting vulnerability that could be...
ImageMagick code issue vulnerability (CNVD-2022-18008)
Imagemagick Studio ImageMagick is a set of open source image processing software from the American company ImageMagick Studio Imagemagick Studio. The software can read, convert, or write images in a variety of formats.ImageMagick has a security vulnerability that stems from a null pointer...
libreoffice trust management issue vulnerability (CNVD-2022-55626)
LibreOffice is an open source office software suite from The Document Foundation tdf. The product includes applications such as Writer text documents, Calc spreadsheets and Impress presentations. A trust management issue vulnerability exists in libreoffice, which stems from libreoffice: signature...
libsolv buffer overflow vulnerability (CNVD-2022-15957)
libsolv is a library for checking package dependencies. libsolv has a security vulnerability, and no details of the vulnerability are currently provided...
WordPress plugin Perfect Brands for WooCommerce information leakage vulnerability
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. WordPress plugin is a WordPress application plugin. WordPress Plugin Perfect Brands for WooCommerce is vulnerable to an information disclosure vulnerability that could be exploited by an attacker...
IBM Maximo Asset Management Authorization Issues Vulnerability
IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for these assets. An authorizatio...
Tenda AX3 Buffer Overflow Vulnerability (CNVD-2022-12735)
Tenda Ax3 is an Ax1800 Gigabit Port Dual Band Wifi 6 Wireless Router from Tenda, China. A buffer overflow vulnerability exists in Tenda AX3 v16.03.12.10CN, which stems from a stack overflow in the function savparentcontrolinfo that does not properly check the time parameter. An attacker could cau...
Tenda G1 and G3 Buffer Overflow Vulnerability (CNVD-2022-16179)
The Tenda G1 and G3 are routers from the Chinese company Tenda. A buffer overflow vulnerability exists in the Tenda G1 and G3, which can be exploited by an attacker to cause a denial of service via the manualTime parameter...
PJSUA API buffer overflow vulnerability
Pjsua Api is an advanced Api for building Sip multimedia user agent applications. a buffer overflow vulnerability exists in the PJSUA API, which can be exploited by attackers to cause a buffer overflow via a controlled buffer parameter...
Vim Buffer Overflow Vulnerability (CNVD-2022-11175)
Vim is a UNIX-based editor. buffer overflow vulnerability exists in versions of Vim prior to 8.2, which stems from a heap overflow in exretab. An attacker could exploit this vulnerability to execute arbitrary code...
WordPress MapPress Maps plugin cross-site scripting vulnerability
WordPress is the WordPress Wordpress Foundation's set of blogging platforms developed using the PHP language. A cross-site scripting vulnerability exists in versions of the WordPress MapPress Maps plugin prior to 2.73.4. The vulnerability stems from the fact that the MapPress Maps plugin does not...
WordPress Futurio Extra plugin SQL injection vulnerability
WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. A SQL injection vulnerability exists in versions of the WordPress Futurio Extra plugin prior to 1.6.3, which stems from a lack of filtering and escaping of SQL data submitted by users. A highly privileg...
WordPress Futurio Extra plugin information leakage vulnerability
WordPress is a set of blogging platforms developed by the WordPress Wordpress Foundation using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. An information disclosure vulnerability exists in versions of WordPress Futurio Extra plugin pri...
Google Android Access Control Error Vulnerability (CNVD-2022-13350)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from a security vulnerability that stems from allowing the creation of specific named system directories without proper permissions. No details of the vulnerability are available at this time...
Adobe Illustrator out-of-bounds read vulnerability (CNVD-2022-15931)
A security vulnerability exists in Adobe Illustrator, a vector-based image creation software from Adobe, which stems from the product's failure to securely check memory boundaries. An attacker could exploit the vulnerability to cause a sensitive memory leak...
D-Link DIR-X1860 Denial of Service Vulnerability (CNVD-2022-11517)
The D-Link Dir-X1860 is a dual-band router from D-Link, a Chinese company. A specially designed URL to an authenticated victim to reboot the router. The authenticated victim would need to access the URL in order for the router to reboot...
vim information disclosure vulnerability (CNVD-2022-20697)
Vim is a UNIX-based editor. vim has a security vulnerability that stems from out-of-bounds during pointer usage in Conda vim. No details of the vulnerability are currently available...
Huawei EMUI Security Bypass Vulnerability
Huawei Emui is an Android-based mobile operating system developed by Huawei, a Chinese company. A security bypass vulnerability exists in HUAWEI EMUI/Magic UI, which stems from a security protection bypass vulnerability in the modem. An attacker could exploit the vulnerability to cause a memory...
Xwiki Platform licensing issue vulnerability (CNVD-2022-13405)
Xwiki Platform is a wiki platform for creating web collaboration applications from the French company Xwiki. XWiki Platform is vulnerable to an authorization issue, which stems from the fact that even if the wiki is closed to visitors, it is possible to guess whether a user has an account on the...
Radareorg Radare2 Resource Management Error Vulnerability
radare2 is a set of libraries and tools for working with binary files. radareorg Radare2 is vulnerable to a resource management error that stems from the product's reuse of freed memory. No detailed vulnerability details are currently available...
MariaDB Denial of Service Vulnerability (CNVD-2022-65011)
MariaDB is a free and open source database management system from the MariaDB Foundation and a forked version of MySQL with the Maria storage engine. MariaDB suffers from a denial of service vulnerability that stems from the product sqlparse.cc file not effectively handling usedtables exceptions...
Tenda G1 and G3 Command Injection Vulnerability (CNVD-2022-10749)
Tenda G1 and G3 is a router from Tenda, China. Tenda G1 and G3 v15.11.0.179502CN is vulnerable to command injection, which can be exploited by attackers to execute arbitrary commands via the IPGroupStartIP and IPGroupEndIP parameters...
Bentley Systems Bentley View Buffer Overflow Vulnerability
Bentley Systems Bentley View is a free viewer from Bentley Systems, USA. A buffer overflow vulnerability exists in Bentley View that can be exploited by an attacker to disclose sensitive information about an affected Bentley View installation...
Bentley Systems MicroStation Buffer Overflow Vulnerability (CNVD-2022-16157)
Bentley Systems MicroStation is a Cad software platform for 2D and 3D design and drafting from Bentley Systems, USA. A buffer overflow vulnerability exists in Bentley Systems MicroStation, which can be exploited by an attacker to disclose sensitive information about an affected installation of...
Sante DICOM Viewer Pro DCM Remote Code Execution Vulnerability
Sante DICOM Viewer Pro is a medical DICOM image viewer.A remote code execution vulnerability exists in Sante DICOM Viewer Pro DCM, which can be exploited by attackers to execute code in the context of the current process...
Huawei HarmonyOS Competitive Conditions Issue Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from a conditional contention vulnerability in the binder driver subsystem of the Wearables...
Siemens Simcenter Femap File Parsing Vulnerability
Siemens Simcenter Femap is a cutting-edge engineering simulation application from Siemens, Germany. It is used to create, edit and import/reuse mesh-based finite element analysis models of complex products or systems. Siemens Simcenter Femap is vulnerable to file parsing, which can be exploited b...
Oracle MySQL Input Validation Error Vulnerability (CNVD-2022-09147)
Oracle MySQL Server is a relational database from Oracle Corporation. An input validation error vulnerability exists in MySQL Server, which originates from an input validation error in the Server: Optimizer component in MySQL Server. An attacker can exploit the vulnerability to corrupt or delete...
Oracle MySQL Server Input Validation Error Vulnerability (CNVD-2022-13063)
Oracle MySQL Server is a relational database from Oracle Corporation USA. Oracle MySQL Server is vulnerable to an input validation error due to incorrect input validation in the Server: Optimizer component of MySQL Server. An attacker could exploit the vulnerability to corrupt or delete data...
Google Chrome Buffer Overflow Vulnerability (CNVD-2022-15133)
Google Chrome is a web browser from Google, Inc. A buffer overflow vulnerability exists in Google Chrome, which can be exploited by attackers to convince users to engage in specific user interactions to exploit heap corruption via carefully crafted HTML pages...
Adobe Acrobat/Reader Resource Management Error Vulnerability
Adobe Reader also known as Acrobat Reader is a PDF file reader software developed by Adobe. Adobe Acrobat is a PDF editing software developed by Adobe. Adobe Acrobat/Reader has a resource management error vulnerability, which can be exploited by remote attackers to Creating specially crafted PDF...
HDF5 Denial of Service Vulnerability (CNVD-2022-07232)
HDF5 is a suite of tools for managing and storing different types of data from HDF, Inc. The product supports managing, manipulating, viewing and analyzing data, and generating files in portable formats.A security vulnerability exists in HDF5 v1.13.1-1, which stems from a heap-release-after-reuse...
Google Chrome Resource Management Error Vulnerability (CNVD-2022-15162)
Google Chrome is a web browser from Google, Inc. Google Chrome is vulnerable to resource management errors, which can be exploited by attackers to perform sandbox escapes through carefully crafted HTML pages...
Oracle GraalVM Input Validation Error Vulnerability (CNVD-2022-15476)
Oracle GraalVM is a set of on-the-fly compilers written in the Java language from Oracle Corporation USA.GraalVM Enterprise Edition is the enterprise version of GraalVM.An input validation error vulnerability exists in Oracle GraalVM due to an Oracle GraalVM Enterprise Edition has incorrect input...
Grafana Information Disclosure Vulnerability (CNVD-2022-06890)
Grafana is a set of open source monitoring tools from Grafana Labs that provides a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, Prometheus, etc. Grafana suffers from an information disclosure vulnerability that stems from the fact that in the...
Weak password vulnerability in Kingdee Cloudstar
Kingdee Cloudstar is a new generation of strategic enterprise management software developed based on cutting-edge technologies such as cloud computing, big data, socialization, artificial intelligence and Internet of Things. There is a weak password vulnerability in Kingdee Cloudstar, which can b...
Vim Resource Management Error Vulnerability (CNVD-2022-03944)
Vim, a UNIX-based editor, is vulnerable to a resource management error in version 8.2.3883, which stems from an incorrect dereference of the pointer by the vimregexecmulti function in the product's regexp.c file. An attacker could cause a denial of service through this vulnerability...
Huawei Smartphone Buffer Overflow Vulnerability (CNVD-2022-08047)
The Huawei Smartphone is a smartphone from the Chinese company Huawei. The Huawei Smartphone suffers from a buffer error vulnerability that stems from an integer overflow vulnerability in the ACPU in the smartphone. An attacker could exploit this vulnerability to cause out-of-bounds access...