Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
added 2022/09/28 12:0 a.m.28 views

Kitty Code Execution Vulnerability

kitty is a fast, feature-rich, GPU-based terminal emulator developed by kovidgoyal. A code execution vulnerability exists in versions prior to Kitty 0.26.2 that stems from insufficient validation in the desktop notification escape sequence and can be exploited by an attacker to cause execution of...

7.8CVSS7.7AI score0.00499EPSS
Exploits1References1
CNVD
CNVD
added 2022/09/28 12:0 a.m.28 views

Apple macOS Monterey Logic Error Vulnerability

Apple macOS Monterey is the 18th major release of Apple's macOS for the Macintosh desktop operating system. Apple macOS Monterey suffers from a logic error vulnerability that stems from a logic error issue in the application, which can be exploited by an attacker to gain unauthorized Bluetooth...

5.5CVSS5.4AI score0.00244EPSS
Exploits0References1
CNVD
CNVD
added 2022/09/28 12:0 a.m.28 views

QEMU Denial of Service Vulnerability (CNVD-2022-84157)

QEMU Quick Emulator is a set of emulation processor software from Fabrice Bellard, a French personal developer. QEMU VNC server has a denial of service vulnerability, which stems from an integer underflow in the processing of ClientCutText messages in extended format, which can be exploited by an...

6.5CVSS3.3AI score0.0114EPSS
Exploits0References1
CNVD
CNVD
added 2022/09/28 12:0 a.m.28 views

Rocket.Chat Information Disclosure Vulnerability (CNVD-2022-69164)

Rocket.Chat is an open source team chat software. Rocket.Chat suffers from an information disclosure vulnerability that stems from the presence of a clear-text transfer of sensitive information related to an oauth token, causing the oauth token to be leaked in the product. An attacker could explo...

6.5CVSS6.1AI score0.00551EPSS
Exploits1References1
CNVD
CNVD
added 2022/09/26 12:0 a.m.28 views

Tenda i9 formWifiMacFilterSet function buffer overflow vulnerability

Tenda i9 is an enterprise wireless AP device. tenda i9 formWifiMacFilterSet function function buffer overflow vulnerability can be exploited by attackers to cause a denial of service DoS via specially crafted strings...

7.5CVSS5.3AI score0.00756EPSS
Exploits0References1
CNVD
CNVD
added 2022/09/26 12:0 a.m.28 views

Tenda i9 formwrlSSIDset function buffer overflow vulnerability

Tenda i9 is an enterprise wireless AP device. a buffer overflow vulnerability exists in the Tenda i9 formwrlSSIDset function, which can be exploited by attackers to cause a denial of service DoS via a specially crafted string...

7.5CVSS5.1AI score0.00746EPSS
Exploits0References1
CNVD
CNVD
added 2022/09/26 12:0 a.m.28 views

Apache Kafka Denial of Service Vulnerability

Apache Kafka is an open source distributed streaming platform from the Apache Foundation in the United States. The platform is capable of capturing real-time data and is used to build applications that react in real-time to changes in the data stream. Apache Kafka suffers from a denial-of-service...

3.7AI score0.0125EPSS
Exploits0Affected Software4
CNVD
CNVD
added 2022/09/23 12:0 a.m.28 views

Adobe Bridge Resource Management Error Vulnerability (CNVD-2022-66013)

Adobe Bridge is a file viewer from Adobe. Adobe Bridge is vulnerable to a resource management error, which stems from the impact of post-release reuse and can be exploited by attackers to execute arbitrary code in the context of the current user...

7.8CVSS5.3AI score0.0043EPSS
Exploits0References1
CNVD
CNVD
added 2022/09/23 12:0 a.m.28 views

Adobe InDesign product buffer overflow vulnerability

Adobe InDesign, a set of typesetting and editing applications from Adobe, has a buffer overflow vulnerability that originates from out-of-bounds reads and could lead to a memory leak. An attacker can remotely execute arbitrary code through this vulnerability...

5.5CVSS5.3AI score0.00448EPSS
Exploits0References1
CNVD
CNVD
added 2022/09/20 12:0 a.m.28 views

Google TensorFlow Input Validation Error Vulnerability (CNVD-2023-10611)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. An input validation error vulnerability exists in Google TensorFlow, which stems from a segmentation error that occurs if QuantizedAdd is given a tensor of non-zero rank mininput or maxinput. An attacke...

7.5CVSS4.6AI score0.00409EPSS
Exploits0References1
CNVD
CNVD
added 2022/09/20 12:0 a.m.28 views

Tenda RX9 Pro setIPv6Status buffer overflow vulnerability

Tenda RX9 Pro is a wireless router from Tenda, China. Tenda RX9 Pro is vulnerable to a buffer overflow vulnerability caused by a lack of length checking of incoming data by setIPv6Status, which could be exploited by an attacker to cause code execution or denial of service...

9.8CVSS9.5AI score0.00976EPSS
Exploits1References1
CNVD
CNVD
added 2022/09/20 12:0 a.m.28 views

Google TensorFlow Denial of Service Vulnerability (CNVD-2023-10608)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A denial-of-service vulnerability exists in Google TensorFlow, which stems from the fact that FakeQuantWithMinMaxVars will fail to assert if it is given a tensor of non-zero rank min or max. An attacker...

7.5CVSS4.7AI score0.00383EPSS
Exploits0References1
CNVD
CNVD
added 2022/09/20 12:0 a.m.28 views

Google TensorFlow Denial of Service Vulnerability (CNVD-2023-10600)

Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A denial-of-service vulnerability exists in Google TensorFlow, which stems from the fact that when AudioSummaryV2 receives an input samplerate containing multiple elements, it gives an assertion failure...

7.5CVSS3.4AI score0.00396EPSS
Exploits0References1
CNVD
CNVD
added 2022/09/20 12:0 a.m.28 views

Google TensorFlow Denial of Service Vulnerability (CNVD-2023-10601)

Google TensorFlow is an end-to-end open source platform for machine learning from Google. Google TensorFlow has a denial-of-service vulnerability that can be exploited by attackers to trigger a denial-of-service attack...

7.5CVSS4.4AI score0.00383EPSS
Exploits0References1
CNVD
CNVD
added 2022/09/19 12:0 a.m.28 views

Apple macOS Safari Buffer Overflow Vulnerability

Apple Safari is a web browser that is the default browser that comes with the Mac OS X and iOS operating systems. A security vulnerability exists in Apple macOS Safari WebKit, which can be exploited by a remote attacker to submit a special web request that can be tricked into being parsed by the...

8.8CVSS7.5AI score0.01136EPSS
Exploits0References1
CNVD
CNVD
added 2022/09/14 12:0 a.m.28 views

Siemens Simcenter Femap and Parasolid Out-of-Bounds Reading Vulnerability (CNVD-2022-62978)

Parasolid is a 3D geometric modeling tool that supports a variety of techniques, including solid modeling, direct editing, and free-form/sheet modeling.Simcenter Femap is an advanced simulation application for creating, editing, and examining finite element models of complex products or...

7.8CVSS2.1AI score0.00241EPSS
Exploits0References1
CNVD
CNVD
added 2022/09/07 12:0 a.m.28 views

Huawei HarmonyOS Path Traversal Vulnerability (CNVD-2022-64982)

Huawei HarmonyOS is an operating system from Huawei China Inc. A path traversal vulnerability exists in Huawei HarmonyOS, which stems from the failure of the number identification module to properly filter special elements in the path of a resource or file. An attacker could exploit this...

7.5CVSS3.1AI score0.00721EPSS
Exploits0References1
CNVD
CNVD
added 2022/09/02 12:0 a.m.28 views

LibTIFF Buffer Overflow Vulnerability (CNVD-2022-72100)

LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. The library contains a number of command-line tools for working with TIFF files.A security vulnerability exists in LibTIFF, which stems from a heap buffer overflow flaw found in the TIFFReadRawDataStriped function o...

6.5CVSS2AI score0.00985EPSS
Exploits1References1
CNVD
CNVD
added 2022/08/31 12:0 a.m.28 views

QEMU Denial of Service Vulnerability (CNVD-2022-84158)

QEMU Quick Emulator is a set of emulated processor software from Fabrice Bellard, a French personal developer. QEMU has a denial of service vulnerability, which stems from a deadlock problem in its AHCI controller during a software reset ahciresetport while processing host-to-device registration...

4.4CVSS2.4AI score0.0019EPSS
Exploits0References1
CNVD
CNVD
added 2022/08/24 12:0 a.m.28 views

Linksys MR8300 OS Command Injection Vulnerability

Linksys MR8300 is a high-performance tri-band router from Linksys, Inc. The Linksys MR8300 Router version 1.0 contains an operating system command injection vulnerability, which stems from the fact that by specifying a username and password when registering for DDNS services, an attacker could us...

8.8CVSS5.4AI score0.00609EPSS
Exploits0References1
CNVD
CNVD
added 2022/08/24 12:0 a.m.28 views

Apache Flume input validation error vulnerability

Apache Flume is a distributed, reliable and available service from the Apache Foundation, USA. Used to efficiently collect, aggregate, and move large amounts of log data, versions of Apache Flume prior to 1.4.0 through 1.10.0 contain a security vulnerability that stems from vulnerability to remot...

9.8CVSS2.5AI score0.0231EPSS
Exploits0References1
CNVD
CNVD
added 2022/08/12 12:0 a.m.28 views

Adobe Acrobat Reader Buffer Overflow Vulnerability (CNVD-2022-58463)

Adobe Acrobat Reader is a PDF viewer from Adobe, Inc. The software is used to print, sign, and annotate PDFs. Adobe Acrobat Reader is vulnerable to a buffer overflow vulnerability that stems from a lack of proper validation of user-supplied data, which could result in reading beyond the end of th...

5.5CVSS4AI score0.02453EPSS
Exploits0References1
CNVD
CNVD
added 2022/08/12 12:0 a.m.28 views

Microsoft Azure Site Recovery Remote Code Execution Vulnerability (CNVD-2022-67840)

Microsoft Azure Site Recovery ASR is a DRaaS provided by Azure for cloud and hybrid cloud architectures. a remote code execution vulnerability exists in Microsoft Azure Site Recovery. An attacker could exploit this vulnerability to execute code on the target host...

7.2CVSS3AI score0.01881EPSS
Exploits0References1
CNVD
CNVD
added 2022/08/11 12:0 a.m.28 views

Wyse Management Suite has an unspecified vulnerability (CNVD-2022-56655)

Wyse Management Suite is a scalable solution for managing and optimizing Wyse endpoints from Dell, Inc. The product includes centralized Wyse endpoint management, asset tracking and automated device discovery, among other features.A security vulnerability exists in Wyse Management Suite version...

8.5CVSS2.1AI score0.00292EPSS
Exploits0References1
CNVD
CNVD
added 2022/08/09 12:0 a.m.28 views

Siemens SCALANCE products have unspecified vulnerabilities

SCALANCE M-800, MUM-800 and S615 and RUGGEDCOM RM1224 industrial routers are used for secure remote access to plants over mobile networks e.g. GPRS or UMTS with integrated security features of firewalls to prevent unauthorized access, and VPNs to protect data transmission.SCALANCE SC-600 devices...

7.5CVSS3.9AI score0.01437EPSS
Exploits0References1
CNVD
CNVD
added 2022/08/08 12:0 a.m.28 views

Apache JSPWiki Cross-Site Request Forgery Vulnerability (CNVD-2022-61913)

Apache JSPWiki is an open source WikiWiki engine built on Java, Servlet and JSP from the Apache Foundation. security vulnerabilities exist in versions prior to Apache JSPWiki 2.11.3. Attackers exploit the vulnerability to elevate privileges...

8.8CVSS4.1AI score0.01072EPSS
Exploits0References1
CNVD
CNVD
added 2022/08/03 12:0 a.m.28 views

F5 BIG-IP Health Check Configuration Elevation of Privilege Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. An elevation of privilege vulnerability exists in the F5 BIG-IP health check configuration, which can be exploited by an...

7.2CVSS2.2AI score0.0076EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/29 12:0 a.m.28 views

IBM Security Verify Information Queue Information Disclosure Vulnerability (CNVD-2022-54888)

IBM Security Verify Information Queue using the acronym "ISIQ" is a cross-product integrator that uses Kafka technology and a publish/subscribe model to integrate data between IBM Security products. Security Verify Information Queue is vulnerable to information disclosure in version 10.0.2. An...

7.5CVSS2.5AI score0.00659EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/29 12:0 a.m.28 views

Adobe Acrobat and Adobe Reader Buffer Overflow Vulnerability (CNVD-2022-56130)

Adobe Acrobat and Adobe Reader are the United States of America Odo than Adobe company's products. Adobe Acrobat is a set of PDF file editing and conversion tools. Adobe Reader is a set of PDF document reading software. Adobe Acrobat and Adobe Reader has a buffer overflow vulnerability, the...

7.8CVSS7.9AI score0.0488EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/29 12:0 a.m.28 views

FeehiCMS arbitrary file upload vulnerability

FeehiCMS is a Php-based CMS builder from Liufee Personal Developers.FeehiCMS version v2.1.1 is vulnerable to arbitrary file uploads. The vulnerability stems from the lack of valid validation of uploaded files by the application. An attacker can exploit the vulnerability to execute arbitrary code ...

8.8CVSS5.4AI score0.01003EPSS
Exploits1References1
CNVD
CNVD
added 2022/07/25 12:0 a.m.28 views

SourceCodester Multi Restaurant Table Reservation System跨站脚本漏洞(CNVD-2022-58178)

SourceCodester Multi Restaurant Table Reservation System is a multi-restaurant table reservation system. sourceCodester Multi Restaurant Table Reservation System version 1.0 is vulnerable to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute arbitrary...

5.4CVSS3.7AI score0.0083EPSS
Exploits1References1
CNVD
CNVD
added 2022/07/22 12:0 a.m.28 views

SAP NetWeaver Enterprise Portal Cross-Site Scripting Vulnerability (CNVD-2022-56942)

SAP NetWeaver Enterprise Portal is a web front-end component of SAP NetWeaver.A cross-site scripting vulnerability exists in SAP NetWeaver Enterprise Portal, which can be exploited by attackers to execute malicious scripts...

6.1CVSS3.7AI score0.0052EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/22 12:0 a.m.28 views

IBM QRadar Network Security Trust Management Issue Vulnerability

IBM QRadar Network Security is a network security manager from IBM, USA. used to provide better visibility and control over activities and users on the network, while using deep packet inspection, heuristics and behavior-based analysis to detect and prevent advanced threats.IBM QRadar Network...

5CVSS2.8AI score0.00701EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/07/22 12:0 a.m.28 views

Oracle MySQL Input Validation Error Vulnerability (CNVD-2022-54961)

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. An input validation error vulnerability exists in Oracle MySQL version 8.0.29 and prior versions, which can be exploited by an attacker to cause MySQ...

4.9CVSS5.2AI score0.01439EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/19 12:0 a.m.28 views

Adobe InCopy Buffer Overflow Vulnerability (CNVD-2022-55644)

Adobe InCopy is a text editing software for creative writing from Adobe, USA. Adobe InCopy suffers from a buffer overflow vulnerability that stems from a lack of proper validation of user-supplied data, which can be exploited by an attacker to trigger a write beyond the end of the allocated buffe...

7.8CVSS7.7AI score0.00329EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/19 12:0 a.m.28 views

Adobe InDesign Buffer Overflow Vulnerability (CNVD-2022-55647)

Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. Adobe InDesign suffers from a buffer overflow vulnerability that stems from a lack of proper validation of user-supplied data, which can be exploited by an attacker to trigger a write beyond the en...

7.8CVSS7.6AI score0.00329EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/19 12:0 a.m.28 views

Pexip Infinity Resource Management Error Vulnerability (CNVD-2022-54730)

Pexip Infinity is a video conferencing cloud collaboration platform from Pexip, a Norwegian company. Pexip Infinity versions prior to 27.3 contain a resource management error vulnerability that can be exploited by remote, unauthenticated attackers to cause a software crash and denial of service...

7.5CVSS4.6AI score0.0101EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/19 12:0 a.m.28 views

Pexip Infinity Resource Management Error Vulnerability

Pexip Infinity Pexip Video Conferencing Cloud Collaboration Platform is a video conferencing cloud collaboration platform from Pexip, a Norwegian company. Pexip Infinity is vulnerable to a resource management error that could be exploited by attackers to cause the system to consume excessive...

7.5CVSS3AI score0.0101EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/19 12:0 a.m.28 views

Pexip Infinity Input Validation Error Vulnerability (CNVD-2022-54737)

Pexip Infinity Pexip Video Conferencing Cloud Collaboration Platform is a video conferencing cloud collaboration platform from Pexip, a Norwegian company. Pexip Infinity is vulnerable to an input validation error that could be exploited by attackers to trigger a software abort via the session...

7.5CVSS3.1AI score0.0101EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/19 12:0 a.m.28 views

Pexip Infinity Input Validation Error Vulnerability (CNVD-2022-54731)

Pexip Infinity is a video conferencing cloud collaboration platform from Pexip, a Norwegian company. Pexip Infinity versions prior to 27.3 contain an input validation error vulnerability that can be exploited by remote, unauthenticated attackers to cause a denial of service...

7.5CVSS4.5AI score0.0101EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/19 12:0 a.m.28 views

WordPress OAuth Single Sign On plugin authorization issue vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An authorization issue...

5.3CVSS5.1AI score0.00988EPSS
Exploits2References1
CNVD
CNVD
added 2022/07/15 12:0 a.m.28 views

HUAWEI HarmonyOS Denial of Service Vulnerability (CNVD-2022-53575)

HUAWEI HarmonyOS is an operating system from the Chinese company Huawei HUAWEI. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in the HUAWEI HarmonyOS AI business component, which stems from the fact that hiaiserver does not do...

7.5CVSS7.4AI score0.0063EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/15 12:0 a.m.28 views

Samsung AppLinker Implicit Intent Hijacking Vulnerability

Samsung AppLinker is an application for Samsung mobile devices. Samsung AppLinker is vulnerable to an implicit intent hijacking vulnerability, which stems from the fact that when an implicit intent call is used, no restrictions are placed on the intent message recipient, and an attacker could use...

8.5CVSS3.5AI score0.00129EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/13 12:0 a.m.28 views

FFmpeg HEVC video decoder denial of service vulnerability

FFmpeg is a complete solution for recording, converting and streaming audio and video from the Ffmpeg team. A denial of service vulnerability exists in FFmpeg HEVC video decoder, which can be exploited by attackers to cause a denial of service attack...

5.5CVSS5.3AI score0.00645EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/13 12:0 a.m.28 views

Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-56577)

Microsoft Azure Site Recovery is a site recovery DRaaS from Microsoft Corporation USA. Microsoft Azure Site Recovery has an elevation of privilege vulnerability, and no details of the vulnerability are available...

4.9CVSS3.7AI score0.01705EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/13 12:0 a.m.28 views

Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-56592)

Microsoft Azure Site Recovery is a site recovery DRaaS from Microsoft Corporation USA. Microsoft Azure Site Recovery has an elevation of privilege vulnerability, and no details of the vulnerability are available...

4.9CVSS3.7AI score0.01705EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/13 12:0 a.m.28 views

BaiduWenkuSpider_flaskWeb path traversal vulnerability

BaiduWenkuSpiderflaskWeb is a python web project based on the FlaskFrame framework for crawling Baidu's library by ChangeWeDer personal developer. path traversal vulnerability exists in versions of BaiduWenkuSpiderflaskWeb prior to 2021-11-29, which The vulnerability stems from a failure of the...

9.3CVSS2.9AI score0.01213EPSS
Exploits1References1
CNVD
CNVD
added 2022/07/13 12:0 a.m.28 views

Unspecified vulnerability in Dell BSAFE Crypto-C Micro Edition and Dell BSAFE Micro Edition Suite (CNVD-2022-84613)

Dell BSAFE Micro Edition Suite is a development kit that provides encryption, certificate and transport layer security for c/c applications, devices, systems, etc. Dell BSAFE is a security software product that supports encryption algorithms, certificate chain authentication and transport layer...

9.8CVSS0.9AI score0.00871EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/13 12:0 a.m.28 views

WordPress Pricing Deals for WooCommerce plugin SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Pricing Deals for WooCommerce plugin 2.0.2.02 and earlier versions are vulnerable to SQL...

9.8CVSS2.4AI score0.0666EPSS
Exploits2References1
CNVD
CNVD
added 2022/07/12 12:0 a.m.28 views

Vim Buffer Overflow Vulnerability (CNVD-2022-68100)

Vim is a cross-platform text editor. buffer overflow vulnerability exists in versions of Vim prior to 9.0.0045, which stems from a boundary error in the inscompladd function when handling untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary code on the system...

7.8CVSS6.4AI score0.01225EPSS
Exploits1References1
Total number of security vulnerabilities5000