131102 matches found
Tenda Router AX12 Buffer Overflow Vulnerability
Tenda Ax12 is a dual-band Gigabit Wifi 6 wireless router from Tenda, China.A security vulnerability exists in the Tenda Router AX12, which stems from a buffer overflow vulnerability in the sub 422CE4 function of the page goform setIPv6Status, which can be exploited by an attacker to cause a denia...
Google Android Access Control Error Vulnerability (CNVD-2022-13350)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from a security vulnerability that stems from allowing the creation of specific named system directories without proper permissions. No details of the vulnerability are available at this time...
Adobe Illustrator out-of-bounds read vulnerability (CNVD-2022-15931)
A security vulnerability exists in Adobe Illustrator, a vector-based image creation software from Adobe, which stems from the product's failure to securely check memory boundaries. An attacker could exploit the vulnerability to cause a sensitive memory leak...
D-Link DIR-X1860 Denial of Service Vulnerability (CNVD-2022-11517)
The D-Link Dir-X1860 is a dual-band router from D-Link, a Chinese company. A specially designed URL to an authenticated victim to reboot the router. The authenticated victim would need to access the URL in order for the router to reboot...
vim information disclosure vulnerability (CNVD-2022-20697)
Vim is a UNIX-based editor. vim has a security vulnerability that stems from out-of-bounds during pointer usage in Conda vim. No details of the vulnerability are currently available...
Huawei EMUI Security Bypass Vulnerability
Huawei Emui is an Android-based mobile operating system developed by Huawei, a Chinese company. A security bypass vulnerability exists in HUAWEI EMUI/Magic UI, which stems from a security protection bypass vulnerability in the modem. An attacker could exploit the vulnerability to cause a memory...
Xwiki Platform licensing issue vulnerability (CNVD-2022-13405)
Xwiki Platform is a wiki platform for creating web collaboration applications from the French company Xwiki. XWiki Platform is vulnerable to an authorization issue, which stems from the fact that even if the wiki is closed to visitors, it is possible to guess whether a user has an account on the...
Radareorg Radare2 Resource Management Error Vulnerability
radare2 is a set of libraries and tools for working with binary files. radareorg Radare2 is vulnerable to a resource management error that stems from the product's reuse of freed memory. No detailed vulnerability details are currently available...
MariaDB Denial of Service Vulnerability (CNVD-2022-65011)
MariaDB is a free and open source database management system from the MariaDB Foundation and a forked version of MySQL with the Maria storage engine. MariaDB suffers from a denial of service vulnerability that stems from the product sqlparse.cc file not effectively handling usedtables exceptions...
Tenda G1 and G3 Command Injection Vulnerability (CNVD-2022-10749)
Tenda G1 and G3 is a router from Tenda, China. Tenda G1 and G3 v15.11.0.179502CN is vulnerable to command injection, which can be exploited by attackers to execute arbitrary commands via the IPGroupStartIP and IPGroupEndIP parameters...
Bentley Systems Bentley View Buffer Overflow Vulnerability
Bentley Systems Bentley View is a free viewer from Bentley Systems, USA. A buffer overflow vulnerability exists in Bentley View that can be exploited by an attacker to disclose sensitive information about an affected Bentley View installation...
Bentley Systems MicroStation Buffer Overflow Vulnerability (CNVD-2022-16157)
Bentley Systems MicroStation is a Cad software platform for 2D and 3D design and drafting from Bentley Systems, USA. A buffer overflow vulnerability exists in Bentley Systems MicroStation, which can be exploited by an attacker to disclose sensitive information about an affected installation of...
Sante DICOM Viewer Pro DCM Remote Code Execution Vulnerability
Sante DICOM Viewer Pro is a medical DICOM image viewer.A remote code execution vulnerability exists in Sante DICOM Viewer Pro DCM, which can be exploited by attackers to execute code in the context of the current process...
SAP NetWeaver AS SQL Injection Vulnerability
SAP NetWeaver AS is a SAP network application server from SAP. It not only provides network services, but also the basic platform for SAP software. SAP NetWeaver AS has a SQL injection vulnerability that can be exploited by attackers to threaten vulnerable systems, including Business Objects, SAP...
Huawei HarmonyOS Competitive Conditions Issue Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from a conditional contention vulnerability in the binder driver subsystem of the Wearables...
Siemens Simcenter Femap File Parsing Vulnerability
Siemens Simcenter Femap is a cutting-edge engineering simulation application from Siemens, Germany. It is used to create, edit and import/reuse mesh-based finite element analysis models of complex products or systems. Siemens Simcenter Femap is vulnerable to file parsing, which can be exploited b...
Oracle MySQL Server Input Validation Error Vulnerability (CNVD-2022-13063)
Oracle MySQL Server is a relational database from Oracle Corporation USA. Oracle MySQL Server is vulnerable to an input validation error due to incorrect input validation in the Server: Optimizer component of MySQL Server. An attacker could exploit the vulnerability to corrupt or delete data...
Google Chrome Buffer Overflow Vulnerability (CNVD-2022-15133)
Google Chrome is a web browser from Google, Inc. A buffer overflow vulnerability exists in Google Chrome, which can be exploited by attackers to convince users to engage in specific user interactions to exploit heap corruption via carefully crafted HTML pages...
Adobe Acrobat/Reader Resource Management Error Vulnerability
Adobe Reader also known as Acrobat Reader is a PDF file reader software developed by Adobe. Adobe Acrobat is a PDF editing software developed by Adobe. Adobe Acrobat/Reader has a resource management error vulnerability, which can be exploited by remote attackers to Creating specially crafted PDF...
Google Chrome Resource Management Error Vulnerability (CNVD-2022-15162)
Google Chrome is a web browser from Google, Inc. Google Chrome is vulnerable to resource management errors, which can be exploited by attackers to perform sandbox escapes through carefully crafted HTML pages...
Oracle GraalVM Input Validation Error Vulnerability (CNVD-2022-15476)
Oracle GraalVM is a set of on-the-fly compilers written in the Java language from Oracle Corporation USA.GraalVM Enterprise Edition is the enterprise version of GraalVM.An input validation error vulnerability exists in Oracle GraalVM due to an Oracle GraalVM Enterprise Edition has incorrect input...
Grafana Information Disclosure Vulnerability (CNVD-2022-06890)
Grafana is a set of open source monitoring tools from Grafana Labs that provides a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, Prometheus, etc. Grafana suffers from an information disclosure vulnerability that stems from the fact that in the...
TP-Link TL-WA1201 Buffer Overflow Vulnerability
Tp-Link Tl-Wa1201 is a dual-band wireless access point from Tp-Link China. A buffer overflow vulnerability exists in the TP-Link TL-Wa1201 that stems from the product's failure to properly determine memory boundaries when processing DNS messages. An unauthenticated attacker could exploit this...
Weak password vulnerability in Kingdee Cloudstar
Kingdee Cloudstar is a new generation of strategic enterprise management software developed based on cutting-edge technologies such as cloud computing, big data, socialization, artificial intelligence and Internet of Things. There is a weak password vulnerability in Kingdee Cloudstar, which can b...
Vim Resource Management Error Vulnerability (CNVD-2022-03944)
Vim, a UNIX-based editor, is vulnerable to a resource management error in version 8.2.3883, which stems from an incorrect dereference of the pointer by the vimregexecmulti function in the product's regexp.c file. An attacker could cause a denial of service through this vulnerability...
WordPress 10Web Social Photo Feed Plugin Cross-Site Scripting Vulnerability
WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress 10Web Social Photo Feed Plugin has a cross-site scripting vulnerability in versions prior to 1.4.29, which stems...
Expat lookup function buffer overflow vulnerability
Expat is a fast streaming XML parser written in C. A buffer overflow vulnerability exists in versions of Expat prior to 2.4.3, which stems from a boundary error in xmlparse.c in lookup when handling untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary code on t...
IBM Security Verify Access Cross-Site Scripting Vulnerability
IBM Security Verify Access is a service from IBM USA that improves user access security. The service enables secure and simple access to platforms such as Web, mobile, IoT, and cloud technologies through the use of risk-based access, single sign-on, integrated access management controls, identity...
Pillow out-of-bounds read vulnerability (CNVD-2022-05433)
Pillow is a Python-based image processing library. An out-of-bounds read vulnerability exists in versions of Pillow prior to 9.0.0, which stems from a buffer over-read in pathgetbbox in path.c during initialization of ImagePath. An attacker could exploit this vulnerability to read memory-sensitiv...
Apache Guacamole Information Disclosure Vulnerability (CNVD-2022-04988)
Apache Guacamole is a clientless remote desktop gateway from the Apache Foundation in the United States. The product supports protocols such as VNC, RDP, and SSH. A security vulnerability exists in Apache Guacamole 1.3.0, which stems from the fact that Apache Guacamole 1.3.0 and earlier versions...
Google Chrome Security Feature Issue Vulnerability (CNVD-2022-65582)
Google Chrome is a Web browser from the U.S. company Google Google. Google Chrome is vulnerable to a security feature issue that exists due to an incorrect implementation of a vulnerability in automatically populating Google Chrome. A remote attacker could exploit the vulnerability to be able to...
Bludit Cross-Site Scripting Vulnerability (CNVD-2022-02492)
A cross-site scripting vulnerability exists in Bludit, an open source lightweight blog content management system CMS, which stems from a tag section in the product's login panel that does not validate input data. An attacker could execute client-side code through this vulnerability...
Fluxbb Cross-Site Scripting Vulnerability (CNVD-2022-03216)
Fluxbb is a Php-based forum system from the Fluxbb organization. fluxbb has a cross-site scripting vulnerability in v1.4.12, which stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit the vulnerability to execute JavaScript code on the client...
Adobe Dimension out-of-bounds read vulnerability
Adobe Dimension is a set of 2D and 3D composite design tools from Adobe, Inc. An out-of-bounds read vulnerability exists in Adobe Dimension, which can be exploited by attackers to cause sensitive memory leaks...
Adobe Audition Buffer Overflow Vulnerability (CNVD-2021-102794)
Adobe Audition is a set of multi-track editing tools from Adobe. Adobe Audition suffers from a buffer overflow vulnerability that originates when a networked system or product does not properly validate data boundaries when performing operations in memory, resulting in incorrect read and write...
Quest KACE Desktop Authority XXE Vulnerability
Quest KACE Desktop Authority is a desktop management software from Quest, Inc. Quest KACE Desktop Authority is vulnerable to XXE and no detailed vulnerability details are available at this time...
Fresenius Kabi Agilia Connect Infusion System Cross-Site Scripting Vulnerability
Fresenius Kabi Agilia Connect Infusion System is an infusion system from the German company Fresenius Kabi.A cross-site scripting vulnerability exists in Fresenius Kabi Agilia Connect Infusion System, which can be exploited by attackers to inject JavaScript into the GET parameter of HTTP request'...
Dolibarr Cross-Site Scripting Vulnerability (CNVD-2022-05018)
Dolibarr is a modern software package that helps manage your organization's active applications. a cross-site scripting vulnerability exists in Dolibarr prior to 14.0.3, which stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit this...
WordPress NEX-Forms plugin cross-site scripting vulnerability
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers.NEX-Forms plugin is a WordPress open source application plugin.WordPress NEX-Forms plugin has a cross-site scripting...
Adobe Experience Manager Input Validation Error Vulnerability
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. An inp...
Adobe Photoshop Buffer Overflow Vulnerability (CNVD-2022-20504)
Adobe Photoshop is a set of image processing software from the American company Odobi Adobe. Adobe Photoshop suffers from a buffer overflow vulnerability, which stems from the presence of cross-border write data in the software. An attacker could use this vulnerability to trigger arbitrary code...
Bentley View Buffer Overflow Vulnerability (CNVD-2021-102037)
Bentley View is a free viewer from Bentley Systems, Inc. Bentley View contains a security vulnerability that could be exploited by an attacker to cause a buffer overflow and execute arbitrary code on the system...
Adobe Premiere Rush Code Execution Vulnerability (CNVD-2021-101123)
Adobe Premiere Rush is a cross-platform video editing software from Adobe. Adobe Premiere Rush has a security vulnerability that could be exploited by attackers to execute arbitrary code on the system...
Fortinet FortiNAC Elevation of Privilege Vulnerability
Fortinet FortiNAC is a network access control solution from Fortinet, a US-based company. Fortinet FortiNAC has an elevation of privilege vulnerability that can be exploited to elevate privileges to root via the sudo command...
DouPHP Cross-Site Scripting Vulnerability (CNVD-2022-03909)
DouPHP is a lightweight enterprise content management system CMS from China DouShell Network Technology, Inc. A cross-site scripting vulnerability exists in DouPHP, which stems from a lack of data validation filtering of user-supplied and output data in /admin/cloud.php. An attacker could exploit...
Google Chrome Type Obfuscation Vulnerability (CNVD-2022-02735)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a type confusion vulnerability that stems from a type confusion error in Chrome. An attacker could exploit this vulnerability to execute arbitrary code in the context of a sandboxed rendering process...
IBM Db2 Access Control Error Vulnerability
IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from an Access Control Error vulnerability that originates when a networked system or...
Bentley View J2K File Parsing Memory Misreference Vulnerability
Bentley View is a free viewer from Bentley Systems, Inc. A memory mis-reference vulnerability exists in Bentley View J2K File Parsing, which results from not verifying the existence of an object prior to J2K File Parsing. An attacker could exploit this vulnerability to execute code in the context...
Mozilla Firefox Resource Management Error Vulnerability (CNVD-2021-99619)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S. Mozilla Firefox is vulnerable to a resource management error that can be exploited by attackers to cause a potentially exploitable crash...
Mozilla Firefox ESR code issue vulnerability (CNVD-2021-99620)
Mozilla Firefox ESR is an extended support version of the Mozilla Foundation's Firefox Web browser in the U.S. Mozilla Firefox ESR has a code issue vulnerability that could be exploited by an attacker to cause an application to crash...