131102 matches found
Synology DiskStation Manager Path Traversal Vulnerability
Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology Inc. of Taiwan, China. This operating system manages information such as data, files, photos, music, and more. A path traversal vulnerability exists in Synology DiskStation Manager version...
Apache HTTP Server Null Pointer Dereference Vulnerability
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server suffers from a null pointer dereference vulnerability that can be exploited by an attacker to cause the server...
Apache Tomcat Denial of Service Vulnerability (CNVD-2024-13569)
Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server. The program implements the Servlet and JavaServer Page JSP support. Apache Tomcat has a denial of service vulnerability that can be exploited by an attacker to increase resource consumption and...
MinIO Licensing Issue Vulnerability (CNVD-2022-55156)
MinIO is an open source object storage server from MinIO, Inc. The product supports building infrastructure for machine learning, analytics, and application data workloads.MinIO has an authorization issue vulnerability that could be exploited by an attacker to elevate privileges to those of a roo...
Atlassian Fisheye and Crucible Directory Traversal Vulnerabilities
Atlassian Fisheye is a suite of source code depth viewers.Crucible is a suite of code review tools. Atlassian Fisheye and Crucible contain a security vulnerability that can be exploited by an attacker to view arbitrary files on a system...
TinyFileManager path traversal vulnerability
TinyFileManager is a web-based file manager used to store, upload, edit and manage files and folders online via a web browser. A path traversal vulnerability exists in TinyFileManager 2.4.6 and all versions below, which stems from the software's lack of validation and escaping of the fullpath...
Synology DiskStation Manager Path Traversal Vulnerability (CNVD-2021-39156)
Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology Inc. of Taiwan, China. This operating system manages information such as data, files, photos, music, and more. A path traversal vulnerability exists in the PDF Viewer component of Synology...
Mikrotik RouterOs Memory Corruption Vulnerability (CNVD-2021-49786)
MikroTik RouterOS is a Linux-based router operating system developed by the Latvian company MikroTik. The system can be deployed in a PC to enable it to provide router functionality. MikroTik RouterOS has a memory corruption vulnerability in the /nova/bin/traceroute process. A remote attacker cou...
Apache HTTP Server Denial of Service Vulnerability
Apache HTTP Server is the United States Apache Apache Software Foundation, an open source web server. The server is fast, reliable and can be expanded through a simple API. A security vulnerability exists in the HTTP/2 modhttp2 connection for httpd in Apache HTTP Server versions 2.4.17 through...
IBM AIX Denial of Service Vulnerability (CNVD-2023-00807)
IBM AIX is an open standards-based UNIX operating system developed by International Business Machines IBM for the IBM Power architecture. IBM AIX suffers from a denial-of-service vulnerability that can be exploited by unprivileged local attackers to cause a denial of service...
WordPress WPML Multilingual CMS premium plugin access control error vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress WPML Multilingual CMS premium plugin 4.5.10 and earlier versions are vulnerable to an acces...
Linux kernel contention condition vulnerability (CNVD-2022-74084)
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel 6.0.6 and earlier versions have a contention condition vulnerability that originates in drivers/char/pcmcia/scr24xcs.c when calling open if scr24x open and scr24xremove, an attacker can...
Shopware Cross-Site Request Forgery Vulnerability
A cross-site request forgery vulnerability exists in versions of Shopware prior to 5.7.9, which stems from vulnerability to cross-site request forgery CSRF token authentication failures. An attacker could exploit this vulnerability to be subject to a cross-site request forgery CSRF attack...
Google Android Elevation of Privilege Vulnerability (CNVD-2022-47680)
Google Android is a Linux-based open source operating system from Google, Inc. An elevation of privilege vulnerability exists in Google Android, which stems from a lack of privilege checks and could result in CPU behavior that could be considered faulty and could be exploited by attackers to...
Unauthorized Access Vulnerability in Portainer
Portainer is a graphical management tool for visualizing container images. With Portainer you can easily build, manage and maintain Docker environments. An unauthorized access vulnerability exists in Portainer. An attacker could exploit the vulnerability to obtain sensitive information...
Microsoft SharePoint Server Security Feature Bypass Vulnerability (CNVD-2023-04532)
Microsoft SharePoint is an enterprise business collaboration platform from Microsoft Corporation USA. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information.A...
pgAdmin 4 Remote Code Execution Vulnerability
pgAdmin 4 is a reliable and comprehensive database design and management software for PostgreSQL. A remote code execution vulnerability exists in pgAdmin 4. The vulnerability is required in Windows environments where, due to lax privilege checks by the developer, an attacker can exploit the...
Arbitrary File Read Vulnerability in e-office of Shanghai Panavision Network Technology Co.
e-office is a standard collaborative mobile office platform. Ltd. e-office has an arbitrary file read vulnerability that can be exploited by attackers to obtain sensitive information...
WordPress Perfect Survey插件SQL注入漏洞
WordPress is a set of blogging platforms developed by the WordPress Foundation using the PHP language.The WordPress Perfect Survey plugin has a SQL injection vulnerability in versions prior to 1.5.2, which stems from the lack of validation of externally entered SQL statements in database-based...
Online Payment Hub SQL注入漏洞
Online Payment Hub is an online payment hub for Carlo Montero personal developers. The Online Payment Hub is vulnerable to SQL injection due to a lack of filtering and escaping of SQL data in Login.php, which could be exploited to execute arbitrary SQL commands via the username parameter...
Linux kernel buffer overflow vulnerability (CNVD-2022-69200)
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel is vulnerable to buffer overflow, which can be exploited by local attackers to cause a buffer overflow and execute arbitrary code, or cause a denial of service condition on the system...
Linux kernel denial of service vulnerability (CNVD-2021-60522)
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel has a security vulnerability that can be exploited by remote attackers to cause a denial of service situation...
Unspecified Vulnerability in Apache HTTP Server (CNVD-2021-44766)
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. Apache HTTP Server has a security vulnerability in modproxywstunnel, modproxyhttp, no details of the vulnerability are provided at...
ZTE MC801A and MC801A1 Web Interface Buffer Overflow Vulnerability
The ZTE MC801A/MC801A1 are both a 5g indoor WiFi router from China's ZTE ZTE. The ZTE MC801A and MC801A1 suffer from a buffer overflow vulnerability, which stems from insufficient validation of web interface parameters and can be exploited by attackers to conduct denial of service attacks...
Linux kernel out-of-bounds read vulnerability (CNVD-2023-98205)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from an out-of-bounds read vulnerability that stems from an out-of-bounds read problem in the parseleasestate method of the KSMBD implementation of the...
Bootstrap Cross-Site Scripting Vulnerability (CNVD-2022-73141)
Bootstrap is a web front-end framework developed using HTML, CSS, and JavaScript. Bootstrap versions v3.1.11 and v3.3.7 are vulnerable to a cross-site scripting vulnerability that originates in the Title parameter in /vendor/views/addproduct.php. An attacker could exploit this vulnerability to...
Google Android Buffer Overflow Vulnerability (CNVD-2022-47675)
Google Android is a Linux-based open source operating system from Google, Inc. Google Android suffers from a buffer overflow vulnerability, which can be exploited by attackers to cause local privilege escalation...
Google Android Buffer Overflow Vulnerability (CNVD-2022-47674)
Google Android is a Linux-based open source operating system from Google, Inc. Google Android suffers from a buffer overflow vulnerability, which can be exploited by attackers to cause local privilege escalation...
Samba competition condition issue vulnerability
Samba is a standard Windows interoperability suite for Linux and Unix. A post-link vulnerability exists in Samba file server that results from a symbolic link contention condition when creating directories. A remote authenticated user can create a directory on a Unix file system outside of the...
SPIP Remote Code Execution Vulnerability
SPIP is a free Web-based content publishing system. The system is primarily used for online collaboration. A remote code execution vulnerability exists in SPIP 3.1.2 and prior versions. An attacker could exploit this vulnerability to execute arbitrary code at an affected site...
Zendo Project Management System Remote Command Execution Vulnerability
Zendo Project Management System is a homegrown open source project management software. A remote command execution vulnerability exists in Zendo Project Management System. The vulnerability is caused by not exiting the program properly during the authentication process, resulting in an...
File Upload Vulnerability in Yisetong Electronic Document Security Management System (CNVD-2022-91374)
Electronic Document Security Management System abbreviation: CDG is an electronic document security protection software, which uses drive layer transparent encryption technology to prevent internal staff from leaking secrets and external personnel from illegally stealing core important data asset...
Bluetooth buffer overflow vulnerability in multiple MediaTek chips (CNVD-2022-66252)
MediaTek Inc. is the world's fourth largest fab-based semiconductor company and a leader in the markets of mobile terminals, smart home applications, wireless connectivity and Internet of Things IoT products, with approximately 1.5 billion units of end products with built-in MediaTek chips hittin...
Command Execution Vulnerability in I Doc View Online Document Preview System
I Doc View Online Document Preview is an online document preview system. A command execution vulnerability exists in I Doc View Online Document Preview that can be exploited by an attacker to execute arbitrary commands...
Command execution vulnerability in TamronOS IPTV/VOD system (CNVD-2021-49564)
TamronOS IPTV/VOD system is a set of Linux kernel-based development of broadband operators, hotels, schools, live on-demand all-in-one solution, the system provides a variety of clients Android set-top box, TV, PC on-demand, cell phone on-demand to facilitate user access through different devices...
Binary vulnerability in Linux kernel (CNVD-2023-87918)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a binary vulnerability that can be exploited by attackers to cause a system crash or local elevation of privilege...
Apache Tomcat Request Obfuscation Vulnerability
Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server. The program implements the Servlet and JavaServer Page JSP support. Apache Tomcat suffers from a request obfuscation vulnerability that stems from the fact that if a Web application sends a...
TOTOLink T10 Command Injection Vulnerability
TOTOLink T10 is a wireless network system router from TotoLink, China.TOTOLink T10 V5.9c.5061B20200511 is vulnerable to command injection, which can be exploited by attackers to execute arbitrary commands via the QUERYSTRING parameter...
UpdateStar HD-Network Real-time Monitoring System Path Traversal Vulnerability
UpdateStar HD-Network Real-time Monitoring System is a high-definition network real-time monitoring system from UpdateStar, a German company. updateStar HD-Network Real-time Monitoring System in version 2.0 is vulnerable to path traversal vulnerability, which stems from the failure of a network...
nginx ngx_http_mp4_module component memory leak vulnerability
nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server. A memory leak vulnerability exists in the ngxhttpmp4module component in Nginx versions 1.15.5 and earlier and 1.14.1, which stems from the program failing to properly handle MP4 files. A remote attacker could...
HTMLMinifier Denial of Service Vulnerability
HTMLMinifier is a Javascript-based HTML compressor/minifier . A denial of service vulnerability exists in HTMLMinifier version 4.0.0, which stems from the program's improper use of regular expressions, and can be exploited by an attacker to cause a denial of service by sending specially crafted...
H3C Magic R200 Buffer Overflow Vulnerability (CNVD-2022-54321)
H3C Magic R200 is a router from China New Huasan H3C.A security vulnerability exists in the H3C Magic R200 R200V200R004L02 version, which stems from the HOST parameter of doping.asp that was found to contain a stack overflow. No details of the vulnerability are currently available...
Simple Bus Ticket Booking System SQL Injection Vulnerability
Simple Bus Ticket Booking System, a bus ticket booking system, is vulnerable to a SQL injection vulnerability in version 1.0 of Simple Bus Ticket Booking System, which originates in the username and password parameters in /assets/partials/handleLogin.php. and password parameters in...
Apache HTTP Server Denial of Service Vulnerability (CNVD-2022-09237)
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A denial of service vulnerability exists in Apache HTTP Server version 2.4.49, which arises from the detection of new null pointer...
Apache HTTP Server Data Forgery Issue Vulnerability
Apache HTTP Server is the United States Apache Software Apache Software Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A data forgery vulnerability exists in Apache HTTP Server. The vulnerability arises from a network system or...
OpenSSL Denial of Service Vulnerability (CNVD-2022-73349)
OpenSSL is a powerful, commercial-grade, full-featured open source toolkit for the Transport Layer Security TLS protocol, which is implemented based on the Full Strength Common Cryptographic Library for protecting communications on computer networks from eavesdropping and is widely used by Intern...
Linux Kernel owner_on_cpu function denial of service vulnerability
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A denial of service vulnerability exists in the Linux Kernel owneroncpu function, which can be exploited by an attacker to cause a denial of service...
Aruba Networks ArubaOS Path Traversal Vulnerability (CNVD-2021-70117)
Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks including mobile controllers and mobile access switches from Aruba Networks, Inc. The vulnerability is caused by a lack of validation and filtering of parameters, which could be exploited by an authenticated attacke...
KDE KArchive Security Bypass Vulnerability
KDE is a free and open source X desktop management program for Linux and Unix workstations, KDE provides support for various network protocols through the KIO subsystem.KDE KArchive is one of the document managers. A security bypass vulnerability exists in KDE KArchive 5.23.0 and earlier versions...
Google Android Denial of Service Vulnerability (CNVD-2024-07124)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from a denial of service vulnerability due to a flaw in PersistableBundle.java's saveToXml, which can be exploited by an attacker to cause a denial of service...