131102 matches found
DouPHP Cross-Site Scripting Vulnerability (CNVD-2022-03909)
DouPHP is a lightweight enterprise content management system CMS from China DouShell Network Technology, Inc. A cross-site scripting vulnerability exists in DouPHP, which stems from a lack of data validation filtering of user-supplied and output data in /admin/cloud.php. An attacker could exploit...
Google Chrome Type Obfuscation Vulnerability (CNVD-2022-02735)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a type confusion vulnerability that stems from a type confusion error in Chrome. An attacker could exploit this vulnerability to execute arbitrary code in the context of a sandboxed rendering process...
IBM Db2 Access Control Error Vulnerability
IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from an Access Control Error vulnerability that originates when a networked system or...
Bentley View J2K File Parsing Memory Misreference Vulnerability
Bentley View is a free viewer from Bentley Systems, Inc. A memory mis-reference vulnerability exists in Bentley View J2K File Parsing, which results from not verifying the existence of an object prior to J2K File Parsing. An attacker could exploit this vulnerability to execute code in the context...
Mozilla Firefox Resource Management Error Vulnerability (CNVD-2021-99619)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S. Mozilla Firefox is vulnerable to a resource management error that can be exploited by attackers to cause a potentially exploitable crash...
Mozilla Firefox ESR code issue vulnerability (CNVD-2021-99620)
Mozilla Firefox ESR is an extended support version of the Mozilla Foundation's Firefox Web browser in the U.S. Mozilla Firefox ESR has a code issue vulnerability that could be exploited by an attacker to cause an application to crash...
Unspecified vulnerability in Linux kernel (CNVD-2021-102802)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux Kernel that can be exploited by a local attacker with special user privileges to bypass authentication and potentially cause an err...
JetBrains YouTrack Injection Vulnerability
JetBrains YouTrack is a browser-based bug tracking and project management software from JetBrains Czech Republic. The software has features such as bug tracking, creating workflows, and monitoring project progress.JetBrains YouTrack is vulnerable to an injection vulnerability that stems from...
TYPO3 HTTP header injection vulnerability
TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Typo3 association.TYPO3 suffers from an HTTP header injection vulnerability that stems from the lack of valid validation for HTTP host headers and is vulnerable to host spoofing. No detailed...
Ruby has unspecified vulnerabilities (CNVD-2022-06510)
Ruby is a cross-platform, object-oriented, dynamically typed programming language. versions prior to Ruby 3.0.3 contain a security vulnerability that can be exploited by attackers to spoof the security prefix in cookie names so that vulnerable applications can be spoofed...
Wireshark Input Validation Error Vulnerability (CNVD-2022-11204)
Wireshark formerly known as Ethereal is a suite of network packet analysis software from the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. Wireshark suffers from an input validation error vulnerability that can be exploited by...
Wireshark Input Validation Error Vulnerability (CNVD-2022-11203)
Wireshark formerly known as Ethereal is a suite of network packet analysis software from the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. Wireshark suffers from an input validation error vulnerability that exists due to...
Apache Superset has an unspecified vulnerability
Apache Superset is a data visualization and data exploration platform from the Apache Foundation. Apache Superset 1.3.1 and earlier versions contain a security vulnerability that could allow an attacker to access the password of an authenticated user's database connection...
Belledonne Belle-sip Denial of Service Vulnerability
Belledonne Belle-sip is a library from the French company Belledonne that implements the transport, transaction and conversation layers of SIP RFC 3261. security vulnerabilities exist in versions prior to Belledonne Belle sip 5.0.20, which can be exploited by attackers to crash applications such ...
Airangel Hsmx Gateway Credential Disclosure Vulnerability
Airangel Hsmx Gateway is a platform from Airangel UK. Used to manage authentication and billing in the network, a credential disclosure vulnerability exists in versions prior to Airangel Hsmx Gateway 5.2.04, which stems from the presence of weak SSH credentials in Airangel HSMX Gateway devices. A...
Puppet Server Information Disclosure Vulnerability
Puppet Server is a software from Puppet Labs in the U.S. for pushing configurations from the primary server to other servers. an information disclosure vulnerability exists in Puppet Agent and Puppet Server, which stems from a lack of restrictions and protections in the HTTP transport process,...
BusyBox code issue vulnerability (CNVD-2021-89688)
BusyBox is a suite of applications containing several linux commands and tools from the Ukrainian personal developer Denis Vlasenko. A code issue vulnerability exists in the Busybox hush applet, which stems from the fact that dereferencing the NULL pointer in Busybox's hush applet will result in ...
Broadcom Emulex HBA Manager Buffer Overflow Vulnerability (CNVD-2021-94907)
Broadcom Emulex HBA Manager formerly known as OneCommand Manager provides centralized management of Emulex HBAs in physical and virtual server deployments through a graphical user interface GUI and a fully scriptable command line user interface CLI. Manager versions prior to 11.4.425.0,...
BusyBox Code Execution Vulnerability (CNVD-2021-89687)
A security vulnerability exists in the Busybox hush applet, which stems from the shell's incorrect handling of the &&&& string in the Busybox hush applet, which was developed by Denis Vlasenko, a Ukrainian developer. An attacker could exploit this vulnerability to cause a denial of service and...
JetBrains YouTrack has an unspecified vulnerability (CNVD-2021-91666)
JetBrains YouTrack is a browser-based bug tracking and project management software from JetBrains Czech Republic. The software has features such as bug tracking, creating workflows, and monitoring project progress.JetBrains YouTrack Mobile 2021.2 previously had a security vulnerability that stemm...
Vim Buffer Overflow Vulnerability (CNVD-2022-05070)
Vim is a UNIX-based editor. Vim is vulnerable to a buffer overflow vulnerability that could be exploited by attackers to execute code...
GNU C Library has unspecified vulnerabilities
The GNU C Library glibc, libc6 is an open source, free C compiler released under the LGPL license. version 2.34 of the GNU C Library aka glibc contains a security vulnerability that stems from a data validation issue in the affected version of the library, iconvdata/iso-2022-jp-3.c's iconv in the...
Jenkins Access Control Error Vulnerability (CNVD-2021-103366)
Jenkins is a Jenkins open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins has an access control error vulnerability in versions 2.318 and earlier and LTS 2.303 and earlier, which stems from the use of the FilePath AP...
NVIDIA vGPU software has an unspecified vulnerability
Nvidia vGPU Software is a management software from Nvidia Corporation to provide GPU capabilities to virtual machines. NVIDIA vGPU software is a security vulnerability that can be exploited by attackers to cause a denial of service...
GitLab Resource Management Error Vulnerability (CNVD-2021-91188)
GitLab is a self-hosted, Git version control system project repository application developed in Ruby on Rails by GitLab, Inc. GitLab CE/EE is vulnerable to a resource management error that could be exploited to cause memory exhaustion using a misformatted TIFF image...
Adobe Animate Post-release Reuse Vulnerability (CNVD-2021-84302)
Adobe Animate, a multimedia creation and computer animation program, is vulnerable to a post-release reuse vulnerability in Adobe Animate 21.0.9 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary code...
Adobe Bridge Buffer Overflow Vulnerability (CNVD-2022-60082)
Adobe Bridge is a free digital asset management application from Adobe. A buffer overflow vulnerability exists in Adobe Bridge 11.1.1 and earlier versions. An attacker can exploit the vulnerability to execute arbitrary code...
Adobe After Effects Memory Buffer Out-of-Bounds Access Vulnerability (CNVD-2021-89935)
Adobe After Effects "AE" is a graphics video processing software from Adobe for organizations involved in design and video special effects, including television stations, animation production companies, personal post-production studios, and multimedia studios. Effects 18.4.1 and earlier versions...
Adobe Photoshop 2021 out-of-bounds read vulnerability
Adobe Photoshop, or "PS" for short, is an image processing software developed and distributed by Adobe. Adobe Photoshop 2021 22.5.1 and earlier versions contain an out-of-bounds read vulnerability. An attacker could exploit this vulnerability to elevate privileges...
Adobe Audition Arbitrary Code Execution Vulnerability (CNVD-2022-00596)
Adobe Audition is an audio editor and post-production suite. Adobe Audition 14.4 and earlier versions contain an arbitrary code execution vulnerability that could be exploited by attackers to execute arbitrary code...
DedeCMS Cross-Site Scripting Vulnerability (CNVD-2021-81102)
DedeCMS Dream Weaving Content Management System is a set of simple, robust, flexible, open source several characteristics of open source content management system. DedeCMS has a cross-site scripting vulnerability that can be exploited to inject malicious script code via activepath, keyword, tag,...
Google Chrome Heap Buffer Overflow Vulnerability (CNVD-2021-84811)
Chrome is a web browsing tool developed by Google.A heap buffer overflow vulnerability exists in Settings in versions prior to Google Chrome 95.0.4638.54. An attacker could exploit this vulnerability to exploit heap corruption via a crafted HTML page...
Google Chrome Post-release Reuse Vulnerability (CNVD-2021-84813)
Chrome is a web browsing tool developed by Google. a post-release reuse vulnerability exists in Incognito in versions prior to Google Chrome 95.0.4638.54. An attacker could exploit this vulnerability to potentially exploit heap corruption via a crafted HTML page...
Google Chrome Insufficient Input Validation Vulnerability (CNVD-2021-84801)
Chrome is a web browsing tool developed by Google, and an insufficient validation of untrusted input vulnerability exists in Downloads in versions prior to Google Chrome 95.0.4638.54. An attacker could exploit this vulnerability to bypass navigation restrictions via malicious files...
Oracle E-Business Suite Denial of Service Vulnerability (CNVD-2022-02347)
Oracle E-Business Suite is an extension of the original Application ERP, including ERP enterprise resource planning management, HR human resource management, CRM customer relationship management and other collections of management software, a seamlessly integrated management suite. Oracle...
Oracle MySQL Server Denial of Service Vulnerability (CNVD-2021-81784)
Oracle MySQL Server is a relational database from Oracle Corporation. A denial of service vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to cause the MySQL server to hang or crash frequently and repeatedly...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2021-81786)
Oracle MySQL Server is a relational database from Oracle Corporation. An unspecified vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to compromise MySQL Server by accessing the network via multiple protocols...
Oracle MySQL Server Input Validation Error Vulnerability (CNVD-2021-80242)
Oracle MySQL Server, a relational database from Oracle Corporation, has a security vulnerability in the Server: DDL component of Oracle MySQL Server 8.0.26 and earlier. An attacker could exploit this vulnerability to manipulate data...
Oracle Database Server has an unspecified vulnerability (CNVD-2021-101531)
Oracle Database Server is a relational database management system from Oracle Corporation USA. The database management system provides data management, distributed processing, and other functions.An unspecified vulnerability exists in the Java VM component of Oracle Database Server versions...
Oracle MySQL Server Information Disclosure Vulnerability (CNVD-2021-81766)
Oracle MySQL Server is a relational database from Oracle Corporation. An information disclosure vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to cause unauthorized read access to a subset of MySQL Server accessible data...
Oracle MySQL Server Denial of Service Vulnerability (CNVD-2021-81768)
Oracle MySQL Server is a relational database from Oracle Corporation. A denial of service vulnerability exists in Oracle MySQL Server, which can be exploited by attackers to cause a partial denial of service of MySQL Server...
Oracle MySQL Server Denial of Service Vulnerability (CNVD-2021-81779)
Oracle MySQL Server is a relational database from Oracle Corporation. A denial of service vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to cause the MySQL server to hang or crash frequently and repeatedly...
Oracle Java SE and Oracle GraalVM Enterprise Edition Denial of Service Vulnerability (CNVD-2021-81806)
Java SE stands for Java Platform Standard Edition and is used to develop and deploy Java applications for desktops, servers, and embedded devices and real-time environments.Oracle GraalVM Enterprise Edition is an Oracle-based multilingual virtual machine for enterprise Java SE. A denial of servic...
Microsoft SharePoint Server Spoofing Vulnerability (CNVD-2022-59597)
Microsoft SharePoint is a set of enterprise business collaboration platforms from Microsoft Corporation USA. Microsoft SharePoint Server is vulnerable to spoofing, which can be exploited by attackers to conduct spoofing attacks...
Siemens SINEC NMS User Profile Download Vulnerability
SINEC NMS is a network management system introduced by Siemens for monitoring and managing industrial networks.A user profile download vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1. An attacker could exploit this vulnerability to download any user's user profile, which coul...
PHPFusion Remote Code Execution Vulnerability
PHPFusion is a lightweight open source content management system. A remote code execution vulnerability exists in PHPFusion version 9.03.110. The vulnerability can be exploited to achieve remote code execution by inserting malicious php code or php files into a zip file and uploading it to the...
IBM Sterling File Gateway Arbitrary File Upload Vulnerability
IBM Sterling File Gateway is an application for transferring files between internal and external partners, allowing you to more securely and reliably transfer files with trading partners.IBM Sterling File Gateway versions 2.2.0.0-5.2.6.54, 6.0.0.0-6.0.0.6, 6.0 .1.0-6.0.3.4, and 6.1.0.0-6.1.0.2...
Cobbler Arbitrary File Writing Vulnerability
Cobbler is a network installation server suite, which is mainly used to quickly set up Linux network installation environment.Cobbler in versions prior to 3.3.0 there is an arbitrary file writing vulnerability, the vulnerability originates from the system does not do effective filtering of user...
Netscaut nGeniusONE XML External Entity Injection Vulnerability
Netscout NgeniusOne is a centralized application and network performance management solution from Netscout, Inc. Netscaut nGeniusONE in version 6.3.0 build 1196 suffers from an XML External Entity Injection vulnerability, which arises from a network system or product that does not have the correc...
ECOA BAS controller unauthorized access vulnerability
ECOA BAS controller is an intelligent lighting control solution. an unauthorized access vulnerability exists in ECOA BAS controller, which can be exploited by remote attackers to bypass authorization to access hidden resources in the system and perform privileged functions...