Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2021/12/12 12:0 a.m.•28 views

DouPHP Cross-Site Scripting Vulnerability (CNVD-2022-03909)

DouPHP is a lightweight enterprise content management system CMS from China DouShell Network Technology, Inc. A cross-site scripting vulnerability exists in DouPHP, which stems from a lack of data validation filtering of user-supplied and output data in /admin/cloud.php. An attacker could exploit...

4.3CVSS1.6AI score0.00562EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2021/12/12 12:0 a.m.•28 views

Google Chrome Type Obfuscation Vulnerability (CNVD-2022-02735)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a type confusion vulnerability that stems from a type confusion error in Chrome. An attacker could exploit this vulnerability to execute arbitrary code in the context of a sandboxed rendering process...

8.8CVSS8.9AI score0.00961EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/12 12:0 a.m.•28 views

IBM Db2 Access Control Error Vulnerability

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from an Access Control Error vulnerability that originates when a networked system or...

8.7CVSS8.2AI score0.01091EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/12 12:0 a.m.•28 views

Bentley View J2K File Parsing Memory Misreference Vulnerability

Bentley View is a free viewer from Bentley Systems, Inc. A memory mis-reference vulnerability exists in Bentley View J2K File Parsing, which results from not verifying the existence of an object prior to J2K File Parsing. An attacker could exploit this vulnerability to execute code in the context...

7.8CVSS5.2AI score0.02005EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/12 12:0 a.m.•28 views

Mozilla Firefox Resource Management Error Vulnerability (CNVD-2021-99619)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S. Mozilla Firefox is vulnerable to a resource management error that can be exploited by attackers to cause a potentially exploitable crash...

8.8CVSS4.8AI score0.0162EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/12 12:0 a.m.•28 views

Mozilla Firefox ESR code issue vulnerability (CNVD-2021-99620)

Mozilla Firefox ESR is an extended support version of the Mozilla Foundation's Firefox Web browser in the U.S. Mozilla Firefox ESR has a code issue vulnerability that could be exploited by an attacker to cause an application to crash...

8.8CVSS4.2AI score0.0202EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/09 12:0 a.m.•28 views

Unspecified vulnerability in Linux kernel (CNVD-2021-102802)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux Kernel that can be exploited by a local attacker with special user privileges to bypass authentication and potentially cause an err...

5.5CVSS6.4AI score0.00254EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/03 12:0 a.m.•28 views

JetBrains YouTrack Injection Vulnerability

JetBrains YouTrack is a browser-based bug tracking and project management software from JetBrains Czech Republic. The software has features such as bug tracking, creating workflows, and monitoring project progress.JetBrains YouTrack is vulnerable to an injection vulnerability that stems from...

9.8CVSS2.2AI score0.01944EPSS
Exploits0References1
CNVD
CNVD
•added 2021/12/01 12:0 a.m.•28 views

TYPO3 HTTP header injection vulnerability

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Typo3 association.TYPO3 suffers from an HTTP header injection vulnerability that stems from the lack of valid validation for HTTP host headers and is vulnerable to host spoofing. No detailed...

5.3CVSS0.8AI score0.0116EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/29 12:0 a.m.•28 views

Ruby has unspecified vulnerabilities (CNVD-2022-06510)

Ruby is a cross-platform, object-oriented, dynamically typed programming language. versions prior to Ruby 3.0.3 contain a security vulnerability that can be exploited by attackers to spoof the security prefix in cookie names so that vulnerable applications can be spoofed...

7.5CVSS3.7AI score0.02931EPSS
Exploits1References1
CNVD
CNVD
•added 2021/11/22 12:0 a.m.•28 views

Wireshark Input Validation Error Vulnerability (CNVD-2022-11204)

Wireshark formerly known as Ethereal is a suite of network packet analysis software from the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. Wireshark suffers from an input validation error vulnerability that can be exploited by...

7.5CVSS7.3AI score0.07885EPSS
Exploits1References1
CNVD
CNVD
•added 2021/11/22 12:0 a.m.•28 views

Wireshark Input Validation Error Vulnerability (CNVD-2022-11203)

Wireshark formerly known as Ethereal is a suite of network packet analysis software from the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. Wireshark suffers from an input validation error vulnerability that exists due to...

7.5CVSS7.2AI score0.07502EPSS
Exploits1References1
CNVD
CNVD
•added 2021/11/16 12:0 a.m.•28 views

Apache Superset has an unspecified vulnerability

Apache Superset is a data visualization and data exploration platform from the Apache Foundation. Apache Superset 1.3.1 and earlier versions contain a security vulnerability that could allow an attacker to access the password of an authenticated user's database connection...

6.5CVSS5.5AI score0.01449EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/16 12:0 a.m.•28 views

Belledonne Belle-sip Denial of Service Vulnerability

Belledonne Belle-sip is a library from the French company Belledonne that implements the transport, transaction and conversation layers of SIP RFC 3261. security vulnerabilities exist in versions prior to Belledonne Belle sip 5.0.20, which can be exploited by attackers to crash applications such ...

7.5CVSS2.8AI score0.01153EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/13 12:0 a.m.•28 views

Airangel Hsmx Gateway Credential Disclosure Vulnerability

Airangel Hsmx Gateway is a platform from Airangel UK. Used to manage authentication and billing in the network, a credential disclosure vulnerability exists in versions prior to Airangel Hsmx Gateway 5.2.04, which stems from the presence of weak SSH credentials in Airangel HSMX Gateway devices. A...

9.8CVSS1.7AI score0.01145EPSS
Exploits1References1
CNVD
CNVD
•added 2021/11/13 12:0 a.m.•28 views

Puppet Server Information Disclosure Vulnerability

Puppet Server is a software from Puppet Labs in the U.S. for pushing configurations from the primary server to other servers. an information disclosure vulnerability exists in Puppet Agent and Puppet Server, which stems from a lack of restrictions and protections in the HTTP transport process,...

9.8CVSS8.8AI score0.01328EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/12 12:0 a.m.•28 views

BusyBox code issue vulnerability (CNVD-2021-89688)

BusyBox is a suite of applications containing several linux commands and tools from the Ukrainian personal developer Denis Vlasenko. A code issue vulnerability exists in the Busybox hush applet, which stems from the fact that dereferencing the NULL pointer in Busybox's hush applet will result in ...

5.5CVSS2AI score0.00399EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/12 12:0 a.m.•28 views

Broadcom Emulex HBA Manager Buffer Overflow Vulnerability (CNVD-2021-94907)

Broadcom Emulex HBA Manager formerly known as OneCommand Manager provides centralized management of Emulex HBAs in physical and virtual server deployments through a graphical user interface GUI and a fully scriptable command line user interface CLI. Manager versions prior to 11.4.425.0,...

9.8CVSS2.3AI score0.01243EPSS
Exploits1References1
CNVD
CNVD
•added 2021/11/12 12:0 a.m.•28 views

BusyBox Code Execution Vulnerability (CNVD-2021-89687)

A security vulnerability exists in the Busybox hush applet, which stems from the shell's incorrect handling of the &&&& string in the Busybox hush applet, which was developed by Denis Vlasenko, a Ukrainian developer. An attacker could exploit this vulnerability to cause a denial of service and...

9.8CVSS2.7AI score0.03379EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/11 12:0 a.m.•28 views

JetBrains YouTrack has an unspecified vulnerability (CNVD-2021-91666)

JetBrains YouTrack is a browser-based bug tracking and project management software from JetBrains Czech Republic. The software has features such as bug tracking, creating workflows, and monitoring project progress.JetBrains YouTrack Mobile 2021.2 previously had a security vulnerability that stemm...

5.3CVSS2.2AI score0.00685EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/08 12:0 a.m.•28 views

Vim Buffer Overflow Vulnerability (CNVD-2022-05070)

Vim is a UNIX-based editor. Vim is vulnerable to a buffer overflow vulnerability that could be exploited by attackers to execute code...

7.8CVSS5.6AI score0.01589EPSS
Exploits1References1
CNVD
CNVD
•added 2021/11/08 12:0 a.m.•28 views

GNU C Library has unspecified vulnerabilities

The GNU C Library glibc, libc6 is an open source, free C compiler released under the LGPL license. version 2.34 of the GNU C Library aka glibc contains a security vulnerability that stems from a data validation issue in the affected version of the library, iconvdata/iso-2022-jp-3.c's iconv in the...

7.5CVSS4.1AI score0.02943EPSS
Exploits1References1
CNVD
CNVD
•added 2021/11/06 12:0 a.m.•28 views

Jenkins Access Control Error Vulnerability (CNVD-2021-103366)

Jenkins is a Jenkins open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins has an access control error vulnerability in versions 2.318 and earlier and LTS 2.303 and earlier, which stems from the use of the FilePath AP...

9.8CVSS2.2AI score0.0232EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/02 12:0 a.m.•28 views

NVIDIA vGPU software has an unspecified vulnerability

Nvidia vGPU Software is a management software from Nvidia Corporation to provide GPU capabilities to virtual machines. NVIDIA vGPU software is a security vulnerability that can be exploited by attackers to cause a denial of service...

5.5CVSS5.3AI score0.00212EPSS
Exploits0References1
CNVD
CNVD
•added 2021/11/01 12:0 a.m.•28 views

GitLab Resource Management Error Vulnerability (CNVD-2021-91188)

GitLab is a self-hosted, Git version control system project repository application developed in Ruby on Rails by GitLab, Inc. GitLab CE/EE is vulnerable to a resource management error that could be exploited to cause memory exhaustion using a misformatted TIFF image...

5.3CVSS2.9AI score0.01437EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/27 12:0 a.m.•28 views

Adobe Animate Post-release Reuse Vulnerability (CNVD-2021-84302)

Adobe Animate, a multimedia creation and computer animation program, is vulnerable to a post-release reuse vulnerability in Adobe Animate 21.0.9 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary code...

9.3CVSS6.6AI score0.04082EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/27 12:0 a.m.•28 views

Adobe Bridge Buffer Overflow Vulnerability (CNVD-2022-60082)

Adobe Bridge is a free digital asset management application from Adobe. A buffer overflow vulnerability exists in Adobe Bridge 11.1.1 and earlier versions. An attacker can exploit the vulnerability to execute arbitrary code...

7.8CVSS6.8AI score0.01929EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/27 12:0 a.m.•28 views

Adobe After Effects Memory Buffer Out-of-Bounds Access Vulnerability (CNVD-2021-89935)

Adobe After Effects "AE" is a graphics video processing software from Adobe for organizations involved in design and video special effects, including television stations, animation production companies, personal post-production studios, and multimedia studios. Effects 18.4.1 and earlier versions...

9.3CVSS6.4AI score0.02315EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/27 12:0 a.m.•28 views

Adobe Photoshop 2021 out-of-bounds read vulnerability

Adobe Photoshop, or "PS" for short, is an image processing software developed and distributed by Adobe. Adobe Photoshop 2021 22.5.1 and earlier versions contain an out-of-bounds read vulnerability. An attacker could exploit this vulnerability to elevate privileges...

5.5CVSS4.9AI score0.00473EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/27 12:0 a.m.•28 views

Adobe Audition Arbitrary Code Execution Vulnerability (CNVD-2022-00596)

Adobe Audition is an audio editor and post-production suite. Adobe Audition 14.4 and earlier versions contain an arbitrary code execution vulnerability that could be exploited by attackers to execute arbitrary code...

9.3CVSS6.2AI score0.01588EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/25 12:0 a.m.•28 views

DedeCMS Cross-Site Scripting Vulnerability (CNVD-2021-81102)

DedeCMS Dream Weaving Content Management System is a set of simple, robust, flexible, open source several characteristics of open source content management system. DedeCMS has a cross-site scripting vulnerability that can be exploited to inject malicious script code via activepath, keyword, tag,...

5.4CVSS5.3AI score0.00562EPSS
Exploits1References1
CNVD
CNVD
•added 2021/10/21 12:0 a.m.•28 views

Google Chrome Heap Buffer Overflow Vulnerability (CNVD-2021-84811)

Chrome is a web browsing tool developed by Google.A heap buffer overflow vulnerability exists in Settings in versions prior to Google Chrome 95.0.4638.54. An attacker could exploit this vulnerability to exploit heap corruption via a crafted HTML page...

8.8CVSS3.7AI score0.0092EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/21 12:0 a.m.•28 views

Google Chrome Post-release Reuse Vulnerability (CNVD-2021-84813)

Chrome is a web browsing tool developed by Google. a post-release reuse vulnerability exists in Incognito in versions prior to Google Chrome 95.0.4638.54. An attacker could exploit this vulnerability to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS3.7AI score0.00875EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/21 12:0 a.m.•28 views

Google Chrome Insufficient Input Validation Vulnerability (CNVD-2021-84801)

Chrome is a web browsing tool developed by Google, and an insufficient validation of untrusted input vulnerability exists in Downloads in versions prior to Google Chrome 95.0.4638.54. An attacker could exploit this vulnerability to bypass navigation restrictions via malicious files...

5.5CVSS5.5AI score0.00568EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/20 12:0 a.m.•28 views

Oracle E-Business Suite Denial of Service Vulnerability (CNVD-2022-02347)

Oracle E-Business Suite is an extension of the original Application ERP, including ERP enterprise resource planning management, HR human resource management, CRM customer relationship management and other collections of management software, a seamlessly integrated management suite. Oracle...

5.3CVSS1.7AI score0.01416EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/20 12:0 a.m.•28 views

Oracle MySQL Server Denial of Service Vulnerability (CNVD-2021-81784)

Oracle MySQL Server is a relational database from Oracle Corporation. A denial of service vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to cause the MySQL server to hang or crash frequently and repeatedly...

6.5CVSS5.9AI score0.02278EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/20 12:0 a.m.•28 views

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2021-81786)

Oracle MySQL Server is a relational database from Oracle Corporation. An unspecified vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to compromise MySQL Server by accessing the network via multiple protocols...

7.1CVSS6.3AI score0.02192EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/20 12:0 a.m.•28 views

Oracle MySQL Server Input Validation Error Vulnerability (CNVD-2021-80242)

Oracle MySQL Server, a relational database from Oracle Corporation, has a security vulnerability in the Server: DDL component of Oracle MySQL Server 8.0.26 and earlier. An attacker could exploit this vulnerability to manipulate data...

4CVSS3AI score0.01143EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/20 12:0 a.m.•28 views

Oracle Database Server has an unspecified vulnerability (CNVD-2021-101531)

Oracle Database Server is a relational database management system from Oracle Corporation USA. The database management system provides data management, distributed processing, and other functions.An unspecified vulnerability exists in the Java VM component of Oracle Database Server versions...

4.6CVSS5.6AI score0.00869EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2021/10/20 12:0 a.m.•28 views

Oracle MySQL Server Information Disclosure Vulnerability (CNVD-2021-81766)

Oracle MySQL Server is a relational database from Oracle Corporation. An information disclosure vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to cause unauthorized read access to a subset of MySQL Server accessible data...

4CVSS3.7AI score0.01342EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/20 12:0 a.m.•28 views

Oracle MySQL Server Denial of Service Vulnerability (CNVD-2021-81768)

Oracle MySQL Server is a relational database from Oracle Corporation. A denial of service vulnerability exists in Oracle MySQL Server, which can be exploited by attackers to cause a partial denial of service of MySQL Server...

4CVSS4.2AI score0.01449EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/20 12:0 a.m.•28 views

Oracle MySQL Server Denial of Service Vulnerability (CNVD-2021-81779)

Oracle MySQL Server is a relational database from Oracle Corporation. A denial of service vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to cause the MySQL server to hang or crash frequently and repeatedly...

4.9CVSS5.1AI score0.02125EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/20 12:0 a.m.•28 views

Oracle Java SE and Oracle GraalVM Enterprise Edition Denial of Service Vulnerability (CNVD-2021-81806)

Java SE stands for Java Platform Standard Edition and is used to develop and deploy Java applications for desktops, servers, and embedded devices and real-time environments.Oracle GraalVM Enterprise Edition is an Oracle-based multilingual virtual machine for enterprise Java SE. A denial of servic...

5.3CVSS5.7AI score0.06886EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/14 12:0 a.m.•28 views

Microsoft SharePoint Server Spoofing Vulnerability (CNVD-2022-59597)

Microsoft SharePoint is a set of enterprise business collaboration platforms from Microsoft Corporation USA. Microsoft SharePoint Server is vulnerable to spoofing, which can be exploited by attackers to conduct spoofing attacks...

7.6CVSS2.7AI score0.01304EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/13 12:0 a.m.•28 views

Siemens SINEC NMS User Profile Download Vulnerability

SINEC NMS is a network management system introduced by Siemens for monitoring and managing industrial networks.A user profile download vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1. An attacker could exploit this vulnerability to download any user's user profile, which coul...

6.5CVSS3.4AI score0.00824EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/12 12:0 a.m.•28 views

PHPFusion Remote Code Execution Vulnerability

PHPFusion is a lightweight open source content management system. A remote code execution vulnerability exists in PHPFusion version 9.03.110. The vulnerability can be exploited to achieve remote code execution by inserting malicious php code or php files into a zip file and uploading it to the...

7.2CVSS7.4AI score0.01746EPSS
Exploits1References1
CNVD
CNVD
•added 2021/10/09 12:0 a.m.•28 views

IBM Sterling File Gateway Arbitrary File Upload Vulnerability

IBM Sterling File Gateway is an application for transferring files between internal and external partners, allowing you to more securely and reliably transfer files with trading partners.IBM Sterling File Gateway versions 2.2.0.0-5.2.6.54, 6.0.0.0-6.0.0.6, 6.0 .1.0-6.0.3.4, and 6.1.0.0-6.1.0.2...

7.5CVSS4AI score0.01334EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/08 12:0 a.m.•28 views

Cobbler Arbitrary File Writing Vulnerability

Cobbler is a network installation server suite, which is mainly used to quickly set up Linux network installation environment.Cobbler in versions prior to 3.3.0 there is an arbitrary file writing vulnerability, the vulnerability originates from the system does not do effective filtering of user...

7.5CVSS3.2AI score0.68635EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/08 12:0 a.m.•28 views

Netscaut nGeniusONE XML External Entity Injection Vulnerability

Netscout NgeniusOne is a centralized application and network performance management solution from Netscout, Inc. Netscaut nGeniusONE in version 6.3.0 build 1196 suffers from an XML External Entity Injection vulnerability, which arises from a network system or product that does not have the correc...

6.5CVSS6.6AI score0.00933EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/08 12:0 a.m.•28 views

ECOA BAS controller unauthorized access vulnerability

ECOA BAS controller is an intelligent lighting control solution. an unauthorized access vulnerability exists in ECOA BAS controller, which can be exploited by remote attackers to bypass authorization to access hidden resources in the system and perform privileged functions...

6.5CVSS4.8AI score0.00842EPSS
Exploits1
Total number of security vulnerabilities5000