Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
added 2022/09/20 12:0 a.m.27 views

Vim Resource Management Error Vulnerability (CNVD-2022-68078)

Vim is a cross-platform text editor. versions prior to Vim 9.0.0490 are vulnerable to a resource management error, which stems from the existence of a memory reuse after release issue. No detailed vulnerability details are currently available...

7.8CVSS3.3AI score0.00475EPSS
Exploits1References1
CNVD
CNVD
added 2022/09/19 12:0 a.m.27 views

Apple macOS Safari Buffer Overflow Vulnerability

Apple Safari is a web browser that is the default browser that comes with the Mac OS X and iOS operating systems. A security vulnerability exists in Apple macOS Safari WebKit, which can be exploited by a remote attacker to submit a special web request that can be tricked into being parsed by the...

8.8CVSS7.5AI score0.01136EPSS
Exploits0References1
CNVD
CNVD
added 2022/09/06 12:0 a.m.27 views

BlueZ input validation error vulnerability

BlueZ is a Bluetooth protocol stack written in C, which is primarily used to provide support for the core Bluetooth layer and protocol. versions prior to BlueZ 5.59 have an input validation error vulnerability that stems from the failure of the profiles/audio/avrcp.c component to validate...

8.8CVSS3.6AI score0.00657EPSS
Exploits0References1
CNVD
CNVD
added 2022/09/02 12:0 a.m.27 views

Denial of Service vulnerability in the rotateImage function in LibTIFF tiffcrop.c:8621

LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. The library contains a number of command-line tools for working with TIFF files.A denial of service vulnerability exists in LibTIFF version 4.4.0rc1, which stems from a failed sysmalloc assertion in rotateImage in...

6.5CVSS3.7AI score0.00939EPSS
Exploits1References1
CNVD
CNVD
added 2022/08/30 12:0 a.m.27 views

Tenda AX180 Stack Overflow Vulnerability (CNVD-2022-78482)

Tenda AX1803 is a dual-band Gigabit WIFI6 router from Tenda China.Tenda AX1803 is vulnerable to a stack overflow vulnerability, which is caused by improper boundary checking of the formSetQosBand function. An attacker could exploit the vulnerability to overflow the buffer and execute arbitrary co...

7.8CVSS5.1AI score0.00327EPSS
Exploits1References1
CNVD
CNVD
added 2022/08/30 12:0 a.m.27 views

Ingredients Stock Management System SQL Injection Vulnerability (CNVD-2023-11178)

Ingredients Stock Management System is an ingredient stock management system from Carlo Montero's personal developer. A SQL injection issue exists in the id parameter of the /stocks/manage stockin.php location. No detailed vulnerability details are available at this time...

8.8CVSS4AI score0.00811EPSS
Exploits1References1
CNVD
CNVD
added 2022/08/19 12:0 a.m.27 views

Tenda AC9 Command Injection Vulnerability (CNVD-2022-75820)

Tenda AC9 is a wireless router from Tenda, China. Tenda AC9 V15.03.2.21cn version is vulnerable to command injection, which can be exploited by attackers to execute arbitrary commands on the system...

9.8CVSS5.7AI score0.02408EPSS
Exploits1References1
CNVD
CNVD
added 2022/08/16 12:0 a.m.27 views

Google Android Code Execution Vulnerability (CNVD-2022-71984)

Google Android is a Linux-based open source operating system from Google, Inc. A code execution vulnerability exists in Google Android, which is caused by an out-of-bounds write in Bluetooth. An attacker could exploit this vulnerability to execute arbitrary code on the system...

8.8CVSS4AI score0.0024EPSS
Exploits0References1
CNVD
CNVD
added 2022/08/12 12:0 a.m.27 views

Adobe Acrobat Reader Buffer Overflow Vulnerability (CNVD-2022-58464)

Adobe Acrobat Reader is a PDF viewer from Adobe. The software is used to print, sign, and annotate PDFs. Adobe Acrobat Reader is vulnerable to a buffer overflow vulnerability that originates from out-of-bounds writes. An attacker could exploit this vulnerability to execute arbitrary code...

7.8CVSS4.7AI score0.02545EPSS
Exploits0References1
CNVD
CNVD
added 2022/08/12 12:0 a.m.27 views

Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-67843)

Microsoft Azure Site Recovery ASR is a DRaaS provided by Azure for cloud and hybrid cloud architectures. Microsoft Azure Site Recovery suffers from an elevation of privilege vulnerability. An attacker could exploit this vulnerability to elevate privileges...

4.3AI score0.01614EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/08/11 12:0 a.m.27 views

Adobe FrameMaker heap buffer overflow vulnerability

Adobe Framemaker is a set of page layout software for writing and editing large or complex documents including structured documents from Adobe. Adobe FrameMaker is vulnerable to a heap buffer overflow vulnerability that could be exploited by attackers to execute arbitrary code...

7.8CVSS5.1AI score0.00475EPSS
Exploits0References1
CNVD
CNVD
added 2022/08/10 12:0 a.m.27 views

Remote Code Execution Vulnerability in Damon 7 Database Kirin Edition

Wuhan Damon Database Co., Ltd. is specialized in providing big data platform architecture consulting, data technology solution planning, product deployment and implementation in one big data platform company. A remote code execution vulnerability exists in Damon 7 Database Kirin Edition, which ca...

8.3AI score
Exploits0
CNVD
CNVD
added 2022/08/03 12:0 a.m.27 views

F5 BIG-IP TMM Data Normalization Infinite Loop Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. An infinite loop vulnerability in F5 BIG-IP TMM data normalization stems from the fact that when an LTM virtual server is...

7.5CVSS2.4AI score0.01053EPSS
Exploits1References1
CNVD
CNVD
added 2022/07/29 12:0 a.m.27 views

McAfee Agent Code Issue Vulnerability (CNVD-2022-55631)

McAfee Agent MA is a set of client components from McAfee, Inc. that provides secure communications between ePolicy Orchestrator antivirus management platform and managed products. A code issue vulnerability exists in McAfee Agent MA versions prior to 5.7.7, which stems from a vulnerability that...

8.2CVSS7.7AI score0.00329EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/22 12:0 a.m.27 views

Apple macOS Monterey Spotlight Privilege Permission and Access Control Issues Vulnerability

Apple macOS Monterey is the 18th major release of Apple's macOS for the Macintosh desktop operating system. Apple macOS Monterey prior to version 12.5 is vulnerable to a privilege-granting and access-control issue vulnerability that stems from Spotlight failing to properly impose security...

7.8CVSS7.3AI score0.00894EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/22 12:0 a.m.27 views

Samsung Mobile devices SemWifiApClient Access Control Vulnerability

Samsung Mobile devices are a range of Samsung mobile devices from the South Korean company Samsung SAMSUNG, including cell phones, tablets, and more. Samsung Mobile devices SemWifiApClient has an access control vulnerability that originates from improper access control in the sendDHCPACKBroadcast...

3.3CVSS4.2AI score0.00091EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/22 12:0 a.m.27 views

Oracle MySQL Server Denial of Service Vulnerability (CNVD-2022-54310)

Oracle MySQL Server is a relational database from Oracle Corporation. A denial of service vulnerability exists in the Server: Stored Procedure component of Oracle MySQL Server 8.0.29 and prior. An attacker can exploit this vulnerability to corrupt MySQL Server by accessing the network over multip...

4.9CVSS5.2AI score0.01407EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/22 12:0 a.m.27 views

Samsung Mobile devices SemWifiApClient access control vulnerability (CNVD-2022-65119)

Samsung Mobile devices are a range of Samsung mobile devices from the South Korean company Samsung SAMSUNG, including cell phones, tablets, and more. Samsung Mobile devices SemWifiApClient has an access control vulnerability that originates from improper access control in the sendDHCPACKBroadcast...

3.3CVSS4.2AI score0.00091EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/21 12:0 a.m.27 views

Cisco Nexus Dashboard Access Control Error Vulnerability

Cisco Nexus Dashboard is a centralized data center control panel that makes it easier to manage hybrid cloud network operations and maintenance.A security vulnerability exists in Cisco Nexus Dashboard that could be exploited by attackers to spoof user identities and send malicious requests...

2.1AI score0.01156EPSS
Exploits0
CNVD
CNVD
added 2022/07/20 12:0 a.m.27 views

Oracle Virtualization Input Validation Error Vulnerability (CNVD-2023-08447)

Oracle Virtualization is a virtualization solution from Oracle Corporation. It is used to unify and manage the entire hardware and software architecture from the application to the disk. Oracle Virtualization has a security vulnerability that could be exploited by an attacker to cause Oracle VM...

2.1AI score0.00347EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2022/07/19 12:0 a.m.27 views

Pexip Infinity Input Validation Error Vulnerability (CNVD-2022-54733)

Pexip Infinity is a video conferencing cloud collaboration platform from Pexip, a Norwegian company. Pexip Infinity versions prior to 27.3 contain an input validation error vulnerability that can be exploited by remote, unauthenticated attackers to cause a denial of service...

7.5CVSS4.5AI score0.0101EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/18 12:0 a.m.27 views

Multiple Adobe Products Uninitialized Pointer Access Vulnerabilities (CNVD-2022-87167)

Adobe Acrobat is a set of PDF file editing and conversion tools. Adobe Reader is a set of PDF document reading software. A number of Adobe products exist uninitialized pointer access vulnerability, the vulnerability arises from the existence of a post-release reuse error when processing PDF files...

7.8CVSS4.2AI score0.03377EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/18 12:0 a.m.27 views

Product Show Room Site SQL Injection Vulnerability (CNVD-2022-77045)

Product Show Room Site is a kind of product show room website by Carlo Montero's personal developer. product show room site v1.0 version exists SQL injection vulnerability, the vulnerability originates from the existence of the id parameter in /psrs/?p=products/viewproduct&id SQL injection, an...

8.8CVSS5.2AI score0.0081EPSS
Exploits1References1
CNVD
CNVD
added 2022/07/18 12:0 a.m.27 views

IBM Engineering Lifecycle Optimization Cross-Site Scripting Vulnerability (CNVD-2022-55503)

IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from IBM America. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure that the entire organization...

5.4CVSS5.2AI score0.00421EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/15 12:0 a.m.27 views

Samsung TelephonyUI Access Control Error Vulnerability (CNVD-2022-70745)

An access control error vulnerability exists in Samsung TelephonyUI, a Telephony service for Samsung mobile devices in South Korea that provides support for the Telephony Application Programming Interface TAPI. The vulnerability stems from a lack of proper permission checking in TelephonyUI, whic...

6.2CVSS1.9AI score0.00091EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/15 12:0 a.m.27 views

SAP Business One Denial of Service Vulnerability

SAP Business One is a set of enterprise management software from SAP. The software includes functions such as financial management, operations management and human resource management. A denial-of-service vulnerability exists in SAP Business One version 10.0, which stems from improper input clean...

7.5CVSS7.5AI score0.00745EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/15 12:0 a.m.27 views

Samsung Wearable Manager Information Disclosure Vulnerability

Samsung Wearable Manager is an application for Samsung Samsung mobile devices that connects wearable devices to mobile devices. Samsung Wearable Manager is vulnerable to an information disclosure vulnerability that stems from the installation of an unprotected dynamic receiver, which could be...

5.5CVSS3AI score0.00101EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/15 12:0 a.m.27 views

Adobe Character Animator Buffer Overflow Vulnerability (CNVD-2022-54912)

Adobe Character Animator is a motion capture and animation tool from the American company Audobee Adobe. Adobe Character Animator suffers from a buffer overflow vulnerability that stems from a lack of proper validation of user-supplied data, which can be exploited by an attacker to trigger a buff...

7.8CVSS7.9AI score0.00431EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/15 12:0 a.m.27 views

Samsung AppLinker Implicit Intent Hijacking Vulnerability

Samsung AppLinker is an application for Samsung mobile devices. Samsung AppLinker is vulnerable to an implicit intent hijacking vulnerability, which stems from the fact that when an implicit intent call is used, no restrictions are placed on the intent message recipient, and an attacker could use...

8.5CVSS3.5AI score0.00129EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/15 12:0 a.m.27 views

Adobe RoboHelp Cross-Site Scripting Vulnerability (CNVD-2022-60077)

Adobe RoboHelp is a help authoring tool developed and released for Windows by the American company Audobee Adobe. A cross-site scripting vulnerability exists in Adobe RoboHelp version 2020.0.7 and earlier, which stems from the program's lack of checksum filtering of user-supplied data and output...

6.1CVSS6AI score0.00592EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/15 12:0 a.m.27 views

SAP S/4HANA Input Validation Error Vulnerability

SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from the German company SAP. SAP S/4HANA is vulnerable to an input validation error that stems from a lack of input validation in the management checkbook component, which could be exploited ...

5.3CVSS1.9AI score0.00568EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/13 12:0 a.m.27 views

WordPress Pricing Deals for WooCommerce plugin SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Pricing Deals for WooCommerce plugin 2.0.2.02 and earlier versions are vulnerable to SQL...

9.8CVSS2.4AI score0.0666EPSS
Exploits2References1
CNVD
CNVD
added 2022/07/13 12:0 a.m.27 views

BaiduWenkuSpider_flaskWeb path traversal vulnerability

BaiduWenkuSpiderflaskWeb is a python web project based on the FlaskFrame framework for crawling Baidu's library by ChangeWeDer personal developer. path traversal vulnerability exists in versions of BaiduWenkuSpiderflaskWeb prior to 2021-11-29, which The vulnerability stems from a failure of the...

9.3CVSS2.9AI score0.01213EPSS
Exploits1References1
CNVD
CNVD
added 2022/07/13 12:0 a.m.27 views

Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-56595)

Microsoft Azure Site Recovery is a site recovery DRaaS from Microsoft Corporation USA. Microsoft Azure Site Recovery has an elevation of privilege vulnerability, and no details of the vulnerability are available...

6.5CVSS3.7AI score0.01475EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/13 12:0 a.m.27 views

Anakin path traversal vulnerability

Anakin is a cross-platform, high-performance inference engine open-sourced by PaddlePaddle.Anakin 0.1.1 and earlier versions have a path traversal vulnerability that stems from a failure of Flask's sendfile function to properly filter special elements in resource or file paths, which could be...

9.3CVSS3.6AI score0.01118EPSS
Exploits1References1
CNVD
CNVD
added 2022/07/13 12:0 a.m.27 views

Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-57198)

Microsoft Azure Site Recovery is a site recovery DRaaS from the U.S. company Microsoft for cloud and hybrid cloud architectures. Microsoft Azure Site Recovery has an elevation of privilege vulnerability that could be exploited by an attacker to gain elevated privileges on the system...

5.5CVSS3.6AI score0.01475EPSS
Exploits0
CNVD
CNVD
added 2022/07/13 12:0 a.m.27 views

flask-file-server path traversal vulnerability

flask-file-server is a file server with a front-end for browsing, uploading, and streaming files from Wildog Personal Developer. flask-file-server 2020-02-20 and earlier versions are vulnerable to a path traversal vulnerability that stems from a failure of Flask's sendfile function to properly...

9.3CVSS3.6AI score0.01118EPSS
Exploits1References1
CNVD
CNVD
added 2022/07/13 12:0 a.m.27 views

Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-57194)

Microsoft Azure Site Recovery is a site recovery DRaaS from the U.S. company Microsoft for cloud and hybrid cloud architectures. Microsoft Azure Site Recovery elevation of privilege vulnerability can be exploited by attackers to gain elevated privileges on the system...

4CVSS5AI score0.01705EPSS
Exploits0
CNVD
CNVD
added 2022/07/12 12:0 a.m.27 views

IBM Security Access Manager Appliance Access Control Error Vulnerability (CNVD-2022-87650)

The IBM Security Access Manager Appliance ISAM Appliance is a network appliance-based security solution from IBM of the United States. The product is primarily used for access control and Web-based threat protection, providing system performance monitoring, log analysis, and diagnostics.IBM...

7.8CVSS4.8AI score0.00224EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/08 12:0 a.m.27 views

Huawei HarmonyOS Information Disclosure Vulnerability (CNVD-2022-61608)

Huawei HarmonyOS is an operating system from Huawei China. It provides a microkernel-based, fully distributed operating system. Huawei HarmonyOS contains a security vulnerability that could be exploited by attackers to compromise device confidentiality...

7.5CVSS3.6AI score0.0069EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/08 12:0 a.m.27 views

PESCMS Cross-Site Request Forgery Vulnerability

PESCMS is a content publishing platform. A security vulnerability exists in PESCMS version V2.3.3. An attacker exploited the vulnerability to change the passwords of administrators and other members...

6.5CVSS6.4AI score0.00561EPSS
Exploits1References1
CNVD
CNVD
added 2022/07/08 12:0 a.m.27 views

PESCMS cross-site scripting vulnerability

A cross-site scripting vulnerability exists in PESCMS version V2.3.3, a content publishing platform. The vulnerability stems from App/Team/GET/Report.php missing a data validation filter for user-supplied data and output. An attacker could exploit the vulnerability to execute JavaScript code on t...

6.1CVSS3AI score0.00829EPSS
Exploits1References1
CNVD
CNVD
added 2022/07/07 12:0 a.m.27 views

OpenCTI Cross-Site Scripting Vulnerability

OpenCTI is OpenCTI's open cyber threat intelligence platform. A cross-site scripting vulnerability exists in OpenCTI version 5.2.4 and earlier versions, which can be exploited by an attacker to upload a malicious file and then execute the file when the victim opens the file location...

5.4CVSS5.2AI score0.00484EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/07 12:0 a.m.27 views

Cisco Unified Communications Manager Arbitrary File Read Vulnerability (CNVD-2022-50625)

Cisco Unified Communications Manager CUCM, Unified CM, CallManager is a call processing component of a unified communications system from Cisco.Unified Communications Manager Session Unified Communications Manager Session Management Edition is the session management edition of Unified...

6.5CVSS6.3AI score0.0143EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/05 12:0 a.m.27 views

Tenda M3 formMasterMng function stack overflow vulnerability

Tenda M3 is an access control from Tenda, a Chinese company. Tenda M3 V1.0.0.12 version has a stack overflow vulnerability, which stems from the formMasterMng function url parameter not checking its length for input data. An attacker could exploit this vulnerability to cause a denial of service...

7.8CVSS5.2AI score0.1335EPSS
Exploits1References1
CNVD
CNVD
added 2022/07/05 12:0 a.m.27 views

Tenda AX1806 formSetVirtualSer function stack overflow vulnerability

Tenda AX1806 is a WiFi6 wireless router from Tenda China.A stack overflow vulnerability exists in Tenda AX1806 V1.0.0.1, which stems from the formSetVirtualSer function not checking its length for input data. An attacker could exploit this vulnerability to cause a denial of service attack...

7.8CVSS3.7AI score0.01074EPSS
Exploits1References1
CNVD
CNVD
added 2022/07/05 12:0 a.m.27 views

TOTOLINK T6 FUN_00412ef4 function stack overflow vulnerability

TOTOLINK T6 is a wireless dual-band router from China Gion Electronics TOTOLINK.A stack overflow vulnerability exists in TOTOLINK T6 V4.1.9cu.5179B20201015 version, which stems from the desc parameter in the FUN00412ef4 function not checking its length for input data. A remote attacker can exploi...

7.5CVSS5.2AI score0.01055EPSS
Exploits1References1
CNVD
CNVD
added 2022/07/04 12:0 a.m.27 views

IBM Spectrum Protect Denial of Service Vulnerability (CNVD-2022-60417)

IBM Spectrum Protect formerly known as Tivoli Storage Manager is a data protection platform from IBM USA. The platform provides enterprises with a single point of control and management and supports backup and recovery for virtual, physical and cloud environments of all sizes. IBM Spectrum Protec...

7.5CVSS4.4AI score0.0103EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/04 12:0 a.m.27 views

Jenkins Project Inheritance Plugin跨站脚本漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exist...

5.4CVSS2.3AI score0.00567EPSS
Exploits0References1
CNVD
CNVD
added 2022/07/01 12:0 a.m.27 views

TrueConf Server Cross-Site Request Forgery Vulnerability

TrueConf Server is a self-hosted and secure video collaboration platform from the Russian company TrueConf. version 4.3.7 of TrueConf Server is vulnerable to cross-site request forgery, which can be exploited by remote attackers to perform cross-site request forgery attacks...

8.8CVSS5.1AI score0.00483EPSS
Exploits0References1
Total number of security vulnerabilities5000