131102 matches found
Vim Resource Management Error Vulnerability (CNVD-2022-68078)
Vim is a cross-platform text editor. versions prior to Vim 9.0.0490 are vulnerable to a resource management error, which stems from the existence of a memory reuse after release issue. No detailed vulnerability details are currently available...
Apple macOS Safari Buffer Overflow Vulnerability
Apple Safari is a web browser that is the default browser that comes with the Mac OS X and iOS operating systems. A security vulnerability exists in Apple macOS Safari WebKit, which can be exploited by a remote attacker to submit a special web request that can be tricked into being parsed by the...
BlueZ input validation error vulnerability
BlueZ is a Bluetooth protocol stack written in C, which is primarily used to provide support for the core Bluetooth layer and protocol. versions prior to BlueZ 5.59 have an input validation error vulnerability that stems from the failure of the profiles/audio/avrcp.c component to validate...
Denial of Service vulnerability in the rotateImage function in LibTIFF tiffcrop.c:8621
LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. The library contains a number of command-line tools for working with TIFF files.A denial of service vulnerability exists in LibTIFF version 4.4.0rc1, which stems from a failed sysmalloc assertion in rotateImage in...
Tenda AX180 Stack Overflow Vulnerability (CNVD-2022-78482)
Tenda AX1803 is a dual-band Gigabit WIFI6 router from Tenda China.Tenda AX1803 is vulnerable to a stack overflow vulnerability, which is caused by improper boundary checking of the formSetQosBand function. An attacker could exploit the vulnerability to overflow the buffer and execute arbitrary co...
Ingredients Stock Management System SQL Injection Vulnerability (CNVD-2023-11178)
Ingredients Stock Management System is an ingredient stock management system from Carlo Montero's personal developer. A SQL injection issue exists in the id parameter of the /stocks/manage stockin.php location. No detailed vulnerability details are available at this time...
Tenda AC9 Command Injection Vulnerability (CNVD-2022-75820)
Tenda AC9 is a wireless router from Tenda, China. Tenda AC9 V15.03.2.21cn version is vulnerable to command injection, which can be exploited by attackers to execute arbitrary commands on the system...
Google Android Code Execution Vulnerability (CNVD-2022-71984)
Google Android is a Linux-based open source operating system from Google, Inc. A code execution vulnerability exists in Google Android, which is caused by an out-of-bounds write in Bluetooth. An attacker could exploit this vulnerability to execute arbitrary code on the system...
Adobe Acrobat Reader Buffer Overflow Vulnerability (CNVD-2022-58464)
Adobe Acrobat Reader is a PDF viewer from Adobe. The software is used to print, sign, and annotate PDFs. Adobe Acrobat Reader is vulnerable to a buffer overflow vulnerability that originates from out-of-bounds writes. An attacker could exploit this vulnerability to execute arbitrary code...
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-67843)
Microsoft Azure Site Recovery ASR is a DRaaS provided by Azure for cloud and hybrid cloud architectures. Microsoft Azure Site Recovery suffers from an elevation of privilege vulnerability. An attacker could exploit this vulnerability to elevate privileges...
Adobe FrameMaker heap buffer overflow vulnerability
Adobe Framemaker is a set of page layout software for writing and editing large or complex documents including structured documents from Adobe. Adobe FrameMaker is vulnerable to a heap buffer overflow vulnerability that could be exploited by attackers to execute arbitrary code...
Remote Code Execution Vulnerability in Damon 7 Database Kirin Edition
Wuhan Damon Database Co., Ltd. is specialized in providing big data platform architecture consulting, data technology solution planning, product deployment and implementation in one big data platform company. A remote code execution vulnerability exists in Damon 7 Database Kirin Edition, which ca...
F5 BIG-IP TMM Data Normalization Infinite Loop Vulnerability
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. An infinite loop vulnerability in F5 BIG-IP TMM data normalization stems from the fact that when an LTM virtual server is...
McAfee Agent Code Issue Vulnerability (CNVD-2022-55631)
McAfee Agent MA is a set of client components from McAfee, Inc. that provides secure communications between ePolicy Orchestrator antivirus management platform and managed products. A code issue vulnerability exists in McAfee Agent MA versions prior to 5.7.7, which stems from a vulnerability that...
Apple macOS Monterey Spotlight Privilege Permission and Access Control Issues Vulnerability
Apple macOS Monterey is the 18th major release of Apple's macOS for the Macintosh desktop operating system. Apple macOS Monterey prior to version 12.5 is vulnerable to a privilege-granting and access-control issue vulnerability that stems from Spotlight failing to properly impose security...
Samsung Mobile devices SemWifiApClient Access Control Vulnerability
Samsung Mobile devices are a range of Samsung mobile devices from the South Korean company Samsung SAMSUNG, including cell phones, tablets, and more. Samsung Mobile devices SemWifiApClient has an access control vulnerability that originates from improper access control in the sendDHCPACKBroadcast...
Oracle MySQL Server Denial of Service Vulnerability (CNVD-2022-54310)
Oracle MySQL Server is a relational database from Oracle Corporation. A denial of service vulnerability exists in the Server: Stored Procedure component of Oracle MySQL Server 8.0.29 and prior. An attacker can exploit this vulnerability to corrupt MySQL Server by accessing the network over multip...
Samsung Mobile devices SemWifiApClient access control vulnerability (CNVD-2022-65119)
Samsung Mobile devices are a range of Samsung mobile devices from the South Korean company Samsung SAMSUNG, including cell phones, tablets, and more. Samsung Mobile devices SemWifiApClient has an access control vulnerability that originates from improper access control in the sendDHCPACKBroadcast...
Cisco Nexus Dashboard Access Control Error Vulnerability
Cisco Nexus Dashboard is a centralized data center control panel that makes it easier to manage hybrid cloud network operations and maintenance.A security vulnerability exists in Cisco Nexus Dashboard that could be exploited by attackers to spoof user identities and send malicious requests...
Oracle Virtualization Input Validation Error Vulnerability (CNVD-2023-08447)
Oracle Virtualization is a virtualization solution from Oracle Corporation. It is used to unify and manage the entire hardware and software architecture from the application to the disk. Oracle Virtualization has a security vulnerability that could be exploited by an attacker to cause Oracle VM...
Pexip Infinity Input Validation Error Vulnerability (CNVD-2022-54733)
Pexip Infinity is a video conferencing cloud collaboration platform from Pexip, a Norwegian company. Pexip Infinity versions prior to 27.3 contain an input validation error vulnerability that can be exploited by remote, unauthenticated attackers to cause a denial of service...
Multiple Adobe Products Uninitialized Pointer Access Vulnerabilities (CNVD-2022-87167)
Adobe Acrobat is a set of PDF file editing and conversion tools. Adobe Reader is a set of PDF document reading software. A number of Adobe products exist uninitialized pointer access vulnerability, the vulnerability arises from the existence of a post-release reuse error when processing PDF files...
Product Show Room Site SQL Injection Vulnerability (CNVD-2022-77045)
Product Show Room Site is a kind of product show room website by Carlo Montero's personal developer. product show room site v1.0 version exists SQL injection vulnerability, the vulnerability originates from the existence of the id parameter in /psrs/?p=products/viewproduct&id SQL injection, an...
IBM Engineering Lifecycle Optimization Cross-Site Scripting Vulnerability (CNVD-2022-55503)
IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from IBM America. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure that the entire organization...
Samsung TelephonyUI Access Control Error Vulnerability (CNVD-2022-70745)
An access control error vulnerability exists in Samsung TelephonyUI, a Telephony service for Samsung mobile devices in South Korea that provides support for the Telephony Application Programming Interface TAPI. The vulnerability stems from a lack of proper permission checking in TelephonyUI, whic...
SAP Business One Denial of Service Vulnerability
SAP Business One is a set of enterprise management software from SAP. The software includes functions such as financial management, operations management and human resource management. A denial-of-service vulnerability exists in SAP Business One version 10.0, which stems from improper input clean...
Samsung Wearable Manager Information Disclosure Vulnerability
Samsung Wearable Manager is an application for Samsung Samsung mobile devices that connects wearable devices to mobile devices. Samsung Wearable Manager is vulnerable to an information disclosure vulnerability that stems from the installation of an unprotected dynamic receiver, which could be...
Adobe Character Animator Buffer Overflow Vulnerability (CNVD-2022-54912)
Adobe Character Animator is a motion capture and animation tool from the American company Audobee Adobe. Adobe Character Animator suffers from a buffer overflow vulnerability that stems from a lack of proper validation of user-supplied data, which can be exploited by an attacker to trigger a buff...
Samsung AppLinker Implicit Intent Hijacking Vulnerability
Samsung AppLinker is an application for Samsung mobile devices. Samsung AppLinker is vulnerable to an implicit intent hijacking vulnerability, which stems from the fact that when an implicit intent call is used, no restrictions are placed on the intent message recipient, and an attacker could use...
Adobe RoboHelp Cross-Site Scripting Vulnerability (CNVD-2022-60077)
Adobe RoboHelp is a help authoring tool developed and released for Windows by the American company Audobee Adobe. A cross-site scripting vulnerability exists in Adobe RoboHelp version 2020.0.7 and earlier, which stems from the program's lack of checksum filtering of user-supplied data and output...
SAP S/4HANA Input Validation Error Vulnerability
SAP S/4HANA is an enterprise resource management software based on the SAP HANA in-memory database system from the German company SAP. SAP S/4HANA is vulnerable to an input validation error that stems from a lack of input validation in the management checkbook component, which could be exploited ...
WordPress Pricing Deals for WooCommerce plugin SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Pricing Deals for WooCommerce plugin 2.0.2.02 and earlier versions are vulnerable to SQL...
BaiduWenkuSpider_flaskWeb path traversal vulnerability
BaiduWenkuSpiderflaskWeb is a python web project based on the FlaskFrame framework for crawling Baidu's library by ChangeWeDer personal developer. path traversal vulnerability exists in versions of BaiduWenkuSpiderflaskWeb prior to 2021-11-29, which The vulnerability stems from a failure of the...
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-56595)
Microsoft Azure Site Recovery is a site recovery DRaaS from Microsoft Corporation USA. Microsoft Azure Site Recovery has an elevation of privilege vulnerability, and no details of the vulnerability are available...
Anakin path traversal vulnerability
Anakin is a cross-platform, high-performance inference engine open-sourced by PaddlePaddle.Anakin 0.1.1 and earlier versions have a path traversal vulnerability that stems from a failure of Flask's sendfile function to properly filter special elements in resource or file paths, which could be...
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-57198)
Microsoft Azure Site Recovery is a site recovery DRaaS from the U.S. company Microsoft for cloud and hybrid cloud architectures. Microsoft Azure Site Recovery has an elevation of privilege vulnerability that could be exploited by an attacker to gain elevated privileges on the system...
flask-file-server path traversal vulnerability
flask-file-server is a file server with a front-end for browsing, uploading, and streaming files from Wildog Personal Developer. flask-file-server 2020-02-20 and earlier versions are vulnerable to a path traversal vulnerability that stems from a failure of Flask's sendfile function to properly...
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-57194)
Microsoft Azure Site Recovery is a site recovery DRaaS from the U.S. company Microsoft for cloud and hybrid cloud architectures. Microsoft Azure Site Recovery elevation of privilege vulnerability can be exploited by attackers to gain elevated privileges on the system...
IBM Security Access Manager Appliance Access Control Error Vulnerability (CNVD-2022-87650)
The IBM Security Access Manager Appliance ISAM Appliance is a network appliance-based security solution from IBM of the United States. The product is primarily used for access control and Web-based threat protection, providing system performance monitoring, log analysis, and diagnostics.IBM...
Huawei HarmonyOS Information Disclosure Vulnerability (CNVD-2022-61608)
Huawei HarmonyOS is an operating system from Huawei China. It provides a microkernel-based, fully distributed operating system. Huawei HarmonyOS contains a security vulnerability that could be exploited by attackers to compromise device confidentiality...
PESCMS Cross-Site Request Forgery Vulnerability
PESCMS is a content publishing platform. A security vulnerability exists in PESCMS version V2.3.3. An attacker exploited the vulnerability to change the passwords of administrators and other members...
PESCMS cross-site scripting vulnerability
A cross-site scripting vulnerability exists in PESCMS version V2.3.3, a content publishing platform. The vulnerability stems from App/Team/GET/Report.php missing a data validation filter for user-supplied data and output. An attacker could exploit the vulnerability to execute JavaScript code on t...
OpenCTI Cross-Site Scripting Vulnerability
OpenCTI is OpenCTI's open cyber threat intelligence platform. A cross-site scripting vulnerability exists in OpenCTI version 5.2.4 and earlier versions, which can be exploited by an attacker to upload a malicious file and then execute the file when the victim opens the file location...
Cisco Unified Communications Manager Arbitrary File Read Vulnerability (CNVD-2022-50625)
Cisco Unified Communications Manager CUCM, Unified CM, CallManager is a call processing component of a unified communications system from Cisco.Unified Communications Manager Session Unified Communications Manager Session Management Edition is the session management edition of Unified...
Tenda M3 formMasterMng function stack overflow vulnerability
Tenda M3 is an access control from Tenda, a Chinese company. Tenda M3 V1.0.0.12 version has a stack overflow vulnerability, which stems from the formMasterMng function url parameter not checking its length for input data. An attacker could exploit this vulnerability to cause a denial of service...
Tenda AX1806 formSetVirtualSer function stack overflow vulnerability
Tenda AX1806 is a WiFi6 wireless router from Tenda China.A stack overflow vulnerability exists in Tenda AX1806 V1.0.0.1, which stems from the formSetVirtualSer function not checking its length for input data. An attacker could exploit this vulnerability to cause a denial of service attack...
TOTOLINK T6 FUN_00412ef4 function stack overflow vulnerability
TOTOLINK T6 is a wireless dual-band router from China Gion Electronics TOTOLINK.A stack overflow vulnerability exists in TOTOLINK T6 V4.1.9cu.5179B20201015 version, which stems from the desc parameter in the FUN00412ef4 function not checking its length for input data. A remote attacker can exploi...
IBM Spectrum Protect Denial of Service Vulnerability (CNVD-2022-60417)
IBM Spectrum Protect formerly known as Tivoli Storage Manager is a data protection platform from IBM USA. The platform provides enterprises with a single point of control and management and supports backup and recovery for virtual, physical and cloud environments of all sizes. IBM Spectrum Protec...
Jenkins Project Inheritance Plugin跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site scripting vulnerability exist...
TrueConf Server Cross-Site Request Forgery Vulnerability
TrueConf Server is a self-hosted and secure video collaboration platform from the Russian company TrueConf. version 4.3.7 of TrueConf Server is vulnerable to cross-site request forgery, which can be exploited by remote attackers to perform cross-site request forgery attacks...