131102 matches found
Siemens Jt2go and Siemens Teamcenter Visualization Out-of-Bounds Writing Vulnerability (CNVD-2021-53346)
Siemens Jt2go and Siemens Teamcenter Visualization are both products of Siemens, a German company. Siemens Teamcenter Visualization is a software that provides team collaboration capabilities for designing 2D and 3D scenes. An out-of-bounds write vulnerability exists in Siemens JT2Go versions pri...
Adobe Illustrator 2021 out-of-bounds write vulnerability (CNVD-2021-55964)
Adobe Illustrator 2021 is a vector graphics software. Adobe Illustrator 2021 25.2.3 and earlier versions are vulnerable to an out-of-bounds write vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...
IBM DB2 Command Injection Vulnerability
IBM DB2 is a relational database management system from the American company IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. A security vulnerability exists in IBM Db2 for Linux, UNIX, and Windows including Db2 Connect Server, which stems...
WordPress ProfilePress plugin elevation of privilege vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An elevation of privilege vulnerability exists in the ProfilePress plugin for WordPress versions 3.0...
ZOHO ManageEngine ADSelfService Plus Remote Code Execution Vulnerability
ManageEngine ADSelfService Plus is a web-based self-service application that allows end-users to perform tasks such as password resets, account unlocks, profile information updates, etc. without relying on a help desk.Zoho ManageEngine ADSelfService Plus 6101 and earlier versions are vulnerable t...
Unauthorized Access Vulnerability in Hong Kong Broadband Network Limited IAD601D
Hong Kong Broadband Network Limited is a leading provider of integrated telecommunications and technology solutions. An unauthorized access vulnerability exists in IAD601D of Hong Kong Broadband Network Limited, which can be exploited by attackers to obtain sensitive information...
CAJViewer 7.3 suffers from a binary vulnerability (CNVD-2021-45252)
CAJViewer 7.3 is a specialized full-text format viewer for China Journal Network CJN, which supports CJN's TEB, CAJ, NH, KDH and PDF format files. A binary vulnerability exists in CAJViewer 7.3, which can be exploited by attackers to cause a denial of service...
Studio-42 Elfinder Remote Code Execution Vulnerability
Studio-42 Elfinder is an open source web file manager. Studio-42 Elfinder suffers from a remote code execution vulnerability that stems from a server error when parsing .phar into php. An attacker could give cause code remote execution through this vulnerability...
elFinder code issue vulnerability
elFinder is a set of open source AJAX file managers based on the Drupal platform. The product provides multiple file uploads, image scaling, and other features. elFinder has a security vulnerability that could be exploited by attackers to execute arbitrary code and commands on the server hosting...
Arlo Q Plus Trust Management Issue Vulnerability
Arlo Q Plus is a smart security camera from Arlo U.S.A. The Arlo Q Plus is vulnerable to a trust management issue that could be exploited by an attacker to escalate privileges and execute arbitrary code in the root context...
HTMLDOC resource management error vulnerability
HTMLDOC is an open source program that converts HTML and Markdown files to EPUB, Indexed HTML, PostScript, and PDF formats.A resource management error vulnerability exists in HTMLDOC, which stems from the pspdfexport function in ps-pdf.cxx when processing JPEG images A boundary error exists. A...
Axis Communications AB 211A has an unauthorized access vulnerability
Axis 211A is a network camera from Axis Communications AB. The Axis Communications AB 211A suffers from an unauthorized access vulnerability that can be exploited by an attacker to obtain sensitive information...
Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2021-54700)
Mozilla Firefox is an open source web browser from the Mozilla Foundation. Mozilla Firefox is vulnerable to a buffer overflow vulnerability that could be exploited by attackers to execute arbitrary code on the target system...
Mozilla Firefox Resource Management Error Vulnerability (CNVD-2021-54704)
Mozilla Firefox is an open source Web browser from the Mozilla Foundation. Mozilla Firefox is vulnerable to resource management errors, which can be exploited by remote attackers to execute denial-of-service DoS attacks...
PHPMailer code issue vulnerability
PHPMailer is a PHP class library for sending emails. PHPMailer is vulnerable to a code issue that allows object injection via addAttachment with a UNC pathname via Phar deserialization. No details of the vulnerability are currently available...
Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66098)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in the "Container Manager Service" of Microsoft...
Microsoft SharePoint Server Information Disclosure Vulnerability
Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. An information...
Buffalo WSR-2533DHPL2 and WSR-2533DHP3 are vulnerable to path traversal
The Buffalo WSR-2533DHPL2 and WSR-2533DHP3 are routers from Buffalo Japan.The Buffalo WSR-2533DHPL2 and WSR-2533DHP3 suffer from a path traversal vulnerability, which stems from an input validation error when the web interface handles directory traversal sequences, and can be exploited by attacke...
WordPress WP Fastest Cache plugin path traversal vulnerability
WordPress Fastest Cache plugin is an application plugin for WordPress. A directory traversal vulnerability exists in versions of the WordPress WP Fastest Cache plugin prior to 0.9.1.7, which can be exploited by a remote attacker with administrator privileges to delete arbitrary files on the serve...
Microsoft Windows and Windows Server Elevation of Privilege Vulnerability (CNVD-2021-73128)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA Microsoft Windows is an operating system for personal devices and Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in Windows Installer in Microsoft...
Microsoft Windows and Windows Server Remote Code Execution Vulnerability (CNVD-2021-74285)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. A remote code execution vulnerability exists in the "Remote Procedure Call Runtime" in Microsoft Windows an...
Atlassian Jira Server and Data Center Information Disclosure Vulnerability (CNVD-2021-55948)
Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia.Atlassian JIRA Server is a server version of a defect tracking management system. Atlassian JIRA Data Center is the data center version of Atlassian JIRA, which is an information disclosure vulnerability...
Microsoft Windows Error Reporting elevation of privilege vulnerability (CNVD-2023-02195)
Microsoft Windows is a set of operating systems used for personal devices.Microsoft Windows Server is a set of server operating systems.Windows Error Reporting WER is one of the error reporting components. An elevation of privilege vulnerability exists in Microsoft Windows Error Reporting, which...
Pillow Buffer Overflow Vulnerability (CNVD-2021-54036)
Pillow is a Python-based image processing library. Pillow is vulnerable to a buffer overflow vulnerability, which can be exploited by remote attackers to submit special file requests and trick users into parsing them, which can crash the application...
Unspecified Vulnerability in Oracle BI Publisher (CNVD-2021-04815)
Oracle BI Publisher is a reporting solution that makes it easier and faster than traditional reporting tools to produce, manage and deliver all reports and documents. An unspecified vulnerability exists in the BI Publisher Security component in Oracle BI Publisher 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3....
Wyse ThinOS Licensing Issues Vulnerability
Wyse ThinOS is a specialized operating system for Dell servers from Dell USA. A security vulnerability exists in Wyse ThinOS 8.6 and prior versions, which can be exploited by an attacker to access writable files and manipulate the configuration of any targeted specific site...
Industrial Light and Magic Academy Software Foundation OpenEXR code issue vulnerability
Industrial Light and Magic Academy Software Foundation OpenEXR is an image file format from Industrial Light and Magic for High Dynamic Range HDR images.A code issue vulnerability exists in Industrial Light and Magic Academy Software Foundation OpenEXR, which stems from A null pointer compliance...
ReadyMedia Remote Code Execution Vulnerability
ReadyMedia is a simple media server software designed to be fully compatible with DLNA/UPnP-AV clients.A remote code execution vulnerability exists in versions prior to ReadyMedia 1.3.0. An attacker could exploit the vulnerability by sending malicious UPnP HTTP requests to the miniDLNA service...
Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66107)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in the Microsoft Windows/Windows Server print backend...
Microsoft Windows and Windows Server Remote Code Execution Vulnerability (CNVD-2021-71412)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. A remote code execution vulnerability exists in Microsoft Windows and Windows Server. The vulnerability ste...
Mozilla Firefox Information Disclosure Vulnerability (CNVD-2021-54004)
Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. Versions prior to Mozilla Firefox 80 and versions prior to Android-based Firefox 80 are vulnerable to an information disclosure vulnerability that could be exploited by an attacker to obtain the login status of ...
Microsoft Windows/Windows Server Information Disclosure Vulnerability (CNVD-2021-63312)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. Microsoft Windows/Windows Server is vulnerable to an information disclosure vulnerability that originates...
Microsoft Windows and Windows Server Elevation of Privilege Vulnerability (CNVD-2021-73131)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows and Windows Server,...
Elevation of Privilege Vulnerability in Multiple NETGEAR Products (CNVD-2021-67654)
NETGEAR M4300-28G and others are a managed switch from NETGEAR, Inc. A security vulnerability exists in several NETGEAR products. An attacker could exploit the vulnerability to elevate privileges...
Buffer Overflow Vulnerability in Multiple NETGEAR Products (CNVD-2021-61054)
NETGEAR D8500 and others are a wireless router from NETGEAR USA. A buffer overflow vulnerability exists in multiple NETGEAR products. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, resulting in incorre...
Discourse input validation error vulnerability
Discourse is an open source community discussion platform. The platform includes community, email, and chat room features.Discourse is vulnerable to an input validation error that stems from a lack of authentication measures or insufficient authentication strength in the web system or product. No...
Prometheus Cross-Site Scripting Vulnerability
Prometheus is open source software written in the Go language for recording real-time metrics from time-series databases built using the HTTP pull model. A cross-site scripting vulnerability exists in Prometheus versions prior to 2.7.1 that stems from a lack of proper validation of client-side da...
Busybox Code Execution Vulnerability
BusyBox is a set of applications containing several linux commands and tools maintained by Ukrainian software developer Denis Vlasenko. A security vulnerability exists in the 'busybox wget' mini-application in Busybox, which stems from the program's failure to validate SSL certificates. An attack...
Foxit Reader Text Annotations Remote Code Execution Vulnerability
Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the Text Annotations handling, which can be exploited to execute arbitrary code in the current process context due to a lack of validation before performing operations on objects...
MiniCMS Cross-Site Request Forgery Vulnerability
MiniCMS is a mini content management system CMS designed for personal websites. A cross-site request forgery vulnerability exists in the mc-admin/conf.php file in MiniCMS version 1.10. A remote attacker can exploit this vulnerability to change the password of the administrator account...
CloudBees Jenkins Competitive Conditions Vulnerability
CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . A...
GIMP 'fli_read_brun' function heap buffer overflow vulnerability
GIMP GNU Image Manipulation Program, GNU Image Manipulation Program is a cross-platform open source image processing software developed by the GIMP team. The software enables a variety of image processing, including photo retouching, image compositing and image creation. A heap buffer overflow...
OpenLDAP Denial of Service Vulnerability (CNVD-2017-37765)
OpenLDAP is a free and open source implementation of the Lightweight Directory Access Protocol LDAP from the OpenLDAP Foundation in the United States, which is included in Linux distributions. A denial of service vulnerability exists in the contrib/slapd-modules/nops/nops.c file in OpenLDAP 2.4.4...
GNU Binutils BFD *_get_synthetic_symtab function denial of service vulnerability
GNU Binutils a.k.a. GNU Binary Utilities or binutils is a set of programming language utilities developed by the GNU Project to work with object files in a variety of formats, with connectors, assemblers, and other tools for object files and archives.The Binary File Descriptor BFD library a.k.a...
Red Hat CVS Command Injection Vulnerability
CVS is a free and open source version control system that can be used under a variety of Linux and Unix operating systems, and can also run on Microsoft Windows operating systems. A security vulnerability exists in CVS version 1.12.x. A remote attacker can exploit a repository with a specially...
LAME Denial of Service Vulnerability (CNVD-2017-20146)
LAME is LAME team developed a set of open source MP3 audio compression software . A security vulnerability exists in the 'fillbufferresample' function in the libmp3lame/util.c file in LAME version 3.99.5. A remote attacker can exploit this vulnerability to cause a denial of service heap buffer...
cairo cairo-truetype-subset.c file denial of service vulnerability
cairo is a cross-platform open source vector graphics library developed by software developers Carl Worth and Behdad Esfahbod, which supports 2D drawing in multiple contexts and provides high-quality display and printouts. A security vulnerability exists in the cairo-truetype-subset.c file in cai...
Perl XML-LibXML Module Arbitrary Code Execution Vulnerability
Perl is an American programmer Larry Wall Larry Wall developed a cross-platform programming language. XML-LibXML is one of the Debian-based XML file conversion module. An arbitrary code execution vulnerability exists in Perl's XML-LibXML module =2.0129, which can be exploited by a remote attacker...
ImageMagick Denial of Service Vulnerability (CNVD-2017-04572)
ImageMagick is an open source image viewing and editing tool for Unix/Linux platforms. ImageMagick has a security vulnerability in its implementation that allows a remote attacker to cause a denial of service via a constructed wpg file...
Deluge Cross-Site Request Forgery Vulnerability
Deluge is a BitTorrent client.WebUI is one of the components that launches the web interface. A cross-site request forgery vulnerability exists in Deluge's Web UI. An attacker could use this vulnerability to perform unauthorized operations and access affected applications...