Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
added 2021/07/14 12:0 a.m.28 views

Siemens Jt2go and Siemens Teamcenter Visualization Out-of-Bounds Writing Vulnerability (CNVD-2021-53346)

Siemens Jt2go and Siemens Teamcenter Visualization are both products of Siemens, a German company. Siemens Teamcenter Visualization is a software that provides team collaboration capabilities for designing 2D and 3D scenes. An out-of-bounds write vulnerability exists in Siemens JT2Go versions pri...

7.8CVSS3.9AI score0.01574EPSS
Exploits0References1
CNVD
CNVD
added 2021/07/14 12:0 a.m.28 views

Adobe Illustrator 2021 out-of-bounds write vulnerability (CNVD-2021-55964)

Adobe Illustrator 2021 is a vector graphics software. Adobe Illustrator 2021 25.2.3 and earlier versions are vulnerable to an out-of-bounds write vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...

7.8CVSS6.3AI score0.0194EPSS
Exploits0References1
CNVD
CNVD
added 2021/07/13 12:0 a.m.28 views

IBM DB2 Command Injection Vulnerability

IBM DB2 is a relational database management system from the American company IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. A security vulnerability exists in IBM Db2 for Linux, UNIX, and Windows including Db2 Connect Server, which stems...

7.5CVSS3.3AI score0.01692EPSS
Exploits0References1
CNVD
CNVD
added 2021/07/09 12:0 a.m.28 views

WordPress ProfilePress plugin elevation of privilege vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An elevation of privilege vulnerability exists in the ProfilePress plugin for WordPress versions 3.0...

9.8CVSS8.9AI score0.0412EPSS
Exploits2References1
CNVD
CNVD
added 2021/06/28 12:0 a.m.28 views

ZOHO ManageEngine ADSelfService Plus Remote Code Execution Vulnerability

ManageEngine ADSelfService Plus is a web-based self-service application that allows end-users to perform tasks such as password resets, account unlocks, profile information updates, etc. without relying on a help desk.Zoho ManageEngine ADSelfService Plus 6101 and earlier versions are vulnerable t...

9.8CVSS1.9AI score0.73126EPSS
Exploits0References1
CNVD
CNVD
added 2021/06/25 12:0 a.m.28 views

Unauthorized Access Vulnerability in Hong Kong Broadband Network Limited IAD601D

Hong Kong Broadband Network Limited is a leading provider of integrated telecommunications and technology solutions. An unauthorized access vulnerability exists in IAD601D of Hong Kong Broadband Network Limited, which can be exploited by attackers to obtain sensitive information...

6.8AI score
Exploits0
CNVD
CNVD
added 2021/06/18 12:0 a.m.28 views

CAJViewer 7.3 suffers from a binary vulnerability (CNVD-2021-45252)

CAJViewer 7.3 is a specialized full-text format viewer for China Journal Network CJN, which supports CJN's TEB, CAJ, NH, KDH and PDF format files. A binary vulnerability exists in CAJViewer 7.3, which can be exploited by attackers to cause a denial of service...

7AI score
Exploits0
CNVD
CNVD
added 2021/06/17 12:0 a.m.28 views

Studio-42 Elfinder Remote Code Execution Vulnerability

Studio-42 Elfinder is an open source web file manager. Studio-42 Elfinder suffers from a remote code execution vulnerability that stems from a server error when parsing .phar into php. An attacker could give cause code remote execution through this vulnerability...

9.8CVSS5.3AI score0.19083EPSS
Exploits1References1
CNVD
CNVD
added 2021/06/17 12:0 a.m.28 views

elFinder code issue vulnerability

elFinder is a set of open source AJAX file managers based on the Drupal platform. The product provides multiple file uploads, image scaling, and other features. elFinder has a security vulnerability that could be exploited by attackers to execute arbitrary code and commands on the server hosting...

9.8CVSS3AI score0.69934EPSS
Exploits5References1
CNVD
CNVD
added 2021/06/17 12:0 a.m.28 views

Arlo Q Plus Trust Management Issue Vulnerability

Arlo Q Plus is a smart security camera from Arlo U.S.A. The Arlo Q Plus is vulnerable to a trust management issue that could be exploited by an attacker to escalate privileges and execute arbitrary code in the root context...

7.2CVSS4AI score0.00551EPSS
Exploits0References1
CNVD
CNVD
added 2021/06/16 12:0 a.m.28 views

HTMLDOC resource management error vulnerability

HTMLDOC is an open source program that converts HTML and Markdown files to EPUB, Indexed HTML, PostScript, and PDF formats.A resource management error vulnerability exists in HTMLDOC, which stems from the pspdfexport function in ps-pdf.cxx when processing JPEG images A boundary error exists. A...

9.8CVSS1.1AI score0.02282EPSS
Exploits1References1
CNVD
CNVD
added 2021/06/09 12:0 a.m.28 views

Axis Communications AB 211A has an unauthorized access vulnerability

Axis 211A is a network camera from Axis Communications AB. The Axis Communications AB 211A suffers from an unauthorized access vulnerability that can be exploited by an attacker to obtain sensitive information...

6.8AI score
Exploits0
CNVD
CNVD
added 2021/06/07 12:0 a.m.28 views

Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2021-54700)

Mozilla Firefox is an open source web browser from the Mozilla Foundation. Mozilla Firefox is vulnerable to a buffer overflow vulnerability that could be exploited by attackers to execute arbitrary code on the target system...

8.8CVSS6.1AI score0.01368EPSS
Exploits0References1
CNVD
CNVD
added 2021/06/07 12:0 a.m.28 views

Mozilla Firefox Resource Management Error Vulnerability (CNVD-2021-54704)

Mozilla Firefox is an open source Web browser from the Mozilla Foundation. Mozilla Firefox is vulnerable to resource management errors, which can be exploited by remote attackers to execute denial-of-service DoS attacks...

4.3CVSS5.6AI score0.00745EPSS
Exploits0References1
CNVD
CNVD
added 2021/06/04 12:0 a.m.28 views

PHPMailer code issue vulnerability

PHPMailer is a PHP class library for sending emails. PHPMailer is vulnerable to a code issue that allows object injection via addAttachment with a UNC pathname via Phar deserialization. No details of the vulnerability are currently available...

9.8CVSS3.5AI score0.03095EPSS
Exploits0References1
CNVD
CNVD
added 2021/05/12 12:0 a.m.28 views

Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66098)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in the "Container Manager Service" of Microsoft...

7.8CVSS3.6AI score0.00977EPSS
Exploits0References1
CNVD
CNVD
added 2021/05/12 12:0 a.m.28 views

Microsoft SharePoint Server Information Disclosure Vulnerability

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. An information...

6.5CVSS6.1AI score0.02079EPSS
Exploits0References1
CNVD
CNVD
added 2021/04/28 12:0 a.m.28 views

Buffalo WSR-2533DHPL2 and WSR-2533DHP3 are vulnerable to path traversal

The Buffalo WSR-2533DHPL2 and WSR-2533DHP3 are routers from Buffalo Japan.The Buffalo WSR-2533DHPL2 and WSR-2533DHP3 suffer from a path traversal vulnerability, which stems from an input validation error when the web interface handles directory traversal sequences, and can be exploited by attacke...

9.8CVSS3.5AI score0.99983EPSS
Exploits5References1
CNVD
CNVD
added 2021/04/28 12:0 a.m.28 views

WordPress WP Fastest Cache plugin path traversal vulnerability

WordPress Fastest Cache plugin is an application plugin for WordPress. A directory traversal vulnerability exists in versions of the WordPress WP Fastest Cache plugin prior to 0.9.1.7, which can be exploited by a remote attacker with administrator privileges to delete arbitrary files on the serve...

6.5CVSS6.4AI score0.02625EPSS
Exploits0References1
CNVD
CNVD
added 2021/04/14 12:0 a.m.28 views

Microsoft Windows and Windows Server Elevation of Privilege Vulnerability (CNVD-2021-73128)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA Microsoft Windows is an operating system for personal devices and Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in Windows Installer in Microsoft...

7.8CVSS5AI score0.03569EPSS
Exploits1References1
CNVD
CNVD
added 2021/04/14 12:0 a.m.28 views

Microsoft Windows and Windows Server Remote Code Execution Vulnerability (CNVD-2021-74285)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. A remote code execution vulnerability exists in the "Remote Procedure Call Runtime" in Microsoft Windows an...

8.8CVSS5.4AI score0.02315EPSS
Exploits0References1
CNVD
CNVD
added 2021/03/23 12:0 a.m.28 views

Atlassian Jira Server and Data Center Information Disclosure Vulnerability (CNVD-2021-55948)

Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia.Atlassian JIRA Server is a server version of a defect tracking management system. Atlassian JIRA Data Center is the data center version of Atlassian JIRA, which is an information disclosure vulnerability...

5.3CVSS3.8AI score0.02508EPSS
Exploits0References1
CNVD
CNVD
added 2021/03/10 12:0 a.m.28 views

Microsoft Windows Error Reporting elevation of privilege vulnerability (CNVD-2023-02195)

Microsoft Windows is a set of operating systems used for personal devices.Microsoft Windows Server is a set of server operating systems.Windows Error Reporting WER is one of the error reporting components. An elevation of privilege vulnerability exists in Microsoft Windows Error Reporting, which...

9.3CVSS8.4AI score0.03289EPSS
Exploits0References1
CNVD
CNVD
added 2021/03/08 12:0 a.m.28 views

Pillow Buffer Overflow Vulnerability (CNVD-2021-54036)

Pillow is a Python-based image processing library. Pillow is vulnerable to a buffer overflow vulnerability, which can be exploited by remote attackers to submit special file requests and trick users into parsing them, which can crash the application...

7.5CVSS5.3AI score0.01425EPSS
Exploits0References1
CNVD
CNVD
added 2021/01/20 12:0 a.m.28 views

Unspecified Vulnerability in Oracle BI Publisher (CNVD-2021-04815)

Oracle BI Publisher is a reporting solution that makes it easier and faster than traditional reporting tools to produce, manage and deliver all reports and documents. An unspecified vulnerability exists in the BI Publisher Security component in Oracle BI Publisher 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3....

7.6CVSS9.1AI score0.011EPSS
Exploits0References1
CNVD
CNVD
added 2021/01/05 12:0 a.m.28 views

Wyse ThinOS Licensing Issues Vulnerability

Wyse ThinOS is a specialized operating system for Dell servers from Dell USA. A security vulnerability exists in Wyse ThinOS 8.6 and prior versions, which can be exploited by an attacker to access writable files and manipulate the configuration of any targeted specific site...

10CVSS6.8AI score0.01736EPSS
Exploits0References1
CNVD
CNVD
added 2020/12/15 12:0 a.m.28 views

Industrial Light and Magic Academy Software Foundation OpenEXR code issue vulnerability

Industrial Light and Magic Academy Software Foundation OpenEXR is an image file format from Industrial Light and Magic for High Dynamic Range HDR images.A code issue vulnerability exists in Industrial Light and Magic Academy Software Foundation OpenEXR, which stems from A null pointer compliance...

5.5CVSS1.4AI score0.01204EPSS
Exploits1References1
CNVD
CNVD
added 2020/12/01 12:0 a.m.28 views

ReadyMedia Remote Code Execution Vulnerability

ReadyMedia is a simple media server software designed to be fully compatible with DLNA/UPnP-AV clients.A remote code execution vulnerability exists in versions prior to ReadyMedia 1.3.0. An attacker could exploit the vulnerability by sending malicious UPnP HTTP requests to the miniDLNA service...

9.8CVSS2.6AI score0.14344EPSS
Exploits1References1
CNVD
CNVD
added 2020/11/13 12:0 a.m.30 views

Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66107)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in the Microsoft Windows/Windows Server print backend...

7.8CVSS5.5AI score0.00932EPSS
Exploits0References1
CNVD
CNVD
added 2020/10/15 12:0 a.m.28 views

Microsoft Windows and Windows Server Remote Code Execution Vulnerability (CNVD-2021-71412)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. A remote code execution vulnerability exists in Microsoft Windows and Windows Server. The vulnerability ste...

7.8CVSS3.9AI score0.0352EPSS
Exploits0References1
CNVD
CNVD
added 2020/10/12 12:0 a.m.28 views

Mozilla Firefox Information Disclosure Vulnerability (CNVD-2021-54004)

Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. Versions prior to Mozilla Firefox 80 and versions prior to Android-based Firefox 80 are vulnerable to an information disclosure vulnerability that could be exploited by an attacker to obtain the login status of ...

6.5CVSS3.1AI score0.01234EPSS
Exploits1References1
CNVD
CNVD
added 2020/09/11 12:0 a.m.28 views

Microsoft Windows/Windows Server Information Disclosure Vulnerability (CNVD-2021-63312)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. Microsoft Windows/Windows Server is vulnerable to an information disclosure vulnerability that originates...

4.4CVSS3.4AI score0.01201EPSS
Exploits0References1
CNVD
CNVD
added 2020/05/13 12:0 a.m.28 views

Microsoft Windows and Windows Server Elevation of Privilege Vulnerability (CNVD-2021-73131)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows and Windows Server,...

7.8CVSS7.7AI score0.03027EPSS
Exploits0References1
CNVD
CNVD
added 2020/04/21 12:0 a.m.28 views

Elevation of Privilege Vulnerability in Multiple NETGEAR Products (CNVD-2021-67654)

NETGEAR M4300-28G and others are a managed switch from NETGEAR, Inc. A security vulnerability exists in several NETGEAR products. An attacker could exploit the vulnerability to elevate privileges...

7.8CVSS4.6AI score0.00273EPSS
Exploits0References1
CNVD
CNVD
added 2020/04/17 12:0 a.m.28 views

Buffer Overflow Vulnerability in Multiple NETGEAR Products (CNVD-2021-61054)

NETGEAR D8500 and others are a wireless router from NETGEAR USA. A buffer overflow vulnerability exists in multiple NETGEAR products. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, resulting in incorre...

6.7CVSS2.5AI score0.00382EPSS
Exploits0References1
CNVD
CNVD
added 2019/08/05 12:0 a.m.28 views

Discourse input validation error vulnerability

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features.Discourse is vulnerable to an input validation error that stems from a lack of authentication measures or insufficient authentication strength in the web system or product. No...

7.5CVSS2.7AI score0.01044EPSS
Exploits0References1
CNVD
CNVD
added 2019/03/27 12:0 a.m.28 views

Prometheus Cross-Site Scripting Vulnerability

Prometheus is open source software written in the Go language for recording real-time metrics from time-series databases built using the HTTP pull model. A cross-site scripting vulnerability exists in Prometheus versions prior to 2.7.1 that stems from a lack of proper validation of client-side da...

6.1CVSS7.9AI score0.02736EPSS
Exploits0References1
CNVD
CNVD
added 2018/06/28 12:0 a.m.28 views

Busybox Code Execution Vulnerability

BusyBox is a set of applications containing several linux commands and tools maintained by Ukrainian software developer Denis Vlasenko. A security vulnerability exists in the 'busybox wget' mini-application in Busybox, which stems from the program's failure to validate SSL certificates. An attack...

8.1CVSS6.9AI score0.02462EPSS
Exploits0References1
CNVD
CNVD
added 2018/04/28 12:0 a.m.28 views

Foxit Reader Text Annotations Remote Code Execution Vulnerability

Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in the Text Annotations handling, which can be exploited to execute arbitrary code in the current process context due to a lack of validation before performing operations on objects...

8.8CVSS7.8AI score0.63313EPSS
Exploits13References1
CNVD
CNVD
added 2018/03/28 12:0 a.m.28 views

MiniCMS Cross-Site Request Forgery Vulnerability

MiniCMS is a mini content management system CMS designed for personal websites. A cross-site request forgery vulnerability exists in the mc-admin/conf.php file in MiniCMS version 1.10. A remote attacker can exploit this vulnerability to change the password of the administrator account...

8.8CVSS7AI score0.0248EPSS
Exploits5References1
CNVD
CNVD
added 2018/01/26 12:0 a.m.28 views

CloudBees Jenkins Competitive Conditions Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . A...

8.1CVSS7.1AI score0.01145EPSS
Exploits0References1
CNVD
CNVD
added 2017/12/20 12:0 a.m.28 views

GIMP 'fli_read_brun' function heap buffer overflow vulnerability

GIMP GNU Image Manipulation Program, GNU Image Manipulation Program is a cross-platform open source image processing software developed by the GIMP team. The software enables a variety of image processing, including photo retouching, image compositing and image creation. A heap buffer overflow...

7.8CVSS7.8AI score0.01154EPSS
Exploits0References1
CNVD
CNVD
added 2017/12/20 12:0 a.m.28 views

OpenLDAP Denial of Service Vulnerability (CNVD-2017-37765)

OpenLDAP is a free and open source implementation of the Lightweight Directory Access Protocol LDAP from the OpenLDAP Foundation in the United States, which is included in Linux distributions. A denial of service vulnerability exists in the contrib/slapd-modules/nops/nops.c file in OpenLDAP 2.4.4...

7.5CVSS6.8AI score0.07022EPSS
Exploits0References1
CNVD
CNVD
added 2017/09/27 12:0 a.m.28 views

GNU Binutils BFD *_get_synthetic_symtab function denial of service vulnerability

GNU Binutils a.k.a. GNU Binary Utilities or binutils is a set of programming language utilities developed by the GNU Project to work with object files in a variety of formats, with connectors, assemblers, and other tools for object files and archives.The Binary File Descriptor BFD library a.k.a...

7.8CVSS7.1AI score0.01201EPSS
Exploits0References1
CNVD
CNVD
added 2017/08/15 12:0 a.m.28 views

Red Hat CVS Command Injection Vulnerability

CVS is a free and open source version control system that can be used under a variety of Linux and Unix operating systems, and can also run on Microsoft Windows operating systems. A security vulnerability exists in CVS version 1.12.x. A remote attacker can exploit a repository with a specially...

7.5CVSS7.9AI score0.05968EPSS
Exploits1References1
CNVD
CNVD
added 2017/07/28 12:0 a.m.28 views

LAME Denial of Service Vulnerability (CNVD-2017-20146)

LAME is LAME team developed a set of open source MP3 audio compression software . A security vulnerability exists in the 'fillbufferresample' function in the libmp3lame/util.c file in LAME version 3.99.5. A remote attacker can exploit this vulnerability to cause a denial of service heap buffer...

6.9AI score
Exploits3References1
CNVD
CNVD
added 2017/07/19 12:0 a.m.28 views

cairo cairo-truetype-subset.c file denial of service vulnerability

cairo is a cross-platform open source vector graphics library developed by software developers Carl Worth and Behdad Esfahbod, which supports 2D drawing in multiple contexts and provides high-quality display and printouts. A security vulnerability exists in the cairo-truetype-subset.c file in cai...

7.5CVSS5.7AI score0.03463EPSS
Exploits1References1
CNVD
CNVD
added 2017/06/29 12:0 a.m.28 views

Perl XML-LibXML Module Arbitrary Code Execution Vulnerability

Perl is an American programmer Larry Wall Larry Wall developed a cross-platform programming language. XML-LibXML is one of the Debian-based XML file conversion module. An arbitrary code execution vulnerability exists in Perl's XML-LibXML module =2.0129, which can be exploited by a remote attacker...

9.8CVSS8.3AI score0.07929EPSS
Exploits1References1
CNVD
CNVD
added 2017/04/05 12:0 a.m.28 views

ImageMagick Denial of Service Vulnerability (CNVD-2017-04572)

ImageMagick is an open source image viewing and editing tool for Unix/Linux platforms. ImageMagick has a security vulnerability in its implementation that allows a remote attacker to cause a denial of service via a constructed wpg file...

5.5CVSS9AI score0.01468EPSS
Exploits0References1
CNVD
CNVD
added 2017/03/23 12:0 a.m.28 views

Deluge Cross-Site Request Forgery Vulnerability

Deluge is a BitTorrent client.WebUI is one of the components that launches the web interface. A cross-site request forgery vulnerability exists in Deluge's Web UI. An attacker could use this vulnerability to perform unauthorized operations and access affected applications...

8.8CVSS6.8AI score0.04036EPSS
Exploits1References1
Total number of security vulnerabilities5000