131102 matches found
Pexip Infinity Resource Management Error Vulnerability (CNVD-2022-54730)
Pexip Infinity is a video conferencing cloud collaboration platform from Pexip, a Norwegian company. Pexip Infinity versions prior to 27.3 contain a resource management error vulnerability that can be exploited by remote, unauthenticated attackers to cause a software crash and denial of service...
Pexip Infinity Input Validation Error Vulnerability (CNVD-2022-54737)
Pexip Infinity Pexip Video Conferencing Cloud Collaboration Platform is a video conferencing cloud collaboration platform from Pexip, a Norwegian company. Pexip Infinity is vulnerable to an input validation error that could be exploited by attackers to trigger a software abort via the session...
Pexip Infinity Input Validation Error Vulnerability (CNVD-2022-54731)
Pexip Infinity is a video conferencing cloud collaboration platform from Pexip, a Norwegian company. Pexip Infinity versions prior to 27.3 contain an input validation error vulnerability that can be exploited by remote, unauthenticated attackers to cause a denial of service...
WordPress OAuth Single Sign On plugin authorization issue vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An authorization issue...
Pexip Infinity Input Validation Error Vulnerability (CNVD-2022-54733)
Pexip Infinity is a video conferencing cloud collaboration platform from Pexip, a Norwegian company. Pexip Infinity versions prior to 27.3 contain an input validation error vulnerability that can be exploited by remote, unauthenticated attackers to cause a denial of service...
HUAWEI HarmonyOS Denial of Service Vulnerability (CNVD-2022-53575)
HUAWEI HarmonyOS is an operating system from the Chinese company Huawei HUAWEI. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in the HUAWEI HarmonyOS AI business component, which stems from the fact that hiaiserver does not do...
Samsung TelephonyUI Access Control Error Vulnerability (CNVD-2022-70745)
An access control error vulnerability exists in Samsung TelephonyUI, a Telephony service for Samsung mobile devices in South Korea that provides support for the Telephony Application Programming Interface TAPI. The vulnerability stems from a lack of proper permission checking in TelephonyUI, whic...
FFmpeg HEVC video decoder denial of service vulnerability
FFmpeg is a complete solution for recording, converting and streaming audio and video from the Ffmpeg team. A denial of service vulnerability exists in FFmpeg HEVC video decoder, which can be exploited by attackers to cause a denial of service attack...
BaiduWenkuSpider_flaskWeb path traversal vulnerability
BaiduWenkuSpiderflaskWeb is a python web project based on the FlaskFrame framework for crawling Baidu's library by ChangeWeDer personal developer. path traversal vulnerability exists in versions of BaiduWenkuSpiderflaskWeb prior to 2021-11-29, which The vulnerability stems from a failure of the...
Unspecified vulnerability in Dell BSAFE Crypto-C Micro Edition and Dell BSAFE Micro Edition Suite (CNVD-2022-84613)
Dell BSAFE Micro Edition Suite is a development kit that provides encryption, certificate and transport layer security for c/c applications, devices, systems, etc. Dell BSAFE is a security software product that supports encryption algorithms, certificate chain authentication and transport layer...
WordPress Pricing Deals for WooCommerce plugin SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Pricing Deals for WooCommerce plugin 2.0.2.02 and earlier versions are vulnerable to SQL...
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-56577)
Microsoft Azure Site Recovery is a site recovery DRaaS from Microsoft Corporation USA. Microsoft Azure Site Recovery has an elevation of privilege vulnerability, and no details of the vulnerability are available...
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-56595)
Microsoft Azure Site Recovery is a site recovery DRaaS from Microsoft Corporation USA. Microsoft Azure Site Recovery has an elevation of privilege vulnerability, and no details of the vulnerability are available...
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-56592)
Microsoft Azure Site Recovery is a site recovery DRaaS from Microsoft Corporation USA. Microsoft Azure Site Recovery has an elevation of privilege vulnerability, and no details of the vulnerability are available...
Vim Buffer Overflow Vulnerability (CNVD-2022-68100)
Vim is a cross-platform text editor. buffer overflow vulnerability exists in versions of Vim prior to 9.0.0045, which stems from a boundary error in the inscompladd function when handling untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary code on the system...
EQS Integrity Line Cross-Site Scripting Vulnerability
EQS Integrity Line is a secure and anonymous reporting software from EQS Germany. EQS Integrity Line suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute JavaScript code on the client side...
Multiple MediaTek Chips Autoboot Access Control Error Vulnerability
MediaTek Inc. is the world's fourth largest fab-based semiconductor company and a leader in the markets of mobile terminals, smart home applications, wireless connectivity and Internet of Things IoT products, with approximately 1.5 billion units of end products with built-in MediaTek chips hittin...
OpenCTI Cross-Site Scripting Vulnerability
OpenCTI is OpenCTI's open cyber threat intelligence platform. A cross-site scripting vulnerability exists in OpenCTI version 5.2.4 and earlier versions, which can be exploited by an attacker to upload a malicious file and then execute the file when the victim opens the file location...
Hospital Management System SQL Injection Vulnerability (CNVD-2022-74093)
Hospital Management System is a computer system that helps manage health care-related information and helps health care providers do their jobs efficiently. hospital Management System v1.0 is vulnerable to a SQL injection vulnerability that originates in the orders.php page's An SQL injection iss...
TOTOLINK T6 FUN_00413be4 function stack overflow vulnerability
TOTOLINK T6 is a wireless dual-band router from China Gion Electronics TOTOLINK.A stack overflow vulnerability exists in TOTOLINK T6 V4.1.9cu.5179B20201015 version, which stems from the desc parameter in the FUN00413be4 function not checking its length for input data. A remote attacker can exploi...
TOTOLINK T6 FUN_00412ef4 function stack overflow vulnerability
TOTOLINK T6 is a wireless dual-band router from China Gion Electronics TOTOLINK.A stack overflow vulnerability exists in TOTOLINK T6 V4.1.9cu.5179B20201015 version, which stems from the desc parameter in the FUN00412ef4 function not checking its length for input data. A remote attacker can exploi...
Jenkins Deployment Dashboard Plugin信息泄露漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. stored in the global configuration file of the Jenkins controller, and an...
Jenkins Rich Text Publisher Plugin跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability stems from not escaping HTML messages set by its post-build...
Orwell-Dev-Cpp Hijacking Vulnerability
Orwell-Dev-Cpp is a free, portable, fast and simple C/C++ IDE. A hijacking vulnerability exists in Orwell-Dev-Cpp v5.11, which can be exploited by an attacker to execute arbitrary code via a specially crafted exe file...
WordPress Tiny Contact Form plugin跨站请求伪造漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress plugin is an application plugin. WordPress Tiny Contact Form plugin version 0.7 and earlier is vulnerable to cross-site request forgery, which stems from the plugin's failure to perform CSRF checks when...
Unspecified vulnerability in Secheron SEPCOS Control and Protection Relay
Secheron SEPCOS Control and Protection Relay is a relay from Secheron. Control and protect your DC panels and contact lines from short circuits and other electrical faults, and benefit from enhanced communication capabilities.A security vulnerability exists in the Secheron SEPCOS Control and...
Red Hat OpenShift Cross-Site Scripting Vulnerability
Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat that supports building, testing, deploying, and running applications. JavaScript code on the client side...
Jenkins ThreadFix Plugin Authorization Issues Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins Plugin is an application software. An authorization issue...
Jenkins Hidden Parameter Plugin Cross-Site Scripting Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. The vulnerability stems from a failure to escape the name and description of t...
Contec SolarView Compact Cross-Site Scripting Vulnerability (CNVD-2022-61892)
Contec SolarView Compact is an application from Contec Japan, Inc. Contec SolarView Compact v6.0 contains a cross-site scripting vulnerability that originates in the component SolarAiConf.php, which lacks a data validation filter for user-supplied data and output. An attacker could exploit this...
Hindu Matrimonial Script Information Disclosure Vulnerability (CNVD-2022-61037)
A security vulnerability exists in Hindu Matrimonial Script, an online matrimonial service website of PHP Matrimonial Script India, which stems from improper privilege management in /admin/payment.php. No details of the vulnerability are currently available...
Autodesk AutoCAD Buffer Error Vulnerability (CNVD-2022-61611)
Autodesk AutoCAD is a professional 3D drawing software from Autodesk, Inc. A security vulnerability exists in Autodesk AutoCAD 2023 and prior versions, which stems from the fact that when parsing TIFF files, an attacker could be forced to read or write beyond the allocated boundaries and could us...
Autodesk AutoCAD Resource Management Error Vulnerability
Autodesk AutoCAD is a professional 3D drawing software from Autodesk, Inc. Autodesk AutoCAD versions 2022, 2021, 2020 and 2019 have a security vulnerability that could be exploited by attackers to execute arbitrary code...
WordPress Cross-Linker plugin cross-site request forgery vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. versions of the WordPress Cross-Linker plugin prior to 3.0.1.9 are vulnerable to cross-site reque...
WordPress Amazon single title links plugin跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Amazon Einzeltitellinks plugin 1.3.3 and earlier versions are vulnerable to cross-site...
Online Ordering System SQL Injection Vulnerability (CNVD-2022-55711)
Online Ordering System is a multi-store ordering system that can be used by any small business.Online Ordering System version v2.3.2 is vulnerable to SQL injection, which originates from /ordering/index.php?q=category&search=Lack of validation of external input SQL statement validation, an attack...
Adobe Illustrator out-of-bounds read vulnerability (CNVD-2022-76631)
Adobe Illustrator is a vector-based image creation software from Adobe. Adobe Illustrator suffers from an out-of-bounds read vulnerability, which stems from a boundary error when handling untrusted input. An attacker could use this vulnerability to obtain sensitive information...
Adobe Illustrator Code Execution Vulnerability
Adobe Illustrator is a vector-based image creation software from Adobe, Inc. A code execution vulnerability exists in Adobe Illustrator, which stems from improper input validation and could be exploited by an attacker to execute arbitrary code on the system or cause the application to crash...
WordPress plugin Elementor Website cross-site scripting vulnerability
WordPress is a set of blogging platform developed using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. WordPress plugin Elementor Website 3.5.5 and previous versions have a cross-site scripting vulnerability, which can be exploited by attackers to...
IBM Spectrum Copy Data Management反向钓鱼攻击漏洞
IBM Spectrum Copy Data Management, an IBM company that modernizes, streamlines and automates data center copy management processes, is vulnerable to a phishing attack in IBM Spectrum Copy Data Management versions 2.2.0.0 through 2.2.15.0. The vulnerability stems from allowing pages linked to from...
IBM Spectrum Copy Data Management跨站请求伪造漏洞
IBM Spectrum Copy Data Management, an IBM company that modernizes, simplifies and automates data center copy management processes, is vulnerable to cross-site request forgery in IBM Spectrum Copy Data Management versions 2.2.0.0 through 2.2.15.0. An attacker could exploit the vulnerability to...
Google Android out-of-bounds write vulnerability (CNVD-2022-53385)
Google Android is a Linux-based open source operating system from Google, Inc. An out-of-bounds write vulnerability exists in Google Android, which originates in transportDecOutOfBandConfig in tpdeclib.cpp, due to a heap buffer overflow. An attacker can exploit this vulnerability to remotely...
Fastjson code execution vulnerability
Fastjson is a Java-based fast JSON parser/generator. versions prior to Fastjson 1.2.83 have a security vulnerability that stems from the ease of bypassing the default autoType off restriction to deserialize untrusted data, which is exploited by attackers to cause code execution...
Microsoft Windows 10 suffers from an elevation of privilege vulnerability (CNVD-2022-51747)
Microsoft Windows 10 is a suite of operating systems for use on personal computers from the American company Microsoft. Microsoft Windows 10 suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain server privileges...
Wedding Management System SQL Injection Vulnerability (CNVD-2022-54285)
Wedding Management System v1.0 is a wedding planning management system by John Paul Lim Gabule, a personal developer, and a SQL injection vulnerability in /Wedding-Management/admin/. clientmanageaccountdetails.php?bookingid=31&userid page lacks validation for external input SQL statements, which...
Elitecms arbitrary file deletion vulnerability
Elitecms is a web content management from elitecms India. elitecms version 1.01 has an arbitrary file deletion vulnerability that can be exploited by attackers to delete any file...
ChatBot App with Suggestion Arbitrary File Deletion Vulnerability
ChatBot App with Suggestion is a ChatBot application with suggestion by Carlo Montero's personal developer. v1.0 of ChatBot App with Suggestion is vulnerable to an arbitrary file deletion vulnerability that originates in /simplechatbot/ classes/Master.php lacks valid validation for filenames, whi...
Online Car Wash Booking System SQL注入漏洞
Online Car Wash Booking System is an online car wash booking system from Carlo Montero's personal developer. service.php?id=The page lacks validation for external input SQL statements, which can be exploited by attackers to execute illegal SQL commands to steal sensitive database data...
Pillow Buffer Overflow Vulnerability (CNVD-2022-66671)
Pillow, a Python-based image processing library, is vulnerable to a buffer overflow vulnerability in Pillow version 9.1.0, which stems from a boundary error when processing TGA files. A remote attacker could exploit this vulnerability to pass specially designed data to the application, trigger a...
Illumina Local Run Manager Access Control Error Vulnerability
Illumina Local Run Manager is an integrated solution from Illumina, Inc. Designed to create sequencing runs, monitor run status, analyze sequencing data, and view results, Illumina Local Run Manager is vulnerable to an access control error that could be exploited by remote attackers to gain...