131102 matches found
Bentley View Code Execution Vulnerability (CNVD-2021-102033)
Bentley View is a free viewer from Bentley Systems, U.S.A. A security vulnerability exists in Bentley View, which is caused by a use-after-release vulnerability when parsing 3DS files. An attacker could exploit this vulnerability to execute arbitrary code on the system...
SonicWall SMA100 has an unspecified vulnerability
The Sonicwall SMA100 is a secure access gateway appliance from Sonicwall, Inc. A security vulnerability exists in the SonicWall SMA100 that could be exploited by an unauthenticated remote attacker to bypass firewall rules by using the SMA100 as an unexpected proxy or intermediate undetectable pro...
Fortinet FortiWeb Input Validation Error Vulnerability
Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content.Fortinet FortiWeb An input validation error...
Mozilla Firefox Information Disclosure Vulnerability (CNVD-2021-99616)
Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. Mozilla Firefox is vulnerable to an information disclosure vulnerability that stems from the use of XMLHttpRequest, which can be exploited by attackers to identify installed applications by probing error message...
Fortinet FortiWeb has an unspecified vulnerability (CNVD-2021-101136)
Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. A security vulnerability exists that could b...
Autodesk Navisworks code issue vulnerability
Autodesk Navisworks is a 3D model review software for architecture, engineering and construction from Autodesk, Inc. A code issue vulnerability exists in Autodesk Navisworks, which can be exploited by attackers to execute code via a maliciously crafted DLL file...
Mozilla Firefox ESR Information Disclosure Vulnerability (CNVD-2021-99621)
Mozilla Firefox ESR is an extended support version of the Mozilla Foundation's Firefox Web browser. Mozilla Firefox ESR suffers from an information disclosure vulnerability that stems from the fact that in some cases, an asynchronous function may cause a navigation failure that exposes the target...
AMD Graphics Driver has an unspecified vulnerability (CNVD-2021-100384)
AMD Graphics Driver is an integrated graphics driver from AMD, a U.S. company. AMD Graphics Driver contains a security vulnerability that can be exploited by attackers to cause an elevation of privilege or denial of service...
Adobe Bridge out-of-bounds read vulnerability (CNVD-2021-99771)
Adobe Bridge is a file viewer from Adobe. 11.1.1 and earlier versions of Adobe Bridge contain an out-of-bounds read vulnerability. An attacker could exploit this vulnerability to cause a memory leak...
Huawei HarmonyOS Path Traversal Vulnerability (CNVD-2022-05176)
Huawei HarmonyOS is an operating system from Huawei, a Chinese company that provides a microkernel-based distributed operating system. Huawei HarmonyOS CaasKit module has a security vulnerability that could be exploited by an attacker to disable the Smooth Link application...
LibreDWG Buffer Overflow Vulnerability (CNVD-2021-95252)
Libredwg is a free C library from the Free Software Foundation, USA. It is used to read and write Dwg files. LibreDWG suffers from a buffer overflow vulnerability, which stems from the inclusion of a heap buffer overflow in decodepreR13. No detailed vulnerability details are currently available...
IBM Cognos Analytics Access Control Error Vulnerability
IBM Cognos Analytics is a suite of business intelligence software from IBM Corporation. The software includes reports, dashboards, and scorecards, and can help companies adjust their decisions by analyzing content such as key factors and key people.IBM Cognos Analytics has an access control error...
D-Link DIR-809 formAdvFirewall buffer overflow vulnerability
A buffer overflow vulnerability exists in the D-Link DIR-809, a dual-band router from D-Link China.The vulnerability stems from the failure of the FUN800462c4 function in the product/formAdvFirewall link to effectively determine data boundaries. An attacker could cause a buffer overflow resulting...
IBM QRadar SIEM Code Issue Vulnerability (CNVD-2021-95253)
IBM QRadar SIEM is a U.S.-based solution from IBM that leverages security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, etc. IBM QRadar...
Eufy Anker Eufy Homebase 2 Authentication Bypass Vulnerability (CNVD-2022-00623)
Anker Eufy Homebase is a wireless home security camera system from Eufy U.S. An authentication bypass vulnerability exists in Anker Eufy Homebase 2 version 2.1.6.9h, which can be exploited by attackers to sniff network traffic leading to password recovery...
IBM MQ Appliance has unspecified vulnerabilities
IBM MQ Appliance is an all-in-one appliance for rapid deployment of enterprise-class messaging middleware from IBM U.S.A. A security vulnerability exists in IBM MQ Appliance, which stems from the fact that IBM MQ Appliance may allow local privileged users to inject and execute malicious code. No...
Fortinet FortiClient Elevation of Privilege Vulnerability (CNVD-2021-102008)
FortiClient is a mobile endpoint security solution from Fortinet, Inc. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to a FortiGate firewall appliance.FortiClient is vulnerable to an elevation of privilege...
Huawei iMaster NCE-Fabric Cross-Site Scripting Vulnerability
Huawei IMaster Nce-Fabric is a network automation and intelligence platform that integrates management, control, analysis, and artificial intelligence Ai functions from Huawei China.A security vulnerability exists in Huawei iMaster NCE-Fabric, which stems from a client-side module that fails to...
Alfasado PowerCMS OS Command Injection Vulnerability
Alfasado PowerCMS is a content management system CMS from Alfasado Japan.An operating system command injection vulnerability exists in PowerCMS, which can be exploited by remote attackers to execute arbitrary operating system commands via unspecified vectors...
Microsoft Edge for iOS Spoofing Vulnerability
Microsoft Edge is a web browser that comes with systems after Windows 10. Microsoft Edge for iOS has a spoofing vulnerability that can be exploited by attackers to conduct spoofing attacks...
Advantech R-SeeNet SQL Injection Vulnerability (CNVD-2021-90868)
Advantech R-SeeNet is an industrial monitoring software from Advantech Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to SQL injection, which can be exploited by remote attackers ...
Huawei HarmonyOS Input Validation Error Vulnerability (CNVD-2021-99978)
Huawei HarmonyOS is an operating system from Huawei China. Huawei HarmonyOS is vulnerable to input validation errors. The vulnerability stems from unchecked clientrecvwritepage. An attacker could exploit this vulnerability to cause the kernel to crash...
Huawei HarmonyOS Get Distributed Directory Path Interface Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. Huawei HarmonyOS is vulnerable to a distributed directory path interface vulnerability. An attacker could exploit this vulnerability to compromise user confidentiality...
Apache Druid LoadData has an arbitrary file reading vulnerability
A security vulnerability exists in Apache Druid, a column-oriented open source distributed database written in Java by the Apache Foundation, which stems from the fact that InputSource is used to read data from a data source in the Druid ingestion system. However, the HTTP InputSource allows an...
Google Chrome cache security bypass vulnerability
Google Chrome is a web browser from Google, Inc. Google chrome has a security vulnerability that can be exploited by attackers to bypass security restrictions...
Google Chrome V8 Code Execution Vulnerability (CNVD-2021-91296)
Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome, which is caused by type obfuscation in V8. An attacker could exploit the vulnerability to execute arbitrary code on the system...
Laravel Framework has an unspecified vulnerability
Laravel Framework is a PHP-based web application development framework from Taylor Otwell, a personal developer.A security vulnerability exists in versions of Laravel Framework prior to 8.70.2, which stems from the fact that the framework does not adequately prevent the upload of executable PHP...
Nim code issue vulnerability
Nim is a statically typed programming language from the Nim community. nim has a code issue vulnerability that can be exploited by attackers to bypass checks and launch SSRF attacks using null bytes...
Airangel Hsmx Gateway Cross-Site Request Forgery Vulnerability
Airangel Hsmx Gateway is a platform from Airangel UK, Inc. used to manage authentication and billing in the network.A cross-site request forgery vulnerability exists in Airangel Hsmx Gateway prior to 5.2.04, which stems from a WEB application that does not adequately verify that the request is fr...
Microsoft Windows COM Remote Code Execution Vulnerability
Microsoft Windows COM is a technology from Microsoft Corporation USA designed to reuse software.COM is described as a platform-independent, decentralized, object-oriented system for creating interactive binary software components.Microsoft Windows COM is vulnerable to a remote code execution...
JetBrains YouTrack has an unspecified vulnerability (CNVD-2021-91662)
JetBrains YouTrack is a browser-based bug tracking and project management software from JetBrains Czech Republic. The software features bug tracking, creating workflows, and monitoring project progress.JetBrains YouTrack Mobile 2021.2 previously had a security vulnerability that stemmed from...
GNU C Library has unspecified vulnerabilities
The GNU C Library glibc, libc6 is an open source, free C compiler released under the LGPL license. version 2.34 of the GNU C Library aka glibc contains a security vulnerability that stems from a data validation issue in the affected version of the library, iconvdata/iso-2022-jp-3.c's iconv in the...
BlueZ Resource Management Error Vulnerability
BlueZ is a Bluetooth protocol stack written in C, which is primarily used to provide support for the core Bluetooth layer and protocol. a resource management error vulnerability exists in BlueZ, which stems from the failure of the D-Bus in the product's gatt-database.c file to properly handle...
Cisco Small Business RV Series Routers Command Injection Vulnerability
Cisco Small Business RV Series Routers is an RV Series router from Cisco, U.S.A. A command injection vulnerability exists in Cisco Small Business RV Series Routers, which stems from a network system or product that does not properly authenticate incoming data. An authenticated remote attacker wit...
Huawei HarmonyOS post-release usage vulnerability
Huawei HarmonyOS is an operating system from Huawei, a Chinese company that provides a microkernel-based distributed operating system. Huawei HarmonyOS 2.0 previously had a security vulnerability that could be exploited by a local attacker to cause a kernel information leak...
GitLab Input Validation Error Vulnerability (CNVD-2021-91177)
GitLab is a self-hosted, Git version control system project repository application developed using Ruby on Rails by GitLab, Inc. GitLab CE/EE is vulnerable to an input validation error that could be exploited to set a pipeline plan to be active in a project export, so that an owner could import t...
Nextcloud Contacts Cross-Site Scripting Vulnerability
Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. nextcloud Contacts application prior to version 4.0.3 suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side...
Adobe After Effects Memory Buffer Out-of-Bounds Access Vulnerability (CNVD-2021-89934)
Adobe After Effects "AE" is a graphics video processing software from Adobe for organizations involved in design and video special effects, including television stations, animation production companies, personal post-production studios, and multimedia studios. Effects 18.4.1 and earlier versions...
Adobe Media Encoder null pointer dereference vulnerability (CNVD-2021-92004)
Adobe Media Encoder, a video and audio encoding application, is vulnerable to a null pointer dereference in Adobe Media Encoder 15.4.1 and earlier versions. An attacker could exploit this vulnerability to cause a denial of service for the application...
Adobe Media Encoder Memory Buffer Out-of-Bounds Access Vulnerability (CNVD-2021-92007)
Adobe Media Encoder, a video and audio encoding application, is vulnerable to an out-of-bounds memory buffer access vulnerability in Adobe Media Encoder 15.4.1 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary code...
Apache Storm code issue vulnerability
Apache Storm is a free and open source distributed real-time computing system. Apache Storm code issue vulnerability. An attacker could exploit the vulnerability to achieve remote code execution...
Atlassian Jira Access Control Error Vulnerability (CNVD-2021-103654)
Atlassian Jira is a defect tracking management system from Atlassian Australia. Atlassian Jira is vulnerable to an access control error that occurs when a network system or product does not properly restrict access to resources from unauthorized roles. A remote attacker could exploit this...
Oracle MySQL Cluster Input Validation Error Vulnerability (CNVD-2022-17695)
Oracle MySQL Cluster is a write-scalable, real-time, ACID-compliant transactional database developed by Oracle Corporation USA.Oracle MySQL Cluster 8.0.26 and prior versions of Cluster: ndbcluster/plugin DDL component is vulnerable to an input validation error. which can be exploited by attackers...
Oracle MySQL Cluster Input Validation Error Vulnerability (CNVD-2022-17696)
Oracle MySQL Cluster is a write-scalable, real-time, ACID-compatible transactional database developed by Oracle Corporation USA. Oracle MySQL Cluster 8.0.26 and earlier versions of the Cluster: General component are vulnerable to an input validation error that could be exploited by an attacker to...
Google Chrome Post-release Reuse Vulnerability (CNVD-2021-84808)
Chrome is a web browsing tool developed by Google. a post-release reuse vulnerability exists in Profiles in versions prior to Google Chrome 95.0.4638.54. A remote attacker exploited this vulnerability to potentially exploit heap corruption via a crafted HTML page...
Google Chrome Post-release Reuse Vulnerability (CNVD-2021-84810)
Chrome is a web browsing tool developed by Google. a post-release reuse vulnerability exists in V8 in versions prior to Google Chrome 95.0.4638.54. An attacker could exploit the vulnerability to exploit heap corruption via a crafted HTML page...
Google Chrome Blink improperly implemented vulnerability (CNVD-2021-84806)
Chrome is a web browsing tool developed by Google. versions prior to Google Chrome 95.0.4638.54 are vulnerable to an improper Blink implementation. An attacker could exploit this vulnerability to abuse content security policies via crafted HTML pages...
Oracle MySQL Server Input Validation Error Vulnerability (CNVD-2021-80260)
A security vulnerability exists in the Server: Optimizer component of Oracle MySQL Server 8.0.26 and earlier versions. An attacker could exploit this vulnerability to perform a denial of service DoS attack...
Oracle MySQL Server Denial of Service Vulnerability (CNVD-2021-81781)
Oracle MySQL Server is a relational database from Oracle Corporation. A denial of service vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to cause the MySQL server to hang or crash frequently and repeatedly...
Oracle Java SE and Oracle GraalVM Enterprise Edition Information Disclosure Vulnerability (CNVD-2021-81804)
Java SE stands for Java Platform Standard Edition and is used to develop and deploy Java applications for desktops, servers, and embedded devices and real-time environments.Oracle GraalVM Enterprise Edition is an Oracle-based multilingual virtual machine for enterprise Java SE. An information...