131102 matches found
Joomla! PrayerCenter SQL Injection Vulnerability
Joomla! is an open source content management system CMS developed by the Open Source Matters team in the U.S. The system provides RSS feeds, site search, etc. PrayerCenter is used in one of the prayer sharing components. A SQL injection vulnerability exists in Joomla! PrayerCenter version 3.0.2. ...
Sensio Labs Symfony Security Bypass Vulnerability
Sensio Labs Symfony is a free French Sensio Labs , based on the MVC architecture of the PHP development framework . The framework provides commonly used functional components and tools , can be used to quickly create complex WEB program . A security bypass vulnerability exists in Sensio Labs...
OpenSSL Denial of Service Vulnerability (CNVD-2022-73349)
OpenSSL is a powerful, commercial-grade, full-featured open source toolkit for the Transport Layer Security TLS protocol, which is implemented based on the Full Strength Common Cryptographic Library for protecting communications on computer networks from eavesdropping and is widely used by Intern...
Linux Kernel owner_on_cpu function denial of service vulnerability
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A denial of service vulnerability exists in the Linux Kernel owneroncpu function, which can be exploited by an attacker to cause a denial of service...
Lua has an unspecified vulnerability
Lua is a lightweight, extensible open source scripting language from the Lua LUA team. Lua 5.4.4 and 5.4.2 have a security vulnerability that stems from a type obfuscation vulnerability in the funcnamefromcode function in lldebug.c, which can be exploited by an attacker to cause a local denial of...
Aruba Networks ArubaOS Path Traversal Vulnerability (CNVD-2021-70117)
Aruba Networks ArubaOS is an operating system for Aruba Mobility-Defined Networks including mobile controllers and mobile access switches from Aruba Networks, Inc. The vulnerability is caused by a lack of validation and filtering of parameters, which could be exploited by an authenticated attacke...
Gajim Message Interception Vulnerability
Gajim is a suite of free instant messaging software based on the Jabber communication protocol developed by the Gajim project. A security vulnerability exists in versions of Gajim prior to 0.16.5, which can be exploited by remote attackers to modify the roster and intercept messages with the help...
Google Android Denial of Service Vulnerability (CNVD-2024-07124)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from a denial of service vulnerability due to a flaw in PersistableBundle.java's saveToXml, which can be exploited by an attacker to cause a denial of service...
SQL Injection Vulnerability in e-cology of Shanghai Panmicro Network Technology Co. Ltd (CNVD-2023-65262)
E-cology is an OA office system made for large and medium-sized enterprises, supporting PC, mobile and WeChat simultaneous office and so on. E-cology of Shanghai Panmicro Network Technology Co., Ltd. suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensiti...
LDAP Account Manager File Upload Vulnerability
LDAP Account Manager is a web front-end for managing entries stored in LDAP directories e.g., users, groups, DHCP settings. file upload vulnerability exists in LDAP Account Manager LAM versions prior to 8.0, which stems from a faulty regular expression that allows PHP scripts to be uploaded to th...
Huawei Emui and Magic UI atcmdserver module integer underflow vulnerability
Huawei Emui is a mobile operating system developed on Android. magic Ui is a mobile operating system developed on Android. Huawei Emui and Magic UI atcmdserver modules are vulnerable to integer underflow, which can be exploited by attackers to compromise integrity...
Command Execution Vulnerability in Sunflower Personal Edition for Windows at Shanghai Berry Information Technology Co.
Sunflower is a free, all-in-one remote control management tool software that integrates remote control of computer and cell phone, remote desktop connection, remote boot, remote management, and intranet penetration support. Ltd. Sunflower Personal Edition for Windows has a command execution...
Telegram Cross-Site Scripting Vulnerability
Telegram is an instant messaging mobile application. version 0.6.1 of Telegram Web K Alpha is vulnerable to a cross-site scripting vulnerability that stems from the fact that Telegram Web K Alpha allows XSS to pass through document names. An attacker could exploit the vulnerability to execute...
Apache HTTP Server Input Validation Error Vulnerability
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An input validation error vulnerability exists in Apache HTTP Server versions 2.4.0 through 2.4.41. The vulnerability arises from ...
Sensio Labs Symfony PHP Code Injection Execution Vulnerability
Sensio Labs Symfony is a free, MVC-based PHP development framework. The Sensio Labs Symfony 'eval' function fails to adequately filter user input, allowing remote attackers to exploit the vulnerability by submitting a special request to execute arbitrary code with WEB privileges...
Delinea PAM Secret Server Security Bypass Vulnerability
Delinea PAM Secret Server is a key service manager from Delinea. A security bypass vulnerability exists in Delinea PAM Secret Server version 11.4, which can be exploited by an attacker to gain unauthorized access to a created remote session...
Linux kernel denial of service vulnerability (CNVD-2024-1476840)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a denial of service vulnerability that originates from the presence of a null pointer dereference in the function ath10kwmitlvoppullmgmttxcomplev. An...
File upload vulnerability exists in DM8 of Wuhan Damon Database Co.(CNVD-2023-25024)
DM8 is a new generation of self-developed database launched by Damon on the basis of summarizing the R&D and application experience of DM series products and adhering to the concepts of open innovation, simplicity and practicality. DM8 of Wuhan Damon Database Co., Ltd. has a file upload...
IBM Robotic Process Automation Resources Exposed to False Scope Vulnerability
IBM Robotic Process Automation is a robotic process automation product from International Business Machines IBM, Inc. It can help you automate more business and IT processes at scale with the ease and speed of traditional RPA.IBM Robotic Process Automation for Cloud Pak suffers from a resource...
Containous Traefik Trust Management Issue Vulnerability (CNVD-2022-13371)
Containous Traefik is a reverse proxy and load balancer from Containous, U.S. Containous Traefik is vulnerable to a trust management issue that stems from the fact that when a request is sent using an FQDN processed by a router configured with a dedicated TLS configuration, the TLS configuration...
WordPress PDF.js Viewer plugin cross-site scripting vulnerability
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress PDF.js Viewer plugin has a cross-site scripting vulnerability in versions prior to 2.0.2, whi...
Apache OpenOffice Access Control Error Vulnerability
Apache OpenOffice is an open source office software suite from the U.S. Apache Apache Foundation. The suite contains text documents , spreadsheets , presentations , drawings , databases and so on. An Access Control Error vulnerability exists in Apache OpenOffice version 4.1.8, which stems from th...
Apache Commons Configuration Out-of-Bounds Write Vulnerability
Apache Commons Configuration is the United States Apache Apache Foundation , a common configuration interface , it is mainly used to enable Java applications to read configuration data from a variety of sources . An out-of-bounds write vulnerability exists in Apache Commons Configuration versions...
Microsoft 3D Builder Remote Code Execution Vulnerability
Microsoft 3D Builder, a tool for creating models and 3D printing from Microsoft USA, has a security vulnerability. No details of the vulnerability are currently available...
Linux kernel has unspecified vulnerabilities (CNVD-2023-06532)
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel USB core subsystem has a security vulnerability that stems from incorrect access control and can be exploited by local attackers to crash the system...
ISC BIND Denial of Service Vulnerability (CNVD-2024-16843)
ISC BIND is the United States ISC company's set of open source software that implements the DNS protocol. ISC BIND suffers from a denial-of-service vulnerability that stems from a flaw in the resolver code that could cause naming to take an inordinate amount of time to process large delegates,...
Tenda AC1206 Buffer Overflow Vulnerability
Tenda AC1206 is a wireless pass-through gigabit router from Tenda, China. tenda AC1206 V15.03.06.23 is vulnerable to a buffer overflow vulnerability caused by improper boundary checking of the fromAddressNat function. An attacker could exploit this vulnerability to overflow the buffer and execute...
Apple iOS and iPadOS GPU Driver Buffer Overflow Vulnerability
Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer. A buffer overflow vulnerability exists in iOS and iPadOS, which originates from a boundary error in the GPU...
QEMU Resource Management Error Vulnerability (CNVD-2022-84160)
QEMU Quick Emulator is a set of emulation processor software by Fabrice Bellard, a French personal developer. A denial of service vulnerability exists in versions prior to QEMU 7.0.0, which stems from EHCI's failure to verify that the buffer pointer overlaps with its MMIO region when transferring...
Lychee Cross-Site Scripting Vulnerability
Lychee is a beautiful and easy to use photo management system open sourced by The Lychee Organisation. Lychee has a cross-site scripting vulnerability, and no details of the vulnerability are available...
Linux kernel has unspecified vulnerabilities (CNVD-2022-21492)
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel has a security vulnerability that can be exploited by local users to gain unauthorized access to certain data...
Linux kernel buffer overflow vulnerability (CNVD-2021-92971)
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel 5.15.2 and earlier versions have a security vulnerability that can be exploited by an attacker who can introduce a specially crafted device to trigger an out-of-bounds write via a specially...
Adobe Premiere Elements Memory Out-of-Bounds Access Vulnerability (NVD-C-2021-277709)
Adobe Premiere Elements is a video editing software application. 2021 build 19.0 and earlier versions of Adobe Premiere Elements contain a memory out-of-bounds access vulnerability that could be exploited by attackers to execute arbitrary code...
Mozilla Thunderbird Permissions and Access Control Issues Vulnerability
Mozilla Thunderbird is an open source email client. Mozilla Thunderbird is vulnerable to permission permission and access control issues, which stem from the way Mozilla maintenance services are installed on the Windows operating system. No detailed vulnerability details are currently available...
WordPress plugin SQL injection vulnerability (CNVD-2021-34528)
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . Quiz And Survey Master â€" Best Quiz, Exam and Survey...
OpenSSH Input Validation Error Vulnerability
OpenSSH OpenBSD Secure Shell is a set of connection tools from the OpenBSD Project Group for secure access to remote computers. The tools are an open source implementation of the SSH protocol and support encryption of all transmissions, effectively blocking eavesdropping, connection hijacking, an...
Command Execution Vulnerability in SuperMap iServer of Beijing SuperMap Software Co.
SuperMap iServer is a cloud GIS application server based on high-performance cross-platform GIS kernel, providing full-featured GIS service publishing, management and aggregation capabilities, and supporting multi-level extension development. A command execution vulnerability exists in SuperMap...
Arbitrary File Read Vulnerability in Yonghong One-Stop Big Data BI Platform of Beijing Yonghong Business Intelligence Technology Co.
Yonghong One-Stop Big Data BI Platform is a one-stop big data analysis platform. Beijing Yonghong Business Intelligence Technology Co., Ltd. Yonghong One-Stop Big Data BI Platform suffers from an arbitrary file read vulnerability, which can be exploited by attackers to obtain sensitive informatio...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2023-65501)
Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server version 8.0.33 and prior versions, which can be exploited by attackers to cause MySQL Server to hang or crash frequently and repeatedly...
Adobe Photoshop out-of-bounds read vulnerability (CNVD-2023-13727)
Adobe Photoshop is a set of image processing software from Adobe. Adobe Photoshop has an out-of-bounds read vulnerability that can be exploited by attackers to cause sensitive memory leaks...
LibreNMS Command Injection Vulnerability (CNVD-2022-91160)
LibreNMS is a PHP and MySQL based open source network monitoring system from the LibreNMS community. LibreNMS v22.3.0 contains a command injection vulnerability that stems from the failure of the serviceip, hostname and serviceparam parameters to properly filter the construct command special...
Microsoft Windows Push Notifications Elevation of Privilege Vulnerability
Microsoft Windows Push Notifications is a push notification service from Microsoft Corporation USA. It provides a reliable way to deliver new updates.Microsoft Windows Push Notifications suffers from an elevation of privilege vulnerability. The vulnerability stems from improper handling of...
Tp-link Tapo C200 Command Injection Vulnerability
A command injection vulnerability exists in Tp-link Tapo C200 1.1.15 and previous firmware versions, which is caused by the presence of a uhttpd binary file that runs as root by default and lacks filtering and escaping. An unauthenticated attacker could use this vulnerability to execute system...
Google Tensorflow code issue vulnerability (CNVD-2022-09866)
Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow has a code issue vulnerability that stems from the simplifyBroadcast function in the MLIR-TFRT infrastructure in TensorFlow being prone to segmentation errors. No detailed...
CS-Cart administration section file upload vulnerability
CS-Cart is a PHP and MySQL based e-commerce software system developed by CS-Cart team. The system supports third-party software extensions, customized promotional strategies, product filtering definitions, etc. The administration section is one of the management components. A file upload...
Potrace de-zero error vulnerability
potrace is a set of bitmap image processing tools developed by software developer Peter Selinger. The tool offers the ability to add smoothing effects, free scaling of images, and more. A divide-by-zero error vulnerability exists in potrace bitmap.h. A remote attacker can exploit this vulnerabili...
IBM Navigator for i Unauthorized Access Vulnerability
IBM Navigator for i is a console interface from International Business Machines IBM used in IBMi to perform and manage critical tasks in IBMi. IBM Navigator for i in versions 7.3, 7.4, and 7.5 is vulnerable to unauthorized access, where authenticated users using this interface access their entitl...
IBM AIX Denial of Service Vulnerability (CNVD-2023-00810)
IBM AIX is an open standards-based UNIX operating system developed by International Business Machines IBM for the IBM Power architecture. IBM AIX suffers from a denial-of-service vulnerability that can be exploited by unprivileged local attackers to cause a denial of service...
Apache UIMA path traversal vulnerability
Apache UIMA is a component-based software architecture from the Apache Foundation. A path traversal vulnerability exists in Apache UIMA 3.3.0 and earlier, which stems from relative path traversal and can be exploited to create files outside of a specified destination directory using carefully...
OpenSSL Remote Code Execution Vulnerability (CNVD-2022-73348)
OpenSSL is a powerful, commercial-grade, full-featured open source toolkit for the Transport Layer Security TLS protocol, a protocol implementation based on the Full Strength Common Cryptographic Library used to protect communications on computer networks from eavesdropping and widely used by...