131102 matches found
Apache Druid LoadData has an arbitrary file reading vulnerability
A security vulnerability exists in Apache Druid, a column-oriented open source distributed database written in Java by the Apache Foundation, which stems from the fact that InputSource is used to read data from a data source in the Druid ingestion system. However, the HTTP InputSource allows an...
Google Chrome cache security bypass vulnerability
Google Chrome is a web browser from Google, Inc. Google chrome has a security vulnerability that can be exploited by attackers to bypass security restrictions...
Google Chrome V8 Code Execution Vulnerability (CNVD-2021-91296)
Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome, which is caused by type obfuscation in V8. An attacker could exploit the vulnerability to execute arbitrary code on the system...
Nim code issue vulnerability
Nim is a statically typed programming language from the Nim community. nim has a code issue vulnerability that can be exploited by attackers to bypass checks and launch SSRF attacks using null bytes...
Laravel Framework has an unspecified vulnerability
Laravel Framework is a PHP-based web application development framework from Taylor Otwell, a personal developer.A security vulnerability exists in versions of Laravel Framework prior to 8.70.2, which stems from the fact that the framework does not adequately prevent the upload of executable PHP...
Airangel Hsmx Gateway Cross-Site Request Forgery Vulnerability
Airangel Hsmx Gateway is a platform from Airangel UK, Inc. used to manage authentication and billing in the network.A cross-site request forgery vulnerability exists in Airangel Hsmx Gateway prior to 5.2.04, which stems from a WEB application that does not adequately verify that the request is fr...
Microsoft Windows COM Remote Code Execution Vulnerability
Microsoft Windows COM is a technology from Microsoft Corporation USA designed to reuse software.COM is described as a platform-independent, decentralized, object-oriented system for creating interactive binary software components.Microsoft Windows COM is vulnerable to a remote code execution...
JetBrains YouTrack has an unspecified vulnerability (CNVD-2021-91662)
JetBrains YouTrack is a browser-based bug tracking and project management software from JetBrains Czech Republic. The software features bug tracking, creating workflows, and monitoring project progress.JetBrains YouTrack Mobile 2021.2 previously had a security vulnerability that stemmed from...
BlueZ Resource Management Error Vulnerability
BlueZ is a Bluetooth protocol stack written in C, which is primarily used to provide support for the core Bluetooth layer and protocol. a resource management error vulnerability exists in BlueZ, which stems from the failure of the D-Bus in the product's gatt-database.c file to properly handle...
Cisco Small Business RV Series Routers Command Injection Vulnerability
Cisco Small Business RV Series Routers is an RV Series router from Cisco, U.S.A. A command injection vulnerability exists in Cisco Small Business RV Series Routers, which stems from a network system or product that does not properly authenticate incoming data. An authenticated remote attacker wit...
Huawei HarmonyOS post-release usage vulnerability
Huawei HarmonyOS is an operating system from Huawei, a Chinese company that provides a microkernel-based distributed operating system. Huawei HarmonyOS 2.0 previously had a security vulnerability that could be exploited by a local attacker to cause a kernel information leak...
GitLab Input Validation Error Vulnerability (CNVD-2021-91177)
GitLab is a self-hosted, Git version control system project repository application developed using Ruby on Rails by GitLab, Inc. GitLab CE/EE is vulnerable to an input validation error that could be exploited to set a pipeline plan to be active in a project export, so that an owner could import t...
Nextcloud Contacts Cross-Site Scripting Vulnerability
Nextcloud is an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. nextcloud Contacts application prior to version 4.0.3 suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side...
Adobe After Effects Memory Buffer Out-of-Bounds Access Vulnerability (CNVD-2021-89934)
Adobe After Effects "AE" is a graphics video processing software from Adobe for organizations involved in design and video special effects, including television stations, animation production companies, personal post-production studios, and multimedia studios. Effects 18.4.1 and earlier versions...
Adobe Media Encoder null pointer dereference vulnerability (CNVD-2021-92004)
Adobe Media Encoder, a video and audio encoding application, is vulnerable to a null pointer dereference in Adobe Media Encoder 15.4.1 and earlier versions. An attacker could exploit this vulnerability to cause a denial of service for the application...
Adobe Media Encoder Memory Buffer Out-of-Bounds Access Vulnerability (CNVD-2021-92007)
Adobe Media Encoder, a video and audio encoding application, is vulnerable to an out-of-bounds memory buffer access vulnerability in Adobe Media Encoder 15.4.1 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary code...
Apache Storm code issue vulnerability
Apache Storm is a free and open source distributed real-time computing system. Apache Storm code issue vulnerability. An attacker could exploit the vulnerability to achieve remote code execution...
Atlassian Jira Access Control Error Vulnerability (CNVD-2021-103654)
Atlassian Jira is a defect tracking management system from Atlassian Australia. Atlassian Jira is vulnerable to an access control error that occurs when a network system or product does not properly restrict access to resources from unauthorized roles. A remote attacker could exploit this...
Oracle MySQL Cluster Input Validation Error Vulnerability (CNVD-2022-17695)
Oracle MySQL Cluster is a write-scalable, real-time, ACID-compliant transactional database developed by Oracle Corporation USA.Oracle MySQL Cluster 8.0.26 and prior versions of Cluster: ndbcluster/plugin DDL component is vulnerable to an input validation error. which can be exploited by attackers...
Oracle MySQL Cluster Input Validation Error Vulnerability (CNVD-2022-17696)
Oracle MySQL Cluster is a write-scalable, real-time, ACID-compatible transactional database developed by Oracle Corporation USA. Oracle MySQL Cluster 8.0.26 and earlier versions of the Cluster: General component are vulnerable to an input validation error that could be exploited by an attacker to...
Google Chrome Post-release Reuse Vulnerability (CNVD-2021-84808)
Chrome is a web browsing tool developed by Google. a post-release reuse vulnerability exists in Profiles in versions prior to Google Chrome 95.0.4638.54. A remote attacker exploited this vulnerability to potentially exploit heap corruption via a crafted HTML page...
Google Chrome Post-release Reuse Vulnerability (CNVD-2021-84810)
Chrome is a web browsing tool developed by Google. a post-release reuse vulnerability exists in V8 in versions prior to Google Chrome 95.0.4638.54. An attacker could exploit the vulnerability to exploit heap corruption via a crafted HTML page...
Google Chrome Blink improperly implemented vulnerability (CNVD-2021-84806)
Chrome is a web browsing tool developed by Google. versions prior to Google Chrome 95.0.4638.54 are vulnerable to an improper Blink implementation. An attacker could exploit this vulnerability to abuse content security policies via crafted HTML pages...
Oracle MySQL Server Input Validation Error Vulnerability (CNVD-2021-80260)
A security vulnerability exists in the Server: Optimizer component of Oracle MySQL Server 8.0.26 and earlier versions. An attacker could exploit this vulnerability to perform a denial of service DoS attack...
Oracle MySQL Server Denial of Service Vulnerability (CNVD-2021-81781)
Oracle MySQL Server is a relational database from Oracle Corporation. A denial of service vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to cause the MySQL server to hang or crash frequently and repeatedly...
Oracle MySQL Server Input Validation Error Vulnerability (CNVD-2021-80247)
Oracle MySQL Server, a relational database from Oracle Corporation, has a security vulnerability in the Server: PS component of Oracle MySQL Server 8.0.26 and earlier. An attacker could exploit this vulnerability to perform a denial of service DoS attack...
Oracle MySQL Server Input Validation Error Vulnerability (CNVD-2021-80250)
A security vulnerability exists in the Server: Optimizer component of Oracle MySQL Server 8.0.26 and earlier versions. An attacker could exploit this vulnerability to perform a denial of service DoS attack...
Oracle Java SE and Oracle GraalVM Enterprise Edition Information Disclosure Vulnerability (CNVD-2021-81804)
Java SE stands for Java Platform Standard Edition and is used to develop and deploy Java applications for desktops, servers, and embedded devices and real-time environments.Oracle GraalVM Enterprise Edition is an Oracle-based multilingual virtual machine for enterprise Java SE. An information...
Oracle Java SE and Oracle GraalVM Enterprise Edition Denial of Service Vulnerability (CNVD-2021-81805)
Java SE stands for Java Platform Standard Edition and is used to develop and deploy Java applications for desktops, servers, and embedded devices and real-time environments.Oracle GraalVM Enterprise Edition is an Oracle-based multilingual virtual machine for enterprise Java SE. A denial of servic...
Oracle E-Business Suite Denial of Service Vulnerability (CNVD-2022-02355)
Oracle E-Business Suite is an extension of the original Application ERP and includes a collection of ERP Enterprise Resource Planning Management, HR Human Resource Management, CRM Customer Relationship Management and other applications that are seamlessly integrated into one management suite...
Nagios XI Cross-Site Scripting Vulnerability (CNVD-2021-90909)
Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting, and rich data visualization.A reflective cross-site scripting vulnerability exists in the generic user interface of versions of Nagios XI prior to 5.8.4. An...
Apache OpenOffice XML External Entity Injection Vulnerability
Apache OpenOffice is an open source office software suite from the U.S. Apache Apache Foundation. The suite contains text documents , spreadsheets , presentations , drawings , databases and so on. Apache OpenOffice in version 4.1.10 and earlier versions of the existence of XML external entity...
IBM Sterling B2B Integrator SQL Injection Vulnerability (CNVD-2021-87020)
IBM Sterling B2B Integrator is a suite of software from IBM USA that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with different partner communities. IBM Sterling B2B Integrator Standard Edition in versions...
Adobe Framemaker Buffer Overflow Vulnerability (CNVD-2021-102812)
Adobe Framemaker is the United States of America Odooby Adobe company's set of page layout software for writing and editing large or complex documents including structured documents. Adobe Framemaker suffers from a buffer error vulnerability that originates when a networked system or product...
Irfanview infinite loop vulnerability
IrfanView is an image viewer that supports image browsing, image editing, image format conversion, etc. Irfanview suffers from an infinite loop vulnerability that can be exploited by attackers to cause a denial of service DOS...
Siemens Solid Edge Information Disclosure Vulnerability
Solid Edge is a 3D CAD, parametric feature and synchronous technology solid modeling software. information disclosure vulnerability exists in previous versions of Siemens Solid Edge SE2021MP8. An attacker could exploit the vulnerability to obtain information via specially crafted OBJ files...
VMware vCenter Server Path Traversal Vulnerability
Vmware VMware vCenter Server is a suite of server and virtualization management software from Vmware, Inc. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructure. vCenter Server is vulnerable to a...
VMware vCenter Server Information Disclosure Vulnerability (CNVD-2021-74283)
Vmware VMware vCenter Server is a suite of server and virtualization management software from Vmware, Inc. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructure. vmware vCenter Server is vulnerab...
VMware vCenter Server Information Disclosure Vulnerability (CNVD-2021-74279)
Vmware VMware vCenter Server is a suite of server and virtualization management software from Vmware. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructures. An information disclosure vulnerabili...
FFmpeg buffer overflow vulnerability (CNVD-2021-74089)
FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability exists in Ffmpeg that can be exploited by attackers to cause a denial of service or other unspecified impact...
libslax code issue vulnerability
libslax is an open-source implementation of the SLAX language. libslax is vulnerable to a code problem caused by a null pointer dereference in the function slaxLexer in slaxLexer .c, which can be exploited to cause a denial of service...
FAAD2 Heap Buffer Overflow Vulnerability (CNVD-2021-89951)
Freeware Advanced Audio Decoder 2 FAAD2 is an open source MPEG-4 and MPEG-2 AAC decoder licensed under the GPLv2 license. a heap buffer overflow vulnerability exists in the stszin function in mp4read.c in FAAD2 version 2.10.0 and earlier. An attacker could exploit this vulnerability to execute co...
JetBrains TeamCity has an unspecified vulnerability (CNVD-2022-09219)
JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Jetbrains, a Czech company. The tool provides continuous unit testing, code quality analysis, and build issue analysis reporting.A security vulnerability exists in versions of JetBrains TeamCity...
Google Chrome Offline Code Execution Vulnerability
Google Chrome Offline is a web browser from Google, Inc. A code execution vulnerability exists in Google Chrome Offline. A remote attacker could use this vulnerability to execute arbitrary code on the system or cause a denial of service condition...
libde265 Heap Buffer Overflow Vulnerability (CNVD-2021-78430)
libde265 is an open source implementation of the h.265 video codec. libde265 version 1.0.4 contains a heap buffer overflow vulnerability in the ffhevcputunweightedpred8sse function. An attacker can exploit the vulnerability to cause a denial of service via specially crafted files...
Adobe InDesign out-of-bounds read vulnerability (CNVD-2021-85268)
Adobe InDesign is a desktop publishing DTP application from Adobe, mainly used for typesetting and editing of various printed materials. Adobe InDesign suffers from an out-of-bounds read vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...
Adobe Acrobat/Reader Type Obfuscation Vulnerability (CNVD-2021-85264)
Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat is a PDF editing software developed by Adobe. Adobe Acrobat/Reader suffers from a type obfuscation vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...
Adobe Acrobat/Reader Post-release Reuse Vulnerability (CNVD-2021-94912)
Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat is a PDF editing software developed by Adobe. Adobe Acrobat/Reader suffers from a post-release reuse vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...
Adobe Acrobat/Reader Stack Buffer Overflow Vulnerability (CNVD-2021-94917)
Adobe Reader also known as Acrobat Reader is a PDF document reader developed by Adobe. Adobe Acrobat is a PDF editor developed by Adobe. Adobe Acrobat/Reader is vulnerable to a stack buffer overflow. An attacker can exploit this vulnerability to execute arbitrary code...
Adobe Acrobat/Reader Post-release Reuse Vulnerability (CNVD-2022-04518)
Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat is a PDF editor developed by Adobe. Adobe Acrobat/Reader is vulnerable to a post-release reuse vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...