131102 matches found
SourceCodester Hospital Patient Records Management System Cross-Site Scripting Vulnerability
SourceCodester Hospital Patient Records Management System is a web-based PHP application that provides an automated platform for hospitals to store and manage their patient records. A cross-site scripting vulnerability exists in version 1.0 of the Management System. The vulnerability is related t...
FreeCAD ODA Command Injection Vulnerability
FreeCad is a free and open source general-purpose parametric 3D Cad modeler from the FreeCad community and supports the finite element method of building information modeling software. A command injection vulnerability exists in FreeCAD version 0.19, which stems from improper cleanup when calling...
phpMyAdmin Authorization Issues Vulnerability
phpMyAdmin is a free, web-based MySQL database management tool from the Phpmyadmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A security vulnerability exists in phpMyAdmin, which stems...
Google Chrome Buffer Overflow Vulnerability (CNVD-2022-15141)
Google Chrome is a web browser from Google, Inc. A buffer overflow vulnerability exists in Google Chrome, which could be exploited by attackers to convince users to install malicious extensions to potentially exploit heap corruption via well-designed HTML pages...
Oracle MySQL Cluster Buffer Overflow Vulnerability (CNVD-2022-13053)
Oracle MySQL is an open source relational database management system from Oracle Corporation. MySQL Cluster is a highly useful, highly redundant version of Oracle MySQL Cluster for distributed computing environments. Oracle MySQL Cluster is vulnerable to buffer overflow, which can be exploited to...
Oracle MySQL Cluster Buffer Overflow Vulnerability (CNVD-2022-18211)
MySQL Cluster is a write-scalable, real-time, ACID-compliant transactional database designed to guarantee 99.999% availability. A buffer overflow vulnerability exists in Oracle MySQL Cluster, which can be exploited by an attacker to execute code in the context of a service account...
Adobe Acrobat Reader Dc Buffer Overflow Vulnerability (CNVD-2022-11156)
Adobe Acrobat Reader Dc is a Pdf reading tool from Adobe. Adobe Acrobat Reader Dc suffers from a buffer error vulnerability that originates from a boundary error when handling untrusted input. An attacker could exploit this vulnerability to create a specially crafted PDF file, trick the victim in...
AppCMS Cross-Site Scripting Vulnerability (CNVD-2022-08032)
AppCMS is a content management system CMS for mobile application downloads. a cross-site scripting vulnerability exists in AppCMS, which stems from the lack of proper validation of client-side data in the WEB application. An attacker could exploit this vulnerability to execute client-side code...
Oracle GraalVM Input Validation Error Vulnerability
Oracle GraalVM is a set of on-the-fly compilers written in the Java language from Oracle Corporation USA.GraalVM Enterprise Edition is the enterprise version of GraalVM.An input validation error vulnerability exists in Oracle GraalVM due to an Oracle GraalVM Enterprise Edition has incorrect input...
PhpIPAM Cross-Site Scripting Vulnerability (CNVD-2022-08175)
phpIPAM is an open source PHP and MySQL-based IP address management application IPAM. phpIPAM in v1.4.4 is vulnerable to a cross-site scripting vulnerability that stems from a lack of user-supplied data and output data validation filtering in the Site title parameter when updating site settings. ...
IBM FileNet Content Manager Command Injection Vulnerability
IBM FileNet Content Manager is a content management solution for the FileNet P8 platform from IBM of America. The solution combines document management with ready-to-use workflow tools to manage images, videos, Web content, compliance documents, etc. IBM FileNet Content Manager in versions 5.5.4,...
ZOHO ManageEngine Desktop Central Licensing Issue Vulnerability
ZOHO ManageEngine Desktop Central DC is a desktop management solution from ZOHO, Inc. The solution includes software distribution, patch management, system configuration, remote control and other functional modules to support the entire lifecycle of desktop and server management...
Clam AntiVirus Input Validation Error Vulnerability (CNVD-2022-64263)
Clam AntiVirus is an open source antivirus engine for detecting Trojans, viruses, malware and other malicious threats.Clam AntiVirus suffers from an input validation error vulnerability that can be exploited by attackers to implement denial of service attacks...
Pexip Infinity has an unspecified vulnerability
Pexip Infinity Pexip Video Conferencing Cloud Collaboration Platform is a video conferencing cloud collaboration platform from the Norwegian company Pexip. Pexip Infinity has a security vulnerability that could be exploited by an attacker to allow a temporary remote denial of service abort...
Linux kernel has unspecified vulnerabilities (CNVD-2022-05041)
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. kernel is one of the kernel-based virtual machines. a security vulnerability exists in Linux kernel, which stems from the fact that guest users can force the Linux netback driver to consume large amounts...
Fortinet FortiOS Buffer Overflow Vulnerability (CNVD-2022-08470)
Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. A security vulnerability exists i...
Adobe Bridge resource management error vulnerability
Adobe Bridge is a file viewer from Adobe, Inc. Adobe Bridge is vulnerable to a resource management error that originates from a use-after-free error when processing files. A remote attacker could use the vulnerability to trick victims into opening specially crafted files, trigger a use-after-free...
Adobe Acrobat and Reader Resource Management Error Vulnerability
Adobe Acrobat, a PDF file editing and conversion tool from Adobe, is vulnerable to a resource management error in Adobe Acrobat and Reader, which is caused by a post-release usage error when processing PDF files. A remote attacker could exploit the vulnerability to create a specially crafted PDF...
Google Android out-of-bounds write vulnerability (CNVD-2022-06897)
Google Android is a Linux-based open source operating system from Google, Inc. A security vulnerability exists in Google Android that could be exploited by attackers to remotely elevate privileges without additional executive privileges...
Google Android Input Validation Error Vulnerability (CNVD-2022-06151)
Google Android is a Linux-based open source operating system from Google, Inc. Google Android 11 is vulnerable to an input validation error, which stems from a network system or product that does not properly validate input data. No details of the vulnerability are currently available...
Huawei HarmonyOS Heap Overflow Vulnerability (CNVD-2022-17398)
Huawei HarmonyOS is an operating system from Huawei China. Huawei HarmonyOS is vulnerable to a heap overflow vulnerability. An attacker could exploit this vulnerability to cause malicious code execution...
Google Chrome ANGLE buffer overflow vulnerability (CNVD-2022-65576)
Google Chrome is a web browser from Google, Inc. A buffer overflow vulnerability exists in Google Chrome ANGLE, which can be exploited by remote attackers to overflow the buffer and execute arbitrary code on the system, or cause the application to crash...
Discourse Information Disclosure Vulnerability (CNVD-2022-05506)
Discourse is an open source community discussion platform. The platform includes community, email and chat room features.Discourse suffers from an information disclosure vulnerability for which no detailed vulnerability details are currently available...
GPAC Denial of Service Vulnerability (CNVD-2022-03211)
GPAC is an open source multimedia framework. GPAC 1.0.1 contains a security vulnerability that stems from improper design or implementation during the development of code for a networked system or product, which could be exploited by an attacker to conduct a denial-of-service attack...
WordPress Download Monitor PluginSQL Injection Vulnerability
WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.The WordPress Download Monitor Plugin has a SQL injection vulnerability in versions prior to 4.4.5, which stems from the use...
ASUS RT-AC52U_B1 Cross-Site Scripting Vulnerability
Asus Rt-Ac52UB1 is a dual-band wireless router from Asus China.A cross-site scripting vulnerability exists in ASUS RT-AC52UB1, which stems from the presence of invalid data filtering in ASUS RT-AC52U B1 version 3.0.0.4.380.10931, which could lead to user session hijacking. No detailed vulnerabili...
Wireshark Injection Vulnerability (CNVD-2022-11196)
Wireshark formerly known as Ethereal is a suite of network packet analysis software from the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. An injection vulnerability exists in Wireshark versions 3.4.0 - 3.4.10, which stems fro...
Wireshark Injection Vulnerability (CNVD-2022-11197)
Wireshark formerly known as Ethereal is a suite of network packet analysis software from the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. Wireshark version 3.6.0 suffers from an injection vulnerability that stems from a crash...
Microsoft SharePoint Elevation of Privilege Vulnerability (CNVD-2022-01686)
Microsoft Office Sharepoint Server is a U.S. Microsoft Microsoft company for enterprise customers and design, web-based content management and collaboration tools. The initial version of the software exists in the form of Office components, and now also still greatly dependent on Office to provid...
Command Execution Vulnerability in Panavision OA (CNVD-2022-06870)
Ltd. specializes in the field of collaborative management OA software, and is committed to collaborative OA as the core to help enterprises build a new mobile office platform. A command execution vulnerability exists in Panmicro OA, which can be exploited by an attacker to gain control of the...
Garrett Metal Detectors Buffer Overflow Vulnerability (CNVD-2022-01313)
Garrett Metal Detectors is a walk-in metal detector from Garrett, U.S.A. Garrett Metal Detectors is vulnerable to a buffer overflow vulnerability that can be exploited by attackers to cause a stack buffer overflow...
Apple macOS High Sierra Elevation of Privilege Vulnerability
A security vulnerability exists in Apple macOS High Sierra, a specialized operating system developed by Apple for Mac computers. macOS High Sierra is caused by a faulty race condition. An attacker could exploit this vulnerability to cause elevated privileges...
Linux kernel has unspecified vulnerabilities (CNVD-2022-00608)
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel versions prior to 5.15.11 have a security vulnerability that stems from f2fssetxattr in fs/f2fs/xattr.c in the Linux kernel, which can be exploited when an inode has an invalid last xattr...
Apple macOS High Sierra Information Disclosure Vulnerability (CNVD-2022-15495)
A security vulnerability exists in Apple macOS High Sierra, a specialized operating system developed by Apple for Mac computers. macOS High Sierra is caused by a problem with handling contact sharing. An attacker could exploit this vulnerability to cause unexpected data sharing...
Linux Kernel kvm_dirty_ring_get() function denial of service vulnerability
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux Kernel kvmdirtyringget suffers from a function denial of service vulnerability, which is caused by the kvmdirtyring function in virt/kvm/dirtyring.c without creating a vCPU. dirtyring function in...
Information Leakage Vulnerability in Qixing Tianqing Hanma USG Firewall
Tianqing Hanma USG Firewall is a new firewall series product officially launched by Qixing. There is an information leakage vulnerability in Qishen Tianqing Hanma USG Firewall, which can be exploited by attackers to obtain sensitive information...
Vim Buffer Overflow Vulnerability (CNVD-2022-05065)
Vim is a UNIX-based editor. buffer overflow vulnerability exists in Vim. No detailed vulnerability details are currently available...
xorg-x11-server out-of-bounds access vulnerability
xorg-x11-server is an X Window System display server from the X.Org X.org Foundation. xorg-x11-server is vulnerable to an out-of-bounds access vulnerability that could be exploited by attackers to crash the server, deny service, or possibly execute arbitrary code and escalate privileges...
xorg-x11-server out-of-bounds access vulnerability (CNVD-2022-04966)
xorg-x11-server is an X Window System display server from the X.Org Foundation. xorg-x11-server 21.1.2 and versions prior to 1.20.14 have an out-of-bounds access vulnerability in the SwapCreateRegister function, which can be exploited by attackers to threaten data confidentiality, integrity, and...
Delta Electronics DIAEnergie .NET Request.QueryString Cross-Site Scripting Vulnerability
Delta Electronics DIAEnergie is an industrial energy management system used to monitor and analyze energy consumption in real time, calculate energy consumption and load characteristics, optimize equipment performance, improve production processes, and maximize energy efficiency.A cross-site...
Microsoft HEVC Video Extensions Remote Code Execution Vulnerability (CNVD-2022-59688)
Microsoft HEVC Video Extensions is a video extension application from Microsoft Corporation USA. Microsoft HEVC Video Extensions is a remote code execution vulnerability that can be exploited by attackers to execute arbitrary code on a system...
Motorola Solutions Avigilon Cross-Site Scripting Vulnerability
Motorola Solutions Avigilon is a series of security cameras from Motorola Solutions, U.S. A cross-site scripting vulnerability exists in Motorola Solutions Avigilon, which stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit this vulnerability...
Bentley View Code Execution Vulnerability (CNVD-2021-102049)
Bentley View is a free viewer from Bentley Systems, Inc. A security vulnerability exists in Bentley View, which is caused by out-of-bounds writes when parsing JT files. An attacker could exploit this vulnerability to execute arbitrary code on the system...
Adobe Experience Manager Cross-Site Scripting Vulnerability
Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications and forms. The solution supports mobile content management, marketing and sales campaign management, and multi-site management, etc. A cross-site scripting vulnerabilit...
Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2022-05440)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Bentley View Code Execution Vulnerability (CNVD-2021-102033)
Bentley View is a free viewer from Bentley Systems, U.S.A. A security vulnerability exists in Bentley View, which is caused by a use-after-release vulnerability when parsing 3DS files. An attacker could exploit this vulnerability to execute arbitrary code on the system...
SonicWall SMA100 has an unspecified vulnerability
The Sonicwall SMA100 is a secure access gateway appliance from Sonicwall, Inc. A security vulnerability exists in the SonicWall SMA100 that could be exploited by an unauthenticated remote attacker to bypass firewall rules by using the SMA100 as an unexpected proxy or intermediate undetectable pro...
Fortinet FortiWeb Input Validation Error Vulnerability
Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content.Fortinet FortiWeb An input validation error...
Mozilla Firefox Information Disclosure Vulnerability (CNVD-2021-99616)
Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. Mozilla Firefox is vulnerable to an information disclosure vulnerability that stems from the use of XMLHttpRequest, which can be exploited by attackers to identify installed applications by probing error message...
Autodesk Navisworks code issue vulnerability
Autodesk Navisworks is a 3D model review software for architecture, engineering and construction from Autodesk, Inc. A code issue vulnerability exists in Autodesk Navisworks, which can be exploited by attackers to execute code via a maliciously crafted DLL file...