131102 matches found
Adobe Acrobat/Reader Post-release Reuse Vulnerability (CNVD-2022-04518)
Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat is a PDF editor developed by Adobe. Adobe Acrobat/Reader is vulnerable to a post-release reuse vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...
PRTG Network Monitor Cross-Site Scripting Vulnerability (CNVD-2021-93888)
PRTG Network Monitor is an uptime and bandwidth monitoring software that supports various sensor types.A stored cross-site scripting vulnerability exists in versions prior to PRTG Network Monitor 21.3.69.1333. An attacker can execute malicious JavaScript by importing a specially crafted string fr...
Hitachi ABB Power Grids System Data Manager Encryption Issue Vulnerability
Hitachi ABB Power Grids System Data Manager is a system data manager from Hitachi, Japan. Hitachi ABB Power Grids System Data Manager is vulnerable to an encryption issue that stems from the fact that the application does not encrypt backup files. A local operating system user can modify the back...
Tuxera NTFS-3G Buffer Overflow Vulnerability (CNVD-2021-72270)
Tuxera NTFS-3G is Finland's Tuxera company's set of open source , cross-platform for supporting NTFS partition read and write drivers . NTFS-3G suffers from a buffer overflow vulnerability that can be exploited by an attacker to potentially cause out-of-bounds reads in ntfsattrfind and...
Tuxera NTFS-3G Buffer Overflow Vulnerability (CNVD-2021-72274)
Tuxera NTFS-3G is Finland's Tuxera company's set of open source , cross-platform for supporting NTFS partition read and write drivers . NTFS-3G suffers from a buffer overflow vulnerability that can be exploited by an attacker to cause a heap-based buffer overflow in ntfsinodelookupbyname in NTFS-...
ZOHO ManageEngine ServiceDesk Plus Licensing Issue Vulnerability
ZOHO ManageEngine ServiceDesk Plus SDP is a set of ITIL-based IT service management software from ZOHO. The software integrates incident management, issue management, asset management IT project management, procurement and contract management, etc. An authorization issue vulnerability exists in...
Google Chrome Bookmarks code execution vulnerability
Google Chrome is a web browser from Google, Inc. A code execution vulnerability exists in Google Chrome Bookmarks. An attacker could use this vulnerability to execute arbitrary code on the system or cause a denial of service condition...
SolarWinds Orion Platform SQL Injection Vulnerability
SolarWinds Orion Platform is a network fault and network performance management platform from SolarWinds, Inc. The platform provides real-time monitoring and profiling of network devices and supports custom web interfaces, multiple user opinions, and map-based browsing of the entire network. The...
Six Apart Movable Type Cross-Site Scripting Vulnerability (CNVD-2022-22651)
Six Apart Movable Type MT is a blogging system from Six Apart, Inc. A cross-site scripting vulnerability exists in Six Apart Movable Type, which stems from a lack of validation and escaping of user-supplied data in the search screen, and could be exploited by remote attackers to trick victims int...
F5 BIG-IP TMUI Remote Command Execution Vulnerability
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A remote command execution vulnerability exists in the F5 BIG-IP TMUI, which can be exploited by an authenticated attacker wi...
ARM mbed TLS denial of service vulnerability
ARM mbed TLS is a product from ARM UK that provides secure communication and encryption for mbed products. ARM mbed TLS suffers from a denial of service vulnerability that stems from an unrestricted calculation performed by mbedtlsmpiexpmod. An attacker could exploit this vulnerability to provide...
XStream Arbitrary Code Execution Vulnerability (CNVD-2021-67826)
XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...
XStream Arbitrary Code Execution Vulnerability
XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...
XStream Arbitrary Code Execution Vulnerability (CNVD-2021-67828)
XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...
IBM API Connect HOST Injection Vulnerability
IBM API Connect APIConnect is an integration solution for managing the lifecycle of APIs from IBM. The product supports creating, running, managing and securing APIs and microservices, etc. An injection vulnerability exists in IBM API Connect HOST, which stems from the product's host header not...
Google Chrome Post-release Reuse Vulnerability (CNVD-2021-68455)
Chrome is a web browsing tool developed by Google. A post-release reuse vulnerability exists in Printing in versions prior to Google Chrome 92.0.4515.159. An attacker could exploit this vulnerability to potentially cause heap corruption via a crafted HTML page...
TYPO3 Information Disclosure Vulnerability (CNVD-2022-17972)
TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association.TYPO3 suffers from an information disclosure vulnerability that stems from session identifiers not being properly present in the HTML output, which can be exploited by an attacker to cause...
TYPO3 SQL Injection Vulnerability (CNVD-2022-17976)
TYPO3 is a free and open source content management system framework CMS/CMF from the TYPO3 Typo3 association in Switzerland.TYPO3 is vulnerable to a SQL injection vulnerability that stems from a failure to properly encode user input. No detailed vulnerability details are currently available...
Mozilla Firefox Type Obfuscation Vulnerability (CNVD-2021-90101)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S. Mozilla Firefox is vulnerable to a type obfuscation vulnerability that stems from a faulty JIT optimization and a type obfuscation error. A remote attacker could trick a victim into opening a carefully construct...
cPanel XXE vulnerability
cPanel is a web-based host control management system from cPanel USA. cPanel versions prior to 98.0.1 have an XXE vulnerability in the WHM Locale Upload feature. No detailed vulnerability details are currently available...
ZTE ZXHN H2640 Information Disclosure Vulnerability
The ZTE ZXHN H2640 is a home gateway device from ZTE Corporation China.An information disclosure vulnerability exists in the ZTE ZXHN H2640, which stems from a configuration and other errors in the network system or product during operation. An unauthorized attacker could exploit the vulnerabilit...
Adobe Magento Improper Input Validation Vulnerability (CNVD-2021-90927)
Magento is an open source e-commerce platform written in PHP by Adobe. Adobe Magento is vulnerable to improper input validation. An attacker can exploit this vulnerability to execute arbitrary code...
WordPress Astra Pro Addon Plugin SQL Injection Vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in WordPress Astra Pro Addon Plugin versions prior to 3.5.2, which stems...
Exiv2 Infinite Loop Vulnerability (CNVD-2021-61438)
Exiv2 is a cross-platform C library and command-line utility for managing image metadata. exiv2 0.27.4 and earlier versions are vulnerable to an infinite loop. An attacker could exploit the vulnerability via specially crafted image files to cause a denial of service...
Libgd out-of-bounds read vulnerability (CNVD-2021-94953)
LibGD is an open source library for programmers to dynamically create images. an out-of-bounds read vulnerability exists in LibGD 2.3.2 and earlier. An attacker can exploit the vulnerability to cause a denial of service via specially crafted TGA files...
Huawei HarmonyOS Incorrect Permission Management Vulnerability Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a microkernel-based distributed operating system. Huawei HarmonyOS has a security vulnerability that can be exploited by local attackers to elevate privileges...
Huawei HarmonyOS configuration settings vulnerability
Huawei HarmonyOS is an operating system from Huawei, a Chinese company that provides a microkernel-based, distributed operating system. A security vulnerability exists in Huawei HarmonyOS, which can be exploited by local attackers to cause a lack of trust in the underlying application trust list...
Incorrect security UI vulnerability in Google Chrome navigation
Chrome is a web browsing tool developed by Google. versions prior to Google Chrome 92.0.4515.131 are vulnerable to an incorrect security UI in navigation. An attacker could exploit this vulnerability to bypass security restrictions...
Google Chrome out-of-bounds read vulnerability (CNVD-2021-62186)
Chrome is a web browsing tool developed by Google. An out-of-bounds read vulnerability exists in the Tab Strip in versions of Google Chrome prior to 92.0.4515.131. A remote attacker could exploit this vulnerability to obtain sensitive information...
CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2021-57425)
CMS Made Simple is a simple and easy-to-use content management system developed using PHP, MySQL and Smarty template engine.A cross-site scripting vulnerability exists in CMS Made Simple version 2.2.14. The vulnerability can be exploited by attackers to conduct cross-site scripting attacks via th...
Exiv2 integer overflow vulnerability (CNVD-2021-62191)
Exiv2 is a cross-platform C++ library and command line utility for managing image metadata. An integer overflow vulnerability exists in CrwMap::encode0x1810 in Exiv2 version 0.27.3. An attacker could exploit this vulnerability to cause a denial of service via a specially crafted image file...
Unspecified Vulnerability in Oracle Fusion Middleware (CNVD-2021-59241)
Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle USA. The platform provides middleware, software collection and other functions. Oracle Fusion Middleware has a security vulnerability that can be exploited...
Adobe Media Encoder out-of-bounds read vulnerability (CNVD-2021-54350)
Adobe Media Encoder, a video and audio encoding application, is vulnerable to an out-of-bounds read vulnerability in Adobe Media Encoder version 15.2 and earlier. An attacker could exploit this vulnerability to execute arbitrary code...
Oracle BI Publisher Unauthorized Access Vulnerability
Oracle BI Publisher is a reporting solution that makes it easier and faster to produce, manage, and deliver all reports and documents than traditional reporting tools.Oracle BI Publisher versions 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0 of the E- Business Suite - XDO component contains a...
Oracle MySQL Server Denial of Service Vulnerability (CNVD-2021-54389)
Oracle MySQL is an open source relational database management system from Oracle Corporation. A denial-of-service vulnerability exists in the Server: Optimizer component of Oracle MySQL Server 8.0.25 and earlier versions. An attacker could exploit this vulnerability to cause MySQL Server to hang ...
Microsoft Windows/Windows Server Information Disclosure Vulnerability (CNVD-2021-63282)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA, Microsoft Windows is an operating system for personal devices, and Microsoft Windows Server is a server operating system. An information disclosure vulnerability exists in GDI in Microsoft Windows/Windo...
Linux kernel buffer overflow vulnerability (CNVD-2021-54395)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel. The vulnerability stems from the discovery that the eBPF ALU32 bounds trace for bitwise operations AND, OR and XOR does not...
Microsoft HEVC Video Extensions Remote Code Execution Vulnerability (CNVD-2021-70127)
Microsoft HEVC Video Extensions is a video extension application from Microsoft Corporation USA. The application enables computers and devices to read High Efficiency Video Encoding or HEVC video.A remote code execution vulnerability exists in Microsoft HEVC Video Extensions. An attacker could...
Microsoft Windows/Windows Server Information Disclosure Vulnerability (CNVD-2021-63285)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server is a server operating system. An information disclosure vulnerability exists in the Remote Access Connection Manager in Microsoft...
Unspecified Vulnerability in Exiv2 (CNVD-2021-62175)
Exiv2 is a suite of C++ libraries and command line applications for managing image metadata. It provides the ability to read and write image metadata in a variety of formats including EXIF, IPTC and XMP. A security vulnerability exists in Exiv2 v0.27.1, which stems from a buffer overflow...
Microsoft Windows/Windows Server Denial of Service Vulnerability (CNVD-2021-66063)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA, Microsoft Windows is an operating system for personal devices, and Microsoft Windows Server is a server operating system. A denial of service vulnerability exists in the TCP/IP driver in Microsoft...
Microsoft Windows Server Denial of Service Vulnerability (CNVD-2021-76467)
Windows Server is the brand name of a series of server operating systems released by Microsoft, including all Windows operating systems released under the brand name "Windows Server." Windows Server in Microsoft Windows Server A denial-of-service vulnerability exists in Windows DNS Server. No...
Microsoft Windows Server Remote Code Execution Vulnerability (CNVD-2021-76462)
Windows Server is the brand name of a series of server operating systems released by Microsoft, including all Windows operating systems released under the brand name "Windows Server." Windows Server in Microsoft Windows Server A remote code execution vulnerability exists in DNS Server, which can ...
Adobe Illustrator 2021 out-of-bounds write vulnerability (CNVD-2021-55964)
Adobe Illustrator 2021 is a vector graphics software. Adobe Illustrator 2021 25.2.3 and earlier versions are vulnerable to an out-of-bounds write vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...
Siemens Jt2go and Siemens Teamcenter Visualization Out-of-Bounds Writing Vulnerability (CNVD-2021-53346)
Siemens Jt2go and Siemens Teamcenter Visualization are both products of Siemens, a German company. Siemens Teamcenter Visualization is a software that provides team collaboration capabilities for designing 2D and 3D scenes. An out-of-bounds write vulnerability exists in Siemens JT2Go versions pri...
IBM DB2 Command Injection Vulnerability
IBM DB2 is a relational database management system from the American company IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. A security vulnerability exists in IBM Db2 for Linux, UNIX, and Windows including Db2 Connect Server, which stems...
WordPress ProfilePress plugin elevation of privilege vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An elevation of privilege vulnerability exists in the ProfilePress plugin for WordPress versions 3.0...
XWiki Platform has an unspecified vulnerability (CNVD-2022-13410)
Xwiki Platform is a Wiki platform for creating Web collaboration applications from the French company Xwiki. XWiki Platform has a security vulnerability that stems from the fact that the reset password form can display a user's email address by simply providing a username. No details of the...
ZOHO ManageEngine ADSelfService Plus Remote Code Execution Vulnerability
ManageEngine ADSelfService Plus is a web-based self-service application that allows end-users to perform tasks such as password resets, account unlocks, profile information updates, etc. without relying on a help desk.Zoho ManageEngine ADSelfService Plus 6101 and earlier versions are vulnerable t...
Unauthorized Access Vulnerability in Hong Kong Broadband Network Limited IAD601D
Hong Kong Broadband Network Limited is a leading provider of integrated telecommunications and technology solutions. An unauthorized access vulnerability exists in IAD601D of Hong Kong Broadband Network Limited, which can be exploited by attackers to obtain sensitive information...