131102 matches found
Nextcloud has an unspecified vulnerability (CNVD-2022-77502)
A security vulnerability exists in Nextcloud Desktop Client, an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany, which stems from the fact that its desktop client could be tricked into opening/executing local files when clicking o...
Weak Password Vulnerability in Intelligent IOT Comprehensive Management Platform of Zhejiang Dahua Technology Co.(CNVD-2022-87084)
Zhejiang Dahua Technology Co., Ltd. is the world's leading video-centered intelligent IOT solution provider and operation service provider. A weak password vulnerability exists in the Intelligent IOT Integrated Management Platform of Zhejiang Dahua Technology Co. Ltd, which can be exploited by...
Huawei EMUI Denial of Service Vulnerability
Huawei EMUI is an Android-based mobile operating system developed by the Chinese company Huawei Huawei. A denial of service vulnerability exists in Huawei EMUI 12.0.0, which stems from a lack of parameter type validation in the DRM module, and can be exploited by an attacker to affect the...
Zettlr input validation error vulnerability
Zettlr is the most comprehensive editor for professionally editing Markdown files. version 2.3.0 of Zettlr is vulnerable to an input validation error, which stems from the fact that the application has no CSP policy and does not properly validate content before rendering markdown files, which cou...
Tenda AC23 Stack Overflow Vulnerability (CNVD-2023-15702)
Tenda AC23 is a dual-band Gigabit wireless router from Tenda China. Tenda AC23 suffers from a stack overflow vulnerability, which originates from a stack overflow in the devName parameter of the ormSetDeviceName function. An attacker can exploit this vulnerability to execute arbitrary code...
Tenda AC23 Stack Overflow Vulnerability (CNVD-2023-15701)
Tenda AC23 is a dual-band Gigabit wireless router from Tenda China. The Tenda AC23 suffers from a buffer error vulnerability that originates from a stack overflow in the schedStartTime parameter of the setSchedWifi function. An attacker can exploit this vulnerability to run arbitrary code in the...
File Upload Vulnerability in Huatian Power OA System (CNVD-2022-83472)
Huatian Power OA system is a collaborative office software developed by Dalian Huatian Software Co. A file upload vulnerability exists in the Huatian Power OA system, which can be exploited by an attacker to upload arbitrary files...
Google Chrome Vulkan buffer overflow vulnerability
Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome that could be exploited by attackers to overflow a buffer and execute arbitrary code on the system or cause the application to crash...
Oracle MySQL Installer Information Disclosure Vulnerability (CNVD-2023-01497)
Oracle MySQL Server is a relational database from Oracle Corporation. An information disclosure vulnerability exists in the Installer: General component of Oracle MySQL Installer 1.6.3 and earlier versions. An attacker can exploit this vulnerability to corrupt MySQL Installer and perform...
Oracle MySQL Shell Information Disclosure Vulnerability
Oracle MySQL Server is a relational database from Oracle Corporation. An information disclosure vulnerability exists in the Shell: Core Client component of Oracle MySQL Shell. An attacker can exploit this vulnerability to corrupt the MySQL Shell and gain unauthorized access to a subset of MySQL...
Oracle MySQL Server Denial of Service Vulnerability (CNVD-2022-87659)
Oracle MySQL Server is a relational database from Oracle Corporation USA. A denial-of-service vulnerability exists in the Server: Data Dictionary component of Oracle MySQL Server. An attacker can exploit the vulnerability to access the network via multiple protocols, which can compromise MySQL...
Dell BIOS Buffer Overflow Vulnerability (CNVD-2023-08761)
Dell BIOS is embedded software on a small memory chip on a computer motherboard from Dell, U.S.A. A buffer overflow vulnerability exists in Dell BIOS, which can be exploited by a local, authenticated attacker to obtain arbitrary code execution in SMRAM using SMI...
Dell BIOS Input Validation Error Vulnerability (CNVD-2023-08763)
Dell BIOS is embedded software on a small memory chip on a computer motherboard from Dell USA.Dell BIOS is vulnerable to an input validation error, which can be exploited by a locally authenticated attacker with administrative privileges to modify UEFI variables...
Dell BIOS Input Validation Error Vulnerability (CNVD-2023-08764)
Dell BIOS is embedded software on a small memory chip on a computer motherboard from Dell, U.S.A. An input validation error vulnerability exists in Dell BIOS, which could be exploited by a locally authenticated attacker to obtain arbitrary code execution in SMRAM using SMI...
Tenda AC1206 fromSysToolReboot Function Cross-Site Request Forgery Vulnerability
The AC1206 is a high performance router designed with Gigabit ports for both WAN and LAN ports. Tenda AC1206 firmware version USAC1206V1.0RTLV15.03.06.23multiTD01 suffers from a cross-site request forgery vulnerability, which exists in the fromSysToolReboot function in the /bin/httpd file, and ca...
Multiple Siemens Products Access Control Error Vulnerabilities
Siemens SICAM is an integrated substation automation system from Siemens Germany. An access control error vulnerability exists in several Siemens products. The vulnerability stems from the fact that the affected device accepts a user-defined session cookie and does not update the session cookie...
Huawei HarmonyOS Logic Error Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A logic error vulnerability exists in the processing of business logic in the Huawei HarmonyOS home screen module, which can be exploited by an attacker to...
Cisco ATA 190 LLDP Packet Input Validation Error Vulnerability
The Cisco ATA 190 is an analog phone adapter from Cisco, U.S.A. An input validation error vulnerability exists in the Cisco ATA 190 Series, which stems from a lack of length validation in certain LLDP packet header fields. An unauthenticated, remote attacker could exploit the vulnerability to...
strongSwan trust management issue vulnerability
strongSwan is a set of open source IPsec-based VPN solution for Linux platforms used by Andreas Steffen, a personal developer in Switzerland. The solution contains X.509 public key certificates, secure storage private keys, smart cards and other authentication mechanisms. strongSwan versions prio...
YetiForceCrm Cross-Site Scripting Vulnerability (CNVD-2022-69154)
YetiForceCrm is an open source Crm system from the Polish company YetiForce. A cross-site scripting vulnerability exists in versions of YetiForceCrm prior to 6.4.0, which stems from a lack of effective filtering and escaping of user-supplied data and can be exploited by an attacker to cause a...
Nedi Consulting Nedi User Enumeration Vulnerability
Nedi Consulting NeDi is a suite of open source software from Nedi Consulting, Switzerland that supports discovery and mapping of network devices. A user enumeration vulnerability exists in Nedi, which stems from the insecure design of the Nedi login and community login web UI, and can be exploite...
HSQLDB Code Execution Vulnerability
HSQLDB is a relational database management system written in Java by The HSQL Development Group team. A code execution vulnerability exists in HSQLDB, which stems from the fact that its use of java.sql.Statement or java.sql.PreparedStatement to process untrusted input by default allows any static...
Multiple MediaTek chip isp local privilege elevation vulnerabilities
MediaTek Inc. is the world's fourth largest fab semiconductor company and a market leader in mobile devices, smart home applications, wireless connectivity technologies and IoT products, with approximately 1.5 billion devices with MediaTek chips built into them hitting the market around the world...
Discourse input validation error vulnerability
Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. versions of Discourse prior to 2.8.9, and prior to 2.9.0.beta10, contain an input validation error vulnerability that could be exploited by an attacker to add large text load...
Cisco Catalyst 9200 Series Switch Data Forgery Issue Vulnerability
Cisco Catalyst 9200 Series Switches is a switch from Cisco, U.S. A data forgery vulnerability exists in the software image validation feature of Cisco Catalyst 9200 Series Switches, which could be exploited by an attacker to execute unsigned code at system startup...
Aruba Networks ArubaOS and InstantOS Denial of Service Vulnerabilities
ArubaOS is the network operating system for Aruba Mobility Controllers, Mobility Masters, and controller-managed Access Points APs.InstantOS is an Arch Linux-based distribution. A denial of service vulnerability exists in Aruba Networks ArubaOS and InstantOS. The vulnerability stems from a progra...
File Download Vulnerability in EWEB Network Management System of Beijing StarNet Ruijie Network Technology Co.
Ruijie Networks is a specialized network vendor with a full range of network equipment product lines and solutions, including switches, routers, software, security firewalls, wireless products and storage. A file download vulnerability exists in the EWEB network management system of Beijing StarN...
Apache Airflow Open Redirect Vulnerability
Apache Airflow is an open source platform for creating, managing and monitoring workflows from the Apache Foundation. Apache Airflow versions 2.3.0 to 2.3.4 have an open redirection vulnerability, which originates from the /confirm port of the web server does not do a reasonable job on the target...
Vim Resource Management Error Vulnerability (CNVD-2022-68078)
Vim is a cross-platform text editor. versions prior to Vim 9.0.0490 are vulnerable to a resource management error, which stems from the existence of a memory reuse after release issue. No detailed vulnerability details are currently available...
Google TensorFlow Input Validation Error Vulnerability (CNVD-2023-10603)
Google TensorFlow is an end-to-end open source platform for machine learning from Google. Google TensorFlow has an input validation error vulnerability that stems from the fact that the BlockLSTMGradV2 implementation does not fully validate its input, which could be exploited by an attacker to...
Google TensorFlow DrawBoundingBoxes Denial of Service Vulnerability
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A denial-of-service vulnerability exists in Google TensorFlow, which stems from the fact that when DrawBoundingBoxes receives input boxes that do not belong to the float dtype, it gives the assertion...
Linux kernel resource management error vulnerability (CNVD-2022-69192)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a resource management error vulnerability that originates from a confusion in the instruction responsible for freeing memory in iouring. An attacker...
BlueZ input validation error vulnerability
BlueZ is a Bluetooth protocol stack written in C, which is primarily used to provide support for the core Bluetooth layer and protocol. versions prior to BlueZ 5.59 have an input validation error vulnerability that stems from the failure of the profiles/audio/avrcp.c component to validate...
Denial of Service vulnerability in the rotateImage function in LibTIFF tiffcrop.c:8621
LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. The library contains a number of command-line tools for working with TIFF files.A denial of service vulnerability exists in LibTIFF version 4.4.0rc1, which stems from a failed sysmalloc assertion in rotateImage in...
Tenda AX180 Stack Overflow Vulnerability (CNVD-2022-78482)
Tenda AX1803 is a dual-band Gigabit WIFI6 router from Tenda China.Tenda AX1803 is vulnerable to a stack overflow vulnerability, which is caused by improper boundary checking of the formSetQosBand function. An attacker could exploit the vulnerability to overflow the buffer and execute arbitrary co...
Ingredients Stock Management System SQL Injection Vulnerability (CNVD-2023-11178)
Ingredients Stock Management System is an ingredient stock management system from Carlo Montero's personal developer. A SQL injection issue exists in the id parameter of the /stocks/manage stockin.php location. No detailed vulnerability details are available at this time...
Tenda AC9 Command Injection Vulnerability (CNVD-2022-75820)
Tenda AC9 is a wireless router from Tenda, China. Tenda AC9 V15.03.2.21cn version is vulnerable to command injection, which can be exploited by attackers to execute arbitrary commands on the system...
Google Android Code Execution Vulnerability (CNVD-2022-71984)
Google Android is a Linux-based open source operating system from Google, Inc. A code execution vulnerability exists in Google Android, which is caused by an out-of-bounds write in Bluetooth. An attacker could exploit this vulnerability to execute arbitrary code on the system...
Adobe Acrobat Reader Buffer Overflow Vulnerability (CNVD-2022-58464)
Adobe Acrobat Reader is a PDF viewer from Adobe. The software is used to print, sign, and annotate PDFs. Adobe Acrobat Reader is vulnerable to a buffer overflow vulnerability that originates from out-of-bounds writes. An attacker could exploit this vulnerability to execute arbitrary code...
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-67843)
Microsoft Azure Site Recovery ASR is a DRaaS provided by Azure for cloud and hybrid cloud architectures. Microsoft Azure Site Recovery suffers from an elevation of privilege vulnerability. An attacker could exploit this vulnerability to elevate privileges...
Adobe FrameMaker heap buffer overflow vulnerability
Adobe Framemaker is a set of page layout software for writing and editing large or complex documents including structured documents from Adobe. Adobe FrameMaker is vulnerable to a heap buffer overflow vulnerability that could be exploited by attackers to execute arbitrary code...
Remote Code Execution Vulnerability in Damon 7 Database Kirin Edition
Wuhan Damon Database Co., Ltd. is specialized in providing big data platform architecture consulting, data technology solution planning, product deployment and implementation in one big data platform company. A remote code execution vulnerability exists in Damon 7 Database Kirin Edition, which ca...
Google Android Denial of Service Vulnerability (CNVD-2022-71981)
Google Android is a Linux-based open source operating system from Google, Inc. A security vulnerability exists in Google Android, which is caused by a failure to properly enter authentication in the get of PacProxyService.java. A locally authenticated attacker could exploit this vulnerability to...
vim diff_write_buffer function buffer overflow vulnerability
Vim is a cross-platform text editor. vim suffers from a buffer overflow vulnerability that results from undefined behavior in the diffwritebuffer function. An attacker could exploit this vulnerability to cause a buffer overflow...
IBM CICS TX Advanced Clickjacking Vulnerability
IBM CICS TX Advanced is a comprehensive, single transaction runtime package from IBM USA. It can provide a cloud-native deployment model for standalone applications. IBM CICS TX Advanced version 11.1 is vulnerable to a clickjacking vulnerability that stems from the program's failure to adequately...
F5 BIG-IP TMM Data Normalization Infinite Loop Vulnerability
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. An infinite loop vulnerability in F5 BIG-IP TMM data normalization stems from the fact that when an LTM virtual server is...
McAfee Agent Code Issue Vulnerability (CNVD-2022-55631)
McAfee Agent MA is a set of client components from McAfee, Inc. that provides secure communications between ePolicy Orchestrator antivirus management platform and managed products. A code issue vulnerability exists in McAfee Agent MA versions prior to 5.7.7, which stems from a vulnerability that...
Apple macOS Monterey Spotlight Privilege Permission and Access Control Issues Vulnerability
Apple macOS Monterey is the 18th major release of Apple's macOS for the Macintosh desktop operating system. Apple macOS Monterey prior to version 12.5 is vulnerable to a privilege-granting and access-control issue vulnerability that stems from Spotlight failing to properly impose security...
Samsung Mobile devices SemWifiApClient Access Control Vulnerability
Samsung Mobile devices are a range of Samsung mobile devices from the South Korean company Samsung SAMSUNG, including cell phones, tablets, and more. Samsung Mobile devices SemWifiApClient has an access control vulnerability that originates from improper access control in the sendDHCPACKBroadcast...
Samsung Mobile devices SemWifiApClient access control vulnerability (CNVD-2022-65119)
Samsung Mobile devices are a range of Samsung mobile devices from the South Korean company Samsung SAMSUNG, including cell phones, tablets, and more. Samsung Mobile devices SemWifiApClient has an access control vulnerability that originates from improper access control in the sendDHCPACKBroadcast...