131102 matches found
Crestron AirMedia AM-100 cgi-bin/login.cgi Directory Traversal Vulnerability
The Crestron AirMedia AM-100 is a gateway product from Crestron Electronics, USA. A directory traversal vulnerability in the cgi-bin/login.cgi file in the Crestron AirMedia AM-100 device allows remote attackers to submit a special request to read arbitrary files...
Microsoft Office OLE DLL End Load Vulnerability
Microsoft Office is an office software suite of products developed by the U.S. company Microsoft Microsoft. Commonly used components are Word, Excel, Access, Powerpoint, FrontPage and so on. A security vulnerability exists in Microsoft Office that originates from the program failing to properly...
Plone Information Disclosure Vulnerability (CNVD-2016-02598)
Plone is the United States Plone Foundation's set of free and open source content management system CMS built on the application server Zope. An information disclosure vulnerability exists in Plone, which can be exploited by an attacker to obtain ID information for private content...
Apple OS X Intel Graphics Driver Memory Corruption Vulnerability (CNVD-2016-01879)
Apple OS X is a specialized operating system developed by Apple for Mac computers.Intel Graphics Driver is one of the graphics card driver components. A security vulnerability exists in Intel Graphics Driver in Apple OS X versions prior to 10.11.4. The vulnerability can be exploited by an attacke...
Apache Directory Studio Command Injection Vulnerability
Apache Directory Studio is a suite of LDAP tool platforms for connecting to, managing and developing any LDAP server. Apache Directory Studio fails to adequately filter user-submitted input, allowing remote attackers to exploit the vulnerability by submitting special requests to execute arbitrary...
Microsoft Windows Server Elevation of Privilege Vulnerability (CNVD-2015-04662)
Microsoft Windows Server is a series of servers based on the windows operating system launched by the U.S. Microsoft Microsoft. A security vulnerability exists in the graphics component of Microsoft Windows. A local attacker could exploit the vulnerability to gain privileges through incorrect...
Multiple TP-LINK Product Catalog Traversal Vulnerability
TP-Link is a well-known supplier of networking and communication equipment. A directory traversal vulnerability exists in multiple TP-LINK products. An attacker is allowed to exploit this vulnerability to obtain sensitive information and launch further attacks...
Unspecified Vulnerability in Oracle VM VirtualBox (CNVD-2015-00596)
Oracle VM VirtualBox is an open source virtual machine software. A security vulnerability in the VMSVGA device child of Oracle VM VirtualBox versions prior to 4.3.20 allows remote attackers to exploit the vulnerability to affect the availability, integrity of the system...
IBM WebSphere Application Server code issue vulnerability (CNVD-2026-23396)
IBM WebSphere Application Server is an enterprise-level Java application server, primarily used for deploying and managing Java EE applications. There are security vulnerabilities in IBM WebSphere Application Server. These vulnerabilities stem from the SAML Web Single Sign-On component, which fai...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2025-02307)
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL's MySQL Server. An attacker can exploit this vulnerability to cause MySQL Server to hang or crash...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2025-02318)
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. Oracle MySQL has a security vulnerability in MySQL Server. An attacker can exploit this vulnerability to cause MySQL Server to hang or crash frequent...
IBM Security verify Access Appliance Denial of Service Vulnerability
IBM Security Verify Access ISAM is a service from International Business Machines IBM that improves user access security. The service enables secure and simple access to platforms such as the Web, mobile, IoT and cloud using risk-based access, single sign-on, integrated access management controls...
IBM Security Verify Access Information Disclosure Vulnerability (CNVD-2024-16916)
IBM Security Verify Access ISAM is a service from International Business Machines IBM that improves user access security. The service enables secure and simple access to platforms such as the Web, mobile, IoT and cloud using risk-based access, single sign-on, integrated access management controls...
Dell PowerScale OneFS Symbolic Link Vulnerability (CNVD-2024-16193)
Dell PowerScale OneFS is an operating system from Dell USA. PowerScale OneFS operating system that provides horizontal scaling of NAS. Dell PowerScale OneFS suffers from a symbolic link vulnerability, which can be exploited by a local, highly-privileged attacker to cause a denial of service,...
Google Chrome Security Bypass Vulnerability (CNVD-2024-16881)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that stems from a misimplementation issue with Downloads. An attacker could exploit this vulnerability to bypass security restrictions...
Google Chrome Security Bypass Vulnerability (CNVD-2024-16877)
Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that stems from an incorrect security UI in iOS. An attacker can exploit this vulnerability to bypass security restrictions...
Mozilla Firefox ESR and Thunderbird Denial of Service Vulnerabilities
Mozilla Firefox ESR is an extended support version of Firefox the Web browser.Mozilla Thunderbird is a suite of e-mail client software separate from the Mozilla Application Suite. A denial of service vulnerability exists in Mozilla Firefox ESR and Thunderbird, which is caused by an ICU...
Apache Airflow Information Disclosure Vulnerability Vulnerability (CNVD-2024-13567)
Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow has an information disclosure vulnerability vulnerability that can b...
IBM Maximo Application Suite Cross-Site Scripting Vulnerability
IBM Maximo Application Suite is a single platform for intelligent asset management, monitoring, maintenance, computer vision, security and reliability from International Business Machines IBM. A cross-site scripting vulnerability exists in IBM Maximo Application Suite version 7.6.1.3, which stems...
Siemens Sinteso EN and Cerberus PRO EN Fire Protection Systems Buffer Overflow Vulnerability
Cerberus PRO EN is a fire protection system consisting of fire panels, detection and management stations. It is available to Siemens partners and complies with the European standard EN 54 for fire detection and alarm systems. Sinteso EN is a fire protection system consisting of fire panels,...
Siemens Sinteso EN and Cerberus PRO EN Fire Protection Systems Out-of-Bounds Read Vulnerability
Cerberus PRO EN is a fire protection system consisting of fire panels, detection and management stations. It is available to Siemens partners and complies with the European standard EN 54 for fire detection and alarm systems. Sinteso EN is a fire protection system consisting of fire panels,...
Apache InLong Code Issue Vulnerability (CNVD-2024-16113)
Apache InLong is the U.S. Apache Apache Foundation's one-stop massive data integration framework. Provides automated, secure and reliable data transfer capabilities. A code issue vulnerability exists in Apache InLong versions 1.8.0 through 1.10.0, which can be exploited by an attacker to read...
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (CNVD-2024-17976)
Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. A remote code execution vulnerability exists in Microsoft Edge Chromium-based, which can be exploited by an attacker to execute arbitrary code on a system...
IBM Storage Ceph Input Validation Error Vulnerability
IBM Storage Ceph is an IBM-powered, open source software-defined storage platform from International Business Machines IBM that provides scalable object, block, and file storage in a single system. IBM Storage Ceph suffers from an input validation error vulnerability that stems from the possibili...
CKEditor cross-site scripting vulnerability (CNVD-2024-09867)
CKEditor is an open source, web-based text editor. A cross-site scripting vulnerability exists in CKEditor4, which stems from the presence of a cross-site scripting vulnerability that can be exploited by an attacker to execute JavaScript code by abusing a misconfigured preview function...
IBM CICS TX Standard Encryption Issues Vulnerability
IBM CICS TX Standard and Advanced is a comprehensive, single transaction runtime package from International Business Machines IBM, Inc. It can provide a cloud-native deployment model for standalone applications. IBM CICS TX Standard has a cryptographic issue vulnerability that stems from the use ...
IBM Security Verify Access Information Disclosure Vulnerability (CNVD-2024-09176)
IBM Security Verify Access is a service from International Business Machines IBM that improves user access security. An information disclosure vulnerability exists in IBM Security Verify Access, which can be exploited by an attacker to compromise a server...
Microsoft Edge for Android Information Disclosure Vulnerability
Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge for Android suffers from an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information...
Microsoft Edge for Android Spoofing Vulnerability
Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge for Android suffers from a spoofing vulnerability that can be exploited by attackers to conduct spoofing attacks...
Code Execution Vulnerabilities in Multiple Mozilla Products
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A code...
Mozilla Firefox Denial of Service Vulnerability (CNVD-2024-10437)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A denial of service vulnerability exists in Mozilla Firefox, which can be exploited by attackers to cause the browser to crash...
Simple Online Hotel Reservation System Cross-Site Scripting Vulnerability
Simple Online Hotel Reservation System is an online hotel reservation system. A cross-site scripting vulnerability exists in Simple Online Hotel Reservation System version 1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the addreserve.php file, and can ...
Huawei HarmonyOS buffer overflow vulnerability (CNVD-2024-06169)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a buffer overflow vulnerability that stems from a buffer overflow vulnerability in a module. An attacker could exploit the...
Microsoft Message Queuing Information Disclosure Vulnerability (CNVD-2024-04951)
Microsoft Message Queuing is the solution for implementing asynchronous and synchronous scenarios that require high performance. An information disclosure vulnerability exists in Microsoft Message Queuing, which can be exploited by an attacker to obtain sensitive information from heap memory...
Microsoft Message Queuing Information Disclosure Vulnerability (CNVD-2024-04950)
Microsoft Message Queuing is the solution for implementing asynchronous and synchronous scenarios that require high performance. An information disclosure vulnerability exists in Microsoft Message Queuing, which can be exploited by an attacker to obtain sensitive information from heap memory...
Adobe InDesign Buffer Overflow Vulnerability (CNVD-2024-12469)
Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. A security vulnerability exists in Adobe InDesign, which can be exploited by an attacker to cause a sensitive memory leak...
PHPEMS Deserialization Vulnerability
PHPEMS is a PHP online mock exam system. PHPEMS suffers from a deserialization vulnerability that stems from unsafe deserialization processing of lib/session.cls.php when receiving serialized data submitted by a user, which can be exploited by an attacker to cause code execution...
Siemens SCALANCE M-800/S615 Series OS Command Injection Vulnerability
The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers. An operating system command injection vulnerability exists in the Siemens SCALANCE M-800/S615 series, which can be exploited by an attacker to execute commands on the system via a malicious local administrator...
IBM Informix Dynamic Server Buffer Overflow Vulnerability (CNVD-2023-9769466)
IBM Informix Dynamic Server IDS is a scalable object-relational database server from International Business Machines IBM that provides clustered data centers with features such as continuous data availability and disaster recovery. IBM Informix Dynamic Server suffers from a buffer overflow...
Adobe ColdFusion Access Control Error Vulnerability
Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. An Access Control Error vulnerability exists in Adobe ColdFusion, which arises from the presence of...
Command Execution Vulnerability in Green Alliance Operations and Maintenance Security Management System
Beijing Shenzhou Green Alliance Technology Co., Ltd. is a company whose business scope includes technology development, technology consulting, technology services; computer system services and so on. A command execution vulnerability exists in the Green Alliance Operations and Maintenance Securit...
Adobe After Effects Out-of-Bounds Read Vulnerability (CNVD-2023-82672)
Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe, which is mainly used for 2D and 3D compositing, animation and visual effects production. An out-of-bounds read vulnerability exists in Adobe After Effects versions 18.4....
Google Android Information Disclosure Vulnerability (CNVD-2024-00168)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability that can be exploited by attackers to cause information leakage...
Microsoft Windows Layer 2 Tunneling Protocol Remote Code Execution Vulnerability (CNVD-2023-81885)
Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. A remote code execution vulnerability exists in the Microsoft Windows Layer 2 Tunneling Protocol, which can be exploited by an attacker to remotely execute code...
Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. Microsoft Office Click-To-Run has an elevation of privilege vulnerability that can be exploited by an...
Microsoft Windows Layer 2 Tunneling Protocol Remote Code Execution Vulnerability (CNVD-2023-81884)
Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. A remote code execution vulnerability exists in the Microsoft Windows Layer 2 Tunneling Protocol, which can be exploited by an attacker to remotely execute code...
Adobe After Effects Out-of-Bounds Read Vulnerability (CNVD-2023-76937)
Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe, which is mainly used for 2D and 3D compositing, animation and visual effects production. Adobe After Effects suffers from an out-of-bounds read vulnerability that stems...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-82284)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Google Chrome Security Bypass Vulnerability (CNVD-2023-75496)
Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome prior to version 117.0.5938.62, which stems from an improper implementation of the Custom Tabs module. An attacker can exploit the vulnerability to bypass security restrictions...
Microsoft 3D Viewer Remote Code Execution Vulnerability (CNVD-2023-74905)
Microsoft 3D Viewer is a simplified and fast graphics editing application from Microsoft. A remote code execution vulnerability exists in Microsoft 3D Viewer, which can be exploited by an attacker to execute code on the target host...