131102 matches found
Oracle BI Publisher Unauthorized Access Vulnerability
Oracle BI Publisher is a reporting solution that makes it easier and faster to produce, manage, and deliver all reports and documents than traditional reporting tools.Oracle BI Publisher versions 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0 of the E- Business Suite - XDO component contains a...
Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2021-90103)
Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. Mozilla Firefox is vulnerable to a buffer overflow vulnerability that stems from a boundary error when processing HTML content. An attacker could exploit the vulnerability to create a specially crafted web page...
Google Chrome Post-release Reuse Vulnerability (CNVD-2021-62172)
Chrome is a web browsing tool developed by Google, and a post-release reuse vulnerability exists in V8 in versions prior to Google Chrome 91.0.4472.164. An attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash...
D-LINK DIR-3040 Information Disclosure Vulnerability (CNVD-2021-53338)
The D-LINK DIR-3040 is a router from D-Link, a Taiwan-based company that provides connectivity to the Internet.The D-LINK DIR-3040 is vulnerable to an information disclosure vulnerability that could be exploited by an attacker to send HTTP requests resulting in the disclosure of sensitive...
Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66074)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA, Microsoft Windows is an operating system for personal devices, and Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in Projected File System in...
Microsoft Windows Server Information Disclosure Vulnerability (CNVD-2021-54418)
Windows Server is the brand name of a series of server operating systems released by Microsoft, including all Windows operating systems released under the brand name "Windows Server". An information disclosure vulnerability exists in the "Key Distribution Center" in Microsoft Windows Server. No...
Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66076)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in the Cloud Files Mini Filter Driver in Microsoft...
Microsoft HEVC Video Extensions Remote Code Execution Vulnerability (CNVD-2021-70128)
Microsoft HEVC Video Extensions is a video extension application from Microsoft Corporation USA. The application enables computers and devices to read High Efficiency Video Encoding or HEVC video.A remote code execution vulnerability exists in Microsoft HEVC Video Extensions. An attacker could...
Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66077)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server is a server operating system. An elevation-of-privilege vulnerability exists in the Remote Access Connection Manager in Microsoft...
Microsoft Windows/Windows Server Denial of Service Vulnerability (CNVD-2021-66062)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA, Microsoft Windows is an operating system for personal devices, and Microsoft Windows Server is a server operating system. A denial of service vulnerability exists in the TCP/IP driver in Microsoft...
Microsoft Windows/Windows Server Denial of Service Vulnerability (CNVD-2021-66061)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA, Microsoft Windows is an operating system for personal devices, and Microsoft Windows Server is a server operating system. A denial of service vulnerability exists in the TCP/IP driver in Microsoft...
ECTouch SQL Injection Vulnerability
ECTouch is an application. An open source mobile mall system to create an enterprise exclusive mobile mall. ECTouch suffers from a SQL injection vulnerability, which originates from the SQL injection vulnerability in ECTouch v2 generated through the integralmin parameter in index.php. An attacker...
SQL Injection Vulnerability in Riptide NBR Routers
Ruijie Networks Co., Ltd. is a professional network manufacturer with a full range of network equipment product lines and solutions, including switches, routers, software, security firewalls, wireless products, storage, and so on. A SQL injection vulnerability exists in Ruijie NBR routers, which...
Adobe Acrobat/Reader Type Obfuscation Vulnerability (CNVD-2021-55976)
Adobe Acrobat is a PDF editing software developed by Adobe. Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat/Reader suffers from a type obfuscation vulnerability. An attacker can exploit this vulnerability to read arbitrary file systems...
Adobe Acrobat/Reader Type Obfuscation Vulnerability (CNVD-2021-70147)
Adobe Acrobat is a PDF editing software developed by Adobe. Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat/Reader is vulnerable to a type obfuscation vulnerability. An attacker could exploit the vulnerability to disclose sensitive memory informati...
Cisco 7000 Series IP Camera Memory Leak Vulnerability (CNVD-2021-57459)
The Cisco 7000 Series IP cameras are 5 megapixel, high definition, outdoor fixed dome cameras in vandal resistant enclosures with pan/tilt/zoom functionality.The Cisco 7000 Series IP camera implementation of Link Layer Discovery Protocol LLDP in firmware versions prior to 2.12.4 is vulnerable to ...
XWiki Platform has an unspecified vulnerability (CNVD-2022-13410)
Xwiki Platform is a Wiki platform for creating Web collaboration applications from the French company Xwiki. XWiki Platform has a security vulnerability that stems from the fact that the reset password form can display a user's email address by simply providing a username. No details of the...
WordPress Popular Posts Cross-Site Scripting Vulnerability
WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. WordPress Popular Posts 5.3.2 and earlier versions are vulnerable to cross-site scripting. An authenticated remote attacker can use this vulnerability to inject arbitrary scripts...
Autodesk Design Review Resource Management Error Vulnerability (CNVD-2021-53948)
Autodesk Design Review ADR is a suite of AutoCAD drafting software support software from Autodesk, Inc. The software supports viewing, marking, measuring, printing, and tracking changes to 2D and 3D design files.Autodesk Design Review is vulnerable to a resource management error that could be...
Linux Kernel Code Execution Vulnerability
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux Kernel is vulnerable to code execution, which can be exploited by attackers to execute arbitrary code, obtain sensitive information, or cause a system denial of service by sending specially crafted...
Unauthorized Access Vulnerability in MOBOTIX M26
MOBOTIX M26 is a camera from MOBOTIX. MOBOTIX M26 suffers from an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information...
OpenEXR Logic Flaw Vulnerability
OpenEXR is an image file format for high dynamic range HDR images.A security vulnerability exists in OpenEXR, which stems from a flaw in the ImfDeepScanLineInputFile functionality. An attacker could use the upstairs to trigger an out-of-bounds read by submitting a harmful file to an application...
Unauthorized Access Vulnerability in AXIS 241Q Video Server
Axis is an IT company that specializes in providing web video solutions. An unauthorized access vulnerability exists in AXIS 241Q Video Server, which can be exploited by attackers to obtain sensitive information...
TamronOS IPTV V5 System Backend Contains Arbitrary File Download Vulnerability
TamronOS IPTV system is a live and on-demand system solution for broadband operators, hotels, schools and other high traffic scenarios. TamronOS IPTV V5 system has an arbitrary file download vulnerability in the background, which can be exploited by attackers to obtain sensitive information...
Pillow Denial of Service Vulnerability (CNVD-2021-54030)
Pillow is a Python-based image processing library. A denial of service vulnerability exists in versions of Pillow prior to 8.2.0, which stems from the fact that PSDImagePlugin.PsdImageFile does not properly check the number of input layers based on data block size, and can be exploited by attacke...
WordPress plugin cross-site scripting vulnerability (CNVD-2021-36523)
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in versions o...
Liferay Portal and Liferay DXP have unspecified vulnerabilities (CNVD-2021-62988)
Liferay Portal and Liferay DXP are both products of Liferay, a J2EE-based portal solution that uses EJB and JMS technologies and serves as a web publishing and shared workspace, enterprise collaboration platform, social network, etc. Liferay DXP is a digital experience collaboration platform...
Microsoft Windows/Windows Server Information Disclosure Vulnerability (CNVD-2021-63293)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA.Microsoft Windows is a set of operating systems for personal devices.Microsoft Windows Server is a set of server operating systems. An information disclosure vulnerability exists in the CSC service of...
Adobe Acrobat Reader DC out-of-bounds write vulnerability
Adobe Acrobat Reader is a PDF viewer. The software is used to print, sign and annotate PDFs. Adobe Acrobat Reader DC is vulnerable to an out-of-bounds write vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the current user...
Mozilla Thunderbird has an unspecified vulnerability (CNVD-2021-54709)
Mozilla Thunderbird is a set of email client software from the Mozilla Foundation that is separate from the Mozilla Application Suite. Mozilla Thunderbird has a security vulnerability that could be exploited by attackers to perform operations on unlocked keys without having to unlock them...
Atlassian Jira Server and Data Center Information Disclosure Vulnerability (CNVD-2021-55945)
Atlassian JIRA Server and Atlassian JIRA Data Center are both products of Atlassian Australia.Atlassian JIRA Server is a server version of a defect tracking management system. Atlassian JIRA Data Center is the data center version of Atlassian JIRA. Atlassian Jira Server and Data Center have an...
Pillow Buffer Overflow Vulnerability (CNVD-2021-54035)
Pillow is a Python-based image processing library.A buffer overflow vulnerability exists in Pillow Tiff image file processing, which can be exploited by remote attackers to submit special file requests that trick users into parsing, which can crash the application or execute arbitrary code in the...
Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66102)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA, Microsoft Windows is a set of operating systems for personal devices, and Microsoft Windows Server is a set of server operating systems. Microsoft Windows/Windows Server PKU2U has an elevation of...
Cisco Webex Meetings Cross-Site Scripting Vulnerability (CNVD-2021-13232)
Cisco Webex Meetings provides affordable enterprise virtual meeting solutions. A cross-site scripting vulnerability exists in the web interface of Cisco Webex Meetings. The vulnerability stems from insufficient validation of user-supplied input in the web interface of the affected service. An...
Projectworlds Online Book Store Project In Php SQL Injection Vulnerability
Projectworlds Online Book Store Project In Php is a Php-based online bookstore system from the Austrian company Projectworlds. Projectworlds Online Book Store Project In Php 1.0 is vulnerable to SQL injection. An attacker could exploit this vulnerability to dump the entire database on which the w...
WebKitGTK post-release reuse vulnerability
WebKitGTK is a full-featured port of the WebKit rendering engine.A post-release reuse vulnerability exists in the WebSocket functionality of WebKitGTK 2.30.0. An attacker could exploit the vulnerability to achieve remote code execution by tricking a user into visiting a specially crafted web page...
Six Apart Movable Type Cross-Site Scripting Vulnerability (CNVD-2022-22655)
Six Apart Movable Type MT is a blogging system from Six Apart, a US-based company. Six Apart Movable Type Premium is vulnerable to a cross-site scripting vulnerability that could be exploited by a remote authenticated attacker to inject arbitrary scripts via unspecified vectors...
Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66104)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA Microsoft Windows is an operating system for personal devices Microsoft Windows Server is a server operating system. Microsoft Windows/Windows Server errors report an elevation of privilege vulnerability...
Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-66105)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA, Microsoft Windows is an operating system for personal devices, and Microsoft Windows Server is a server operating system. Microsoft Windows/Windows Server is vulnerable to an elevation of privilege...
Microsoft Windows/Windows Server Denial of Service Vulnerability (CNVD-2021-66065)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA, Microsoft Windows is an operating system for personal devices, and Microsoft Windows Server is a server operating system. A denial-of-service vulnerability has been reported in Microsoft Windows/Windows...
Microsoft Windows/Windows Server Information Disclosure Vulnerability (CNVD-2021-63304)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA, Microsoft Windows is an operating system for personal devices, and Microsoft Windows Server is a server operating system. Microsoft Windows/Windows Server MSCTF Server is vulnerable to information...
Microsoft Windows and Windows Server Elevation of Privilege Vulnerability (CNVD-2021-61778)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows and Windows Server, which can be...
Microsoft Windows/Windows Server Information Disclosure Vulnerability (CNVD-2021-63321)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA, Microsoft Windows is an operating system for personal devices, and Microsoft Windows Server is a server operating system. An information disclosure vulnerability exists in Microsoft Windows/Windows...
Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-68738)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows/Windows Server. The vulnerability stems...
Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-68744)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows/Windows Server, which stems from a...
Microsoft Windows/Windows Server Remote Code Execution Vulnerability (CNVD-2021-65601)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server is a server operating system. A remote code execution vulnerability exists in Microsoft Windows/Windows Server. The vulnerability stems...
Microsoft Windows/Windows Server Elevation of Privilege Vulnerability (CNVD-2021-90801)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows/Windows Server. Th...
Microsoft Windows/Windows Server Remote Code Execution Vulnerability (CNVD-2021-65603)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA.Microsoft Windows is a set of operating systems for personal devices.Microsoft Windows Server is a set of server operating systems. A remote code execution vulnerability exists in Microsoft Windows/Windo...
agoo environmental issues loophole
agoo is a Ruby-based HTTP server by Peter Ohler Software Developers. An environmental issue vulnerability exists in agoo 2.12.3 and earlier versions. An attacker can exploit this vulnerability by sending the Content-Length header twice to conduct an HTTP request smuggling attack...
Microsoft Windows and Windows Server Elevation of Privilege Vulnerability (CNVD-2021-61779)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. An elevation of privilege vulnerability exists in Microsoft Windows and Windows Server, which could be...