131102 matches found
Code Execution Vulnerabilities in Multiple Mozilla Products
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. A code...
Mozilla Firefox Denial of Service Vulnerability (CNVD-2024-10437)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A denial of service vulnerability exists in Mozilla Firefox, which can be exploited by attackers to cause the browser to crash...
Simple Online Hotel Reservation System Cross-Site Scripting Vulnerability
Simple Online Hotel Reservation System is an online hotel reservation system. A cross-site scripting vulnerability exists in Simple Online Hotel Reservation System version 1.0, which stems from the lack of effective filtering and escaping of user-supplied data in the addreserve.php file, and can ...
Huawei HarmonyOS buffer overflow vulnerability (CNVD-2024-06169)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a buffer overflow vulnerability that stems from a buffer overflow vulnerability in a module. An attacker could exploit the...
Microsoft Message Queuing Information Disclosure Vulnerability (CNVD-2024-04951)
Microsoft Message Queuing is the solution for implementing asynchronous and synchronous scenarios that require high performance. An information disclosure vulnerability exists in Microsoft Message Queuing, which can be exploited by an attacker to obtain sensitive information from heap memory...
Microsoft Message Queuing Information Disclosure Vulnerability (CNVD-2024-04950)
Microsoft Message Queuing is the solution for implementing asynchronous and synchronous scenarios that require high performance. An information disclosure vulnerability exists in Microsoft Message Queuing, which can be exploited by an attacker to obtain sensitive information from heap memory...
Adobe InDesign Buffer Overflow Vulnerability (CNVD-2024-12469)
Adobe InDesign is a set of layout and editing applications from the American company Audobee Adobe. A security vulnerability exists in Adobe InDesign, which can be exploited by an attacker to cause a sensitive memory leak...
PHPEMS Deserialization Vulnerability
PHPEMS is a PHP online mock exam system. PHPEMS suffers from a deserialization vulnerability that stems from unsafe deserialization processing of lib/session.cls.php when receiving serialized data submitted by a user, which can be exploited by an attacker to cause code execution...
Siemens SCALANCE M-800/S615 Series OS Command Injection Vulnerability
The SCALANCE M-800, MUM-800 and S615 and the RUGGEDCOM RM1224 are industrial routers. An operating system command injection vulnerability exists in the Siemens SCALANCE M-800/S615 series, which can be exploited by an attacker to execute commands on the system via a malicious local administrator...
IBM Informix Dynamic Server Buffer Overflow Vulnerability (CNVD-2023-9769466)
IBM Informix Dynamic Server IDS is a scalable object-relational database server from International Business Machines IBM that provides clustered data centers with features such as continuous data availability and disaster recovery. IBM Informix Dynamic Server suffers from a buffer overflow...
Adobe ColdFusion Access Control Error Vulnerability
Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. An Access Control Error vulnerability exists in Adobe ColdFusion, which arises from the presence of...
Command Execution Vulnerability in Green Alliance Operations and Maintenance Security Management System
Beijing Shenzhou Green Alliance Technology Co., Ltd. is a company whose business scope includes technology development, technology consulting, technology services; computer system services and so on. A command execution vulnerability exists in the Green Alliance Operations and Maintenance Securit...
Adobe After Effects Out-of-Bounds Read Vulnerability (CNVD-2023-82672)
Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe, which is mainly used for 2D and 3D compositing, animation and visual effects production. An out-of-bounds read vulnerability exists in Adobe After Effects versions 18.4....
Google Android Information Disclosure Vulnerability (CNVD-2024-00168)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability that can be exploited by attackers to cause information leakage...
Microsoft Windows Layer 2 Tunneling Protocol Remote Code Execution Vulnerability (CNVD-2023-81885)
Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. A remote code execution vulnerability exists in the Microsoft Windows Layer 2 Tunneling Protocol, which can be exploited by an attacker to remotely execute code...
Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. Microsoft Office Click-To-Run has an elevation of privilege vulnerability that can be exploited by an...
Microsoft Windows Layer 2 Tunneling Protocol Remote Code Execution Vulnerability (CNVD-2023-81884)
Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. A remote code execution vulnerability exists in the Microsoft Windows Layer 2 Tunneling Protocol, which can be exploited by an attacker to remotely execute code...
Adobe After Effects Out-of-Bounds Read Vulnerability (CNVD-2023-76937)
Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe, which is mainly used for 2D and 3D compositing, animation and visual effects production. Adobe After Effects suffers from an out-of-bounds read vulnerability that stems...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2023-82284)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
Google Chrome Security Bypass Vulnerability (CNVD-2023-75496)
Google Chrome is a web browser from Google, an American company. A security bypass vulnerability exists in Google Chrome prior to version 117.0.5938.62, which stems from an improper implementation of the Custom Tabs module. An attacker can exploit the vulnerability to bypass security restrictions...
Microsoft 3D Viewer Remote Code Execution Vulnerability (CNVD-2023-74905)
Microsoft 3D Viewer is a simplified and fast graphics editing application from Microsoft. A remote code execution vulnerability exists in Microsoft 3D Viewer, which can be exploited by an attacker to execute code on the target host...
Command Execution Vulnerability in 4A Unified Security Control Platform of Beijing Qixingchen Information Security Technology Co.
Beijing Qixingchen Information Security Technology Co., Ltd. is an enterprise mainly engaged in science and technology promotion and application service industry. A command execution vulnerability exists in the 4A Unified Security Control Platform of Beijing Qixingchen Information Security...
Microsoft Azure HDInsight Apache Ambari Elevation of Privilege Vulnerability
Microsoft Azure is a set of open, enterprise-grade cloud computing platforms from the U.S.-based Microsoft. An elevation of privilege vulnerability exists in Microsoft Azure HDInsight Apache Ambari, which can be exploited by an attacker to gain domain administrator privileges...
Siemens Industrial Products WIBU System CodeMeter Heap Buffer Overflow Vulnerability
PSSRCAPE is a transmission and distribution network protection simulation software.PSSRE is a power system simulation and analysis tool for transmission operations and planning.PSSRODMS is a CIM-based network modeling management tool with network analysis capabilities for planning and operational...
Tenda AC6 Denial of Service Vulnerability
The Tenda AC6 is a wireless router from the Chinese company Tenda. A denial of service vulnerability exists in the Tenda AC6. The vulnerability stems from a failure to properly handle incoming error messages and can be exploited to cause a denial of service device crash via a long string in the...
Vim buffer overflow vulnerability (CNVD-2023-72249)
Vim is a cross-platform text editor. A buffer overflow vulnerability exists in Vim versions prior to 9.0.1873, which stems from a boundary error in the regexp.c:2482 function when handling untrusted input. A remote attacker could exploit this vulnerability to execute arbitrary code on the system ...
Linux kernel memory leak vulnerability (CNVD-2023-70087)
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a memory leak vulnerability that originates from nftsetcatchallflush in net/netfilter/nftablesapi.c not freeing or failing to free dynamically allocat...
Google Chrome ANGLE Buffer Overflow Vulnerability
Google Chrome is a web browser from Google, an American company. A buffer overflow vulnerability exists in versions prior to Google Chrome 116.0.5845.96, which stems from a boundary error in ANGLE when handling untrusted input, and can be exploited by a remote attacker to cause the browser to shu...
Siemens Tecnomatix Plant Simulation Out-of-Bounds Write Vulnerability (CNVD-2023-71239)
Siemens Tecnomatix Plant Simulation is an industrial control device from Siemens, Germany. The power of discrete-event simulation is used to analyze and optimize throughput and thus improve manufacturing system performance. Siemens Tecnomatix Plant Simulation suffers from an out-of-bounds write...
ASUS RT-AC66U Information Disclosure Vulnerability
The ASUS RT-AC66U is a wireless router from the Chinese company ASUS. An information disclosure vulnerability exists in ASUS RT-AC66U B1 version 3.0.0.4.28651665, which originates from transmitting sensitive information in clear text. An attacker can exploit the vulnerability to obtain sensitive...
Microsoft SharePoint Server Spoofing Vulnerability (CNVD-2023-64873)
Microsoft SharePoint Server Information Disclosure Vulnerability CNVD-2023-64874...
Huawei HarmonyOS misconfiguration vulnerability (CNVD-2023-64500)
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a misconfiguration vulnerability that stems from a configuration flaw in the media module. An attacker can exploit the...
ScienceLogic SL1 SQL Injection Vulnerability (CNVD-2023-66418)
ScienceLogic SL1 is an application from ScienceLogic, Inc. Connect your real estate together to automate multidirectional data flow and workflow. A SQL injection vulnerability exists in ScienceLogic SL1 11.1.2 and earlier versions, which stems from a lack of validation of externally entered SQL...
F5 BIG-IP (APM) Elevation of Privilege Vulnerability
F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. F5 BIG-IP APM elevation of privilege vulnerability, which is caused by incorrect verification of cryptographic signatures duri...
Apple macOS Ventura Security Bypass Vulnerability
Apple macOS Ventura is a desktop operating system from the American company Apple. A security bypass vulnerability exists in Apple macOS Ventura, which can be exploited by attackers to bypass certain privacy preferences...
Apache Shiro Path Traversal Vulnerability
Apache Shiro is the United States Apache Apache Foundation set of Java security framework for performing authentication, authorization, encryption and session management . A path traversal vulnerability exists in versions of Apache Shiro prior to 1.12.0, which stems from the program's failure to...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2023-65505)
Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which can be exploited by attackers to cause unauthorized MySQL Server hangs or frequent repeated crashes...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2023-65507)
Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to cause unauthorized update, insertion, or deletion access to MySQL Server accessible data...
Microsoft SharePoint Remote Code Execution Vulnerability (CNVD-2023-72197)
Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A remote code executi...
Siemens Tecnomatix Plant Simulation Type Obfuscation Vulnerability
Siemens Tecnomatix Plant Simulation is an industrial control device from Siemens, Germany, that uses discrete-event simulation to analyze and optimize throughput and thereby improve manufacturing system performance. A type confusion vulnerability exists in Siemens Tecnomatix Plant Simulation, whi...
Milesight UR32L vtysh_ubus toolsh_excute.constprop.1 Functional Command Injection Vulnerability (CNVD-2023-65490)
The Milesight UR32L is a 4G industrial router from China's Milesight. The Milesight UR32L vtyshubus toolshexcute.constprop.1 feature suffers from a command injection vulnerability that can be exploited by an attacker to execute arbitrary commands on the system...
Milesight UR32L ys_thirdparty user_delete function command injection vulnerability
The Milesight UR32L is a 4G industrial router from China's Milesight. A command injection vulnerability exists in the Milesight UR32L ysthirdparty userdelete function, which can be exploited by an attacker to execute arbitrary commands on the system...
Siemens Teamcenter Visualization and JT2Go Null Pointer Dereference Vulnerability
JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML with available JT, VFZ, CGM and TIF data.Teamcenter Visualization software is able to enhance its Product Lifecycle Management PLM environments with a comprehensive range of visualization solutions. PLM environme...
Wireshark Buffer Overflow Vulnerability (CNVD-2023-62286)
Wireshark is a network packet analysis tool. The tool is mainly used to capture network packets and automatically parses the packets to display detailed information about the packets for users to analyze. Wireshark has a security vulnerability that can be exploited by attackers to execute arbitra...
Google Chrome Mojo Component Code Execution Vulnerability
Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in the Google Chrome Mojo component that stems from an out-of-bounds memory access issue in the Mojo module. An attacker could exploit this vulnerability to execute arbitrary code on the system ...
GIT suffers from a service parameter injection vulnerability
GIT is a revision control system. GIT suffers from a service parameter injection vulnerability that can be exploited by an attacker to execute arbitrary code from a distance...
Moodle cross-site scripting vulnerability (CNVD-2023-43862)
Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A cross-site scripting vulnerability exists in Moodle version 3.10.1 that stems from improper input cleanup and is susceptible to...
Rockwell Automation ArmorStart ST Cross-Site Scripting Vulnerability (CNVD-2023-44295)
Rockwell Automation ArmorStart ST is a simple and cost-effective solution for machine-side control architectures from Rockwell Automation. A cross-site scripting vulnerability exists in Rockwell Automation ArmorStart ST, which can be exploited by an attacker to view user data and modify the web...
Apache DolphinScheduler Authorization Issues Vulnerability
Apache DolphinScheduler is a distributed DAG visualization-based workflow task scheduling system from the Apache Apache Foundation in the United States. Apache DolphinScheduler suffers from an authorization problem vulnerability that stems from the presence of incorrect authentication, which can ...
Google Chrome Memory Misreference Vulnerability
Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions prior to Google Chrome 112.0.5615.137, which stems from a confusion in the directive responsible for freeing memory in DevTools. An attacker could use this vulnerability to caus...