131102 matches found
Adobe After Effects Memory Buffer Out-of-Bounds Access Vulnerability (CNVD-2021-89935)
Adobe After Effects "AE" is a graphics video processing software from Adobe for organizations involved in design and video special effects, including television stations, animation production companies, personal post-production studios, and multimedia studios. Effects 18.4.1 and earlier versions...
Adobe Photoshop 2021 out-of-bounds read vulnerability
Adobe Photoshop, or "PS" for short, is an image processing software developed and distributed by Adobe. Adobe Photoshop 2021 22.5.1 and earlier versions contain an out-of-bounds read vulnerability. An attacker could exploit this vulnerability to elevate privileges...
Adobe Premiere Pro null pointer dereference vulnerability (CNVD-2021-91997)
Adobe Premiere Pro is a timeline-based video editing software from Adobe. Adobe Premiere Pro 15.4.1 and earlier versions are vulnerable to a null pointer dereference. An attacker could exploit the vulnerability to cause a denial of service for the application...
Apache Storm code issue vulnerability
Apache Storm is a free and open source distributed real-time computing system. Apache Storm code issue vulnerability. An attacker could exploit the vulnerability to achieve remote code execution...
DedeCMS Cross-Site Scripting Vulnerability (CNVD-2021-81102)
DedeCMS Dream Weaving Content Management System is a set of simple, robust, flexible, open source several characteristics of open source content management system. DedeCMS has a cross-site scripting vulnerability that can be exploited to inject malicious script code via activepath, keyword, tag,...
Atlassian Jira Access Control Error Vulnerability (CNVD-2021-103654)
Atlassian Jira is a defect tracking management system from Atlassian Australia. Atlassian Jira is vulnerable to an access control error that occurs when a network system or product does not properly restrict access to resources from unauthorized roles. A remote attacker could exploit this...
Google Chrome Heap Buffer Overflow Vulnerability (CNVD-2021-84811)
Chrome is a web browsing tool developed by Google.A heap buffer overflow vulnerability exists in Settings in versions prior to Google Chrome 95.0.4638.54. An attacker could exploit this vulnerability to exploit heap corruption via a crafted HTML page...
Google Chrome Post-release Reuse Vulnerability (CNVD-2021-84813)
Chrome is a web browsing tool developed by Google. a post-release reuse vulnerability exists in Incognito in versions prior to Google Chrome 95.0.4638.54. An attacker could exploit this vulnerability to potentially exploit heap corruption via a crafted HTML page...
Google Chrome Insufficient Input Validation Vulnerability (CNVD-2021-84801)
Chrome is a web browsing tool developed by Google, and an insufficient validation of untrusted input vulnerability exists in Downloads in versions prior to Google Chrome 95.0.4638.54. An attacker could exploit this vulnerability to bypass navigation restrictions via malicious files...
Oracle MySQL Server Input Validation Error Vulnerability (CNVD-2021-80242)
Oracle MySQL Server, a relational database from Oracle Corporation, has a security vulnerability in the Server: DDL component of Oracle MySQL Server 8.0.26 and earlier. An attacker could exploit this vulnerability to manipulate data...
Oracle Database Server has an unspecified vulnerability (CNVD-2021-101531)
Oracle Database Server is a relational database management system from Oracle Corporation USA. The database management system provides data management, distributed processing, and other functions.An unspecified vulnerability exists in the Java VM component of Oracle Database Server versions...
Oracle MySQL Server Information Disclosure Vulnerability (CNVD-2021-81766)
Oracle MySQL Server is a relational database from Oracle Corporation. An information disclosure vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to cause unauthorized read access to a subset of MySQL Server accessible data...
Oracle MySQL Server Denial of Service Vulnerability (CNVD-2021-81768)
Oracle MySQL Server is a relational database from Oracle Corporation. A denial of service vulnerability exists in Oracle MySQL Server, which can be exploited by attackers to cause a partial denial of service of MySQL Server...
Oracle MySQL Server Denial of Service Vulnerability (CNVD-2021-81784)
Oracle MySQL Server is a relational database from Oracle Corporation. A denial of service vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to cause the MySQL server to hang or crash frequently and repeatedly...
Oracle MySQL Server Denial of Service Vulnerability (CNVD-2021-81779)
Oracle MySQL Server is a relational database from Oracle Corporation. A denial of service vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to cause the MySQL server to hang or crash frequently and repeatedly...
Oracle Java SE and Oracle GraalVM Enterprise Edition Denial of Service Vulnerability (CNVD-2021-81806)
Java SE stands for Java Platform Standard Edition and is used to develop and deploy Java applications for desktops, servers, and embedded devices and real-time environments.Oracle GraalVM Enterprise Edition is an Oracle-based multilingual virtual machine for enterprise Java SE. A denial of servic...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2021-81786)
Oracle MySQL Server is a relational database from Oracle Corporation. An unspecified vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to compromise MySQL Server by accessing the network via multiple protocols...
Nagios XI Cross-Site Scripting Vulnerability (CNVD-2021-90909)
Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting, and rich data visualization.A reflective cross-site scripting vulnerability exists in the generic user interface of versions of Nagios XI prior to 5.8.4. An...
Microsoft SharePoint Server Spoofing Vulnerability (CNVD-2022-59597)
Microsoft SharePoint is a set of enterprise business collaboration platforms from Microsoft Corporation USA. Microsoft SharePoint Server is vulnerable to spoofing, which can be exploited by attackers to conduct spoofing attacks...
Siemens SINEC NMS User Profile Download Vulnerability
SINEC NMS is a network management system introduced by Siemens for monitoring and managing industrial networks.A user profile download vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1. An attacker could exploit this vulnerability to download any user's user profile, which coul...
PHPFusion Remote Code Execution Vulnerability
PHPFusion is a lightweight open source content management system. A remote code execution vulnerability exists in PHPFusion version 9.03.110. The vulnerability can be exploited to achieve remote code execution by inserting malicious php code or php files into a zip file and uploading it to the...
Cobbler Arbitrary File Writing Vulnerability
Cobbler is a network installation server suite, which is mainly used to quickly set up Linux network installation environment.Cobbler in versions prior to 3.3.0 there is an arbitrary file writing vulnerability, the vulnerability originates from the system does not do effective filtering of user...
ECOA BAS controller unauthorized access vulnerability
ECOA BAS controller is an intelligent lighting control solution. an unauthorized access vulnerability exists in ECOA BAS controller, which can be exploited by remote attackers to bypass authorization to access hidden resources in the system and perform privileged functions...
Netscaut nGeniusONE XML External Entity Injection Vulnerability
Netscout NgeniusOne is a centralized application and network performance management solution from Netscout, Inc. Netscaut nGeniusONE in version 6.3.0 build 1196 suffers from an XML External Entity Injection vulnerability, which arises from a network system or product that does not have the correc...
IBM Aspera Cross-Site Scripting Vulnerability
IBM Aspera is a set of fast file transfer and streaming solutions built on the IBM FASP protocol from IBM U.S. A cross-site scripting vulnerability exists in IBM Aspera Cloud, which could be exploited by an attacker to embed arbitrary JavaScript code in the Web UI to alter the intended...
Huawei FusionCompute Command Injection Vulnerability (CNVD-2021-84882)
Huawei FusionCompute is a computer virtualization engine from Huawei China. A command injection vulnerability exists in the CMA service of the Huawei FusionCompute product, which provides Virtual Resource Manager VRM and Compute Node Agent CNA. The vulnerability stems from the fact that special...
NETGEAR Code Injection Vulnerability
Netgear NETGEAR is a router from Netgear, an American company. NETGEAR routers have a security vulnerability that could allow remote attackers to remotely execute code as root via a MitM attack during updates to the Circle parental control service...
VMware vCenter Server Information Disclosure Vulnerability (CNVD-2021-74283)
Vmware VMware vCenter Server is a suite of server and virtualization management software from Vmware, Inc. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructure. vmware vCenter Server is vulnerab...
FFmpeg integer overflow vulnerability (CNVD-2021-80287)
FFmpeg is the FFmpeg team's complete solution for recording, converting, and streaming audio and video. FFmpeg suffers from an integer overflow vulnerability that could be exploited by an attacker to cause a denial of service or other unspecified impact...
libslax code issue vulnerability
libslax is an open-source implementation of the SLAX language. libslax is vulnerable to a code problem caused by a null pointer dereference in the function slaxLexer in slaxLexer .c, which can be exploited to cause a denial of service...
FFmpeg buffer overflow vulnerability (CNVD-2021-74089)
FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability exists in Ffmpeg that can be exploited by attackers to cause a denial of service or other unspecified impact...
Google Chrome UI security bypass vulnerability
Chrome is a simple and efficient web browsing tool developed by Google, which is characterized by simplicity and speed. Google Chrome suffers from a security vulnerability. An attacker could exploit this vulnerability to bypass security restrictions...
Xiaomi AX3600 Command Injection Vulnerability (CNVD-2021-91956)
Xiaomi AX3600 is a router.A security vulnerability exists in Xiaomi AX3600 firmware version 1.1.12 and earlier, which stems from a command injection in the meshd program in the routing system. An attacker could exploit this vulnerability to execute commands with administrator privileges...
Google Chrome Offline Code Execution Vulnerability
Google Chrome Offline is a web browser from Google, Inc. A code execution vulnerability exists in Google Chrome Offline. A remote attacker could use this vulnerability to execute arbitrary code on the system or cause a denial of service condition...
fig2dev segmentation error vulnerability
fig2dev is used to convert .fig files to various graphics languages and formats. A segmentation error vulnerability exists in the gencgmstart function in gencgm.c in fig2dev version 3.2.7b. No detailed vulnerability details are currently available...
kubernetes input validation error vulnerability
Kubernetes is an open source Docker container cluster management system from the American Linux Foundation. The system provides resource scheduling, deployment operations, service discovery, and scale-up and scale-down for containerized applications. kubernetes has a security vulnerability that c...
Adobe Acrobat/Reader Post-release Reuse Vulnerability (CNVD-2021-94914)
Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat is a PDF editing software developed by Adobe. Adobe Acrobat/Reader suffers from a post-release reuse vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...
PRTG Network Monitor Cross-Site Scripting Vulnerability (CNVD-2021-93888)
PRTG Network Monitor is an uptime and bandwidth monitoring software that supports various sensor types.A stored cross-site scripting vulnerability exists in versions prior to PRTG Network Monitor 21.3.69.1333. An attacker can execute malicious JavaScript by importing a specially crafted string fr...
Hitachi ABB Power Grids System Data Manager Encryption Issue Vulnerability
Hitachi ABB Power Grids System Data Manager is a system data manager from Hitachi, Japan. Hitachi ABB Power Grids System Data Manager is vulnerable to an encryption issue that stems from the fact that the application does not encrypt backup files. A local operating system user can modify the back...
Tuxera NTFS-3G Buffer Overflow Vulnerability (CNVD-2021-72274)
Tuxera NTFS-3G is Finland's Tuxera company's set of open source , cross-platform for supporting NTFS partition read and write drivers . NTFS-3G suffers from a buffer overflow vulnerability that can be exploited by an attacker to cause a heap-based buffer overflow in ntfsinodelookupbyname in NTFS-...
Tuxera NTFS-3G Buffer Overflow Vulnerability (CNVD-2021-72270)
Tuxera NTFS-3G is Finland's Tuxera company's set of open source , cross-platform for supporting NTFS partition read and write drivers . NTFS-3G suffers from a buffer overflow vulnerability that can be exploited by an attacker to potentially cause out-of-bounds reads in ntfsattrfind and...
ZOHO ManageEngine ServiceDesk Plus Licensing Issue Vulnerability
ZOHO ManageEngine ServiceDesk Plus SDP is a set of ITIL-based IT service management software from ZOHO. The software integrates incident management, issue management, asset management IT project management, procurement and contract management, etc. An authorization issue vulnerability exists in...
Google Chrome Bookmarks code execution vulnerability
Google Chrome is a web browser from Google, Inc. A code execution vulnerability exists in Google Chrome Bookmarks. An attacker could use this vulnerability to execute arbitrary code on the system or cause a denial of service condition...
SolarWinds Orion Platform SQL Injection Vulnerability
SolarWinds Orion Platform is a network fault and network performance management platform from SolarWinds, Inc. The platform provides real-time monitoring and profiling of network devices and supports custom web interfaces, multiple user opinions, and map-based browsing of the entire network. The...
Six Apart Movable Type Cross-Site Scripting Vulnerability (CNVD-2022-22651)
Six Apart Movable Type MT is a blogging system from Six Apart, Inc. A cross-site scripting vulnerability exists in Six Apart Movable Type, which stems from a lack of validation and escaping of user-supplied data in the search screen, and could be exploited by remote attackers to trick victims int...
F5 BIG-IP TMUI Remote Command Execution Vulnerability
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A remote command execution vulnerability exists in the F5 BIG-IP TMUI, which can be exploited by an authenticated attacker wi...
ARM mbed TLS denial of service vulnerability
ARM mbed TLS is a product from ARM UK that provides secure communication and encryption for mbed products. ARM mbed TLS suffers from a denial of service vulnerability that stems from an unrestricted calculation performed by mbedtlsmpiexpmod. An attacker could exploit this vulnerability to provide...
XStream Arbitrary Code Execution Vulnerability (CNVD-2021-67826)
XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...
XStream Arbitrary Code Execution Vulnerability
XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...
IBM API Connect HOST Injection Vulnerability
IBM API Connect APIConnect is an integration solution for managing the lifecycle of APIs from IBM. The product supports creating, running, managing and securing APIs and microservices, etc. An injection vulnerability exists in IBM API Connect HOST, which stems from the product's host header not...