Lucene search
K
CnvdMost viewed

131102 matches found

CNVD
CNVD
•added 2021/10/27 12:0 a.m.•28 views

Adobe After Effects Memory Buffer Out-of-Bounds Access Vulnerability (CNVD-2021-89935)

Adobe After Effects "AE" is a graphics video processing software from Adobe for organizations involved in design and video special effects, including television stations, animation production companies, personal post-production studios, and multimedia studios. Effects 18.4.1 and earlier versions...

9.3CVSS6.4AI score0.02315EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/27 12:0 a.m.•28 views

Adobe Photoshop 2021 out-of-bounds read vulnerability

Adobe Photoshop, or "PS" for short, is an image processing software developed and distributed by Adobe. Adobe Photoshop 2021 22.5.1 and earlier versions contain an out-of-bounds read vulnerability. An attacker could exploit this vulnerability to elevate privileges...

5.5CVSS4.9AI score0.00473EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/27 12:0 a.m.•28 views

Adobe Premiere Pro null pointer dereference vulnerability (CNVD-2021-91997)

Adobe Premiere Pro is a timeline-based video editing software from Adobe. Adobe Premiere Pro 15.4.1 and earlier versions are vulnerable to a null pointer dereference. An attacker could exploit the vulnerability to cause a denial of service for the application...

5.5CVSS5.2AI score0.01104EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/26 12:0 a.m.•28 views

Apache Storm code issue vulnerability

Apache Storm is a free and open source distributed real-time computing system. Apache Storm code issue vulnerability. An attacker could exploit the vulnerability to achieve remote code execution...

9.8CVSS3.8AI score0.65587EPSS
Exploits1References1
CNVD
CNVD
•added 2021/10/25 12:0 a.m.•28 views

DedeCMS Cross-Site Scripting Vulnerability (CNVD-2021-81102)

DedeCMS Dream Weaving Content Management System is a set of simple, robust, flexible, open source several characteristics of open source content management system. DedeCMS has a cross-site scripting vulnerability that can be exploited to inject malicious script code via activepath, keyword, tag,...

5.4CVSS5.3AI score0.00562EPSS
Exploits1References1
CNVD
CNVD
•added 2021/10/24 12:0 a.m.•28 views

Atlassian Jira Access Control Error Vulnerability (CNVD-2021-103654)

Atlassian Jira is a defect tracking management system from Atlassian Australia. Atlassian Jira is vulnerable to an access control error that occurs when a network system or product does not properly restrict access to resources from unauthorized roles. A remote attacker could exploit this...

5.3CVSS4.3AI score0.01272EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/21 12:0 a.m.•28 views

Google Chrome Heap Buffer Overflow Vulnerability (CNVD-2021-84811)

Chrome is a web browsing tool developed by Google.A heap buffer overflow vulnerability exists in Settings in versions prior to Google Chrome 95.0.4638.54. An attacker could exploit this vulnerability to exploit heap corruption via a crafted HTML page...

8.8CVSS3.7AI score0.0092EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/21 12:0 a.m.•28 views

Google Chrome Post-release Reuse Vulnerability (CNVD-2021-84813)

Chrome is a web browsing tool developed by Google. a post-release reuse vulnerability exists in Incognito in versions prior to Google Chrome 95.0.4638.54. An attacker could exploit this vulnerability to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS3.7AI score0.00875EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/21 12:0 a.m.•28 views

Google Chrome Insufficient Input Validation Vulnerability (CNVD-2021-84801)

Chrome is a web browsing tool developed by Google, and an insufficient validation of untrusted input vulnerability exists in Downloads in versions prior to Google Chrome 95.0.4638.54. An attacker could exploit this vulnerability to bypass navigation restrictions via malicious files...

5.5CVSS5.5AI score0.00568EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/20 12:0 a.m.•28 views

Oracle MySQL Server Input Validation Error Vulnerability (CNVD-2021-80242)

Oracle MySQL Server, a relational database from Oracle Corporation, has a security vulnerability in the Server: DDL component of Oracle MySQL Server 8.0.26 and earlier. An attacker could exploit this vulnerability to manipulate data...

4CVSS3AI score0.01143EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/20 12:0 a.m.•28 views

Oracle Database Server has an unspecified vulnerability (CNVD-2021-101531)

Oracle Database Server is a relational database management system from Oracle Corporation USA. The database management system provides data management, distributed processing, and other functions.An unspecified vulnerability exists in the Java VM component of Oracle Database Server versions...

4.6CVSS5.6AI score0.00869EPSS
Exploits0Affected Software1
CNVD
CNVD
•added 2021/10/20 12:0 a.m.•28 views

Oracle MySQL Server Information Disclosure Vulnerability (CNVD-2021-81766)

Oracle MySQL Server is a relational database from Oracle Corporation. An information disclosure vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to cause unauthorized read access to a subset of MySQL Server accessible data...

4CVSS3.7AI score0.01342EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/20 12:0 a.m.•28 views

Oracle MySQL Server Denial of Service Vulnerability (CNVD-2021-81768)

Oracle MySQL Server is a relational database from Oracle Corporation. A denial of service vulnerability exists in Oracle MySQL Server, which can be exploited by attackers to cause a partial denial of service of MySQL Server...

4CVSS4.2AI score0.01449EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/20 12:0 a.m.•28 views

Oracle MySQL Server Denial of Service Vulnerability (CNVD-2021-81784)

Oracle MySQL Server is a relational database from Oracle Corporation. A denial of service vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to cause the MySQL server to hang or crash frequently and repeatedly...

6.5CVSS5.9AI score0.02278EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/20 12:0 a.m.•28 views

Oracle MySQL Server Denial of Service Vulnerability (CNVD-2021-81779)

Oracle MySQL Server is a relational database from Oracle Corporation. A denial of service vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to cause the MySQL server to hang or crash frequently and repeatedly...

4.9CVSS5.1AI score0.02125EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/20 12:0 a.m.•28 views

Oracle Java SE and Oracle GraalVM Enterprise Edition Denial of Service Vulnerability (CNVD-2021-81806)

Java SE stands for Java Platform Standard Edition and is used to develop and deploy Java applications for desktops, servers, and embedded devices and real-time environments.Oracle GraalVM Enterprise Edition is an Oracle-based multilingual virtual machine for enterprise Java SE. A denial of servic...

5.3CVSS5.7AI score0.06886EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/20 12:0 a.m.•28 views

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2021-81786)

Oracle MySQL Server is a relational database from Oracle Corporation. An unspecified vulnerability exists in Oracle MySQL Server, which can be exploited by an attacker to compromise MySQL Server by accessing the network via multiple protocols...

7.1CVSS6.3AI score0.02192EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/15 12:0 a.m.•28 views

Nagios XI Cross-Site Scripting Vulnerability (CNVD-2021-90909)

Nagios XI is a commercial monitoring solution built on Nagios Core, including dashboards, web-based configuration, advanced reporting, and rich data visualization.A reflective cross-site scripting vulnerability exists in the generic user interface of versions of Nagios XI prior to 5.8.4. An...

6.1CVSS2.7AI score0.04289EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/14 12:0 a.m.•28 views

Microsoft SharePoint Server Spoofing Vulnerability (CNVD-2022-59597)

Microsoft SharePoint is a set of enterprise business collaboration platforms from Microsoft Corporation USA. Microsoft SharePoint Server is vulnerable to spoofing, which can be exploited by attackers to conduct spoofing attacks...

7.6CVSS2.7AI score0.01304EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/13 12:0 a.m.•28 views

Siemens SINEC NMS User Profile Download Vulnerability

SINEC NMS is a network management system introduced by Siemens for monitoring and managing industrial networks.A user profile download vulnerability exists in versions prior to SINEC NMS 1.0 SP2 Update 1. An attacker could exploit this vulnerability to download any user's user profile, which coul...

6.5CVSS3.4AI score0.00824EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/12 12:0 a.m.•28 views

PHPFusion Remote Code Execution Vulnerability

PHPFusion is a lightweight open source content management system. A remote code execution vulnerability exists in PHPFusion version 9.03.110. The vulnerability can be exploited to achieve remote code execution by inserting malicious php code or php files into a zip file and uploading it to the...

7.2CVSS7.4AI score0.01746EPSS
Exploits1References1
CNVD
CNVD
•added 2021/10/08 12:0 a.m.•28 views

Cobbler Arbitrary File Writing Vulnerability

Cobbler is a network installation server suite, which is mainly used to quickly set up Linux network installation environment.Cobbler in versions prior to 3.3.0 there is an arbitrary file writing vulnerability, the vulnerability originates from the system does not do effective filtering of user...

7.5CVSS3.2AI score0.68635EPSS
Exploits0References1
CNVD
CNVD
•added 2021/10/08 12:0 a.m.•28 views

ECOA BAS controller unauthorized access vulnerability

ECOA BAS controller is an intelligent lighting control solution. an unauthorized access vulnerability exists in ECOA BAS controller, which can be exploited by remote attackers to bypass authorization to access hidden resources in the system and perform privileged functions...

6.5CVSS4.8AI score0.00842EPSS
Exploits1
CNVD
CNVD
•added 2021/10/08 12:0 a.m.•28 views

Netscaut nGeniusONE XML External Entity Injection Vulnerability

Netscout NgeniusOne is a centralized application and network performance management solution from Netscout, Inc. Netscaut nGeniusONE in version 6.3.0 build 1196 suffers from an XML External Entity Injection vulnerability, which arises from a network system or product that does not have the correc...

6.5CVSS6.6AI score0.00933EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/27 12:0 a.m.•28 views

IBM Aspera Cross-Site Scripting Vulnerability

IBM Aspera is a set of fast file transfer and streaming solutions built on the IBM FASP protocol from IBM U.S. A cross-site scripting vulnerability exists in IBM Aspera Cloud, which could be exploited by an attacker to embed arbitrary JavaScript code in the Web UI to alter the intended...

6.4CVSS2.5AI score0.0048EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/24 12:0 a.m.•28 views

Huawei FusionCompute Command Injection Vulnerability (CNVD-2021-84882)

Huawei FusionCompute is a computer virtualization engine from Huawei China. A command injection vulnerability exists in the CMA service of the Huawei FusionCompute product, which provides Virtual Resource Manager VRM and Compute Node Agent CNA. The vulnerability stems from the fact that special...

9CVSS2.9AI score0.00898EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/24 12:0 a.m.•28 views

NETGEAR Code Injection Vulnerability

Netgear NETGEAR is a router from Netgear, an American company. NETGEAR routers have a security vulnerability that could allow remote attackers to remotely execute code as root via a MitM attack during updates to the Circle parental control service...

9.3CVSS7.4AI score0.10051EPSS
Exploits1Affected Software11
CNVD
CNVD
•added 2021/09/24 12:0 a.m.•28 views

VMware vCenter Server Information Disclosure Vulnerability (CNVD-2021-74283)

Vmware VMware vCenter Server is a suite of server and virtualization management software from Vmware, Inc. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructure. vmware vCenter Server is vulnerab...

7.5CVSS2.7AI score0.01629EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/23 12:0 a.m.•28 views

FFmpeg integer overflow vulnerability (CNVD-2021-80287)

FFmpeg is the FFmpeg team's complete solution for recording, converting, and streaming audio and video. FFmpeg suffers from an integer overflow vulnerability that could be exploited by an attacker to cause a denial of service or other unspecified impact...

8.8CVSS6.4AI score0.01221EPSS
Exploits1References1
CNVD
CNVD
•added 2021/09/23 12:0 a.m.•28 views

libslax code issue vulnerability

libslax is an open-source implementation of the SLAX language. libslax is vulnerable to a code problem caused by a null pointer dereference in the function slaxLexer in slaxLexer .c, which can be exploited to cause a denial of service...

6.5CVSS3.2AI score0.00829EPSS
Exploits1References1
CNVD
CNVD
•added 2021/09/23 12:0 a.m.•28 views

FFmpeg buffer overflow vulnerability (CNVD-2021-74089)

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability exists in Ffmpeg that can be exploited by attackers to cause a denial of service or other unspecified impact...

8.8CVSS8.4AI score0.01182EPSS
Exploits1References1
CNVD
CNVD
•added 2021/09/22 12:0 a.m.•28 views

Google Chrome UI security bypass vulnerability

Chrome is a simple and efficient web browsing tool developed by Google, which is characterized by simplicity and speed. Google Chrome suffers from a security vulnerability. An attacker could exploit this vulnerability to bypass security restrictions...

4.3CVSS4.2AI score0.01174EPSS
Exploits1References1
CNVD
CNVD
•added 2021/09/22 12:0 a.m.•28 views

Xiaomi AX3600 Command Injection Vulnerability (CNVD-2021-91956)

Xiaomi AX3600 is a router.A security vulnerability exists in Xiaomi AX3600 firmware version 1.1.12 and earlier, which stems from a command injection in the meshd program in the routing system. An attacker could exploit this vulnerability to execute commands with administrator privileges...

9CVSS7.2AI score0.02166EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/22 12:0 a.m.•28 views

Google Chrome Offline Code Execution Vulnerability

Google Chrome Offline is a web browser from Google, Inc. A code execution vulnerability exists in Google Chrome Offline. A remote attacker could use this vulnerability to execute arbitrary code on the system or cause a denial of service condition...

8.8CVSS5.7AI score0.01157EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/17 12:0 a.m.•28 views

fig2dev segmentation error vulnerability

fig2dev is used to convert .fig files to various graphics languages and formats. A segmentation error vulnerability exists in the gencgmstart function in gencgm.c in fig2dev version 3.2.7b. No detailed vulnerability details are currently available...

5.5CVSS3AI score0.00862EPSS
Exploits1References1
CNVD
CNVD
•added 2021/09/17 12:0 a.m.•28 views

kubernetes input validation error vulnerability

Kubernetes is an open source Docker container cluster management system from the American Linux Foundation. The system provides resource scheduling, deployment operations, service discovery, and scale-up and scale-down for containerized applications. kubernetes has a security vulnerability that c...

8.8CVSS1AI score0.06505EPSS
Exploits1References1
CNVD
CNVD
•added 2021/09/15 12:0 a.m.•28 views

Adobe Acrobat/Reader Post-release Reuse Vulnerability (CNVD-2021-94914)

Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat is a PDF editing software developed by Adobe. Adobe Acrobat/Reader suffers from a post-release reuse vulnerability. An attacker can exploit this vulnerability to execute arbitrary code...

6.1AI score0.00423EPSS
Exploits0Affected Software4
CNVD
CNVD
•added 2021/09/14 12:0 a.m.•28 views

PRTG Network Monitor Cross-Site Scripting Vulnerability (CNVD-2021-93888)

PRTG Network Monitor is an uptime and bandwidth monitoring software that supports various sensor types.A stored cross-site scripting vulnerability exists in versions prior to PRTG Network Monitor 21.3.69.1333. An attacker can execute malicious JavaScript by importing a specially crafted string fr...

5.4CVSS3AI score0.00609EPSS
Exploits1References1
CNVD
CNVD
•added 2021/09/09 12:0 a.m.•28 views

Hitachi ABB Power Grids System Data Manager Encryption Issue Vulnerability

Hitachi ABB Power Grids System Data Manager is a system data manager from Hitachi, Japan. Hitachi ABB Power Grids System Data Manager is vulnerable to an encryption issue that stems from the fact that the application does not encrypt backup files. A local operating system user can modify the back...

7.8CVSS2.5AI score0.00127EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/07 12:0 a.m.•28 views

Tuxera NTFS-3G Buffer Overflow Vulnerability (CNVD-2021-72274)

Tuxera NTFS-3G is Finland's Tuxera company's set of open source , cross-platform for supporting NTFS partition read and write drivers . NTFS-3G suffers from a buffer overflow vulnerability that can be exploited by an attacker to cause a heap-based buffer overflow in ntfsinodelookupbyname in NTFS-...

7.8CVSS7.8AI score0.00455EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/07 12:0 a.m.•28 views

Tuxera NTFS-3G Buffer Overflow Vulnerability (CNVD-2021-72270)

Tuxera NTFS-3G is Finland's Tuxera company's set of open source , cross-platform for supporting NTFS partition read and write drivers . NTFS-3G suffers from a buffer overflow vulnerability that can be exploited by an attacker to potentially cause out-of-bounds reads in ntfsattrfind and...

7.8CVSS7.7AI score0.00421EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/03 12:0 a.m.•28 views

ZOHO ManageEngine ServiceDesk Plus Licensing Issue Vulnerability

ZOHO ManageEngine ServiceDesk Plus SDP is a set of ITIL-based IT service management software from ZOHO. The software integrates incident management, issue management, asset management IT project management, procurement and contract management, etc. An authorization issue vulnerability exists in...

9.8CVSS2.9AI score0.99854EPSS
Exploits0References1
CNVD
CNVD
•added 2021/09/01 12:0 a.m.•28 views

Google Chrome Bookmarks code execution vulnerability

Google Chrome is a web browser from Google, Inc. A code execution vulnerability exists in Google Chrome Bookmarks. An attacker could use this vulnerability to execute arbitrary code on the system or cause a denial of service condition...

8.8CVSS4.7AI score0.03972EPSS
Exploits1References1
CNVD
CNVD
•added 2021/09/01 12:0 a.m.•28 views

SolarWinds Orion Platform SQL Injection Vulnerability

SolarWinds Orion Platform is a network fault and network performance management platform from SolarWinds, Inc. The platform provides real-time monitoring and profiling of network devices and supports custom web interfaces, multiple user opinions, and map-based browsing of the entire network. The...

9CVSS1.9AI score0.01642EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/27 12:0 a.m.•28 views

Six Apart Movable Type Cross-Site Scripting Vulnerability (CNVD-2022-22651)

Six Apart Movable Type MT is a blogging system from Six Apart, Inc. A cross-site scripting vulnerability exists in Six Apart Movable Type, which stems from a lack of validation and escaping of user-supplied data in the search screen, and could be exploited by remote attackers to trick victims int...

6.1CVSS1.6AI score0.009EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/26 12:0 a.m.•28 views

F5 BIG-IP TMUI Remote Command Execution Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A remote command execution vulnerability exists in the F5 BIG-IP TMUI, which can be exploited by an authenticated attacker wi...

8.8CVSS3.9AI score0.02288EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/24 12:0 a.m.•28 views

ARM mbed TLS denial of service vulnerability

ARM mbed TLS is a product from ARM UK that provides secure communication and encryption for mbed products. ARM mbed TLS suffers from a denial of service vulnerability that stems from an unrestricted calculation performed by mbedtlsmpiexpmod. An attacker could exploit this vulnerability to provide...

7.5CVSS4.1AI score0.0197EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/23 12:0 a.m.•28 views

XStream Arbitrary Code Execution Vulnerability (CNVD-2021-67826)

XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...

8.5CVSS6.4AI score0.04065EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/23 12:0 a.m.•28 views

XStream Arbitrary Code Execution Vulnerability

XStream is an open source Java class library that is mainly used to serialize objects to XML JSON or deserialize them to objects.XStream 1.4.17 and earlier versions have an arbitrary code execution vulnerability that can be exploited by attackers to cause arbitrary code execution...

8.8CVSS6.4AI score0.0454EPSS
Exploits0References1
CNVD
CNVD
•added 2021/08/18 12:0 a.m.•28 views

IBM API Connect HOST Injection Vulnerability

IBM API Connect APIConnect is an integration solution for managing the lifecycle of APIs from IBM. The product supports creating, running, managing and securing APIs and microservices, etc. An injection vulnerability exists in IBM API Connect HOST, which stems from the product's host header not...

5.5CVSS0.5AI score0.00937EPSS
Exploits0References1
Total number of security vulnerabilities5000