Filtered by vendor Baidu
Subscribe
Total
16 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36631 | 1 Baidu | 1 Baidunetdisk | 2022-12-29 | N/A | 6.7 MEDIUM |
| Untrusted search path vulnerability in Baidunetdisk Version 7.4.3 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2021-39227 | 1 Baidu | 1 Zrender | 2022-09-09 | 7.5 HIGH | 9.8 CRITICAL |
| ZRender is a lightweight graphic library providing 2d draw for Apache ECharts. In versions prior to 5.2.1, using `merge` and `clone` helper methods in the `src/core/util.ts` module results in prototype pollution. It affects the popular data visualization library Apache ECharts, which uses and exports these two methods directly. The GitHub Security Advisory page for this vulnerability contains a proof of concept. This issue is patched in ZRender version 5.2.1. One workaround is available: Check if there is `__proto__` in the object keys. Omit it before using it as an parameter in these affected methods. Or in `echarts.util.merge` and `setOption` if project is using ECharts. | |||||
| CVE-2022-31830 | 1 Baidu | 1 Kity Minder | 2022-06-15 | 6.4 MEDIUM | 9.1 CRITICAL |
| Kity Minder v1.3.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the init function at ImageCapture.class.php. | |||||
| CVE-2021-37271 | 1 Baidu | 1 Ueditor | 2021-10-01 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in UEditor v1.4.3.3, which can be exploited by an attacker to obtain user cookie information. | |||||
| CVE-2020-22741 | 1 Baidu | 1 Xuperchain | 2021-07-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Xuperchain 3.6.0 that allows for attackers to recover any arbitrary users' private key after obtaining the partial signature in multisignature. | |||||
| CVE-2020-18145 | 1 Baidu | 1 Umeditor | 2021-07-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in umeditor v1.2.3 via /public/common/umeditor/php/getcontent.php. | |||||
| CVE-2018-0692 | 1 Baidu | 1 Spark Browser | 2018-12-18 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2007-4105 | 1 Baidu | 1 Soba Search Bar | 2018-10-15 | 9.3 HIGH | N/A |
| A certain ActiveX control in BaiduBar.dll in Baidu Soba Search Bar 5.4 allows remote attackers to execute arbitrary code via a request containing "a link to download and a file to execute," possibly involving remote file inclusion. | |||||
| CVE-2008-7013 | 1 Baidu | 1 Baidu Hi Im | 2018-10-11 | 5.0 MEDIUM | N/A |
| NetService.dll in Baidu Hi IM allows remote servers to cause a denial of service (client crash) via a crafted login response that triggers a divide-by-zero error. | |||||
| CVE-2008-6444 | 1 Baidu | 1 Baidu Hi | 2018-10-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in CSTransfer.dll in Baidu Hi IM might allow remote attackers to execute arbitrary code via a crafted packet, probably related to an improper length value. | |||||
| CVE-2009-2970 | 2 Baidu, Uitv | 2 Baidux, Uiplayer | 2018-10-10 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the GetUiDllVersion function in an ActiveX control in UiCheck.dll before 1.0.0.7 in UiTV UiPlayer, as used in BaiduX and other products, allows remote attackers to execute arbitrary code via the filename parameter. | |||||
| CVE-2017-14744 | 1 Baidu | 1 Ueditor | 2017-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element. | |||||
| CVE-2017-2221 | 1 Baidu | 1 Baidu Ime | 2017-08-23 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in Installer of Baidu IME Ver3.6.1.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2017-2219 | 1 Baidu | 1 Simeji | 2017-06-23 | 9.3 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in the [Simeji for Windows] installer (simeji.exe) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2014-7444 | 1 Baidu | 1 Baidu Navigation | 2014-11-14 | 5.4 MEDIUM | N/A |
| The Baidu Navigation (aka com.baidu.navi) application 3.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2014-5349 | 1 Baidu | 1 Spark Browser | 2014-08-20 | 5.0 MEDIUM | N/A |
| Stack-based buffer overflow in Baidu Spark Browser 26.5.9999.3511 allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print JavaScript function. | |||||