Vulnerabilities > Baidu > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-08-01 | CVE-2024-7342 | Unrestricted Upload of File with Dangerous Type vulnerability in Baidu Ueditor A vulnerability was found in Baidu UEditor 1.4.3.3. | 6.1 |
2024-08-01 | CVE-2024-7343 | Cross-site Scripting vulnerability in Baidu Ueditor 1.4.2 A vulnerability was found in Baidu UEditor 1.4.2. | 6.1 |
2022-12-22 | CVE-2021-36631 | Uncontrolled Search Path Element vulnerability in Baidu Baidunetdisk Untrusted search path vulnerability in Baidunetdisk Version 7.4.3 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 6.7 |
2022-06-09 | CVE-2022-31830 | Server-Side Request Forgery (SSRF) vulnerability in Baidu Kity Minder 1.3.5 Kity Minder v1.3.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the init function at ImageCapture.class.php. | 6.4 |
2021-07-19 | CVE-2020-22741 | Cleartext Storage of Sensitive Information vulnerability in Baidu Xuperchain 3.6.0 An issue was discovered in Xuperchain 3.6.0 that allows for attackers to recover any arbitrary users' private key after obtaining the partial signature in multisignature. | 5.0 |
2021-07-14 | CVE-2020-18145 | Cross-site Scripting vulnerability in Baidu Umeditor 1.2.3 Cross Site Scripting (XSS) vulnerability in umeditor v1.2.3 via /public/common/umeditor/php/getcontent.php. | 4.3 |
2017-09-26 | CVE-2017-14744 | Cross-site Scripting vulnerability in Baidu Ueditor UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element. | 4.3 |
2014-10-19 | CVE-2014-7444 | Cryptographic Issues vulnerability in Baidu Navigation 3.5.0 The Baidu Navigation (aka com.baidu.navi) application 3.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
2014-08-19 | CVE-2014-5349 | Buffer Errors vulnerability in Baidu Spark Browser 26.5.9999.3511 Stack-based buffer overflow in Baidu Spark Browser 26.5.9999.3511 allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print JavaScript function. | 5.0 |
2009-08-19 | CVE-2008-7013 | Numeric Errors vulnerability in Baidu HI IM NetService.dll in Baidu Hi IM allows remote servers to cause a denial of service (client crash) via a crafted login response that triggers a divide-by-zero error. | 5.0 |