Vulnerabilities > Baidu > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-12-22 CVE-2021-36631 Uncontrolled Search Path Element vulnerability in Baidu Baidunetdisk
Untrusted search path vulnerability in Baidunetdisk Version 7.4.3 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
local
low complexity
baidu CWE-427
6.7
6.7
2022-06-09 CVE-2022-31830 Server-Side Request Forgery (SSRF) vulnerability in Baidu Kity Minder 1.3.5
Kity Minder v1.3.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the init function at ImageCapture.class.php.
network
low complexity
baidu CWE-918
6.4
6.4
2021-07-19 CVE-2020-22741 Cleartext Storage of Sensitive Information vulnerability in Baidu Xuperchain 3.6.0
An issue was discovered in Xuperchain 3.6.0 that allows for attackers to recover any arbitrary users' private key after obtaining the partial signature in multisignature.
network
low complexity
baidu CWE-312
5.0
5.0
2021-07-14 CVE-2020-18145 Cross-site Scripting vulnerability in Baidu Umeditor 1.2.3
Cross Site Scripting (XSS) vulnerability in umeditor v1.2.3 via /public/common/umeditor/php/getcontent.php.
network
baidu CWE-79
4.3
4.3
2017-09-26 CVE-2017-14744 Cross-site Scripting vulnerability in Baidu Ueditor
UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element.
network
baidu CWE-79
4.3
4.3
2014-10-19 CVE-2014-7444 Cryptographic Issues vulnerability in Baidu Navigation 3.5.0
The Baidu Navigation (aka com.baidu.navi) application 3.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 		5.4
5.4
2014-08-19 CVE-2014-5349 Buffer Errors vulnerability in Baidu Spark Browser 26.5.9999.3511
Stack-based buffer overflow in Baidu Spark Browser 26.5.9999.3511 allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print JavaScript function.
network
low complexity
baidu CWE-119
5.0
5.0
2009-08-19 CVE-2008-7013 Numeric Errors vulnerability in Baidu HI IM
NetService.dll in Baidu Hi IM allows remote servers to cause a denial of service (client crash) via a crafted login response that triggers a divide-by-zero error.
network
low complexity
baidu CWE-189
5.0
5.0