Shodan
Vulnerabilities
Vulnerable Software
Baidu:  Security Vulnerabilities
CVE-2020-18145
Cross Site Scripting (XSS) vulnerability in umeditor v1.2.3 via /public/common/umeditor/php/getcontent.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-07-14
CVE-2018-0692
Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVSS Score
7.8
EPSS Score
0.002
Published
2018-11-15
CVE-2017-14744
UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-09-26
CVE-2017-2221
Untrusted search path vulnerability in Installer of Baidu IME Ver3.6.1.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-08-04
CVE-2017-2219
Untrusted search path vulnerability in the [Simeji for Windows] installer (simeji.exe) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVSS Score
7.8
EPSS Score
0.001
Published
2017-06-09
CVE-2014-7444
The Baidu Navigation (aka com.baidu.navi) application 3.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVSS Score
5.4
EPSS Score
0.001
Published
2014-10-19
CVE-2014-5349
Stack-based buffer overflow in Baidu Spark Browser 26.5.9999.3511 allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print JavaScript function.
CVSS Score
5.0
EPSS Score
0.089
Published
2014-08-19
CVE-2009-2970
Stack-based buffer overflow in the GetUiDllVersion function in an ActiveX control in UiCheck.dll before 1.0.0.7 in UiTV UiPlayer, as used in BaiduX and other products, allows remote attackers to execute arbitrary code via the filename parameter.
CVSS Score
9.3
EPSS Score
0.058
Published
2009-10-19
CVE-2008-7013
NetService.dll in Baidu Hi IM allows remote servers to cause a denial of service (client crash) via a crafted login response that triggers a divide-by-zero error.
CVSS Score
5.0
EPSS Score
0.003
Published
2009-08-19
CVE-2008-6444
Stack-based buffer overflow in CSTransfer.dll in Baidu Hi IM might allow remote attackers to execute arbitrary code via a crafted packet, probably related to an improper length value.
CVSS Score
10.0
EPSS Score
0.113
Published
2009-03-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved