Baidu
Products
15- 4 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
18| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-2221 | Hig | 0.51 | 7.8 | 0.01 | Aug 4, 2017 | Untrusted search path vulnerability in Installer of Baidu IME Ver3.6.1.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||
| CVE-2017-2219 | Hig | 0.51 | 7.8 | 0.01 | Jun 9, 2017 | Untrusted search path vulnerability in the [Simeji for Windows] installer (simeji.exe) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | ||
| CVE-2024-56954 | Med | 0.42 | 6.5 | 0.00 | Jan 27, 2025 | An issue in Beijing Baidu Netcom Science & Technology Co Ltd Haokan Video iOS 7.70.0 allows attackers to access sensitive user information via supplying a crafted link. | ||
| CVE-2024-56953 | Med | 0.42 | 6.5 | 0.00 | Jan 27, 2025 | An issue in Baidu (China) Co Ltd Baidu Input Method (iOS version) v12.6.13 allows attackers to access user information via supplying a crafted link. | ||
| CVE-2024-56952 | Med | 0.42 | 6.5 | 0.00 | Jan 27, 2025 | An issue in Beijing Baidu Netcom Science & Technology Co Ltd Baidu Lite app (iOS version) 6.40.0 allows attackers to access user information via supplying a crafted link. | ||
| CVE-2017-14744 | Med | 0.40 | 6.1 | 0.01 | Sep 26, 2017 | UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element. | ||
| CVE-2024-29183 | Med | 0.33 | 6.1 | 0.00 | Apr 19, 2024 | OpenRASP is a RASP solution that directly integrates its protection engine into the application server by instrumentation. There exists a reflected XSS in the /login page due to a reflection of the redirect parameter. This allows an attacker to execute arbitrary javascript with… | ||
| CVE-2026-4186 | Low | 0.23 | 3.5 | 0.00 | Mar 16, 2026 | A vulnerability was determined in UEditor up to 1.4.3.2. This issue affects some unknown processing of the file php/controller.php?action=uploadimage of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The attack can… | ||
| CVE-2007-4105 | 0.04 | — | 0.07 | Jul 31, 2007 | A certain ActiveX control in BaiduBar.dll in Baidu Soba Search Bar 5.4 allows remote attackers to execute arbitrary code via a request containing "a link to download and a file to execute," possibly involving remote file inclusion. | |||
| CVE-2014-5349 | 0.03 | — | 0.04 | Aug 19, 2014 | Stack-based buffer overflow in Baidu Spark Browser 26.5.9999.3511 allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print JavaScript function. | |||
| CVE-2008-6444 | 0.01 | — | 0.07 | Mar 9, 2009 | Stack-based buffer overflow in CSTransfer.dll in Baidu Hi IM might allow remote attackers to execute arbitrary code via a crafted packet, probably related to an improper length value. | |||
| CVE-2024-7343 | 0.00 | — | 0.00 | Aug 1, 2024 | A vulnerability was found in Baidu UEditor 1.4.2. It has been declared as problematic. This vulnerability affects unknown code of the file /ueditor142/php/controller.php?action=catchimage. The manipulation of the argument source[] leads to cross site scripting. The attack can be… | |||
| CVE-2024-7342 | 0.00 | — | 0.00 | Aug 1, 2024 | A vulnerability was found in Baidu UEditor 1.4.3.3. It has been classified as problematic. This affects an unknown part of the file /ueditor/php/controller.php?action=uploadfile&encode=utf-8. The manipulation of the argument upfile leads to unrestricted upload. It is possible to… | |||
| CVE-2023-30637 | 0.00 | — | 0.01 | Apr 13, 2023 | Baidu braft 1.1.2 has a memory leak related to use of the new operator in example/atomic/atomic_server. NOTE: installations with brpc-0.14.0 and later are unaffected. | |||
| CVE-2018-0692 | 0.00 | — | 0.01 | Nov 15, 2018 | Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2014-7444 | 0.00 | — | 0.00 | Oct 19, 2014 | The Baidu Navigation (aka com.baidu.navi) application 3.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||
| CVE-2009-2970 | 0.00 | — | 0.03 | Oct 19, 2009 | Stack-based buffer overflow in the GetUiDllVersion function in an ActiveX control in UiCheck.dll before 1.0.0.7 in UiTV UiPlayer, as used in BaiduX and other products, allows remote attackers to execute arbitrary code via the filename parameter. | |||
| CVE-2008-7013 | 0.00 | — | 0.01 | Aug 19, 2009 | NetService.dll in Baidu Hi IM allows remote servers to cause a denial of service (client crash) via a crafted login response that triggers a divide-by-zero error. |
- risk 0.51cvss 7.8epss 0.01
Untrusted search path vulnerability in Installer of Baidu IME Ver3.6.1.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- risk 0.51cvss 7.8epss 0.01
Untrusted search path vulnerability in the [Simeji for Windows] installer (simeji.exe) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- risk 0.42cvss 6.5epss 0.00
An issue in Beijing Baidu Netcom Science & Technology Co Ltd Haokan Video iOS 7.70.0 allows attackers to access sensitive user information via supplying a crafted link.
- risk 0.42cvss 6.5epss 0.00
An issue in Baidu (China) Co Ltd Baidu Input Method (iOS version) v12.6.13 allows attackers to access user information via supplying a crafted link.
- risk 0.42cvss 6.5epss 0.00
An issue in Beijing Baidu Netcom Science & Technology Co Ltd Baidu Lite app (iOS version) 6.40.0 allows attackers to access user information via supplying a crafted link.
- risk 0.40cvss 6.1epss 0.01
UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element.
- risk 0.33cvss 6.1epss 0.00
OpenRASP is a RASP solution that directly integrates its protection engine into the application server by instrumentation. There exists a reflected XSS in the /login page due to a reflection of the redirect parameter. This allows an attacker to execute arbitrary javascript with…
- risk 0.23cvss 3.5epss 0.00
A vulnerability was determined in UEditor up to 1.4.3.2. This issue affects some unknown processing of the file php/controller.php?action=uploadimage of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The attack can…
- CVE-2007-4105Jul 31, 2007risk 0.04cvss —epss 0.07
A certain ActiveX control in BaiduBar.dll in Baidu Soba Search Bar 5.4 allows remote attackers to execute arbitrary code via a request containing "a link to download and a file to execute," possibly involving remote file inclusion.
- CVE-2014-5349Aug 19, 2014risk 0.03cvss —epss 0.04
Stack-based buffer overflow in Baidu Spark Browser 26.5.9999.3511 allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print JavaScript function.
- CVE-2008-6444Mar 9, 2009risk 0.01cvss —epss 0.07
Stack-based buffer overflow in CSTransfer.dll in Baidu Hi IM might allow remote attackers to execute arbitrary code via a crafted packet, probably related to an improper length value.
- CVE-2024-7343Aug 1, 2024risk 0.00cvss —epss 0.00
A vulnerability was found in Baidu UEditor 1.4.2. It has been declared as problematic. This vulnerability affects unknown code of the file /ueditor142/php/controller.php?action=catchimage. The manipulation of the argument source[] leads to cross site scripting. The attack can be…
- CVE-2024-7342Aug 1, 2024risk 0.00cvss —epss 0.00
A vulnerability was found in Baidu UEditor 1.4.3.3. It has been classified as problematic. This affects an unknown part of the file /ueditor/php/controller.php?action=uploadfile&encode=utf-8. The manipulation of the argument upfile leads to unrestricted upload. It is possible to…
- CVE-2023-30637Apr 13, 2023risk 0.00cvss —epss 0.01
Baidu braft 1.1.2 has a memory leak related to use of the new operator in example/atomic/atomic_server. NOTE: installations with brpc-0.14.0 and later are unaffected.
- CVE-2018-0692Nov 15, 2018risk 0.00cvss —epss 0.01
Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
- CVE-2014-7444Oct 19, 2014risk 0.00cvss —epss 0.00
The Baidu Navigation (aka com.baidu.navi) application 3.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
- CVE-2009-2970Oct 19, 2009risk 0.00cvss —epss 0.03
Stack-based buffer overflow in the GetUiDllVersion function in an ActiveX control in UiCheck.dll before 1.0.0.7 in UiTV UiPlayer, as used in BaiduX and other products, allows remote attackers to execute arbitrary code via the filename parameter.
- CVE-2008-7013Aug 19, 2009risk 0.00cvss —epss 0.01
NetService.dll in Baidu Hi IM allows remote servers to cause a denial of service (client crash) via a crafted login response that triggers a divide-by-zero error.