Vendor
Baidu
Products
9
CVEs
9
Across products
9
Status
Private
Products
9- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
9| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-2221 | Hig | 0.51 | 7.8 | 0.00 | Aug 4, 2017 | Untrusted search path vulnerability in Installer of Baidu IME Ver3.6.1.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |
| CVE-2017-2219 | Hig | 0.51 | 7.8 | 0.00 | Jun 9, 2017 | Untrusted search path vulnerability in the [Simeji for Windows] installer (simeji.exe) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |
| CVE-2017-14744 | Med | 0.40 | 6.1 | 0.00 | Sep 26, 2017 | UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element. | |
| CVE-2014-5349 | 0.04 | — | 0.08 | Aug 19, 2014 | Stack-based buffer overflow in Baidu Spark Browser 26.5.9999.3511 allows remote attackers to cause a denial of service (application crash) via nested calls to the window.print JavaScript function. | ||
| CVE-2007-4105 | 0.04 | — | 0.07 | Jul 31, 2007 | A certain ActiveX control in BaiduBar.dll in Baidu Soba Search Bar 5.4 allows remote attackers to execute arbitrary code via a request containing "a link to download and a file to execute," possibly involving remote file inclusion. | ||
| CVE-2008-6444 | 0.01 | — | 0.11 | Mar 9, 2009 | Stack-based buffer overflow in CSTransfer.dll in Baidu Hi IM might allow remote attackers to execute arbitrary code via a crafted packet, probably related to an improper length value. | ||
| CVE-2014-7444 | 0.00 | — | 0.00 | Oct 19, 2014 | The Baidu Navigation (aka com.baidu.navi) application 3.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||
| CVE-2009-2970 | 0.00 | — | 0.06 | Oct 19, 2009 | Stack-based buffer overflow in the GetUiDllVersion function in an ActiveX control in UiCheck.dll before 1.0.0.7 in UiTV UiPlayer, as used in BaiduX and other products, allows remote attackers to execute arbitrary code via the filename parameter. | ||
| CVE-2008-7013 | 0.00 | — | 0.00 | Aug 19, 2009 | NetService.dll in Baidu Hi IM allows remote servers to cause a denial of service (client crash) via a crafted login response that triggers a divide-by-zero error. |