China Yangtze Power is a electrical and electronic manufacturing company based out of BEIJING, BEJ, China.
Gree Electric Appliances, Inc. of Zhuhai is a diversified international industrial group, whose business covers residential air conditioners, central air conditioners, intelligent equipments, home appliances, air source water heaters, smart phones, refrigerators, etc. Gree was founded in 1991. It takes “Independent Innovation” as the development concept and “To build a centenary enterprise” as the business goal. It is highly reputable both at home and abroad for its advanced technologies, strict quality control, unique sales mode and complete after-sales service. The company has its headquarters in Zhuhai, a beautiful coastal city in the south of China, with over 80,000 employees. Gree has established 11 production bases around the world, 9 are located in China, with another 2 in Brazil and Pakistan. Moreover, it has 5 bases of renewable resources in Changsha, Zhengzhou, Shijiazhuang, Wuhu and Tianjing, and 6 subsidiary companies (Lamda Compressor Co. Ltd., Gree Electrical Co. Ltd., Kaibang Motor Manufacture Co., Ltd., Xinyuan Electronics Co., Ltd, Intelligent Equipment Co., Ltd and Precision Mould Co. Ltd), covering the entire supply chain from production of core parts and components to the recovery of waste products. Gree has developed 24 “world leading” technologies. Gree products are classified into 20 categories, 400 series, and over 12700 models, with 36,949 technology patents, including 15,253 invention patents. They are sold widely in more than 160 countries and regions, to more than 300 million users all across the world. Since 2005, Gree has topped No.1 in production and sales volume of residential air conditioners for 13 consecutive years. In 2006, it was awarded “World Brand”. Gree achieved sales revenue of 150.02 billion yuan in 2017, with net profit of 22.402 billion yuan and tax payment of 14.939 billion yuan.In 2018, Gree ranked No. 294 on the list of “ForesGlobal 2000 Public Companies”.
Security & Compliance Standards Overview
No incidents recorded for China Yangtze Power Co., Ltd. in 2025.
No incidents recorded for Gree Electric Appliances, Inc. of Zhuhai in 2025.
China Yangtze Power Co., Ltd. cyber incidents detection timeline including parent company and subsidiaries
Gree Electric Appliances, Inc. of Zhuhai cyber incidents detection timeline including parent company and subsidiaries
Last 3 Security & Risk Events by Company
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
