The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.

The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the inclusion of functions from an unverified and uncontrolled area. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.

The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

Blitz Identity Provider (Authentication server)

...

The vulnerability of the Directum Web Agent component of the Directum RX system, which arises due to insufficient validation of input data, allows a perpetrator to execute arbitrary code.

The vulnerability of the Directum Web Agent component of the Directum RX system exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially crafted file...

The vulnerability of the Directum HR Pro system, which exists due to insufficient verification of input data, allows a perpetrator to disclose protected information.

The vulnerability of the Directum HR Pro system exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor to disclose protected information by sending a specially crafted POST request...

The vulnerability of the Directum RX ECM system, related to deficiencies in access control, allows a perpetrator to compromise data integrity.

The vulnerability of the Directum RX ECM system is related to deficiencies in access control. Exploiting this vulnerability could allow a remote attacker to compromise data integrity...

The vulnerability of the software for calculating positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager lies in the lack of a mechanism for verifying input data during backup scenarios. This allows a malicious actor to execute arbitrary code with SYSTEM privileges.

The vulnerability of the software for calculating positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager is related to deficiencies in the mechanism for verifying input data during backup scenario execution. Exploiting this vulnerability could allow an attacker, operating...

The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed, allowing an attacker to execute arbitrary code.

The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the Kerberos protocol for Windows operating systems allows attackers to increase their privileges.

The vulnerability of the Kerberos protocol for Windows operating systems is related to errors in the mechanism for handling relative pathnames to the directory. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...

The vulnerabilities in the net/bluetooth/eir.c and net/bluetooth/mgmt.c modules of Linux kernel allow a hacker to cause a service failure.

The vulnerability in the net/bluetooth/eir.c and net/bluetooth/mgmt.c modules of Linux kernel systems relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a system failure...

The vulnerability in the drivers/bluetooth/btnxpuart.c module of Linux operating systems allows a hacker to cause a service failure.

The vulnerability in the drivers/bluetooth/btnxpuart.c module of Linux operating systems is related to incorrect resource management. Exploiting this vulnerability can allow an attacker to cause service failures...

The vulnerability of the MmMapIoSpace() function in the ThrottleBlood.sys driver allows a hacker to escalate their privileges, execute arbitrary code, or cause a service failure.

The vulnerability of the MmMapIoSpace function in the ThrottleBlood.sys driver, as part of the ThrottleStop utility, is related to open IOCTLs with insufficient access control. Exploiting this vulnerability could allow an attacker to enhance their privileges, execute arbitrary code, or cause...

The vulnerability of the Common Core analytical software component for pharmaceutical monitoring, Oracle Life Sciences Empirica Signal, allows a perpetrator to add, delete, or modify protected information.

The vulnerability of the Common Core analytical software component for pharmaceutical monitoring, Oracle Life Sciences Empirica Signal, is related to lack of access control. Exploiting this vulnerability could allow a malicious actor to add, delete, or modify protected information remotely...

The vulnerability of the Core server component of Oracle HTTP Server allows a perpetrator to gain unauthorized access to the device.

The vulnerability of the Core server component of Oracle HTTP Server is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to the device through HTTP requests...

The vulnerability of the Microsoft Dynamics 365 resource planning software relates to deficiencies in access control, allowing an intruder to increase their privileges.

The vulnerability of the Microsoft Dynamics 365 resource planning software is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to increase their privileges remotely...

The vulnerability of Microsoft 365 Copilot’s intelligent virtual assistant, related to the lack of authentication for a critical function, allows a perpetrator to disclose confidential information.

The vulnerability of Microsoft 365 Copilot’s intelligent virtual assistant is related to the lack of authentication for a critical function. Exploiting this vulnerability could allow a malicious actor to disclose confidential information remotely...

The vulnerability of the Platform component for data analysis and management in Oracle Financial Services Analytical Applications Infrastructure allows a perpetrator to gain unauthorized access to the device.

The vulnerability of the Oracle Financial Services Analytical Applications Infrastructure platform component related to access control deficiencies. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to the device through HTTP requests...

The vulnerability of the ADPatch component of the Oracle Applications management and support system allows a hacker to gain full access to the device. This component is part of the Oracle E-Business Suite, which is used for automating business processes.

The vulnerability of the ADPatch component in the Oracle Application Management and Support System, which is part of the Oracle E-Business Suite, involves deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain full access to the device...

The vulnerability of Component ADF Faces framework for accelerating the development of Oracle Application Development Framework (ADF) allows a attacker to gain full access to the device.

The vulnerability of the ADF Faces framework, which is used for accelerating the development of corporate applications, is related to lack of access control mechanisms. Exploiting this vulnerability can allow an attacker to gain full access to the device...

The vulnerability of the User Interface component of the automation tool for checking financial organization customers, Oracle Financial Services Customer Screening, allows a perpetrator to gain unauthorized access to the device.

The vulnerability of the User Interface component of the Oracle Financial Services Customer Screening software lies in an incorrect authentication procedure. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to the device through HTTP requests...

The vulnerability of the Core component of the Oracle Identity Manager Connector, which allows a perpetrator to trigger a service failure

The vulnerability of the Core component of the Oracle Identity Manager Connector, a software solution for managing user accounts and access rights, is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

The vulnerability of the Core component of the Oracle Identity Manager Connector, which allows a perpetrator to gain unauthorized access to the device.

The vulnerability of the Core component of the Oracle Identity Manager Connector relates to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to the device through HTTP requests...

The vulnerability of the User Interface component of the Oracle Financial Services Transaction Filtering system allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of Oracle Financial Services Transaction Filtering’s User Interface component is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information through HTTP requests...

The vulnerability of the Business Chat function in Microsoft 365 Copilot allows attackers to escalate their privileges.

The vulnerability of the Business Chat function in Microsoft 365 Copilot relates to the redirection of URLs to unreliable websites. Exploiting this vulnerability could allow a malicious actor to gain increased privileges remotely...

The vulnerability of Microsoft 365 Copilot’s intelligent virtual assistant, related to the lack of data cleaning at the management level, allows a perpetrator to gain access to read and modify data.

The vulnerability of Microsoft 365 Copilot’s intelligent virtual assistant is related to the lack of measures taken at the control level to protect data. Exploiting this vulnerability could allow a malicious actor to gain read and edit access to data...

The vulnerability of the command-line utility bin/solr auth for the Apache Solr search server allows a perpetrator to increase their privileges and gain unauthorized access to protected information.

The vulnerability of the command-line utility bin/solr auth for the Apache Solr search server relates to the use of pre-installed user accounts. Exploiting this vulnerability allows an attacker to enhance their privileges and gain unauthorized access to protected information...

The vulnerability of the rrd_substitute_host_query_data() function in the Cacti network monitoring software allows a hacker to execute arbitrary code.

The vulnerability of the rrdsubstitutehostquerydata function in the Cacti network monitoring software is related to the failure to take measures to eliminate special elements in the output data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

The vulnerabilities in the modules net/ipv4/icmp.c and net/ipv6/icmp.c of the Linux operating system allow a hacker to trigger a service failure.

The vulnerability in the net/ipv4/icmp.c and net/ipv6/icmp.c modules of the Linux kernel is related to insufficient validation of input data. Exploiting this vulnerability could allow a remote attacker to cause service failures...

The vulnerability of the writeMasterPasswordInfo() method in the software for managing and publishing geodata on the OSGeo GeoServer server allows a perpetrator to execute arbitrary code, expose sensitive information, and cause service failure.

The vulnerability of the writeMasterPasswordInfo method in the software for managing and publishing geodata on the OSGeo GeoServer server is related to improper external management of file names or paths. Exploiting this vulnerability could allow an attacker to execute arbitrary code, disclose...

The vulnerability of the remove waiter() function in the ivpu component of the Linux operating system’s kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the primehandletofd function in the ivpu component of the Linux operating system’s kernel relates to the possibility of memory being used after it is freed. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility o...

The vulnerability of the nft_inner_parse_l2l3() function in the net/netfilter/nft_inner.c module of the Linux operating system allows a malicious actor to gain unauthorized access to protected information or cause service failures.

The vulnerability of the nftinnerparsel2l3 function in the net/netfilter/nftinner.c module of the Linux operating system is related to the use of pointer offsets that are outside their intended range when processing IPv6 packets. Exploiting this vulnerability can allow an attacker to gain...

The vulnerabilities of the ngx_http_proxy_v2_module and ngx_http_grpc_module modules in NGINX Plus and NGINX Open Source web servers allow attackers to execute arbitrary code or cause service interruptions.

The vulnerabilities of the ngxhttpproxyv2module and ngxhttpgrpcmodule modules in NGINX Plus and NGINX Open Source web servers are related to the execution of operations outside of the buffer in memory. Exploiting these vulnerabilities allows a remote attacker to execute arbitrary code or cause...

The vulnerability of the BIND DNS-Sec DNS server’s verification module allows a attacker to cause a service failure.

The vulnerability of the BIND DNS-server’s DNSSEC verification module lies in the lack of protection for input data during cyclic operations. Exploiting this vulnerability allows a malicious actor to cause service failures...

The vulnerability of the GSS-API token processing module of the TKEY authentication mechanism’s DNS server BIND allows a perpetrator to cause a service failure.

The vulnerability of the GSS-API token processing module of the TKEY authentication mechanism’s DNS server BIND relates to the absence of a reference to an active, allocated resource. Exploiting this vulnerability allows a malicious actor to cause service failures...

The vulnerability of the DNS request processing mechanism in the BIND DNS server’s named daemon allows a attacker to cause a service failure.

The vulnerability of the DNS request processing mechanism in the BIND DNS server’s named component is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures...

The vulnerability of the BIND DNS server, related to resource release errors, allows a hacker to cause a service failure.

The vulnerability of the BIND DNS server is related to resource release errors. Exploiting this vulnerability can allow a malicious actor to cause service failures...

The vulnerability of the skbuff network component in Linux operating system kernels allows attackers to increase their privileges.

The vulnerability of the skbuff network component in Linux operating systems is related to insufficient resource control during its existence. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the smb2_read() function in the fs/smb/server/smb2pdu.c module of the SMB server support module in the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the smb2read function in the fs/smb/server/smb2pdu.c module of the SMB server module in the Linux operating system is related to improper memory release memory leak. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the xe_guc_ct_init_noalloc() function in the drivers/gpu/drm/xe/xe_guc_ct.c file of the Direct Rendering Infrastructure (DRI) driver in the Linux operating system allows a attacker to cause a service failure.

The vulnerability of the xegucctinitnoalloc function in the drivers/gpu/drm/xe/xegucct.c file of the Direct Rendering Infrastructure DRI driver in the Linux operating system is related to the assignment of pointers. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the coda_setup_iram() function in the drivers/media/platform/chips-media/coda-bit.c file of the Linux kernel multimedia device driver allows a hacker to cause a service failure.

The vulnerability of the codasetupiram function in the drivers/media/platform/chips-media/coda-bit.c file of the Linux kernel multimedia device driver involves a lack of checking for the return value. Exploiting this vulnerability could allow an attacker to cause a system failure...

The vulnerability of the nsim_dev_resources_register() function in the drivers/net/netdevsim/dev.c file of the network device driver for the Linux operating system allows a attacker to cause a service failure.

The vulnerability of the nsimdevresourcesregister function in the drivers/net/netdevsim/dev.c file of the Linux kernel’s network device driver module is related to the failure to release resources after their useful lifespan has ended. Exploiting this vulnerability could allow an attacker to caus...

The vulnerability of the `btrfs_get_or_create_delayed_node()` function in the `fs/btrfs/delayed-inode.c` file of the Linux kernel’s filesystem module allows a attacker to cause a service failure.

The vulnerability of the btrfsgetorcreatedelayednode function in the fs/btrfs/delayed-inode.c file of the Linux kernel’s filesystem module is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to trigger a service failure...

The vulnerability of the `init_sched_ext_class()` function in the kernel/sched/ext.c module, which is part of the Linux operating system’s resource management support, allows a hacker to cause a service failure.

The vulnerability of the initschedextclass function in the kernel/sched/ext.c module, which is part of the Linux kernel’s resource management subsystem, relates to improper initialization of resources. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of the io_read_mshot_prep() function in the io_uring/rw.c module of the Linux kernel’s asynchronous input/output interface allows a hacker to cause a service failure.

The vulnerability of the ioreadmshotprep function in the iouring/rw.c module of the Linux kernel’s asynchronous I/O interface is related to the distribution of resources without any restrictions or regulation. Exploiting this vulnerability could allow a attacker to cause service failures...

The vulnerability of the skb_segment_list() function in the net/core/skbuff.c module of the Linux kernel allows a hacker to cause a service failure.

The vulnerability of the skbsegmentlist function in the net/core/skbuff.c module of the Linux kernel is related to resource exhaustion. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the drm_edid_get_panel_id() function in the drivers/gpu/drm/drm_edid.c module of the Direct Rendering Infrastructure (DRI) driver for the Linux kernel allows a malicious actor to access protected information or cause service failure.

The vulnerability of the drmedidgetpanelid function in the drivers/gpu/drm/drmedid.c module of the Direct Rendering Infrastructure DRI driver for the Linux kernel exposes confidential information. Exploiting this vulnerability could allow an attacker to access protected information or cause servi...

The vulnerability of the set_tagged_addr_ctrl() function in the arch/riscv/kernel/process.c module of the module management subsystem for the RISCV architecture-based Linux operating system allows a attacker to trigger a service failure.

The vulnerability of the settaggedaddrctrl function in the arch/riscv/kernel/process.c module of the module for managing modules on the RISCV architecture-based Linux operating system is related to the improper disabling or release of resources. Exploiting this vulnerability could allow an attack...

The vulnerability of the __ip_vs_get_out_rt() function in the net/netfilter/ipvs/ip_vs_xmit.c module of the netfilter component of the Linux operating system allows a attacker to cause a service failure.

The vulnerability of the ipvsgetoutrt function in the net/netfilter/ipvs/ipvsxmit.c module of the netfilter component of the Linux operating system is related to pointer manipulation. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of the do_raw_read_unlock() function in the kernel/locking/spinlockdebug.c module of the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the dorawreadunlock function in the kernel/locking/spinlockdebug.c module of the Linux operating system is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the `async_set_registers()` function in the `drivers/net/usb/rtl8150.c` file of the Linux kernel’s USB network adapter driver allows a hacker to cause a service failure.

The vulnerability of the asyncsetregisters function in the drivers/net/usb/rtl8150.c file of the Linux kernel’s USB network adapter driver module is related to improper memory release memory leak. Exploiting this vulnerability could allow an attacker to cause a system failure...