90604 matches found
The vulnerability of the fly-weather software package for the Astra Linux operating system, related to a validation error in the input data received from web servers, allows attackers to perform spoofing attacks.
The vulnerability of the fly-weather software package for the Astra Linux operating system is related to a validation error in the input data received from web servers. Exploiting this vulnerability can allow attackers to perform spoofing attacks...
The vulnerability of the “Security Management Center” component of the Dr.Web Enterprise Security Suite allows a hacker to execute HTML code.
The vulnerability of the “Security Management Center” component of the Dr.Web Enterprise Security Suite exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary HTML code into the user’s browser by placin...
The vulnerability in the web interface of the microprogramming software for Cisco IP Phones series 8800 allows a perpetrator to cause a service failure.
The vulnerability of the web interface of Cisco IP phones—IP Phone 8800, IP Conference Phone 8832, IP Phone 8821, and IP Phone 8821-EX—is related to lack of access control. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the Cisco Webex Network Recording Player and Cisco Webex Player for Windows operating systems arises from an operation that goes beyond buffer boundaries in memory, allowing an attacker to execute arbitrary code.
The vulnerability of the Cisco Webex Network Recording Player and Cisco Webex Player for Windows operating systems arises from operations that go beyond the buffer limits in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code by sending a specially crafted ARF or...
Multiple vulnerabilities in the security extension of the Astra Linux operating system, which allow a hacker to trigger a service failure.
The multiple vulnerabilities of the Astra Linux operating system’s security extension are related to incorrect handling of names for privacy levels that consist of digits. Additionally, there is no functionality for mounting removable devices when working with non-zero privacy flags. Exploitation...
The vulnerability of the embedded software in the CNC11 TITANIUM mini system allows a perpetrator to execute any program present in the system.
The vulnerability of the embedded software in the CNC11 TITANIUM mini system is related to the absence of a mechanism for controlling the execution of external applications. Exploiting this vulnerability allows an attacker to execute existing applications within the system by accessing the...
The vulnerability of the SMB service in the RouterOS operating system of MikroTik allows a hacker to execute arbitrary code.
The vulnerability of the SMB service in the RouterOS operating system from MikroTik arises from operations that go beyond the buffer limits in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the accessibility of protected information
The multiple vulnerabilities in the fai-kernels package of the Debian GNU/Linux operating system may lead to a violation of the accessibility of protected information. These vulnerabilities can be exploited remotely...
Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the accessibility of protected information
The multiple vulnerabilities in the linux-headers-2.6.18-6 package of the Debian GNU/Linux operating system may lead to a violation of the accessibility of protected information. These vulnerabilities can be exploited remotely...
Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the accessibility of protected information
The multiple vulnerabilities in the linux-headers-2.6.18-6-all package of the Debian GNU/Linux operating system may lead to a violation of the accessibility of protected information. These vulnerabilities can be exploited remotely...
The vulnerabilities of the microprogramming software in the access control system for the virtual environment NetScaler Gateway and the NetScaler Application Delivery Controller allow a perpetrator to enhance their privileges.
The multiple vulnerabilities of the microprogramming software for access control systems in the NetScaler Gateway and the NetScaler Application Delivery Controller are related to code errors. Exploiting these vulnerabilities could allow a malicious actor to enhance their privileges by manipulatin...
Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the accessibility of protected information
The multiple vulnerabilities in the kernel-headers-2.4.27-4-sparc64-smp Debian GNU/Linux operating system can lead to a violation of the accessibility of protected information. Exploitation of these vulnerabilities can be carried out remotely...
The vulnerability of the Gentoo Linux operating system allows a malicious intruder to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the imlib2 package up to version 1.4.2-r1 of the Gentoo Linux operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited remotely...
The vulnerability of the wled_configure() function in the Linux operating system’s kernel allows a hacker to cause a service failure.
The vulnerability of the wledconfigure function in the Linux operating system’s kernel is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the key_extract_l3l4 function in the net_openvswitch/flow.c module of the openvswitch component of Linux kernel allows a attacker to cause a service failure.
The vulnerability of the keyextractl3l4 function in the netopenvswitch/flow.c module of the openvswitch component in Linux kernels is related to unvalidated array indexing. Exploiting this vulnerability could allow an attacker to cause service failures by sending specially crafted MPLS packets...
The vulnerability of the Kerberos Helper component in operating systems like macOS, which allows a perpetrator to trigger a service failure.
The vulnerability of the Kerberos Helper component in operating systems like macOS is related to an uncontrolled consumption of resources. Exploiting this vulnerability could allow a attacker to cause service interruptions...
The vulnerability of the AES-XTS encryption algorithm implementation in single-Chip Microcontrollers ESP32-S2 and ESP32-S2F allows a attacker to compromise the confidentiality of the protected information.
The vulnerability of the AES-XTS encryption algorithm implemented in single-Chip Microcontrollers ESP32-S2 and ESP32-S2F is related to the number of surfaces that are vulnerable, with their quantitative measurement exceeding the desired maximum. Exploiting this vulnerability can allow attackers t...
The vulnerability of the CommuniGate Pro mail server lies in the lack of authentication for critical functions, allowing attackers to send emails with arbitrary content to any email address.
The vulnerability of the CommuniGate Pro mail server lies in the lack of authentication for critical functions. Exploiting this vulnerability allows a malicious actor to send emails with arbitrary content to any email address...
The vulnerability of PDF document viewing and editing programs such as PDF-XChange Editor, PDF-Tools, and PDF-XChange PRO lies in the ability to read data beyond the buffer in memory, allowing attackers to disclose protected information.
The vulnerability of PDF document viewing and editing programs such as PDF-XChange Editor, PDF-Tools, and PDF-XChange PRO lies in the reading of data beyond the buffer boundaries in memory during file processing for U3D files. Exploiting this vulnerability can allow attackers to disclose protecte...
The vulnerability of PDF document viewing and editing programs such as PDF-XChange Editor, PDF-Tools, and PDF-XChange PRO lies in the possibility of an operation occurring outside the buffer in memory, allowing an attacker to execute arbitrary code.
The vulnerability of PDF viewing and editing programs such as PDF-XChange Editor, PDF-Tools, and PDF-XChange PRO lies in the issue of operations going beyond the buffer in memory during the processing of U3D files. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
Vulnerability of the mxs_dcp_start_dma() function in the drivers/crypto/mxs-dcp.c module – a driver for the Linux kernel’s cryptographic acceleration engine, which allows a hacker to cause a system failure.
Vulnerability of the mxsdcpstartdma function in the drivers/crypto/mxs-dcp.c module – The Linux kernel cryptographic accelerator driver is vulnerable due to the use of an uninitialized resource. Exploiting this vulnerability could allow a hacker to cause a system failure...
The vulnerability of the copy_page_from_iter_atomic() function in the lib/iov_iter.c module of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the copypagefromiteratomic function in the lib/ioviter.c module of the Linux kernel is related to dependencies that are undefined for each implementation type. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibilit...
The vulnerability in Mozilla Firefox and Firefox ESR browsers allows a hacker to execute arbitrary code.
The vulnerability of Mozilla Firefox and Firefox ESR browsers is related to writing beyond the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the CreateLog method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, as well as in the TeleControl Server Basic, allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.
The vulnerability of the CreateLog method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to bypass security...
The vulnerability of the SNAP Lite component allows for manipulation of the control and monitoring systems in the energy and water supply sectors of SISCO MMS-EASE and AX-S4 ICCP, enabling a perpetrator to cause service interruptions.
The vulnerability of the SNAP Lite component in the system for managing and monitoring processes related to energy and water supply in SISCO MMS-EASE and AX-S4 ICCP is related to unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor to cause service...
The vulnerability of the macOS operating system’s Shortcuts component allows a hacker to bypass existing security restrictions and execute arbitrary code.
The vulnerability of the macOS operating system’s Shortcuts component is related to errors in the implementation of security checks for standard elements. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and execute arbitrary code by sending specially crafted...
The vulnerability of the PCMan FTP Server relates to the occurrence of operations beyond the buffer boundaries in memory. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the PCMan FTP Server relates to the execution of operations beyond the buffer boundaries in memory when processing the prompt parameter. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected...
The vulnerability of the PCMan FTP Server relates to the occurrence of operations beyond the buffer boundaries in memory. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the PCMan FTP Server relates to the execution of operations beyond the buffer boundaries during the processing of the verbose parameter. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected...
The vulnerability of Cobalt Ashlar-Vellum’s software for parametric automated design and 3D modeling lies in its ability to read data beyond the buffer limit in memory, allowing an attacker to execute arbitrary code.
The vulnerability of the Cobalt Ashlar-Vellum software for parametric automated design and 3D modeling lies in the reading of data beyond the buffer limit in memory during the processing of CO files. Exploiting this vulnerability allows an attacker to execute arbitrary code...
The vulnerability of the LockBufferingSettings method in the software for managing and monitoring removed objects in telemetry and telemechanics systems, allowing a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the LockBufferingSettings method in the software for managing and monitoring removed objects in telemetry and telemechanics systems related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability could allow an attacker to compromise th...
The vulnerability of the software for multifunctional measuring instruments used to measure parameters of electrical networks from Siemens SENTRON 7KT PAC1260 lies in the lack of measures to neutralize special elements, allowing a violator to execute arbitrary codes.
The vulnerability of the software for multifunctional measuring instruments used to measure parameters of electrical networks from Siemens SENTRON 7KT PAC1260 is related to the lack of measures taken to neutralize special elements. Exploiting this vulnerability can allow a remote attacker to...
The vulnerability of the BmpInput::read_rle_image() function in the src/bmp.imageio/bmpinput.cpp module of the OpenImageIO library allows a attacker to compromise the integrity of the protected information or cause service failures.
The vulnerability of the BmpInput::readrleimage function in the src/bmp.imageio/bmpinput.cpp module of the OpenImageIO library is related to writing beyond the buffer boundaries. Exploiting this vulnerability could allow an attacker to compromise the integrity of the protected information or caus...
The vulnerability of the ima component in the Linux operating system’s kernel allows a hacker to increase their privileges.
The vulnerability of the ima component in the Linux operating system’s kernel is related to memory corruption. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the formWifiBasicSet() function in the microprogramming software for Tenda F1202 allows a hacker to manipulate the accessibility of protected information.
The vulnerability of the formWifiBasicSet function in the Tenda F1202 router’s microprogramming software is related to the operation that goes beyond the buffer in memory when processing the security parameter. Exploiting this vulnerability could allow an attacker to compromise the accessibility ...
The vulnerability of the Apache OpenMeetings video conferencing software, related to the restoration of unreliable data in memory, allows a intruder to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of Apache OpenMeetings video conferencing software lies in the recovery of unreliable data from memory. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of IBM Engineering Lifecycle Optimization - Publishing software, related to the use of cryptographic algorithms containing defects, allows attackers to gain unauthorized access to protected information.
The vulnerability of IBM Engineering Lifecycle Optimization - Publishing software relates to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability can allow an unauthorized attacker to gain unauthorized access to protected information...
The vulnerability of software for vehicle management and tracking systems, related to the possibility of escaping the directory structure, allows a violator to increase their privileges and execute arbitrary code.
The vulnerability of the software for controlling and monitoring vehicles in the Howen Vehicle Service System is related to the possibility of it escaping the directory structure. Exploiting this vulnerability could allow a remote attacker to perform network activities without the user’s knowledg...
The vulnerability of the VerifyHostKeyDNS component in the OpenSSH cryptographic security tool allows a attacker to perform XSS attacks.
The vulnerability of the VerifyHostKeyDNS component in the OpenSSH cryptographic security tool is related to deficiencies in error handling during host key verification. Exploiting this vulnerability allows a malicious actor to perform XSS attacks remotely...
The vulnerability of the libbpf component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the libbpf component in the Linux operating system’s kernel is related to integer overflow. Exploiting this vulnerability can allow an attacker to cause a service failure...
Vulnerability eliminated
...
The vulnerability of Qtech Gigabit SPF WiFi Gateway’s microprogramming software, related to access control deficiencies, allows attackers to disclose protected information.
The vulnerability of the Qtech Gigabit SPF WiFi Gateway microprogramming software is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to disclose protected information by using the pre-installed account...
The vulnerability of Microsoft Office, Excel, and 365 Apps for Enterprise packages relates to the use of an untrusted pointer, allowing a malicious actor to execute arbitrary code.
The vulnerability of Microsoft Office, Excel, and 365 Apps for Enterprise packages is related to the use of an untrusted pointer. Exploiting this vulnerability can allow attackers to execute arbitrary code...
The vulnerability of the Install component of the software tool for managing the life cycle of products in the Oracle Agile PLM Framework allows a perpetrator to disclose protected information.
The vulnerability of the Install component of the software lifecycle management tool for Oracle Agile PLM Framework relates to deficiencies in the authentication mechanism. Exploiting this vulnerability allows a malicious actor to disclose sensitive information through HTTP requests...
Vulnerability of the Server component: The MySQL Server database management system, which allows a hacker to cause service interruptions.
Vulnerability of the MySQL Server component: The MySQL Server component of the database management system involves unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor to cause downtime or service failures using the MySQL network protocol...
The vulnerability of the Linux operating system’s kernel component “perf”, which allows a hacker to trigger a service failure
The vulnerability of the perf component in the Linux operating system’s kernel is related to the operation of writing data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the NFSD component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the NFSD component in the Linux operating system’s kernel is related to the operation of the operation outside the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the gsm_dlci_config() function in the TTY driver (drivers/tty/n_gsm.c) of the Linux kernel allows a hacker to increase their privileges.
The vulnerability of the gsmdlciconfig function in the TTY driver drivers/tty/ngsm.c of the Linux kernel is related to the reallocation of previously freed memory due to concurrent access to resources. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the Strapi content management system, related to the lack of protective measures for web pages, allows a hacker to execute arbitrary JavaScript code.
The vulnerability of the CMS Strapi content management platform, related to the lack of security measures for web pages. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code by loading a specially crafted PDF file remotely...
The vulnerability of the Active Directory Federation Server component for the Windows operating system, which allows a attacker to perform a CSRF attack
The vulnerability of the Active Directory Federation Server operating system on Windows is related to the manipulation of cross-site requests. Exploiting this vulnerability can allow a malicious actor to execute a CSRF attack remotely...
The vulnerability of theOTP library set in the Erlang programming language allows attackers to carry out “man-in-the-middle” type attacks.
The vulnerability of theOTP library in the Erlang programming language is related to errors in the authentication process for certificates. Exploiting this vulnerability allows attackers who operate remotely to carry out “man-in-the-middle” type attacks...