90509 matches found
The vulnerability of embedded software developed by Qualcomm, related to deficiencies in the use of the assert() function, allows attackers to trigger a service failure.
The vulnerability of embedded software developed for Qualcomm chips lies in the improper implementation of the channel bandwidth division mechanism and the switching between subbands when performing Beam Switching. This occurs due to the use of the assert function. Exploiting this vulnerability c...
The vulnerability of the gf_bifsFlushCommandList() function on the GPAC multimedia platform allows a hacker to trigger a service failure.
The vulnerability of the gfbifsFlushCommandList function on the GPAC multimedia platform is related to the improper use of dynamic memory during program execution. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the Keycloak identity and access management software lies in its susceptibility to attacks involving cross-site scripting (XSS). This vulnerability arises due to shortcomings in the security measures protecting the website structure, allowing attackers to carry out XSS attacks.
The vulnerability of the Keycloak identity and access management software is related to deficiencies in the security measures protecting the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
The vulnerability of the SaveUserSetting component in the SolarWinds Orion Platform software monitoring solution allows a hacker to execute arbitrary commands.
The vulnerability of the SaveUserSetting component in the SolarWinds Orion Platform software lies in the improper execution of certain actions. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the built-in software of the ARIS controller lies in the ability to load files of a harmful type without limitation, allowing a perpetrator to execute arbitrary code or cause a service failure.
The vulnerability of the built-in software of the ARIS controller is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause service failures...
The vulnerability of the Redis database management system, related to integer overflow when processing objects, allows a attacker to cause a service failure.
The vulnerability of the Redis database management system is related to integer overflow when processing objects. Exploiting this vulnerability can allow attackers to trigger a service failure using the SETRANGE and SORT/SORT-RO commands. source-iocs-preserved const=SORTRO...
Vulnerabilities of the xtables-nft-multi and xtables-legacy-multi tools in the iptables package of the EMIAS OS operating system, which allow a hacker to trigger a memory leak.
The vulnerabilities of the xtables-nft-multi and xtables-legacy-multi tools in the iptables package of the EMIAS OS operating system are related to memory release errors. Exploiting these vulnerabilities can allow an attacker to cause service failures or other adverse effects...
The vulnerability of the SetNetworkTomographySettings function in D-Link COVR 1200,1202,1203 router microprogramming software allows a hacker to execute arbitrary commands.
The vulnerability of the SetNetworkTomographySettings function in D-Link COVR 1200,1202,1203 router microprogramming software is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands throug...
The vulnerability of the Moxa MXView network control software lies in its lack of functionality for checking the path name of the restricted access directory. This allows a violator to execute arbitrary code.
The vulnerability of the Moxa MXView network control software is related to deficiencies in checking the path name to the restricted-access directory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
Microsoft Edge browser’s vulnerability, related to insecure management of privileges, allows attackers to elevate their privileges.
The vulnerability of Microsoft Edge relates to the insecure management of privileges. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...
The vulnerability of the microprogramming software of the HP LaserJet Professional M1210 series multifunctional devices allows a intruder to execute arbitrary code with application privileges.
The vulnerability of the microprogramming software of the HP LaserJet Professional M1210 series multifunctional device is related to errors in processing the relative path to the catalog. Exploiting this vulnerability can allow an attacker to execute arbitrary code with application privileges...
The vulnerability of the Manage Proxies component of the Oracle E-Business Suite automation system allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Manage Proxies component of the Oracle E-Business Suite automation system exists due to insufficient verification of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP...
The vulnerability of the Mozilla Firefox browser, related to errors in processing HTML content, allows a hacker to execute arbitrary code.
The vulnerability of the Mozilla Firefox browser is related to errors in processing HTML content. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created web page...
The vulnerability of IDEMIA’s biometric identification systems’ microprogramming software lies in the lack of authentication mechanisms, which allows attackers to bypass the authentication process.
The vulnerability of IDEMIA’s biometric identification systems’ microprogramming software is related to the absence of authentication. Exploiting this vulnerability could allow a malicious actor to bypass authentication and cause service failures...
The vulnerability of the Google Chrome web browser’s Extensions relates to the use of memory after it is released. This allows a malicious actor to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of Google Chrome’s browser Extensions relates to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and even cause service interruptions through a specially created HTML page...
The vulnerability of the fly-fm file manager, related to insufficient validation of input data, allows a hacker to trigger a service failure.
The vulnerability of the fly-fm file manager is related to incorrect calculation of MD5 in the program window. Exploiting this vulnerability allows a remote attacker to cause service interruptions...
The vulnerability of the zlib compression library in the “Avora” operating system, related to integer overflows, allows attackers to cause service failures or have unpredictable effects.
The vulnerability of the zlib compression library in the “Avora” operating system is related to integer overflows. Exploiting this vulnerability can allow attackers to cause service failures or have unpredictable effects using specially crafted .apk or .dex files...
The vulnerability of the ksys2.dll library in the KOMPAS-3D 3D modeling system, which is related to the execution of operations outside the buffer in memory, allows a hacker to cause a service failure.
The vulnerability of the ksys2.dll library in the KOMPAS-3D three-dimensional modeling system relates to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker to cause a service failure using the preview function for a specially crafted T3D...
The vulnerability of Firefox’s requestPointerLock() and setTimeout() methods allows a intruder to gain unauthorized access to protected information.
The vulnerabilities of the requestPointerLock and setTimeout methods in Firefox browsers stem from synchronization errors when using shared resources. Exploiting these vulnerabilities can allow an attacker to gain unauthorized access to protected information...
The vulnerability of the web application of the 1C:Enterprise system, related to the storage and transmission of data in an open manner, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the 1C:Enterprise web application relates to the storage and transmission of data in an open manner. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information...
The vulnerability of the KTS web interface “Mayak,” related to the failure to protect the SQL query structure, allows attackers to execute arbitrary SQL commands.
The vulnerability of the KTS “Lighthouse” web interface is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands using a specially crafted HTTP POST request...
The vulnerability of the “energo” database of the KTS “Mayak”, which allows a intruder to gain unauthorized access to protected information
The vulnerability of the “energo” database of the “Mayak” system is related to the storage of passwords in an unencrypted form. Exploiting this vulnerability could allow an intruder to gain unauthorized access to protected information...
The vulnerability of the ntopng monitoring software lies in its reliance on memory management after it is released. This allows a hacker to execute arbitrary code.
The vulnerability of the ntopng traffic monitoring software relates to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability in the web interface of the LuCI configuration interface in the embedded operating system OpenWrt allows a hacker to manipulate inter-site requests.
The vulnerability of the LuCI configuration web interface in the embedded operating system OpenWrt exists due to the improper functioning of the mechanism for protecting the web page structure. Exploiting this vulnerability allows a malicious actor to manipulate inter-site requests using certain...
The vulnerability of the cross-platform library LibVNCServer, which stems from the inability to release resources after their useful period has ended, allows attackers to gain unauthorized access to information.
The vulnerability of the cross-platform library LibVNCServer is related to the failure to release resources after the expiration of their useful period. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to information...
The vulnerability of the Diagnostic Framework component of the Oracle PeopleSoft Enterprise PeopleTools business application suite allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Diagnostic Framework component of the Oracle PeopleSoft Enterprise PeopleTools business application suite is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected...
The vulnerability of the Adobe Bridge file manager, related to writing beyond the buffer boundaries in memory, allows a hacker to execute arbitrary code.
The vulnerability of the Adobe Bridge file manager is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on the target system remotely...
The vulnerability of the GDI component in Windows operating systems, which allows a hacker to execute arbitrary code
The vulnerability of the Graphics Device Interface GDI component in Windows operating systems is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted web page or...
The vulnerabilities of the microprogrammed software of ZyXEL routers of the USG, UAG, ATP, VPN, and NXC series allow attackers to cause service failures or gain unauthorized access to protected information.
The vulnerability of microprogrammed ZyXEL routers of the USG, UAG, ATP, VPN, and NXC series is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures or gain unauthorized access to protected information...
The vulnerability of the Broadband Edge service in the Junos OS router MX Series allows a attacker to cause a service failure.
The vulnerability of the Broadband Edge service on Junos OS routers of the MX Series exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of the sanitize_filename function in the src/glib-utils.c file of the File Roller archive program allows a malicious actor to cause a service failure.
The vulnerability of the sanitizefilename function in the src/glib-utils.c file of the File Roller archive manager is related to a lack of mechanisms to restrict the path to the restricted directory. Exploiting this vulnerability could allow an attacker to cause service failure through a speciall...
The vulnerability of the Google Chrome browser, related to improper data processing, allows a hacker to replace the content in the Omnibox (URL).
The vulnerability of the Google Chrome browser is related to incorrect data processing. Exploiting this vulnerability allows a malicious actor to replace the content in the Omnibox URL bar using IDN homographs...
The vulnerability of the Enterprise Resource Management System “Galaktika ERP” allows a hacker to obtain arbitrary files from the server or overwrite arbitrary files with fixed data.
The vulnerability of the GALAXY ERP resource management system is related to architectural weaknesses in the components .res files that have XML file export functionality. Exploiting this vulnerability allows a malicious actor to read or re-write any file on the server by entering the file path...
The vulnerability of the fly-admin-dm graphic input component in the FLY operating system environment of Astra Linux, related to a resource management error, allows attackers to trigger a service failure.
The vulnerability of the fly-admin-dm graphic input component in the FLY operating environment of the Astra Linux system is related to inactive restart options. Exploiting this vulnerability allows a remote attacker to cause service failure...
The vulnerability of the FortiOS operating system, related to security configuration errors, allows attackers to circumvent existing security restrictions.
The vulnerability of the FortiOS operating system is related to security configuration errors. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions by using specially crafted SSL/TLS or HTTP traffic...
The vulnerability of the Astra Linux operating system, related to deficiencies in the screen locking mechanism, allows a intruder to bypass the screen lock mechanism.
The vulnerability of the Astra Linux operating system is related to deficiencies in the screen locking mechanism. Exploiting this vulnerability could allow a hacker to bypass the screen lock and gain access to execute code under the identity of the user who entered the system...
The vulnerability of the dvips application in the TeX Live typesetting system allows a attacker to execute arbitrary code or cause a service failure.
The vulnerability of the dvips application in the TeX Live typesetting system arises from buffer overflows during the processing of command-line parameters. Exploiting this vulnerability can allow an attacker to cause a malfunction of the application or execute arbitrary code by entering a...
Vulnerability of the start_TA_task function (with a shift of 0x137F7C) in the TEE OS Trusted Core component of the operating system’s SMC handler. This vulnerability allows a malicious actor to trigger a service failure in the Huawei Mate 9 Pro mobile phone’s microprogramming system.
The vulnerability of the startTAtask function with a offset of 0x137F7C in the SMC handler of the operating system TEE OS Trusted Core in the microprogramming environment of the Huawei Mate 9 Pro mobile phone is related to the assignment of an untrusted pointer. Exploiting this vulnerability can...
The vulnerability of the embedded software in the CNC11 TITANIUM mini system allows a hacker to gain full access to the system.
The vulnerability of the embedded software of the CNC11 TITANIUM mini system is related to the use of a default weak password for the root account, information about which is not available in the documentation. Exploiting this vulnerability could allow an attacker, operating remotely, to gain ful...
Vulnerability of the Server component: The Oracle MySQL Server database management system’s partitioning scheme allows attackers to gain unauthorized access to protected data or cause service failures.
Vulnerability of the Server component: The Oracle MySQL Server database management system’s partitioning scheme is vulnerable due to lack of access control mechanisms. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected data or cause service failures...
The vulnerability of the Java Advanced Management Console (Server) component of the Oracle Java SE software platform allows a perpetrator to gain unauthorized access to protected data or cause service failures.
The vulnerability of the Java Advanced Management Console Server component of the Oracle Java SE software platform is related to insufficient access control. Exploiting this vulnerability may allow an attacker operating remotely to gain unauthorized access to protected data or cause service...
The vulnerability of the Core Components of the identity management application for Oracle Identity Analytics allows a perpetrator to gain unauthorized access to data.
The vulnerability of the Core Components of the Oracle Identity Analytics application management application is related to lack of access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to data using the HTTP protocol...
The vulnerability of the IPA driver of the Qualcomm Data Network Stack & Connectivity operating system for Android from the CAF repository allows a hacker to increase their privileges.
The vulnerability of the IPA driver of the Qualcomm Data Network Stack & Connectivity operating system for Android, found in the CAF repository, relates to the use of memory after it is freed. Exploiting this vulnerability could allow a malicious actor to gain increased privileges remotely...
The vulnerability of the initDecoder function in the Android operating system allows a hacker to execute arbitrary code.
The vulnerability of the initDecoder function /media/libstagefright/codecs/hevcdec/SoftHEVC.cpp in the Android operating system is related to writing data beyond the buffer into memory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code within the context of a...
The vulnerability of the Android operating system, which allows a hacker to execute arbitrary code (memory corruption).
The vulnerability of the libavc component in the Android MediaServer operating system arises from an operation that occurs outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code memory corruption remotely, using a specially crafted media fil...
Multiple vulnerabilities exist in the embedded programmable logic controller OVEEN PLK110 software, allowing a malicious actor to cause malfunctions during maintenance operations.
Multiple vulnerabilities exist in the embedded programmable logic controller OVEEN PLK110’s software, due to insufficient testing of input data. Exploitation of these vulnerabilities could allow an attacker to trigger malfunctions by repeatedly sending specially crafted requests with randomly...
Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the accessibility of protected information
The multiple vulnerabilities in the fai-kernels package of the Debian GNU/Linux operating system may lead to a violation of the accessibility of protected information. These vulnerabilities can be exploited remotely...
Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the accessibility of protected information
The multiple vulnerabilities in the linux-headers-2.6.18-6 package of the Debian GNU/Linux operating system may lead to a violation of the accessibility of protected information. These vulnerabilities can be exploited remotely...
Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the accessibility of protected information
The multiple vulnerabilities in the linux-headers-2.6.18-6-all package of the Debian GNU/Linux operating system may lead to a violation of the accessibility of protected information. These vulnerabilities can be exploited remotely...
Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the accessibility of protected information
The multiple vulnerabilities in the kernel-headers-2.4.27-4-sparc64-smp Debian GNU/Linux operating system can lead to a violation of the accessibility of protected information. Exploitation of these vulnerabilities can be carried out remotely...