90604 matches found
The vulnerability of the Windows GDI component in Windows operating systems allows attackers to disclose protected information.
The vulnerability of the Windows GDI component in Windows operating systems is related to deficiencies in security mechanisms. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...
The vulnerability of the UnicodeString::doAppend function in the International Components for Unicode library, related to integer overflow in the data structure, allows an attacker to gain unauthorized access to confidential data, trigger a service failure, or compromise the integrity of the data.
The vulnerability of the UnicodeString::doAppend function in the International Components for Unicode library is related to integer overflow in the data structure. Exploitation of this vulnerability could allow an attacker to gain unauthorized access to confidential data, cause service failures, ...
The vulnerability of the GDI component in Windows operating systems, which allows a hacker to execute arbitrary code
The vulnerability of the Graphics Device Interface GDI component in Windows operating systems is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted web page or...
The vulnerability of the PluginTIFF.cpp component in the FreeImages graphics format library, which arises from allowing the operation to be within acceptable buffer data limits, allows a hacker to cause a service failure.
The vulnerability of the PluginTIFF.cpp component in the FreeImages graphics format library is related to the execution of operations that exceed the allowable buffer data size limits. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the Google Chrome browser, related to improper data processing, allows a hacker to replace the content in the Omnibox (URL).
The vulnerability of the Google Chrome browser is related to incorrect data processing. Exploiting this vulnerability allows a malicious actor to replace the content in the Omnibox URL bar using IDN homographs...
The vulnerability of the Hyper-V hardware virtualization system in the Windows operating system allows a hacker to trigger a service failure.
The vulnerability of the Hyper-V hardware virtualization system and the Windows operating system is related to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures through a specially created application...
The vulnerability of the composite manager in the Astra Linux operating system allows a intruder to trigger a service failure.
The vulnerability of the Compton manager in the Astra Linux operating system is related to errors in multi-monitor configurations. Exploiting this vulnerability can allow an attacker to cause service failures...
The vulnerability of the FortiOS operating system, related to security configuration errors, allows attackers to circumvent existing security restrictions.
The vulnerability of the FortiOS operating system is related to security configuration errors. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions by using specially crafted SSL/TLS or HTTP traffic...
The vulnerability of the JunOS operating system, related to security configuration errors, allows attackers to compromise the integrity of protected information.
The vulnerability of the JunOS operating system is related to security configuration errors due to reserved multicast addresses like 224.0.0.x not being correctly aligned with addresses like 224.x.x.x. Exploiting this vulnerability allows a malicious actor to compromise the integrity of protected...
Vulnerability in the antivirus component of the Secret Net Studio information protection system, allowing a perpetrator to trigger a service failure
The vulnerability in the antivirus component of the Secret Net Studio information protection system is related to buffer overflow. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the dvips application in the TeX Live typesetting system allows a attacker to execute arbitrary code or cause a service failure.
The vulnerability of the dvips application in the TeX Live typesetting system arises from buffer overflows during the processing of command-line parameters. Exploiting this vulnerability can allow an attacker to cause a malfunction of the application or execute arbitrary code by entering a...
The vulnerability of the h5ls content analysis program arises from buffer overflows during the processing of command-line parameters, allowing attackers to cause service interruptions.
The vulnerability of the h5ls content analysis program arises due to buffer overflows during the processing of command-line parameters. Exploiting this vulnerability can allow an attacker to cause a service failure by entering a specially crafted sequence of data in the command line...
Vulnerability of the start_TA_task function (with a shift of 0x137F7C) in the TEE OS Trusted Core component of the operating system’s SMC handler. This vulnerability allows a malicious actor to trigger a service failure in the Huawei Mate 9 Pro mobile phone’s microprogramming system.
The vulnerability of the startTAtask function with a offset of 0x137F7C in the SMC handler of the operating system TEE OS Trusted Core in the microprogramming environment of the Huawei Mate 9 Pro mobile phone is related to the assignment of an untrusted pointer. Exploiting this vulnerability can...
The vulnerability of the web interface of the Cisco Registered Envelope Service allows a perpetrator to execute arbitrary JavaScript code and gain unauthorized access to the protected information.
The vulnerability of the Cisco Registered Envelope Service RES web interface lies in the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code and gain unauthorized access to protected informati...
The vulnerability of the embedded software in the CNC11 TITANIUM mini system allows a hacker to gain full access to the system.
The vulnerability of the embedded software of the CNC11 TITANIUM mini system is related to the use of a default weak password for the root account, information about which is not available in the documentation. Exploiting this vulnerability could allow an attacker, operating remotely, to gain ful...
Vulnerability of the Server component: The Oracle MySQL Server database management system’s partitioning scheme allows attackers to gain unauthorized access to protected data or cause service failures.
Vulnerability of the Server component: The Oracle MySQL Server database management system’s partitioning scheme is vulnerable due to lack of access control mechanisms. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected data or cause service failures...
The vulnerability of Siemens’ PROFINET DCP software, related to insufficient validation of input data, allows a intruder to trigger a service failure.
The vulnerability of Siemens’ PROFINET DCP software is related to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures in the local Ethernet segment using specially crafted PROFINET DCP packets...
The vulnerability of the Core Components of the identity management application for Oracle Identity Analytics allows a perpetrator to gain unauthorized access to data.
The vulnerability of the Core Components of the Oracle Identity Analytics application management application is related to lack of access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to data using the HTTP protocol...
The vulnerability of the initDecoder function in the Android operating system allows a hacker to execute arbitrary code.
The vulnerability of the initDecoder function /media/libstagefright/codecs/hevcdec/SoftHEVC.cpp in the Android operating system is related to writing data beyond the buffer into memory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code within the context of a...
The vulnerability of the Android operating system, which allows a hacker to execute arbitrary code (memory corruption).
The vulnerability of the libavc component in the Android MediaServer operating system arises from an operation that occurs outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code memory corruption remotely, using a specially crafted media fil...
Multiple vulnerabilities exist in the embedded programmable logic controller OVEEN PLK110 software, allowing a malicious actor to cause malfunctions during maintenance operations.
Multiple vulnerabilities exist in the embedded programmable logic controller OVEEN PLK110’s software, due to insufficient testing of input data. Exploitation of these vulnerabilities could allow an attacker to trigger malfunctions by repeatedly sending specially crafted requests with randomly...
Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the accessibility of protected information
The multiple vulnerabilities in the linux-headers-2.6.18-6-all-alpha package of the Debian GNU/Linux operating system may lead to a violation of the accessibility of protected information. These vulnerabilities can be exploited remotely...
Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the accessibility of protected information
The multiple vulnerabilities in the linux-headers-2.6.18-6-all-powerpc package of the Debian GNU/Linux operating system may lead to a violation of the accessibility of protected information. These vulnerabilities can be exploited remotely...
The vulnerability of the Gentoo Linux operating system allows a malicious individual to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the id3lib package up to version 3.8.3-r6 in the Gentoo Linux operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited locally...
The vulnerability of the JavaScript library for creating dynamic and interactive Billboard.js charts lies in the uncontrolled modification of prototype attributes of objects. This allows attackers to execute arbitrary code and cause service failures.
The vulnerability of the JavaScript library for creating dynamic and interactive Billboard.js charts is related to uncontrolled changes to object prototype attributes. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code and cause service interruptions...
The vulnerability of the ERR_bugcheck_msg() function in the err.cpp module of the “Red Database” database management system allows a hacker to trigger a service failure.
The vulnerability of the ERRbugcheckmsg function in the err.cpp module of the “Red Database” database management system is related to an uncontrolled recursion. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the xmlrpc component in the Apache Nuttx operating system, which allows a hacker to trigger a service failure.
The vulnerability of the xmlrpc component in the Apache Nuttx operating system is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a remote attacker to cause a service failure...
The vulnerability of the IBM InfoSphere Information Server software platform, related to the transmission of data in an open manner, allows attackers to gain unauthorized access to protected information.
The vulnerability of the IBM InfoSphere Information Server software platform is related to the transfer of data in an open manner. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the dmaengine kernel component in the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the dmaengine kernel component in the Linux operating system is related to a memory leak. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the FortiOS operating system in the FortiGate 200F network firewall allows a attacker to execute a brute-force attack.
The vulnerability of the FortiOS operating system for the FortiGate 200F network firewall is related to security mechanism flaws. Exploiting this vulnerability could allow a malicious actor to execute a brute-force attack remotely...
The vulnerability of the DIWEB virtual machine on the Dionis-NX system allows a hacker to elevate their privileges to the root level.
The vulnerability of the DIWEB virtual machine Dionis-NX relates to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a malicious actor to elevate their privileges to root level by executing a specially crafted command from an SSH client...
The vulnerability of the PSL validation mechanism in the Apache HttpClient client module of Apache HttpComponents allows a attacker to perform a CSRF attack.
The vulnerability of the PSL validation mechanism in the Apache HttpClient client module of Apache HttpComponents is related to errors in the certificate authentication process. Exploiting this vulnerability can allow a malicious actor to execute a CSRF attack remotely...
The vulnerability of the multi-platform SCADA system KROON-TM, related to the use of a rigidly encrypted cryptographic key for the SSL certificate, allows a intruder to gain unauthorized access to protected information.
The vulnerability of the multi-platform SCADA system KROON-TM is related to the use of a rigidly encrypted cryptographic key for the SSL certificate. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of Microsoft Excel spreadsheet editors in Microsoft Office packages and Microsoft 365 Apps for Enterprise allows a perpetrator to execute arbitrary code.
The vulnerability of Microsoft Excel spreadsheet editors within the Microsoft Office and Microsoft 365 Apps for Enterprise software packages is related to data type mixing errors. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the XWiki platform for creating collaborative web applications lies in errors that occur when using privileged application programming interfaces (APIs). This allows a malicious individual to gain access to read, modify, and delete user accounts.
The vulnerability of the XWiki Platform relates to errors that occur when using privileged application programming interfaces APIs. Exploiting this vulnerability can allow a malicious actor to gain access to read, modify, and delete user accounts...
The vulnerability of the irqfd_wakeup() function in Linux kernel-based Xen drivers allows a hacker to trigger a service failure.
The vulnerability of the irqfdwakeup function in Xen kernel-based Linux operating system drivers is related to insufficient resource locking. Exploiting this vulnerability can allow an attacker to trigger a service failure...
The vulnerability of Cobalt Ashlar-Vellum’s software-based parametric automated design and 3D modeling capabilities lies in its ability to exploit memory after release, allowing an attacker to execute arbitrary code.
The vulnerability of Cobalt Ashlar-Vellum’s parametric automated design and 3D modeling software lies in its ability to exploit memory after it is freed. Exploiting this vulnerability allows an attacker to execute arbitrary code within the context of the current process...
Vulnerability eliminated
...
The vulnerability of UEFI microprogramming systems of Intel processors allows a hacker to trigger a malfunction during maintenance.
The vulnerability of UEFI microprogramming systems of Intel processors is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to cause a system failure...
The vulnerability of the firmware component of the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the Linux operating system’s kernel firmware component is related to improper locking mechanisms. Exploiting this vulnerability can allow an attacker to cause a service failure...
Vulnerability eliminated
...
The vulnerability of the SPID.AspNetCore.Authentication library in the ASP.NET Core software platform allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the SPID.AspNetCore.Authentication library in the ASP.NET Core software platform is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information by sending specially crafted...
The vulnerability of the Linux operating system’s kernel phy component, which allows a hacker to access confidential information
The vulnerability of the Linux operating system’s kernel phy component is related to reading beyond the memory boundaries. Exploiting this vulnerability can allow an attacker to access confidential information...
The vulnerability of the software for developing and executing applications in the ABAP language on the SAP NetWeaver Application Server ABAP lies in the exposure of system data to unauthorized access within the controlled area. This allows attackers to disclose protected information.
The vulnerability of the software used for developing and executing applications in the ABAP language on the SAP NetWeaver Application Server ABAP is related to the disclosure of system data that is not protected by permissions within the controlled area. Exploiting this vulnerability can allow a...
The vulnerability of the SMEM partition in Qualcomm’s security microprogramming software allows attackers to disclose protected information.
The vulnerability of the SMEM microprogramming software for Qualcomm processors lies in reading data beyond the allowed range in memory. Exploiting this vulnerability can allow an attacker to disclose protected information...
The vulnerability of the DWFX software file used for viewing 3D models and project documents in Autodesk Navisworks Freedom; the software for modeling and analyzing 3D models in Autodesk Navisworks Simulate; and the software for analyzing, coordinating, and verifying 3D models and project data in Autodesk Navisworks Manage, allows a malicious actor to execute arbitrary code.
The vulnerability of the DWFX software file used for viewing 3D models and project documents in Autodesk Navisworks Freedom, as well as the software for modeling, analyzing, and simulating 3D models in Autodesk Navisworks Simulate, and the software for analyzing, coordinating, and verifying 3D...
The vulnerability of the scsidebug component in the Linux operating system’s kernel allows a hacker to gain elevated privileges within the system.
The vulnerability of the scsidebug component in the Linux operating system’s kernel is related to errors that occur during the respmodeselect function after it is freed. Exploiting this vulnerability can allow an attacker to gain elevated privileges within the system...
The vulnerability of the Fortinet FortiManager software, a centralized device management tool, arises from the lack of measures to neutralize specific elements, allowing a perpetrator to execute arbitrary code.
The vulnerability of the Fortinet FortiManager device management software is related to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the khugepaged component in the Linux operating system’s kernel allows a hacker to read and manipulate data.
The vulnerability of the khugepaged component in the Linux operating system’s kernel is related to insecure management of privileges. Exploiting this vulnerability could allow an attacker to read and manipulate data...
The vulnerability of the installer for Intel Advanced Link Analyzer, a tool for analyzing and optimizing network connections, allows a hacker to enhance their privileges.
The vulnerability of the Intel Advanced Link Analyzer, a tool for analyzing and optimizing network connections, is related to errors in privilege assignment. Exploiting this vulnerability can allow attackers to enhance their privileges...