90509 matches found
The vulnerability of the ima component in the Linux operating system’s kernel allows a hacker to increase their privileges.
The vulnerability of the ima component in the Linux operating system’s kernel is related to memory corruption. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of Cobalt Ashlar-Vellum’s software-based parametric automated design and 3D modeling capabilities lies in its ability to exploit memory after release, allowing an attacker to execute arbitrary code.
The vulnerability of Cobalt Ashlar-Vellum’s parametric automated design and 3D modeling software lies in its ability to exploit memory after it is freed. Exploiting this vulnerability allows an attacker to execute arbitrary code within the context of the current process...
The vulnerability of UEFI microprogramming systems of Intel processors allows a hacker to trigger a malfunction during maintenance.
The vulnerability of UEFI microprogramming systems of Intel processors is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to cause a system failure...
The vulnerability of the VerifyHostKeyDNS component in the OpenSSH cryptographic security tool allows a attacker to perform XSS attacks.
The vulnerability of the VerifyHostKeyDNS component in the OpenSSH cryptographic security tool is related to deficiencies in error handling during host key verification. Exploiting this vulnerability allows a malicious actor to perform XSS attacks remotely...
Vulnerability eliminated
...
The vulnerability of the SPID.AspNetCore.Authentication library in the ASP.NET Core software platform allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the SPID.AspNetCore.Authentication library in the ASP.NET Core software platform is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information by sending specially crafted...
The vulnerability of the Linux operating system’s kernel phy component, which allows a hacker to access confidential information
The vulnerability of the Linux operating system’s kernel phy component is related to reading beyond the memory boundaries. Exploiting this vulnerability can allow an attacker to access confidential information...
The vulnerability of the software for developing and executing applications in the ABAP language on the SAP NetWeaver Application Server ABAP lies in the exposure of system data to unauthorized access within the controlled area. This allows attackers to disclose protected information.
The vulnerability of the software used for developing and executing applications in the ABAP language on the SAP NetWeaver Application Server ABAP is related to the disclosure of system data that is not protected by permissions within the controlled area. Exploiting this vulnerability can allow a...
The vulnerability of the SMEM partition in Qualcomm’s security microprogramming software allows attackers to disclose protected information.
The vulnerability of the SMEM microprogramming software for Qualcomm processors lies in reading data beyond the allowed range in memory. Exploiting this vulnerability can allow an attacker to disclose protected information...
The vulnerability of the DWFX software file used for viewing 3D models and project documents in Autodesk Navisworks Freedom; the software for modeling and analyzing 3D models in Autodesk Navisworks Simulate; and the software for analyzing, coordinating, and verifying 3D models and project data in Autodesk Navisworks Manage, allows a malicious actor to execute arbitrary code.
The vulnerability of the DWFX software file used for viewing 3D models and project documents in Autodesk Navisworks Freedom, as well as the software for modeling, analyzing, and simulating 3D models in Autodesk Navisworks Simulate, and the software for analyzing, coordinating, and verifying 3D...
The vulnerability of the scsidebug component in the Linux operating system’s kernel allows a hacker to gain elevated privileges within the system.
The vulnerability of the scsidebug component in the Linux operating system’s kernel is related to errors that occur during the respmodeselect function after it is freed. Exploiting this vulnerability can allow an attacker to gain elevated privileges within the system...
The vulnerability of the Fortinet FortiManager software, a centralized device management tool, arises from the lack of measures to neutralize specific elements, allowing a perpetrator to execute arbitrary code.
The vulnerability of the Fortinet FortiManager device management software is related to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the CyberPanel web hosting control panel, related to the lack of measures to neutralize specific elements, allows a hacker to execute arbitrary commands.
The vulnerability of the CyberPanel web hosting control panel exists due to the lack of measures taken to neutralize certain elements. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary commands using a specially created HTTP OPTIONS request...
The vulnerability of the Moodle management system arises from the lack of measures taken to protect the structure of the web page, allowing attackers to execute arbitrary code.
The vulnerability of the Moodle administration system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the installer for Intel Advanced Link Analyzer, a tool for analyzing and optimizing network connections, allows a hacker to enhance their privileges.
The vulnerability of the Intel Advanced Link Analyzer, a tool for analyzing and optimizing network connections, is related to errors in privilege assignment. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the dwfcore.dll library in Autodesk Navisworks allows a perpetrator to execute arbitrary code.
The vulnerability of the dwfcore.dll library in Autodesk Navisworks software is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
The vulnerability of the ODXSW_DLL.dll library in the AutoCAD simulation, design, and drafting software allows a perpetrator to execute arbitrary code.
The vulnerability of the ODXSWDLL.dll library, which is used in AutoCAD software for simulation, design, and drafting, arises due to an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely, using a...
The vulnerability of the debugfs_remove_recursive() function in the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the debugfsremoverecursive function in the Linux operating system is related to errors during resource release. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the listExtensions method implementation in the VMware Hybrid Cloud Extension (HCX) migration software allows a attacker to execute arbitrary code.
The vulnerability of the listExtensions method implementation in the VMware Hybrid Cloud Extension HCX migration software relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created SQ...
The vulnerability of the __nss_database_lookup component in the Virtuoso-opensource web application development platform allows a attacker to trigger a service failure.
The vulnerability of the nssdatabaselookup component in the Virtuoso-opensource web application development platform is related to improper elimination of special elements used in SQL commands. Exploiting this vulnerability can allow an attacker to trigger a service failure using specially create...
The vulnerability of the Passwork password manager lies in the improper implementation of the sequence of actions required for processing tasks. This allows attackers to compromise the integrity of the protected information.
The vulnerability of the Passwork password manager is related to the incorrect implementation of the sequence of actions performed. Exploiting this vulnerability allows a malicious actor, operating remotely, to compromise the integrity of the protected information...
The vulnerability of the sun6i component of the Linux operating system’s kernel allows a hacker to gain unauthorized access to confidential information within the system.
The vulnerability of the sun6i component in the Linux operating system’s kernel is related to competitive access to resources a state of competition. Exploiting this vulnerability allows an attacker to execute arbitrary code with elevated privileges...
The vulnerability of the msp_info.htm file on the D-Link DI-8100G network device allows a hacker to bypass security restrictions and execute arbitrary commands.
The vulnerability of the mspinfo.htm file on the D-Link DI-8100G network device is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to bypass security restrictions and execute arbitra...
The vulnerability of the “file” parameter in the netshop CMS system’s Netcat module allows a hacker to execute arbitrary JavaScript code.
The vulnerability of the “file” parameter in the netshop CMS system’s Netcat module exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute any arbitrary JavaScript code in the user’s browser remotely...
The vulnerability of the mp3_dmx_process() function on the GPAC multimedia platform allows a hacker to cause a service failure.
The vulnerability of the mp3dmxprocess function on the GPAC multimedia platform is related to buffer overflow attacks. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
The vulnerability of the `/settings/store` API of the pgAdmin database management tool allows a hacker to perform a cross-site scripting attack.
The vulnerability of the /settings/store API of the pgAdmin database management tool is related to the lack of security measures for the website structure. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...
The vulnerability of the Adobe Animate software for creating multimedia and computer animations lies in a buffer overflow in dynamic memory, allowing an attacker to execute arbitrary code.
The vulnerability of the Adobe Animate software for creating multimedia and computer animations is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially crafted file...
The vulnerability of the AddReportResult method in the SolarWinds Access Rights Manager software allows a perpetrator to gain access to read, modify, or delete data.
The vulnerability of the AddReportResult method in the SolarWinds Access Rights Manager ARM access control software is related to incorrect restrictions on the path to the restricted directory. Exploiting this vulnerability could allow an attacker to gain read, modify, or delete access to data...
The vulnerability of the RubyGems.org repository, related to uncontrolled resource consumption, allows a hacker to cause a service failure.
The vulnerability of the RubyGems.org repository for programming languages involves an uncontrolled consumption of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures...
The vulnerability in the Splunk Web interface of the Splunk Enterprise operating analysis platform allows a perpetrator to carry out cross-site scripting attacks.
The vulnerability of the Splunk Web interface of the Splunk Enterprise operating analysis platform is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...
The vulnerability of the “SMART/WEB Service Management” software suite, related to deficiencies in the authentication process, allows a perpetrator to gain access to protected information without going through the authentication process.
The vulnerability of the “SMART/WEB Service Management” software suite is related to deficiencies in the authentication process. Exploiting this vulnerability allows an attacker to gain access to protected information without going through the authentication process...
The vulnerability of the WSDL query processor in the “Update Service” software allows a attacker to gain read access to local files.
The vulnerability of the WSDL query processor in the “Update Service” software is related to an incorrect limitation on the path name to the directory. Exploiting this vulnerability could allow a malicious actor to gain read access to local files...
The vulnerability of the Microsoft Dynamics 365 Business Central software for small and medium-sized businesses stems from deficiencies in the authentication process, which allows attackers to escalate their privileges.
The vulnerability of the Microsoft Dynamics 365 Business Central software for small and medium-sized businesses is related to deficiencies in the authentication process. Exploiting this vulnerability could allow attackers to increase their privileges remotely...
The vulnerability of the network routing implementation software on Unix-like systems, related to memory release errors, allows a hacker to cause a service failure.
The vulnerability of the FRRouting software for implementing network routing on Unix-like systems is related to the improper processing of the BGP UPDATE message created with the MPUNREACHNLRI attribute and additional data NLRI. Exploiting this vulnerability can allow a malicious actor to cause...
The vulnerability of the CMS system Netcat, related to the manipulation of inter-site requests, allows attackers to enhance their privileges and execute arbitrary code.
The vulnerability of the CMS system Netcat is related to the manipulation of inter-site requests. Exploiting this vulnerability can allow a remote attacker to enhance their privileges and execute arbitrary code...
The vulnerability of the POST SMTP Mailer plugin in the WordPress content management system allows a hacker to bypass the API key and gain unauthorized access to protected information.
The vulnerability of the POST SMTP Mailer plugin in the WordPress content management system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to compromise the API keys and gain unauthorized access to protected information...
The vulnerability of embedded software developed by Qualcomm, related to deficiencies in the use of the assert() function, allows attackers to trigger a service failure.
The vulnerability of embedded software developed for Qualcomm chips lies in the improper implementation of the channel bandwidth division mechanism and the switching between subbands when performing Beam Switching. This occurs due to the use of the assert function. Exploiting this vulnerability c...
The vulnerability of the command-line interface (CLI) of Juniper Networks’ Junos OS Evolved operating system, which allows a attacker to trigger a service failure.
The vulnerability of the command-line interface CLI of Juniper Networks’ Junos OS Evolved operating system is related to incorrect checking of the return value of methods or functions. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the SaveUserSetting component in the SolarWinds Orion Platform software monitoring solution allows a hacker to execute arbitrary commands.
The vulnerability of the SaveUserSetting component in the SolarWinds Orion Platform software lies in the improper execution of certain actions. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the built-in software of the ARIS controller, related to uncontrolled resource consumption, allows a intruder to cause a service failure.
The vulnerability of the built-in software of the ARIS controller is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause service failures by sending a specially crafted network packet...
The vulnerability in the web interface for managing microprogrammed software routers of Cisco Small Business models RV016, RV042, RV042G, RV082, RV320, and RV325 allows attackers to execute cross-site scripting (XSS) attacks.
The vulnerability in the web interface for managing microprogrammed software routers of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform...
The vulnerability of the Apex-VUZ education automation system, related to insufficient access control, allows a perpetrator to download photos of profiles of all used accounts.
The vulnerability of the Apex-VUZ education automation system’s web interface is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to download photos of profiles of all user accounts by sending a specially crafted request...
The vulnerability of the LoginForm and RegisterForm data transmission forms in the Apex-VUZ automation system allows a perpetrator to gain access to user account information.
The vulnerability of the LoginForm and RegisterForm data transmission forms in the Apex-VUZ automation system is related to the transmission of data in an open manner. Exploiting this vulnerability can allow a malicious actor to gain access to user credentials...
The vulnerability of the WEB_DisplayPage() function in D-Link’s wireless access points DAP-2020 and DAP-1360 allows a hacker to execute arbitrary code.
The vulnerability of the WEBDisplayPage function in D-Link’s wireless access points DAP-2020 and DAP-1360 is related to buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to execute arbitrary code remotely...
The vulnerability of the Microsoft ODBC operating system driver allows a hacker to execute arbitrary code.
The vulnerability of the Microsoft ODBC operating system driver exists due to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of Websoft HCM’s automation software for HR processes lies in its uncontrolled resource consumption, which allows attackers to trigger service interruptions.
The vulnerability of Websoft HCM’s automation software for HR processes is related to an uncontrolled consumption of resources. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...
The vulnerability of the embedded images of the ControlWave telemechanics controller allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of embedded images of telemechanics controllers from ControlWave is related to insufficient verification of data authenticity. Exploiting this vulnerability can allow an attacker operating remotely to gain access to confidential data, compromise its integrity, and even cause...
The vulnerability of the microprogrammed logic controllers ACE1000, related to the use of rigidly encrypted account data for five SSH accounts, allows a intruder to gain unauthorized access to protected information.
The vulnerability of the microprogrammed logic controllers ACE1000 relates to the use of rigidly encoded credentials for five SSH accounts. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the URL_GetProtocolType function in the MP4Box multimedia platform’s command allows a hacker to induce a service failure.
The vulnerability of the URLGetProtocolType function in the MP4Box multimedia platform of GPAC is related to writing beyond the buffer boundaries. Exploiting this vulnerability allows a malicious actor to cause service failures using a specially created file...
The vulnerability of the webNasIPS module of the TerraMaster operating system for TerraMaster TNAS storage devices allows a hacker to gain access to protected information.
The vulnerability of the webNasIPS module in the TerraMaster operating system for data storage devices called TerraMaster TNAS is related to the possibility of executing arbitrary commands. Exploiting this vulnerability could allow a malicious actor to gain access to protected information...