90604 matches found
The vulnerability of the Go programming language, related to errors in processing special symbols "<>" in CSS contexts, allows attackers to execute arbitrary code.
The vulnerability of the Go programming language is related to errors in processing special symbols "" within CSS contexts. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the built-in software of the ARIS controller, related to uncontrolled resource consumption, allows a intruder to cause a service failure.
The vulnerability of the built-in software of the ARIS controller is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause service failures by sending a specially crafted network packet...
The vulnerability in the web interface for managing microprogrammed software routers of Cisco Small Business models RV016, RV042, RV042G, RV082, RV320, and RV325 allows attackers to execute cross-site scripting (XSS) attacks.
The vulnerability in the web interface for managing microprogrammed software routers of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform...
The vulnerability of the LoginForm and RegisterForm data transmission forms in the Apex-VUZ automation system allows a perpetrator to gain access to user account information.
The vulnerability of the LoginForm and RegisterForm data transmission forms in the Apex-VUZ automation system is related to the transmission of data in an open manner. Exploiting this vulnerability can allow a malicious actor to gain access to user credentials...
The vulnerability of the Apex-VUZ education automation system, related to insufficient access control, allows a perpetrator to download photos of profiles of all used accounts.
The vulnerability of the Apex-VUZ education automation system’s web interface is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to download photos of profiles of all user accounts by sending a specially crafted request...
The vulnerability of the WEB_DisplayPage() function in D-Link’s wireless access points DAP-2020 and DAP-1360 allows a hacker to execute arbitrary code.
The vulnerability of the WEBDisplayPage function in D-Link’s wireless access points DAP-2020 and DAP-1360 is related to buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to execute arbitrary code remotely...
The vulnerability of Moxa VPORT 06EC-2V IP camera software and Moxa VPort 461A video encoder software, related to pointer swapping errors, allows a intruder to execute a brute-force attack.
The vulnerability of Moxa VPORT 06EC-2V IP camera microprogramming software and Moxa VPort 461A video encoder microprogramming software is related to errors in parameter processing involving pointers. Exploiting this vulnerability allows a remote attacker to execute a brute-force attack...
The vulnerability of the Microsoft ODBC operating system driver allows a hacker to execute arbitrary code.
The vulnerability of the Microsoft ODBC operating system driver exists due to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of Websoft HCM’s automation software for HR processes lies in its uncontrolled resource consumption, which allows attackers to trigger service interruptions.
The vulnerability of Websoft HCM’s automation software for HR processes is related to an uncontrolled consumption of resources. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...
The vulnerability of the embedded images of the ControlWave telemechanics controller allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of embedded images of telemechanics controllers from ControlWave is related to insufficient verification of data authenticity. Exploiting this vulnerability can allow an attacker operating remotely to gain access to confidential data, compromise its integrity, and even cause...
The vulnerability of the microprogrammed logic controllers ACE1000, related to the use of rigidly encrypted account data for five SSH accounts, allows a intruder to gain unauthorized access to protected information.
The vulnerability of the microprogrammed logic controllers ACE1000 relates to the use of rigidly encoded credentials for five SSH accounts. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the URL_GetProtocolType function in the MP4Box multimedia platform’s command allows a hacker to induce a service failure.
The vulnerability of the URLGetProtocolType function in the MP4Box multimedia platform of GPAC is related to writing beyond the buffer boundaries. Exploiting this vulnerability allows a malicious actor to cause service failures using a specially created file...
The vulnerability of the webNasIPS module of the TerraMaster operating system for TerraMaster TNAS storage devices allows a hacker to gain access to protected information.
The vulnerability of the webNasIPS module in the TerraMaster operating system for data storage devices called TerraMaster TNAS is related to the possibility of executing arbitrary commands. Exploiting this vulnerability could allow a malicious actor to gain access to protected information...
The vulnerability of theutils.cfc component in the ColdFusion software platform allows attackers to execute arbitrary code.
The vulnerability of theutils.cfc component in the ColdFusion software platform allows unauthenticated attackers to execute arbitrary code by connecting to any LDAP server via the verifyldapserver parameter...
The vulnerability of the Evolution CMS system, related to the lack of measures taken to protect the website structure, allows attackers to execute cross-site scripting attacks (XSS).
The vulnerability of the Evolution CMS content management system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...
The vulnerability of the GitBucket collaborative development web service lies in its lack of protection for website structures, allowing attackers to execute arbitrary code.
The vulnerability in the collaborative development web service GitBucket is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of IDEMIA’s biometric identification systems’ microprogramming software lies in the lack of authentication mechanisms, which allows attackers to bypass the authentication process.
The vulnerability of IDEMIA’s biometric identification systems’ microprogramming software is related to the absence of authentication. Exploiting this vulnerability could allow a malicious actor to bypass authentication and cause service failures...
The vulnerability in the index.php script of the D-Link DSL-3782 router’s microprogramming software allows a hacker to execute arbitrary code.
The vulnerability of the index.php script in the D-Link DSL-3782 router microprogramming system is related to incorrect code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the “ord” parameter in the “company_list” component of the Advantech R-SeeNet monitoring software allows a hacker to perform cross-site scripting attacks.
The vulnerability of the monitoring software for the status and functions of Advantech R-SeeNet routers is related to incorrect validation of input data. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks by sending specially crafted SQL queries...
The vulnerability of the ngx_memcpy function in the OpenResty web server, related to buffer overflows, allows attackers to cause a service failure.
The vulnerability of the memcpy-param-overlap function in the OpenResty web server is related to buffer overflow attacks. Exploiting this vulnerability can allow attackers to cause service interruptions...
The vulnerability of the Synergia operating system, related to errors in access control policies of SELinux, allows a perpetrator to gain read access to system files.
The vulnerability of the Synergia operating system is related to errors in access control policies of SELinux. Exploiting this vulnerability can allow an attacker to gain read access to system files...
The vulnerability of AMD’s microprogrammed software for processors lies in the speculative execution of read and write operations that access memory using invalid non- canonical addresses. This allows a hacker to exploit the vulnerability to gain access to information about the CPU’s address space.
The vulnerability of AMD’s microprogramming software is related to speculative operations for reading and writing data to memory, involving the use of non- canonical addresses. Exploiting this vulnerability can allow an attacker to gain access to information about the CPU’s address space, by usin...
The vulnerability of the Radare2 reverse-engineering system, related to the use of memory after it is freed, allows a hacker to cause a service failure.
The vulnerability of the Radare2 reverse-engineering system is related to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to cause a service failure...
The vulnerability of the TrustAccess network firewall, related to deficiencies in information protection mechanisms, allows attackers to perform privileged operations.
The vulnerability of TrustAccess is related to deficiencies in information protection mechanisms. Exploiting this vulnerability allows a perpetrator with access to the directory where TrustAccess is installed to perform privileged operations through a DLL hijacking attack. This is achieved by...
The vulnerability of Moxa EDR-810 microcontroller software-related microprogramming systems, due to problems with the use of cryptography, allows a perpetrator to gain access to confidential data.
The vulnerability of Moxa EDR-810 microcontroller software is related to issues with the use of cryptography. Exploiting this vulnerability could allow a malicious actor to gain access to confidential data...
The vulnerability of Moxa EDR-810 microcontroller software, related to buffer overflow in the stack, allows a hacker to execute arbitrary code.
The vulnerability of Moxa EDR-810 microcontroller-based software is related to buffer overflow in the stack. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Elastic Cloud Enterprise analytics platform, related to security configuration errors, allows a perpetrator to gain access to protected information.
The vulnerability of the Elastic Cloud Enterprise analytics platform is related to security configuration errors. Exploiting this vulnerability can allow a malicious actor to gain access to protected information...
The vulnerability of the FreeIPA Astra-freeipa certificate creation and update tool is related to an unreliable search process, which allows a perpetrator to compromise the integrity of the data.
The vulnerability of the FreeIPA Astra-freeipa certificate creation and renewal tool is related to improper searching for existing keys. Exploiting this vulnerability allows a remote attacker to compromise the integrity of data...
The vulnerability of the `gh_finish_to_bv` function in the library, which performs security transformations using GOST algorithms, is related to insufficient data processing within the security mechanisms. This vulnerability allows attackers to gain access to confidential data.
The vulnerability of the ghfinishtobv function in the library, which performs security transformations using GOST algorithms, is related to the leakage of user passwords during the creation of a copy cx2 of the ghcontext structure. Exploiting this vulnerability allows an attacker to gain access t...
The vulnerability of the fly-qdm GUI input software, related to a code error, allows a intruder to access confidential data.
The vulnerability of the fly-qdm GUI login software lies in the absence of a warning when an outdated password is used during password changes. Exploiting this vulnerability allows a remote attacker to gain access to confidential data...
The vulnerability of the module for creating, editing, and saving diagrams of typical and business processes, determining process properties, creating lists of associated objects “LOCMAN WorkFlow Designer” of the engineering data management system, and the product lifecycle management system LOCMAN:PLM. This vulnerability is related to the unlimited loading of dangerous type files, allowing attackers to execute arbitrary code.
The vulnerability of the module responsible for creating, editing, and saving diagrams of typical and working business processes, as well as defining properties of these processes, and creating lists of associated objects in the “LOZMAN Workflow Designer” system for managing engineering data and...
The vulnerability of the kmath.dll library in the KOMPAS-3D 3D modeling system, related to the execution of operations outside the buffer in memory, allows a hacker to cause a service failure.
The vulnerability of the kmath.dll library in the KOMPAS-3D 3D modeling system relates to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a service failure using a specially crafted T3D format file...
The vulnerability of the acron application library of Avrora Center, related to uncontrolled resource consumption, allows a perpetrator to cause a service failure.
The vulnerability of the acron application library in Avroa Software Solutions is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service failures using a specially crafted regular expression...
The vulnerability of the eDocLib platform for storing and processing corporate data arises from the lack of measures taken to protect the website structure. This vulnerability allows attackers to carry out cross-site scripting attacks.
The vulnerability of the eDocLib platform for storing and processing corporate data exists due to the lack of measures taken to protect its web page structure. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary code in the user’s browser by creating a...
The vulnerability of the Sailfish Browser application for the “Avora” operating system, related to buffer overflow in the stack, allows a hacker to trigger a service failure or execute arbitrary code.
The vulnerability of the Sailfish Browser application for the “Avora” operating system is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to cause service failures or execute arbitrary code...
The vulnerability of the document.title property in the Sailfish Browser application for the “Autora” operating system, related to buffer overflow in the stack, allows a attacker to trigger a service failure or execute arbitrary code.
The vulnerability of the document.title property in the Sailfish Browser application for the “Autora” operating system is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to cause a service failure or execute arbitrary code...
The vulnerability of the TrueConf Server software, related to deficiencies in the token management mechanism for user accounts, allows a hacker to gain access to the user account.
The vulnerability of the TrueConf Server software is related to deficiencies in the mechanism for managing user tokens. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to the TrueConf Server under a user’s identity...
The vulnerability of the TrueConf software, related to insufficient requirements for password complexity, allows a hacker to gain access to the user account.
The vulnerability of the TrueConf software is related to insufficient requirements for the complexity of passwords. Exploiting this vulnerability can allow a malicious actor to gain access to user accounts by guessing passwords...
The vulnerability of the init process of the loginctl subsystem of Systemd, related to security configuration errors, allows a perpetrator to access confidential data.
The vulnerability of the loginctl process in the initialization and service management subsystem of Systemd is related to security configuration errors. Exploiting this vulnerability can allow an attacker to access confidential data...
The vulnerability of the KTS web interface “Mayak,” related to the failure to protect the SQL query structure, allows attackers to execute arbitrary SQL commands.
The vulnerability of the KTS “Lighthouse” web interface is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands using a specially crafted HTTP POST request...
The vulnerability of the var_lldpLocalPortTbl function in the microprogramming software for Moxa EDR-810 allows a hacker to trigger an emergency shutdown of the device.
The vulnerability of the varlldpLocalPortTbl function in the microprogramming software for Moxa EDR-810 is related to character processing errors. Exploiting this vulnerability can allow a malicious actor to trigger an emergency shutdown by sending a specially crafted SNMP request with a negative...
The vulnerability of the astra-safepolicy security configuration, related to the lack of input validation mechanisms, allows attackers to trigger service failures.
The vulnerability of the astra-safepolicy security configuration is related to the lack of a mechanism for checking input data. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service failures...
The vulnerability of the PuTTY cryptographic protection mechanism, related to the execution of operations beyond the buffer boundaries in memory, allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the PuTTY encryption protection mechanism lies in the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of the Windows GDI component in Windows operating systems allows attackers to disclose protected information.
The vulnerability of the Windows GDI component in Windows operating systems is related to deficiencies in security mechanisms. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...
The vulnerability of Thunderbolt devices’ microcontrollers lies in the ability to load metadata from an unauthenticated device. This allows a hacker to gain direct access to the memory of computing devices connected to Thunderbolt interfaces.
The vulnerability of Thunderbolt devices’ microcontrollers relates to the ability to load metadata from an unauthenticated device. Exploiting this vulnerability can allow a hacker to gain direct access to the memory of the computing device, which is connected to Thunderbolt devices...
The vulnerability of the UnicodeString::doAppend function in the International Components for Unicode library, related to integer overflow in the data structure, allows an attacker to gain unauthorized access to confidential data, trigger a service failure, or compromise the integrity of the data.
The vulnerability of the UnicodeString::doAppend function in the International Components for Unicode library is related to integer overflow in the data structure. Exploitation of this vulnerability could allow an attacker to gain unauthorized access to confidential data, cause service failures, ...
The vulnerability of the security-monitor function in the Secure Boot protocol (part of the UEFI specification) is related to an error in the display of ssh for the root user. This vulnerability allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failure.
The vulnerability of the security-monitor function in the Secure Boot protocol a part of the UEFI specification is related to an error in the display of ssh for the root user, when this protocol is not enabled for the user. Exploiting this vulnerability can allow a remote attacker to access...
The vulnerability of the Omnibox address bar in Google Chrome allows a hacker to compromise data integrity.
The vulnerability of the Omnibox address bar in Google Chrome relates to insufficient validation of entered data. Exploiting this vulnerability allows a malicious actor to compromise data integrity through a specially created HTML page...
The vulnerability of the canvas objects in browsers such as Firefox, Firefox ESR, and the email client Thunderbird allows attackers to disclose protected information.
The vulnerability of the Canvas object in browsers such as Firefox, Firefox ESR, and the email client Thunderbird is related to a lack of mechanisms for verifying the source of the data. Exploiting this vulnerability can allow an attacker to disclose protected information remotely...
The vulnerabilities of PDF viewing and editing programs from Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, and Adobe Acrobat Reader 2017 are related to security configuration errors, allowing attackers to execute arbitrary code.
The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, and Adobe Acrobat Reader 2017 are related to security configuration errors. Exploiting these vulnerabilities can allow a malicious actor to execut...