90604 matches found
The vulnerability of the khugepaged component in the Linux operating system’s kernel allows a hacker to read and manipulate data.
The vulnerability of the khugepaged component in the Linux operating system’s kernel is related to insecure management of privileges. Exploiting this vulnerability could allow an attacker to read and manipulate data...
The vulnerability of the installer for Intel Advanced Link Analyzer, a tool for analyzing and optimizing network connections, allows a hacker to enhance their privileges.
The vulnerability of the Intel Advanced Link Analyzer, a tool for analyzing and optimizing network connections, is related to errors in privilege assignment. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the network management system for monitoring industrial networks in Siemens SINEC NMS lies in the improper assignment of permissions to critical resources. This allows a perpetrator to write arbitrary data to any location in the host’s file system.
The vulnerability of the Siemens SINEC NMS network management system for monitoring industrial networks is related to the improper assignment of permissions for critical resources. The application contains a database that does not restrict user rights. Exploiting this vulnerability allows a hacke...
The vulnerability of the dwfcore.dll library in Autodesk Navisworks allows a perpetrator to execute arbitrary code.
The vulnerability of the dwfcore.dll library in Autodesk Navisworks software is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
The vulnerability of the ODXSW_DLL.dll library in the AutoCAD simulation, design, and drafting software allows a perpetrator to execute arbitrary code.
The vulnerability of the ODXSWDLL.dll library, which is used in AutoCAD software for simulation, design, and drafting, arises due to an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely, using a...
The vulnerability of the debugfs_remove_recursive() function in the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the debugfsremoverecursive function in the Linux operating system is related to errors during resource release. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the listExtensions method implementation in the VMware Hybrid Cloud Extension (HCX) migration software allows a attacker to execute arbitrary code.
The vulnerability of the listExtensions method implementation in the VMware Hybrid Cloud Extension HCX migration software relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created SQ...
The vulnerability of the __nss_database_lookup component in the Virtuoso-opensource web application development platform allows a attacker to trigger a service failure.
The vulnerability of the nssdatabaselookup component in the Virtuoso-opensource web application development platform is related to improper elimination of special elements used in SQL commands. Exploiting this vulnerability can allow an attacker to trigger a service failure using specially create...
The vulnerability of the Passwork password manager lies in the improper implementation of the sequence of actions required for processing tasks. This allows attackers to compromise the integrity of the protected information.
The vulnerability of the Passwork password manager is related to the incorrect implementation of the sequence of actions performed. Exploiting this vulnerability allows a malicious actor, operating remotely, to compromise the integrity of the protected information...
The vulnerability of the sun6i component of the Linux operating system’s kernel allows a hacker to gain unauthorized access to confidential information within the system.
The vulnerability of the sun6i component in the Linux operating system’s kernel is related to competitive access to resources a state of competition. Exploiting this vulnerability allows an attacker to execute arbitrary code with elevated privileges...
The vulnerability of the “file” parameter in the netshop CMS system’s Netcat module allows a hacker to execute arbitrary JavaScript code.
The vulnerability of the “file” parameter in the netshop CMS system’s Netcat module exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute any arbitrary JavaScript code in the user’s browser remotely...
The vulnerability of the mp3_dmx_process() function on the GPAC multimedia platform allows a hacker to cause a service failure.
The vulnerability of the mp3dmxprocess function on the GPAC multimedia platform is related to buffer overflow attacks. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
The vulnerability of the `/settings/store` API of the pgAdmin database management tool allows a hacker to perform a cross-site scripting attack.
The vulnerability of the /settings/store API of the pgAdmin database management tool is related to the lack of security measures for the website structure. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...
The vulnerability of the Adobe Animate software for creating multimedia and computer animations lies in a buffer overflow in dynamic memory, allowing an attacker to execute arbitrary code.
The vulnerability of the Adobe Animate software for creating multimedia and computer animations is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially crafted file...
The vulnerability of the AddReportResult method in the SolarWinds Access Rights Manager software allows a perpetrator to gain access to read, modify, or delete data.
The vulnerability of the AddReportResult method in the SolarWinds Access Rights Manager ARM access control software is related to incorrect restrictions on the path to the restricted directory. Exploiting this vulnerability could allow an attacker to gain read, modify, or delete access to data...
The vulnerability of the RubyGems.org repository, related to uncontrolled resource consumption, allows a hacker to cause a service failure.
The vulnerability of the RubyGems.org repository for programming languages involves an uncontrolled consumption of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures...
The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Maintenance, Repair, and Overhaul systems—a system for automating business operations in Oracle E-Business Suite—allows a perpetrator to gain access to read, modify, add, or delete data.
The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle system equipment exists due to insufficient verification of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or...
The vulnerability in the Splunk Web interface of the Splunk Enterprise operating analysis platform allows a perpetrator to carry out cross-site scripting attacks.
The vulnerability of the Splunk Web interface of the Splunk Enterprise operating analysis platform is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...
The vulnerability of the “SMART/WEB Service Management” software suite, related to deficiencies in the authentication process, allows a perpetrator to gain access to protected information without going through the authentication process.
The vulnerability of the “SMART/WEB Service Management” software suite is related to deficiencies in the authentication process. Exploiting this vulnerability allows an attacker to gain access to protected information without going through the authentication process...
The vulnerability of the Microsoft Dynamics 365 Business Central software for small and medium-sized businesses stems from deficiencies in the authentication process, which allows attackers to escalate their privileges.
The vulnerability of the Microsoft Dynamics 365 Business Central software for small and medium-sized businesses is related to deficiencies in the authentication process. Exploiting this vulnerability could allow attackers to increase their privileges remotely...
The vulnerability of the network routing implementation software on Unix-like systems, related to memory release errors, allows a hacker to cause a service failure.
The vulnerability of the FRRouting software for implementing network routing on Unix-like systems is related to the improper processing of the BGP UPDATE message created with the MPUNREACHNLRI attribute and additional data NLRI. Exploiting this vulnerability can allow a malicious actor to cause...
The vulnerability of the POST SMTP Mailer plugin in the WordPress content management system allows a hacker to bypass the API key and gain unauthorized access to protected information.
The vulnerability of the POST SMTP Mailer plugin in the WordPress content management system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to compromise the API keys and gain unauthorized access to protected information...
The vulnerability of 5G MediaTek wireless communication modules, related to insufficient validation of input data, allows attackers to trigger service interruptions.
The vulnerability of 5G wireless communication modules by MediaTek is related to insufficient verification of input data. Exploiting this vulnerability can allow a remote attacker to cause service failures...
The vulnerability of the mDNSResponder component in operating systems such as watchOS, iOS, iPadOS, and tvOS allows a hacker to track a device based on its MAC address via Wi-Fi.
The vulnerability of the mDNSResponder component in operating systems such as watchOS, iOS, iPadOS, and tvOS is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to track a device based on its MAC address via Wi-Fi...
The vulnerability of the Go programming language, related to errors in processing special symbols "<>" in CSS contexts, allows attackers to execute arbitrary code.
The vulnerability of the Go programming language is related to errors in processing special symbols "" within CSS contexts. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the built-in software of the ARIS controller, related to uncontrolled resource consumption, allows a intruder to cause a service failure.
The vulnerability of the built-in software of the ARIS controller is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause service failures by sending a specially crafted network packet...
The vulnerability in the web interface for managing microprogrammed software routers of Cisco Small Business models RV016, RV042, RV042G, RV082, RV320, and RV325 allows attackers to execute cross-site scripting (XSS) attacks.
The vulnerability in the web interface for managing microprogrammed software routers of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform...
The vulnerability of the Apex-VUZ education automation system, related to insufficient access control, allows a perpetrator to download photos of profiles of all used accounts.
The vulnerability of the Apex-VUZ education automation system’s web interface is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to download photos of profiles of all user accounts by sending a specially crafted request...
The vulnerability of the LoginForm and RegisterForm data transmission forms in the Apex-VUZ automation system allows a perpetrator to gain access to user account information.
The vulnerability of the LoginForm and RegisterForm data transmission forms in the Apex-VUZ automation system is related to the transmission of data in an open manner. Exploiting this vulnerability can allow a malicious actor to gain access to user credentials...
The vulnerability of the WEB_DisplayPage() function in D-Link’s wireless access points DAP-2020 and DAP-1360 allows a hacker to execute arbitrary code.
The vulnerability of the WEBDisplayPage function in D-Link’s wireless access points DAP-2020 and DAP-1360 is related to buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to execute arbitrary code remotely...
The vulnerability of Moxa VPORT 06EC-2V IP camera software and Moxa VPort 461A video encoder software, related to pointer swapping errors, allows a intruder to execute a brute-force attack.
The vulnerability of Moxa VPORT 06EC-2V IP camera microprogramming software and Moxa VPort 461A video encoder microprogramming software is related to errors in parameter processing involving pointers. Exploiting this vulnerability allows a remote attacker to execute a brute-force attack...
The vulnerability of the Microsoft ODBC operating system driver allows a hacker to execute arbitrary code.
The vulnerability of the Microsoft ODBC operating system driver exists due to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the microprogrammed software of the Moxa NE-4100T serial interface converter lies in the lack of authentication procedures, which allows attackers to circumvent existing security restrictions.
The vulnerability of the Microprogrammed Software for Serial Interface Converters Moxa NE-4100T is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to gain increased privileges remotely...
The vulnerability of the embedded images of the ControlWave telemechanics controller allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of embedded images of telemechanics controllers from ControlWave is related to insufficient verification of data authenticity. Exploiting this vulnerability can allow an attacker operating remotely to gain access to confidential data, compromise its integrity, and even cause...
The vulnerability of the microprogrammed logic controllers ACE1000, related to the use of rigidly encrypted account data for five SSH accounts, allows a intruder to gain unauthorized access to protected information.
The vulnerability of the microprogrammed logic controllers ACE1000 relates to the use of rigidly encoded credentials for five SSH accounts. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the URL_GetProtocolType function in the MP4Box multimedia platform’s command allows a hacker to induce a service failure.
The vulnerability of the URLGetProtocolType function in the MP4Box multimedia platform of GPAC is related to writing beyond the buffer boundaries. Exploiting this vulnerability allows a malicious actor to cause service failures using a specially created file...
The vulnerability of the webNasIPS module of the TerraMaster operating system for TerraMaster TNAS storage devices allows a hacker to gain access to protected information.
The vulnerability of the webNasIPS module in the TerraMaster operating system for data storage devices called TerraMaster TNAS is related to the possibility of executing arbitrary commands. Exploiting this vulnerability could allow a malicious actor to gain access to protected information...
The vulnerability of theutils.cfc component in the ColdFusion software platform allows attackers to execute arbitrary code.
The vulnerability of theutils.cfc component in the ColdFusion software platform allows unauthenticated attackers to execute arbitrary code by connecting to any LDAP server via the verifyldapserver parameter...
The vulnerability of the GitBucket collaborative development web service lies in its lack of protection for website structures, allowing attackers to execute arbitrary code.
The vulnerability in the collaborative development web service GitBucket is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the Evolution CMS system, related to the lack of measures taken to protect the website structure, allows attackers to execute cross-site scripting attacks (XSS).
The vulnerability of the Evolution CMS content management system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...
The vulnerability of IDEMIA’s biometric identification systems’ microprogramming software lies in the lack of authentication mechanisms, which allows attackers to bypass the authentication process.
The vulnerability of IDEMIA’s biometric identification systems’ microprogramming software is related to the absence of authentication. Exploiting this vulnerability could allow a malicious actor to bypass authentication and cause service failures...
The vulnerability of NETGEAR CBR750, RBK852, RBR850, and RBS850 Wi-Fi routers’ microprogramming software lies in insufficient cleaning of input data, allowing attackers to execute arbitrary commands.
The vulnerability of NETGEAR’s Wi-Fi router software, including models CBR750, RBK852, RBR850, and RBS850, lies in insufficient cleaning of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability in the index.php script of the D-Link DSL-3782 router’s microprogramming software allows a hacker to execute arbitrary code.
The vulnerability of the index.php script in the D-Link DSL-3782 router microprogramming system is related to incorrect code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the “ord” parameter in the “company_list” component of the Advantech R-SeeNet monitoring software allows a hacker to perform cross-site scripting attacks.
The vulnerability of the monitoring software for the status and functions of Advantech R-SeeNet routers is related to incorrect validation of input data. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks by sending specially crafted SQL queries...
The vulnerability of the Synergia operating system, related to errors in access control policies of SELinux, allows a perpetrator to gain read access to system files.
The vulnerability of the Synergia operating system is related to errors in access control policies of SELinux. Exploiting this vulnerability can allow an attacker to gain read access to system files...
The vulnerability of AMD’s microprogrammed software for processors lies in the speculative execution of read and write operations that access memory using invalid non- canonical addresses. This allows a hacker to exploit the vulnerability to gain access to information about the CPU’s address space.
The vulnerability of AMD’s microprogramming software is related to speculative operations for reading and writing data to memory, involving the use of non- canonical addresses. Exploiting this vulnerability can allow an attacker to gain access to information about the CPU’s address space, by usin...
The vulnerability of the Radare2 reverse-engineering system, related to the use of memory after it is freed, allows a hacker to cause a service failure.
The vulnerability of the Radare2 reverse-engineering system is related to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to cause a service failure...
The vulnerability of Moxa EDR-810 microcontroller software-related microprogramming systems, due to problems with the use of cryptography, allows a perpetrator to gain access to confidential data.
The vulnerability of Moxa EDR-810 microcontroller software is related to issues with the use of cryptography. Exploiting this vulnerability could allow a malicious actor to gain access to confidential data...
The vulnerability of Moxa EDR-810 microcontroller software, related to buffer overflow in the stack, allows a hacker to execute arbitrary code.
The vulnerability of Moxa EDR-810 microcontroller-based software is related to buffer overflow in the stack. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the fly-qdm GUI input software, related to a code error, allows a intruder to access confidential data.
The vulnerability of the fly-qdm GUI login software lies in the absence of a warning when an outdated password is used during password changes. Exploiting this vulnerability allows a remote attacker to gain access to confidential data...