90604 matches found
The vulnerability of the FreeIPA Astra-freeipa certificate creation and update tool is related to an unreliable search process, which allows a perpetrator to compromise the integrity of the data.
The vulnerability of the FreeIPA Astra-freeipa certificate creation and renewal tool is related to improper searching for existing keys. Exploiting this vulnerability allows a remote attacker to compromise the integrity of data...
The vulnerability of the module for creating, editing, and saving diagrams of typical and business processes, determining process properties, creating lists of associated objects “LOCMAN WorkFlow Designer” of the engineering data management system, and the product lifecycle management system LOCMAN:PLM. This vulnerability is related to the unlimited loading of dangerous type files, allowing attackers to execute arbitrary code.
The vulnerability of the module responsible for creating, editing, and saving diagrams of typical and working business processes, as well as defining properties of these processes, and creating lists of associated objects in the “LOZMAN Workflow Designer” system for managing engineering data and...
The vulnerability of the kmath.dll library in the KOMPAS-3D 3D modeling system, related to the execution of operations outside the buffer in memory, allows a hacker to cause a service failure.
The vulnerability of the kmath.dll library in the KOMPAS-3D 3D modeling system relates to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a service failure using a specially crafted T3D format file...
The vulnerability of the acron application library of Avrora Center, related to uncontrolled resource consumption, allows a perpetrator to cause a service failure.
The vulnerability of the acron application library in Avroa Software Solutions is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service failures using a specially crafted regular expression...
The vulnerability of the eDocLib platform for storing and processing corporate data arises from the lack of measures taken to protect the website structure. This vulnerability allows attackers to carry out cross-site scripting attacks.
The vulnerability of the eDocLib platform for storing and processing corporate data exists due to the lack of measures taken to protect its web page structure. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary code in the user’s browser by creating a...
The vulnerability of the Sailfish Browser application for the “Avora” operating system, related to buffer overflow in the stack, allows a hacker to trigger a service failure or execute arbitrary code.
The vulnerability of the Sailfish Browser application for the “Avora” operating system is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to cause service failures or execute arbitrary code...
The vulnerability of the TrueConf software, related to insufficient requirements for password complexity, allows a hacker to gain access to the user account.
The vulnerability of the TrueConf software is related to insufficient requirements for the complexity of passwords. Exploiting this vulnerability can allow a malicious actor to gain access to user accounts by guessing passwords...
The vulnerability of the init process of the loginctl subsystem of Systemd, related to security configuration errors, allows a perpetrator to access confidential data.
The vulnerability of the loginctl process in the initialization and service management subsystem of Systemd is related to security configuration errors. Exploiting this vulnerability can allow an attacker to access confidential data...
The vulnerability of the KTS web interface “Mayak,” related to the failure to protect the SQL query structure, allows attackers to execute arbitrary SQL commands.
The vulnerability of the KTS “Lighthouse” web interface is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands using a specially crafted HTTP POST request...
The vulnerability of the var_lldpLocalPortTbl function in the microprogramming software for Moxa EDR-810 allows a hacker to trigger an emergency shutdown of the device.
The vulnerability of the varlldpLocalPortTbl function in the microprogramming software for Moxa EDR-810 is related to character processing errors. Exploiting this vulnerability can allow a malicious actor to trigger an emergency shutdown by sending a specially crafted SNMP request with a negative...
The vulnerability of the astra-safepolicy security configuration, related to the lack of input validation mechanisms, allows attackers to trigger service failures.
The vulnerability of the astra-safepolicy security configuration is related to the lack of a mechanism for checking input data. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service failures...
The vulnerability of the PuTTY cryptographic protection mechanism, related to the execution of operations beyond the buffer boundaries in memory, allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the PuTTY encryption protection mechanism lies in the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of Thunderbolt devices’ microcontrollers lies in the ability to load metadata from an unauthenticated device. This allows a hacker to gain direct access to the memory of computing devices connected to Thunderbolt interfaces.
The vulnerability of Thunderbolt devices’ microcontrollers relates to the ability to load metadata from an unauthenticated device. Exploiting this vulnerability can allow a hacker to gain direct access to the memory of the computing device, which is connected to Thunderbolt devices...
The vulnerability of the security-monitor function in the Secure Boot protocol (part of the UEFI specification) is related to an error in the display of ssh for the root user. This vulnerability allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failure.
The vulnerability of the security-monitor function in the Secure Boot protocol a part of the UEFI specification is related to an error in the display of ssh for the root user, when this protocol is not enabled for the user. Exploiting this vulnerability can allow a remote attacker to access...
The vulnerability of the Omnibox address bar in Google Chrome allows a hacker to compromise data integrity.
The vulnerability of the Omnibox address bar in Google Chrome relates to insufficient validation of entered data. Exploiting this vulnerability allows a malicious actor to compromise data integrity through a specially created HTML page...
The vulnerability of the canvas objects in browsers such as Firefox, Firefox ESR, and the email client Thunderbird allows attackers to disclose protected information.
The vulnerability of the Canvas object in browsers such as Firefox, Firefox ESR, and the email client Thunderbird is related to a lack of mechanisms for verifying the source of the data. Exploiting this vulnerability can allow an attacker to disclose protected information remotely...
The vulnerabilities of PDF viewing and editing programs from Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, and Adobe Acrobat Reader 2017 are related to security configuration errors, allowing attackers to execute arbitrary code.
The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, and Adobe Acrobat Reader 2017 are related to security configuration errors. Exploiting these vulnerabilities can allow a malicious actor to execut...
The vulnerability of the protection mechanism for the virtual file system “/proc” in the Oracle Solaris operating system allows a perpetrator to execute arbitrary code.
The vulnerability of the protection mechanism for the virtual file system “/proc” in the Oracle Solaris operating system is related to access control deficiencies. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
The vulnerability of the ktexteditor text editing tool in the Astra Linux operating system allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the ktexteditor text editing tool in the Astra Linux operating system is related to errors in interpreting file access rights. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...
The vulnerability of the FortiOS operating system, related to the lack of protection for service data, allows attackers to disclose the protected information.
The vulnerability of the FortiOS operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose the protected information...
The vulnerability of the unixcmd utility in the Virtual Distributed Ethernet virtual network creation package allows a attacker to cause a service failure.
The vulnerability of the unixcmd utility, a tool for creating compatible virtual networks using Virtual Distributed Ethernet, stems from segmentation errors. Exploiting this vulnerability could allow an attacker to cause a service failure by entering a specially crafted sequence of data into the...
The vulnerability of the Microsoft SharePoint software package arises from insufficient cleaning of data provided by users, allowing attackers to carry out cross-site scripting attacks.
The vulnerability of the Microsoft SharePoint software package is related to insufficient cleaning of data provided by users. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute cross-site scripting attacks with elevated privileges using a specially created...
The vulnerability of the vGate virtualization platform’s security mechanism, which allows intruders to bypass existing security measures
The vulnerability of the vGate virtualization platform’s security mechanism lies in the fact that authentication is performed against rules that are not currently in effect for vGate i.e., outside the protected perimeter. There is also a lack of control over user authentication processes within...
The vulnerability of the built-in software of the “Granite-Navigator-6.18” device lies in the use of uncontrolled format lines, which allows a perpetrator to trigger a service failure.
The vulnerability of the built-in software of the “Granite-Navigator-6.18” device is related to the use of uncontrolled format lines. Exploiting this vulnerability can allow an attacker to cause a service failure by using a specially crafted command e.g., canrcv canteseo2%n%n%n%n%n%n%n when...
The vulnerability in the platform for creating a unified database and electronic registration of residential properties, “BAR.- ”, exists due to the failure to address the issue of eliminating special elements used in SQL queries. This allows a violator to obtain the contents of the database.
The vulnerability in the platform for creating a unified database and electronic registration of residential properties, “BAR.- ”, exists due to the failure to take measures to neutralize special elements used in SQL queries. Exploiting this vulnerability can allow an attacker, operating remotely...
The vulnerability of the web access module of the DIRECTUM electronic document management system allows a hacker to obtain the name of the last authorized user.
The vulnerability of the web access module of the DIRECTUM electronic document management system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to obtain the name of the last authorized user who accessed the system remotely...
The vulnerability of the graphical user input component in the fly-dm system of the Astra Linux operating system allows a intruder to unauthorizedly alter the level of session integrity.
The vulnerability of the graphical user input component in the fly-dm system of the Astra Linux operating system is related to an error that causes the fly-mac-dialog component to be executed without the required DBUSSESSIONBUSADDRESS=nothing option. This option is necessary for executing the dbu...
The vulnerability in the JavaScript ChakraCore engine of the Microsoft Edge browser allows a hacker to execute arbitrary code.
The vulnerability of Microsoft Edge’s JavaScript ChakraCore engine is related to memory object handling flaws. Exploiting this vulnerability can allow a remote attacker to trigger memory corruption and execute arbitrary code through a specially crafted web page...
The vulnerability of the TeNIX operating system for programmable logic controllers MFC1500 and MFC3000 allows a hacker to gain full access to the system.
The vulnerability of the TeNIX operating system for programmable logic controllers MFC1500 and MFC3000 is related to the use of a default weak password for the root account, information about which is not available in the documentation. Exploiting this vulnerability could allow an attacker,...
The vulnerability of Microsoft SQL Server Management Studio, related to errors in restricting XML references to external objects (XXE), allows attackers to disclose sensitive information.
The vulnerability of Microsoft SQL Server Management Studio is related to errors in restricting XML references to external objects XXE. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose sensitive information using a specially crafted file...
The vulnerability of the libmpeg2 library in the Media Framework of the Android operating system allows a hacker to execute arbitrary code within the context of a privileged process.
The vulnerability of the libmpeg2 library in the Media Framework of the Android operating system is related to lack of access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of a privileged process using a specially crafted file...
The vulnerability of the distributed Git version control system, related to insufficient validation of input data, allows a hacker to execute arbitrary operating system commands.
The vulnerability of the distributed Git version control system is related to the use of insecure Perl scripts for supporting subcommands such as cvsserver. Exploiting this vulnerability allows a malicious actor to execute arbitrary operating system commands on behalf of the git user remotely...
The vulnerability in the JavaScript kernel of Microsoft Edge allows a hacker to execute arbitrary code.
The vulnerability in the Microsoft Edge JavaScript kernel is caused by an operation going beyond the buffer boundaries in memory memory corruption due to a script error. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user, as a resul...
The vulnerability of the Remote Administration Daemon component of the Solaris operating system allows a perpetrator to gain access to read or modify data, thereby causing a partial service disruption.
The vulnerability of the Remote Administration Daemon component of the Solaris operating system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain read, modify, add, or delete access to data, and cause partial service interruption...
The vulnerabilities in programs for viewing and editing PDF files such as Adobe Reader, Adobe Acrobat Document Cloud, Adobe Reader Document Cloud, and Adobe Acrobat allow attackers to breach the confidentiality of information.
The vulnerability of image conversion tools for viewing and editing PDF files, such as Adobe Reader, Adobe Acrobat Document Cloud, Adobe Reader Document Cloud, and Adobe Acrobat, is related to reading beyond the buffer limit and memory leaks caused by parsing EMF format files. Exploiting this...
The vulnerability of the Android operating system allows a hacker to trigger a service failure or execute arbitrary code.
The vulnerability of the libvpx library in the mediaserver component of the libwebm framework in the Android operating system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or trigger a service failure memory...
The vulnerabilities of Firefox ESR and Firefox, the rendering software Graphite 2, allow attackers to induce service failures or exert other effects.
The vulnerability of the graphite2::FileFace::gettablefn function in Firefox ESR and Firefox browsers, as well as in the Graphite 2 rendering software, means that memory is not initialized for special data structures. Exploiting this vulnerability can allow a malicious actor to cause service...
The vulnerability of the Cisco IOS operating system, which allows a perpetrator to gain unauthorized access to the device
The vulnerability of the SSHv2 component in Cisco IOS systems is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to a device by manipulating information about known user names and their associated RSA keys...
Vulnerabilities in the OpenSUSE operating system that allow malicious actors to compromise the confidentiality, integrity, and accessibility of protected information
The multiple vulnerabilities in the drbd-kmp-xen package of the OpenSUSE operating system can lead to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...
The vulnerability of the p54_rx_eeprom_readback() function in the Linux kernel’s Wi-Fi component allows a hacker to induce a service failure.
The vulnerability of the p54rxeepromreadback function in the Linux kernel’s Wi-Fi component involves copying buffers without checking the input data. Exploiting this vulnerability could allow an attacker to cause a system failure...
The vulnerability of the software for programming operator panels of the VT series, such as VT-Designer, arises from writing beyond buffer boundaries, allowing a hacker to execute arbitrary code.
The vulnerability of the software for programming operator panels of the VT series, such as VT-Designer, lies in the writing beyond buffer boundaries when processing PM3 files. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the menu_nat_asp() function in D-Link DI-8100 router microprogramming software allows a intruder to cause a service failure.
The vulnerability of the menunatasp function in D-Link DI-8100 router microprogramming software is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures...
The vulnerability of IDrive’s backup software lies in its lack of access control mechanisms, which allows attackers to escalate their privileges.
The vulnerability of IDrive backup software is related to deficiencies in access control. Exploiting this vulnerability could allow attackers to enhance their privileges...
The vulnerability of the drivers/regulator/rtq2208-regulator.c component in the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the drivers/regulator/rtq2208-regulator.c component in the Linux operating system is related to the use of an uninitialized resource. Exploiting this vulnerability could allow a attacker to cause a service failure...
Vulnerability of the xrx200_alloc_skb() function in the drivers/net/ethernet/lantiq_xrx200.c module – This driver for network adapter Ethernet in the Linux operating system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
Vulnerability of the xrx200allocskb function in the drivers/net/ethernet/lantiqxrx200.c module – The Linux kernel’s Ethernet adapter driver relies on unconstrained and unrestricted resource allocation. Exploiting this vulnerability could allow attackers to compromise the confidentiality, integrit...
The vulnerability of the “Termide Virtual Desktops Connection Manager” software server system, related to deficiencies in the testing mechanism for integrations, allows a hacker to disclose protected information.
The vulnerability of the “Termide Virtual Desktops Connection Manager” software suite is related to deficiencies in the testing mechanisms for integrations. Exploiting this vulnerability allows a malicious actor to disclose sensitive information...
The vulnerability in the web interface of the “Termide Virtual Desktops Connection Manager” software allows a attacker to perform XSS attacks.
The vulnerability of the software interface “Termide Virtual Desktops Connection Manager” is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
The vulnerability of VideoGrace video conferencing software, related to the disclosure of information, allows a intruder to gain unauthorized access to protected information.
The vulnerability of VideoGrace video conferencing software is related to the disclosure of information in an open manner. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the NTPSyncWithHost() function in Totolink’s microprogrammed router software allows a hacker to execute arbitrary code.
The vulnerability of the NTPSyncWithHost function in Totolink router microprogramming software is related to the failure to take measures to neutralize special elements of the hostTime parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Substance 3D Stager software lies in its ability to exploit memory after it is freed, allowing an attacker to execute arbitrary code.
The vulnerability of the Substance 3D Stager software relates to the possibility of exploiting memory after it is freed. Exploiting this vulnerability could allow a hacker to execute arbitrary code...