90604 matches found
The vulnerability of the Indexed DB API for browser storage interfaces in Google Chrome and Microsoft Edge allows a attacker to trigger a service failure or execute arbitrary code.
The vulnerability of the Indexed DB API for browser-based structured data storage in Google Chrome and Microsoft Edge relates to the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor to cause service failures or execute arbitrary code through a specially...
The vulnerability of Moxa EDR-810 microcontroller software lies in the lack of measures taken to neutralize special elements used in the OS command sequence, allowing a perpetrator to execute arbitrary code.
The vulnerability of Moxa EDR-810 microcontroller-based software relates to the lack of measures taken to neutralize special elements used in the OS command sequence. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the SAP Business Objects decision support system lies in the lack of measures taken to protect the website structure. This allows attackers to intercept the session of administrators or users of the web resources.
The vulnerability of the SAP Business Objects decision support system lies in the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to intercept administrator or user sessions on the web resources, using specially crafted POST/GET...
The vulnerability of user authentication within the IKE-protocol’s Xauth mechanism, which stems from insufficient validation of input data, allows attackers to trigger service failures.
The vulnerability related to user authentication within the Xauth protocol of the IKE protocol is linked to improper validation during the file transmission to the program’s input. Exploiting this vulnerability allows an attacker to cause service failures...
The vulnerability of the fly-fm file manager, related to insufficient data processing within the security mechanisms, allows a perpetrator to trigger a service failure.
The vulnerability of the fly-fm file manager is related to the first connection of a network location via sftp. Exploiting this vulnerability allows an attacker who operates remotely to gain access to confidential data due to a denial-of-service attack...
The vulnerability of the application loading optimization service for servers in enterprises with a large number of users lies in the “Balancing Service” of the Engineering Data Management and Product Lifecycle system LOCMAN:PLM. This service allows unauthorized users to execute arbitrary code due to the unlimited loading of dangerous files.
The vulnerability of the application loading optimization service for servers in enterprises with a large number of users is related to unlimited loading of dangerous files. Exploiting this vulnerability allows an attacker to execute arbitrary code by replacing DLL libraries such as DNSAPI.dll in...
The vulnerability of the webSetSerialOpModel function in the embedded software of the web server stems from buffer overflows in the stack due to insufficient input data processing. This allows attackers to execute arbitrary code or cause service interruptions by exploiting this vulnerability.
The vulnerability of the webSetSerialOpModel function in the embedded software of the web server is related to buffer overflows in the stack due to deficiencies in input data processing. Exploiting this vulnerability can allow an attacker to enhance their privileges, execute arbitrary code, or...
The vulnerability of Visual Studio Code’s source editor, related to improper code generation management, allows a hacker to execute arbitrary code.
The vulnerability of Visual Studio Code’s source editor is related to improper handling of code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely and completely compromise the system using a specially created file...
The vulnerability of the SCADA system of OIK Dispatching NT, related to the insecure storage of critical information, allows a intruder to enhance their privileges.
The vulnerability of the SCADA system of OIK Dispatching is related to the insecure storage of critical information. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the SCADA system of OIK Dispatching Center, related to the storage of confidential information in unencrypted form, allows a intruder to gain access to user account data.
The vulnerability of the SCADA system of OIK Dispatching is related to the storage of confidential information in unencrypted form. Exploiting this vulnerability can allow an intruder to gain access to user account data...
The vulnerability of Visual Studio Code’s source editor, related to insufficient protection of service data, allows a hacker to execute arbitrary code.
The vulnerability of Visual Studio Code’s source editor is related to insufficient protection for service data. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
The vulnerability of the backup function for momentary database snapshots in MongoDB Cloud Manager, MongoDB Ops Manager, MongoDB Atlas Legacy Backups, and the document-oriented database management system MongoDB allows a hacker to trigger a service failure.
The vulnerability of the backup function for instant snapshots of MongoDB Cloud Manager, MongoDB Ops Manager, MongoDB Atlas Legacy Backups, and document-oriented database management systems is related to improper handling of conflicting special elements. Exploiting this vulnerability can allow an...
The vulnerability of the cmd.exe command-line interpreter of the Windows operating system allows a hacker to execute arbitrary code or cause a service failure.
The vulnerability of the cmd.exe command-line interpreter of the Windows operating system exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code or cause service interruptions...
The vulnerability in the function of the common/InputStreamHelper.java library of the MPXJ library allows a hacker to write files to arbitrary locations.
The vulnerability in the common/InputStreamHelper.java library of the MPXJ library exists due to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability could allow a malicious actor to write files to arbitrary locations...
The vulnerability of the ziplist.c component of the Redis database management system, caused by a transaction executing outside the buffer in memory, allows an attacker to read a portion of the memory and trigger a service failure in the Redis database server.
The vulnerability of the ziplist.c component in the Redis database management system arises from an operation that occurs outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to read a piece of memory and trigger a service failure in the Redis database server using...
The vulnerability of the InstallService component for Windows operating systems, which allows a hacker to increase their privileges
The vulnerability of the InstallService component for Windows operating systems is related to privilege management errors. Exploiting this vulnerability could allow an attacker to enhance their privileges through a specially created application...
The vulnerability of the TrueConf software lies in its lack of mechanisms to limit the number of authentication attempts. This allows a violator to lock out a user’s account.
The vulnerability of the TrueConf software is related to deficiencies in the mechanism for limiting the number of authentication attempts. Exploiting this vulnerability could allow a malicious actor to lock out a user’s account by attempting more than 10 unsuccessful password entries...
The vulnerability of the Kaspersky Total Security antivirus protection, related to code errors, allows attackers to increase their privileges.
The vulnerability of the Kaspersky Total Security antivirus protection is related to errors in the code. Exploiting this vulnerability can allow attackers to enhance their privileges by manipulating symbolic links...
The vulnerability of the installation file of the Kaspersky Anti-Ransomware Tool lies in the unsafe process of searching for DLL libraries, which allows a hacker to exploit their privileges.
The vulnerability of the installation file of the Kaspersky Anti-Ransomware Tool is related to a unsafe procedure for locating DLL libraries. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the SCADA system MasterSCADA, related to the storage of passwords in a decipherable format, allows a intruder to decrypt the protected control project.
The vulnerability of the SCADA system MasterSCADA relates to the storage of passwords in a readable format. Exploiting this vulnerability could allow an attacker to decrypt the passwords and access the protected project...
The vulnerability of the Global Protect Agent for Linux’s endpoint protection software lies in its insecure handling of privileges. This allows attackers to elevate their privileges to the root level.
The vulnerability of the Global Protect Agent for Linux endpoint protection software lies in the insecure management of privileges. Exploiting this vulnerability can allow an attacker to elevate their privileges to the root level...
The vulnerability in the implementation of the WritePDFImage function in ImageMagick and GraphicsMagick graphic editors allows a hacker to execute arbitrary code or cause a service failure.
The vulnerability of the WritePDFImage function in ImageMagick and GraphicsMagick graphic editors is related to resource management errors. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure by using a specially created image...
The vulnerability of the Microsoft Visual Studio software lies in the transmission of credentials in an unencrypted form, allowing a malicious individual to gain unauthorized access to protected information.
The vulnerability of the Microsoft Visual Studio software relates to the transmission of credentials in an unencrypted form. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information by monitoring network traffic between...
The vulnerability of the Web Intelligence HTML interface of the SAP BusinessObjects Business Intelligence platform, related to the lack of measures for cleaning incoming data, allows attackers to execute cross-site scripting attacks.
The vulnerability of the Web Intelligence HTML interface of the SAP BusinessObjects Business Intelligence platform is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
The vulnerability of Google Chrome’s browser, related to security configuration errors, allows a malicious actor to gain unauthorized access to local files.
The vulnerability of Google Chrome is related to security settings errors. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to local files through a specially created Chrome extension...
The vulnerability of the HyperLogLog algorithm in a resident database management system for NoSQL Redis lies in the fact that the output of the operation may exceed the buffer limits in memory. This allows attackers to compromise data integrity, gain unauthorized access to protected information, and cause service failures.
The vulnerability of the HyperLogLog algorithm in the resident database management system for NoSQL Redis stems from a flaw in the HyperLogLog data structure when the SETRANGE command is executed. This command allows the addition of up to 12 bytes of information beyond the stack limit. Exploiting...
The vulnerability of the websSecurityHandler function in the MOXA EDR-810 industrial router’s web server allows a hacker to execute arbitrary code.
The vulnerability of the websSecurityHandler function offset 0x1B4B0 in the web server jffs2-root\fs1\magicP\WebServer\webs of the MOXA EDR-810 industrial router is caused by the lack of checking the size of the data being copied into a buffer of 0x200 bytes. Exploiting this vulnerability allows ...
The vulnerability of the NPAPI plugin in browsers such as Firefox ESR, Firefox, and the email client Thunderbird allows a hacker to perform cross-site forgery attacks.
The vulnerability of the NPAPI plugin for Firefox ESR, Firefox, and the Thunderbird email client relates to exploiting the Cross-origin Resource Sharing CORS mechanism. Exploiting this vulnerability allows a remote attacker to perform cross-origin requests...
The vulnerability of the xudc_ep_enable handler implementation in Linux kernel allows a hacker to write data into the memory space of the operating system.
The vulnerability in the implementation of the xudcepenable handler of the loaded module in the drivers/usb/gadget/udc/udc-xilinx.ko kernel of the Linux operating system arises due to an out-of-bounds array access. Exploiting this vulnerability allows an attacker to write data into an unauthorize...
The vulnerability of the component for implementing remote access to the desktop based on the VNC protocol in the Astra Linux operating system, related to the incorrect use of flags during compilation, allows a hacker to trigger a service failure.
The vulnerability of the component for implementing remote access to the desktop based on the VNC protocol in the Astra Linux operating system is related to the incorrect use of flags during compilation. Exploiting this vulnerability can allow an attacker to cause a service failure remotely...
The vulnerability of the window manager fly-wm component in the Astra Linux operating system allows a intruder to trigger a service failure.
The vulnerability of the window blocking component of the fly-wm operating system’s Astra Linux device lies in a flaw that causes the window blocking component to fail to execute, especially when the XGrabKeyboard call has already been made by another client. Exploiting this vulnerability could...
The vulnerability of the WEB interface of the microprogramming software for Pelco Sarix Enhanced cameras allows a intruder to execute arbitrary commands.
The vulnerability of the WEB interface of Pelco Sarix Enhanced camera software systems is related to insufficient verification of input data. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary commands through the WEB interface...
The vulnerability of the management tool for virtual infrastructure, VMware vCenter Server, related to the unencrypted data transmission process, allows attackers to access confidential information.
The vulnerability of the VMware vCenter Server virtualization infrastructure relates to the unencrypted data transfer between storage repositories. Exploiting this vulnerability can allow an attacker to gain access to confidential information during the movement of a virtual machine between stora...
The vulnerability of the Android operating system, which allows a violator to compromise data privacy
The vulnerability of the libmpeg2 service in the Mediaserver application of the Android operating system is related to the lack of protection for service-related data. Exploiting this vulnerability allows a malicious actor to compromise data confidentiality through a local malware application...
Vulnerability of the Java Platform software platform, allowing a remote attacker to compromise the integrity of protected information
The vulnerability of the Java SE and Java SE Embedded software platform allows a malicious actor to compromise data integrity by using the Security subcomponent...
The vulnerability of the ProFTPd FTP server allows a hacker to compromise the integrity, accessibility, and confidentiality of information.
The vulnerability of the modtls module in the ProFTPd FTP server exists due to incorrect processing of the TLSDHParamFile directive. Exploiting this vulnerability allows a malicious actor to compromise the integrity, availability, and confidentiality of information...
The vulnerability of the Gentoo Linux operating system allows a malicious intruder to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the Cairo package up to version 1.4.12 of the Gentoo Linux operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited remotely...
The vulnerability of the software interface of the CI/CD subsystem of the Git-based software platform for collaborative code development on GitLab EE/CE allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the software interface of the CI/CD subsystem of the Git-based software platform for collaborative code development in GitLab EE/CE is related to insufficient protection of registration data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain...
The vulnerability of the astra-safepolicy security configuration software lies in the lack of data security mechanisms. This allows attackers to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the astra-safepolicy security configuration software is related to the lack of a data security mechanism. Exploiting this vulnerability allows attackers to access confidential data, compromise its integrity, and cause service failures...
The vulnerability of PackageKit for macOS operating systems, which allows a hacker to trigger a service failure.
The vulnerability of PackageKit for macOS operating systems is related to access control deficiencies. Exploiting this vulnerability can allow an attacker to cause service failures...
The vulnerability of Autodesk 3dsMax software for 3D modeling, animation, and visualization lies in the possibility of an operation going beyond the buffer boundaries in memory. This allows a malicious actor to execute arbitrary code or cause system failures.
The vulnerability of the software for 3D modeling, animation, and visualization in Autodesk 3dsMax relates to the execution of operations beyond the buffer boundaries in memory when processing TGA files. Exploiting this vulnerability can allow an attacker to execute arbitrary code or cause system...
The vulnerability of the “Export to Excel” plugin, which exists due to the lack of protective measures for website structures, allows attackers to carry out XSS attacks.
The vulnerability of the “Export to Excel” plugin exists due to the lack of security measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
The vulnerability of the ext4_mb_init_backend() function in the fs/ext4/mballoc.c module of the Ext4 file system support module for Linux’s kernel allows a attacker to cause a service failure.
The vulnerability of the ext4mbinitbackend function in the fs/ext4/mballoc.c module of the Ext4 file system support module in the Linux operating system is related to improper memory release before deleting the last reference „memory leak“. Exploiting this vulnerability could allow an attacker to...
The vulnerability of the SimpleOne ITSM automation system allows a perpetrator to carry out an SSRF attack and gain unauthorized access to protected information.
The vulnerability of the SimpleOne ITSM automation system is related to insufficient verification of incoming requests. Exploiting this vulnerability could allow a malicious actor to carry out an SRF attack and gain unauthorized access to protected information...
Vulnerability eliminated
...
The vulnerability of the resource_build_bit_depth_reduction_params() function in the DRI driver for AMD kernel-based Linux graphics cards allows a attacker to cause a service failure.
The vulnerability of the resourcebuildbitdepthreductionparams function in the Direct Rendering Infrastructure DRI driver for AMD graphics cards in Linux operating systems is related to pointer manipulation. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the CGI Gem software lies in its improper validation of input data, which allows a hacker to trigger a service failure.
The vulnerability of the CGI Gem software lies in improper validation of input data. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
The vulnerability of Prisma Access Browser lies in the lack of authentication checks for a critical function, allowing attackers to escalate their privileges.
The vulnerability of Prisma Access Browser is related to the lack of authentication checks for a critical function. Exploiting this vulnerability can allow an attacker, operating remotely, to increase their privileges...
The vulnerability of Linux operating system’s DRM/amdgpu kernel components, which allows a hacker to trigger a service failure
The vulnerability of DRM/AMDGPU cores in the Linux operating system is related to incorrect resource blocking. Exploiting this vulnerability can allow a hacker to cause service failures...
The vulnerability of the WPE WebKit and WebKitGTK page rendering modules, related to the occurrence of operations outside the buffer in memory, allows attackers to cause service failures.
The vulnerability of the WPE WebKit and WebKitGTK page rendering modules is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a service failure...