The vulnerability of the imlib2 graphic library, caused by integer overflow, allows an attacker to execute arbitrary code.

The vulnerability of the imlib2 graphic library for 32-bit platforms arises from integer overflows memory writes beyond the boundaries of the memory buffer. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially created large-sized image...

The vulnerabilities of OPC UA data transfer protocol implementations in industrial networks, related to uncontrolled resource consumption, allow attackers to cause service failures.

The vulnerability of implementations of data transfer specifications in industrial networks OPC UA is related to uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

The vulnerability of the libhevc library of the Android Media Framework service allows a hacker to execute arbitrary code.

The vulnerability of the libhevc library in the Media Framework of the Android operating system is related to access control deficiencies. Exploiting this vulnerability allows a malicious actor to execute arbitrary code within the context of a privileged process remotely...

Vulnerability in the media framework (libhevc) of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerability in the Android operating system’s Media Framework libhevc is related to deficiencies in access control. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Mediaserver application’s libhevc service in the Android operating system allows a hacker to cause a service failure.

The vulnerability of the Mediaserver application’s libhevc service stems from an operation that occurs outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to cause a service failure memory corruption by using a specially created file...

The vulnerability of the libhevc library of the Android Media Framework service allows a hacker to execute arbitrary code.

The vulnerability of the libhevc library in the Android operating system’s Media Framework is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the `psf_binheader_writef` function in the `common.c` file of the `libsndfile` library in the Astra Linux operating system allows a perpetrator to compromise the confidentiality, integrity, and accessibility of data, or cause service failures.

The vulnerability of the psfbinheaderwritef function in the common.c file of the libsndfile library in the Astra Linux operating system is related to a buffer overflow issue. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of...

The vulnerability of Ollama’s system for launching and managing large language models, related to the exposure of system data to unauthorized individuals, allows a violator to trigger a service failure.

The vulnerability of Ollama’s system for running and managing large language models is related to the exposure of system data to unauthorized individuals. Exploiting this vulnerability could allow a malicious actor to cause service failures...

The vulnerability of the gp_open_scratch_file_impl() function in the files base/gp_mswin.c and base/winrtsup.cpp of the Ghostscript processing, conversion, and generation software suite allows a malicious actor to read arbitrary files.

The vulnerability of the gpopenscratchfileimpl function in the base/gpmswin.c and base/winrtsup.cpp files of the Ghostscript processing, conversion, and generation software suite is related to an incorrect path name limitation. Exploiting this vulnerability could allow a remote attacker to read...

The vulnerability of the Postgresql database management system in the Astra Linux operating system allows a perpetrator to gain access to confidential data and cause service interruptions.

The vulnerability of the Postgresql database management system in the Astra Linux operating system is related to an error in the interaction with LDAP via parsec calls when retrieving user security attributes. Exploiting this vulnerability allows a malicious actor to gain access to information...

The vulnerability of the libhevc library in the Media Framework of the Android operating system allows a hacker to execute arbitrary code.

The vulnerability of the libhevc library in the Media Framework of the Android operating system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of a privileged process using a specially crafted file...

The vulnerability of the VsapiNT.sys module in anti-virus software from Trend Micro’s Apex One and Apex One as a Service allows a malicious actor to elevate their privileges and execute arbitrary code within the SYSTEM context.

The vulnerability of the VsapiNT.sys module in anti-virus software from Trend Micro’s Apex One and Apex One as a Service is related to an incorrect definition of the link before accessing the file. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitra...

The vulnerability of Lua script interpreters arises from the possibility of an operation exceeding the buffer boundaries in memory, allowing attackers to trigger a service failure.

The vulnerability of Lua scripts relates to the execution of an operation outside the buffer boundaries in the memory of ldebug.c. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the gf_filter_pid_inst_swap function in the MP4Box multimedia platform GPAC allows a intruder to cause a service failure or execute arbitrary code.

The vulnerability of the gffilterpidinstswap function in the MP4Box multimedia platform of GPAC relates to the use of memory after deallocation. Exploiting this vulnerability could allow an attacker to cause a service failure or execute arbitrary code...

The vulnerability of Adobe InDesign’s automation tool for computer design lies in the ability to write beyond the buffer limit in memory, allowing attackers to execute arbitrary code.

The vulnerability of Adobe InDesign’s computer layout automation tool is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created malicious file...

The vulnerability of the FluentSMTP plugin of the WordPress content management system allows a hacker to execute arbitrary code.

The vulnerability of the FluentSMTP plugin of the WordPress content management system is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Adobe Animate software for creating multimedia and computer animations, related to integer overflow, allows attackers to execute arbitrary code.

The vulnerability of the Adobe Animate software for creating multimedia and computer animations is related to a numerical overflow condition. Exploiting this vulnerability allows an attacker to execute arbitrary code...

The vulnerability of the way predictor implementation in AMD CPUs’ L1D cache architecture allows a hacker to gain access to memory on the same CPU’s physical core.

The vulnerability of the way predictor’s implementation for first-level cache data on AMD CPUs’ L1D cache relates to the fact that accessing the same memory cell from a different virtual address may cause that cell to be evicted from the L1D cache. Exploiting this vulnerability could allow a remo...

The vulnerability of the microprogramming software used in Zyxel Ethernet switches such as ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, and ZyWALL 1100 lies in the lack of protective measures for website structures. This allows attackers to carry out cross-site scripting attacks.

The vulnerability of the microprogramming software used in Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, and ZyWALL 1100 lies in the lack of protective measures for the website...

The vulnerability of Eclipse Jetty servlet containers, related to the lack of protection for service data, allows attackers to exploit the protected information.

The vulnerability of Eclipse Jetty servlet containers is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose the protected information...

The vulnerability of the `my_parse_cookie_if_key_exists` function in the web server of the MOXA EDR-810 industrial router allows a hacker to execute arbitrary code.

The vulnerability of the myparsecookieifkeyexists function offset 0x1B698 on the web server jffs2-root\fs1\magicP\WebServer\webs of the MOXA EDR-810 industrial router arises due to the lack of checking the size of the data being copied into a buffer of 0x40 bytes. Exploiting this vulnerability...

The vulnerability of the gtbl document editing tool from the groff package, related to errors in pointer arithmetic, allows a perpetrator to trigger a service failure.

The vulnerability of the gtbl document editing tool from the groff package is related to errors in pointer manipulation at address 0x0000000000409400. Exploiting this vulnerability could allow an attacker to cause a service failure by passing a specially crafted file as an argument to the command...

The vulnerability of the pitchmark tool in the Edinburgh Speech Tool Library allows a perpetrator to trigger a service failure.

The vulnerability of the pitchmark tool in the Edinburgh Speech Tool Library is related to initialization errors. Exploiting this vulnerability can allow attackers to cause service failures in applications by entering specially crafted data...

The vulnerability of Microsoft Exchange Server servers, related to access control errors, allows attackers to increase their privileges.

The vulnerability of Microsoft Exchange Server is related to access control errors. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...

The vulnerability of the xsk_pool_get_rx_frame_size() function in the virtio-net component of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the xskpoolgetrxframesize function in the virtio-net component of the Linux operating system is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, a...

The vulnerability of the “Tekon” SCADA system, related to the transmission of accounting data in unencrypted form, allows a perpetrator to carry out a MITM attack.

The vulnerability of the SCADA system “Tekon” is related to the transmission of accounting data in unencrypted form. Exploiting this vulnerability could allow a malicious actor to carry out a MITM attack...

The vulnerability of the DWG File Parser component of the CADImage plugin for IrfanView, a software for viewing and playing graphic, video, and audio files, allows a malicious actor to execute arbitrary code within the context of the current process.

The vulnerability of the DWG File Parser component in the CADImage plugin for IrfanView software, which is used for viewing and playing graphic, video, and audio files, relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an...

The vulnerability of the CodeScoring software development platform lies in its ability to disclose sensitive information in error messages, allowing a privileged user to expose protected information.

The vulnerability of the CodeScoring software development platform relates to the possibility of exposing sensitive information in error messages. Exploiting this vulnerability could allow a malicious actor, operating remotely with elevated privileges, to disclose protected information...

The vulnerability of the IBM Guardium Data Protection platform regarding data security, related to the leakage of information in error messages, allows attackers to disclose protected information.

The vulnerability of the IBM Guardium Data Protection platform relates to the leakage of information in error messages. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose the protected information...

The vulnerability of Websoft HCM’s automation software for HR processes stems from insufficient validation of input data, allowing attackers to execute the displayed HTML code.

The vulnerability of Websoft HCM’s automation software for HR processes is related to insufficient verification of entered data. Exploiting this vulnerability allows a malicious actor to execute arbitrary HTML code by sending a specially crafted POST request...

The vulnerability of the enable_phantom_plane() function in the drivers/gpu/drm/amd/display/dc/dml2/dml2_mall_phantom.c kernel of the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the enablephantomplane function in the drivers/gpu/drm/amd/display/dc/dml2/dml2mallphantom.c kernel of the Linux operating system is related to pointer manipulation. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of the /etc/shadow file in microprogramming-based router software like LB-LINK allows a hacker to gain unauthorized access to protected information.

The vulnerability of the /etc/shadow file in microprogramming-based router software like LB-LINK lies in the use of strictly encrypted user credentials. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

The vulnerability of the SSH service on the SmartOS Wi-Fi router AdTran SRG 834-5 allows a attacker to execute arbitrary operating system commands with root privileges.

The vulnerability of the SSH service on the SmartOS Wi-Fi router AdTran SRG 834-5 is related to the use of pre-installed credentials due to incorrect processing of the MAC address sequence. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands on the operating syste...

The vulnerability in the virtual network adapter vmxnet3 of VMware ESXi, VMware Workstation, and VMware Fusion allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the virtual network adapter vmxnet3 in VMware ESXi, VMware Workstation, and VMware Fusion lies in the issue of data writing beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

The vulnerability of Thunderbolt devices’ microcontrollers stems from the ability to use configuration parameters of an unauthenticated controller. This allows a malicious actor to gain direct access to the memory of computing devices connected to Thunderbolt interfaces.

The vulnerability of Thunderbolt device microcontrollers lies in the ability to use configuration parameters for an unauthenticated controller. Exploiting this vulnerability can allow a hacker to gain direct access to the memory of the computing device, which is connected to Thunderbolt devices...

The vulnerability of the Adobe Type Manager library on the Windows operating system, allowing a hacker to execute arbitrary code

The vulnerability of the Adobe Type Manager library in the Windows operating system is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code due to a font processing error in Adobe PostScript Type 1...

The vulnerability of the ActUWzd.dll library component of the Mitsubishi MX Component 3 system for data collection and process control in industrial automation systems, allowing a hacker to execute arbitrary code.

The vulnerability of the ActUWzd.dll library component of the Mitsubishi MX Component 3 system used for data collection and process control in Citect SCADA is due to buffer overflow. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely using a long string...

The vulnerability of the Microsoft Hyper-V Network Switch virtual programmable switch allows a attacker to gain access to protected information.

The vulnerability of the Microsoft Hyper-V Network Switch virtual programmable switch in Windows operating systems is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to gain access to protected information through a specially created application...

The vulnerability of the libparsec-mac-qt5 library, used for developing graphical applications with Qt5 graphical interfaces on the Astra Linux operating system, allows a hacker to cause a service failure.

The vulnerability of the libparsec-mac-qt5 library for developing graphical applications using Qt5 graphical interfaces on the Astra Linux operating system is related to errors that lead to multiple accesses to the macdb memory area. Exploiting this vulnerability can allow an attacker to cause a...

The vulnerability of the Windows GDI component in Windows operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Windows GDI component in Windows operating systems is related to deficiencies in security mechanisms. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

The vulnerability of the graphical user input component in the fly-qdm system of the Astra Linux operating system allows a hacker to cause a service failure or execute arbitrary code.

The vulnerability of the graphical user input component in the fly-qdm system of the Astra Linux operating system is related to buffer overflows when copying a command string from the virtual keyboard. Exploiting this vulnerability can allow an attacker to cause service failures or execute...

The vulnerability of the edna Chat Center’s customer request processing system, related to the improper handling of exceptional states, allows a violator to determine the true identities of users.

The vulnerability of the edna Chat Center’s customer request processing system is related to the improper handling of exceptional states. Exploiting this vulnerability allows a malicious actor to determine the true identities of users...

The Network Configuration Manager (NCM) software, which is related to the failure to protect the structure of web pages, allows attackers to carry out XSS attacks.

The Network Configuration Manager NCM software is associated with the failure to take measures to protect the structure of web pages. Exploiting this vulnerability can allow a malicious actor to carry out XSS attacks remotely...

The vulnerability of the web interface of Xerox WorkCentre 3025 microprogramming software allows a perpetrator to gain unauthorized access to account data.

The vulnerability of the web interface of Xerox WorkCentre 3025 microprogramming software is related to the improper processing of special symbols in input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to account information by sending a specially crafted...

The vulnerability of the ICOInput::seek_subimage function in the src/ico.imageio/icoinput.cpp module of the OpenImageIO library allows a attacker to cause a service failure.

The vulnerability of the ICOInput::seeksubimage function in the src/ico.imageio/icoinput.cpp module of the OpenImageIO library is related to the lack of checks for division by zero. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

The vulnerability of the __do_sys_cachestat() function in the mm/filemap.c module of the Linux kernel’s memory management subsystem allows a hacker to access protected information or cause service failures.

The vulnerability of the dosyscachestat function in the mm/filemap.c module of the Linux kernel’s memory management subsystem is related to access control deficiencies. Exploiting this vulnerability could allow an attacker to gain access to protected information or cause service failures...

The vulnerability of Firefox browser, related to an error in displaying the domain name in the address bar, allows attackers to compromise data integrity.

The vulnerability of Firefox browsers is related to an error in the display of the domain name in the address bar. Exploiting this vulnerability can allow a remote attacker to compromise the integrity of data...

The vulnerability in web browsers Firefox, Firefox ESR, and the email client Thunderbird, related to the storage of passwords in unencrypted form, allows attackers to gain unauthorized access to protected information.

The vulnerability in web browsers Firefox, Firefox ESR, and the email client Thunderbird relates to the storage of passwords in an unencrypted form. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

The vulnerability of the INF-file utility for Intel chipset and circuit boards, known as the Intel Chipset INF Utility (previously called Intel Chipset Device Software or Intel Chipset Software Installation Utility), is related to an uncontrolled search path element. This allows a malicious user to gain elevated privileges.

The vulnerability of the INF-file utility for Intel chipset and circuit boards is related to an uncontrolled search path element. Exploiting this vulnerability can allow a hacker to gain increased privileges...

The vulnerability of the Routing Protocols Daemon (RPD) service on the JunOS operating system allows a hacker to trigger a service failure.

The vulnerability of the Routing Protocols Daemon RPD service on the JunOS operating system is related to an uncontrolled memory consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...