90604 matches found
The vulnerability of the microprogrammed logic controller ioLogik software, related to insufficient requirements for password complexity, allows a hacker to obtain user passwords by brute-force methods.
The vulnerability of the microprogrammed logic controller ioLogik software is related to insufficient requirements for the complexity of passwords. Exploiting this vulnerability allows a malicious actor to manually select user passwords using brute-force methods...
The vulnerability of the automated information system “Registration in OO” arises from the use of pre-set user accounts, allowing a perpetrator to gain unauthorized access to protected information.
The vulnerability of the automated information system “Registration in OO” is related to the use of pre-set user accounts. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the WinRAR file archiver, related to the retransmission of requests to the malicious domain, allows a hacker to execute an ARP spoofing attack.
The vulnerability of the WinRAR file archiver is related to the way requests are redirected to the malicious domain when loading the dynamic library mshtml.dll. Exploiting this vulnerability allows a perpetrator to execute an “ARP spoofing” attack using a specially created malware file...
The vulnerabilities of the decode_mcu() and decode_mcu_fast() functions in the libjpeg-turbo library allow a hacker to cause a service failure.
The vulnerability of the decodemcu and decodemcufast functions in the libjpeg-turbo library arises from the execution of operations outside of the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause a service failure by using a specially crafted file...
The vulnerability of the KOMPAS-3D three-dimensional modeling system, related to buffer overflow in the stack, allows a hacker to cause a service failure or execute arbitrary code.
The vulnerability of the KOMPAS-3D three-dimensional modeling system is related to the buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to cause a service failure or execute arbitrary code using a specially crafted T3D format file...
The vulnerability of the module for creating and saving structured information about company departments in the “LOCMAN Reference Guide for Structural Departments” system, which manages engineering data and the product lifecycle of LOCMAN:PLM, arises from the possibility of unlimited loading of dangerous files. This vulnerability allows attackers to execute arbitrary code.
The vulnerability of the module responsible for creating and saving structured information about company departments in the “LOCZMAN Reference Guide for Structural Departments” system, which manages engineering data and the product lifecycle of LOCZMAN:PLM, relates to the unlimited loading of...
The vulnerability of the SCADA system of OIK Dispetchner NT, related to deficiencies in the cryptographic algorithms used, allows a intruder to retrieve user data and increase privileges within the system.
The vulnerability of the SCADA system of OIK Dispatching Network is related to deficiencies in the cryptographic algorithms used. Exploiting this vulnerability could allow an intruder to retrieve user data and increase privileges within the system...
The vulnerability of the memtest_preserving_test function in the memtest.c component of the Redis database management system allows a attacker to cause a service failure or execute arbitrary code by causing an operation to go beyond the buffer boundaries during the creation of an emergency dump.
The vulnerability of the memtestpreservingtest function in the memtest.c component of the Redis database management system is related to the issue where an operation is executed outside the buffer in memory when creating an emergency dump. Exploiting this vulnerability can allow a malicious actor...
The vulnerability of the FingerTipS component in Android operating systems allows a hacker to gain unauthorized access to protected information.
The vulnerability of the FingerTipS component in Android operating systems relates to reading data beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of the Web Antivirus component of Kaspersky Endpoint Security allows a perpetrator to compromise data integrity.
The vulnerability of the Web Antivirus component of Kaspersky Endpoint Security relates to insufficient checking of file paths for reparse points. Exploiting this vulnerability can allow attackers to compromise data integrity...
The vulnerability of the webvrpcs component allows for privilege escalation in the software of the remote monitoring system, Advantech WebAccess. This enables a perpetrator to increase their privileges.
The vulnerability of the webvrpcs component in software for remote monitoring by Advantech WebAccess relates to insecure management of privileges. Exploiting this vulnerability can allow attackers to elevate their own privileges...
The vulnerability of the QTextEngine::LayoutData::reallocate function in the cross-platform framework for Qt software development allows a attacker to cause a service failure or execute arbitrary code.
The vulnerability of the QTextEngine::LayoutData::reallocate function in the cross-platform framework for Qt software development is related to memory corruption. Exploiting this vulnerability can allow an attacker to cause a system failure or execute arbitrary code...
The vulnerability of the fly-qdm graphical interface, related to the shielding of output data, allows attackers to gain access to confidential information.
The vulnerability of the fly-qdm graphical interface is related to the lack of a mechanism to protect output data. Exploiting this vulnerability can allow attackers to gain access to confidential information...
The vulnerability of the core.arh component of the EKRA 200 microprocessor series allows a hacker to cause a system failure.
The vulnerability of the core.arh component of the microprogramming software for PLC ERCA is related to insufficient processing of input data during updates. Exploiting this vulnerability can allow a malicious actor to cause service failures using a specially crafted HEX/LDR file...
The vulnerability of the EKOM-3000 data collection and transmission device lies in the lack of protection for transmitted data, allowing unauthorized access to protected information by intruders.
The vulnerability of the ECOM-3000 data collection and transmission device lies in the lack of protection for the transmitted data. Exploiting this vulnerability could allow an unauthorized attacker to gain unauthorized access to the protected information...
The vulnerability of the Keycloak identity and access management software lies in its reliance on pre-set registration data, allowing unauthorized users to gain unauthorized access to protected information.
The vulnerability of the Keycloak identity and access management software relates to the use of pre-set registration data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the XML analyzer for software that manages Cisco Firepower Device Manager On-Box allows a hacker to trigger a maintenance failure.
The vulnerability of the XML analyzer for software that manages Cisco Firepower Device Manager On-Box devices is related to an operation where data escapes beyond the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service failure...
The vulnerability in the demux/asf/asf.c component of the VideoLAN VLC media player software allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the demux/asf/asf.c component of the VideoLAN VLC media player lies in the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of TCP protocols in real-time operating systems like Wind River VxWorks allows attackers to execute arbitrary code.
The vulnerability of the TCP protocol in real-time operating systems like Wind River VxWorks is related to errors in the TCP Urgent Pointer. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted TCP packets...
The vulnerability of the MallocFrameBuffer function in the cross-platform library LibVNCServer allows attackers to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the MallocFrameBuffer function in the cross-platform library LibVNCServer is related to a display overflow error, which leads to a heap overflow. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause servi...
The vulnerability of the RouterOS operating system in MikroTik routers, related to the assignment of the zero pointer, allows a hacker to cause a service failure.
The vulnerability of the RouterOS operating system for MikroTik routers exists due to insufficient testing of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures using a specially created package...
The vulnerability of the Skype for Business Server’s instant messaging program, related to errors in information presentation by the user interface, allows attackers to carry out spoofing attacks.
The vulnerability of the Skype for Business Server’s instant messaging program is related to errors in information representation by the user interface. Exploiting this vulnerability can allow attackers to perform spam attacks remotely...
The vulnerability of Blink’s web page display mechanism in Google Chrome browser allows a hacker to gain unauthorized access to protected information.
The vulnerability of Blink’s web page rendering mechanism in Google Chrome relates to bypassing the CORS Cross-origin resource sharing mechanism. Exploiting this vulnerability allows a remote attacker to gain unauthorized access to protected information through a specially created HTML page...
The vulnerability of the ResourceCoordinator component in Google Chrome allows a perpetrator to compromise the integrity, confidentiality, and accessibility of the protected information.
The vulnerability of the ResourceCoordinator component in Google Chrome browser relates to the use of memory after it is released. Exploiting this vulnerability allows an attacker to compromise the integrity, confidentiality, and accessibility of the protected information through a specially...
The vulnerability of the Cast component in Google Chrome’s browser, which arises due to insufficient validation of input data, allows attackers to conceal alerts indicating a transition to full-screen mode.
The vulnerability of the Cast component in Google Chrome exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to conceal a notification indicating that the mode has switched to full-screen mode using a specially created HTML page...
The vulnerability of the Office Online Server, related to information representation errors in the user interface, allows attackers to perform spoofing attacks.
The vulnerability of the Office Online Server web server is related to information representation errors in the user interface. Exploiting this vulnerability allows a malicious actor to perform spoofing attacks using specially crafted requests...
The vulnerability of the OPCTest.exe executable on the RSLinx Classic communication server allows a hacker to execute arbitrary code.
The vulnerability of the RSLinx Classic dynamic assembly library server is caused by buffer overflow in the stack. Exploiting this vulnerability can allow attackers to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of the PHP programming language module exif_thumbnail_extract, related to integer overflow, allows attackers to cause a service failure.
The vulnerability of the exifthumbnailextract module in the PHP programming language is related to a numerical overflow in the buffer-based queue. Exploiting this vulnerability can allow an attacker to cause service failures...
The vulnerability of the component for integrating various authentication methods in the Astra Linux operating system allows a hacker to circumvent security policies set by the system, due to configuration errors in the password policies for user domain accounts.
The vulnerability of the component for integrating various authentication methods in the Astra Linux operating system is related to configuration errors in password policies, which result in the lack of checks to ensure that the specified restrictions on user domain account passwords are met...
The vulnerability of the WEB interface of the microprogramming software for Pelco Sarix Enhanced cameras allows a intruder to execute arbitrary commands.
The vulnerability of the WEB interface of Pelco Sarix Enhanced camera software systems is related to insufficient verification of input data. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary commands through the WEB interface...
Vulnerability of the Server: Optimizer component of the MySQL database management system, which allows a hacker to cause a service failure.
The vulnerability of the Server: Optimizer component of the Oracle MySQL database management system is related to insufficient access control. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
The vulnerability of the fly-admin-printer-mac utility in the Astra Linux operating system, which allows a hacker to gain access to confidential data
The vulnerability of the fly-admin-printer-mac utility in the Astra Linux operating system relates to the printing of content from the GECOS field instead of the user’s domain username. Exploiting this vulnerability can allow an attacker to gain access to confidential data...
The vulnerability of the PIA Search Functionality component in the Oracle PeopleSoft Enterprise PeopleTools business application suite allows a perpetrator to gain unauthorized access to protected data.
The vulnerability of the PIA Search Functionality component in the Oracle PeopleSoft Enterprise PeopleTools business application suite is related to access control deficiencies. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected dat...
The vulnerability of the Portal component in the Oracle PeopleSoft Enterprise PeopleTools business application suite allows a perpetrator to gain unauthorized access to protected data.
The vulnerability of the Portal component in the Oracle PeopleSoft Enterprise PeopleTools business application suite is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected data using the HTT...
The vulnerability of the xmlParsePEReference component in the libxml2 library, which is used for working with XML and HTML files, allows a attacker to execute arbitrary code or cause a service failure.
The vulnerability of the xmlParsePEReference component in the libxml2 XML parsing library is related to insufficient restrictions on XML references to external objects. Exploiting this vulnerability could allow an attacker to execute arbitrary code or cause service failures through a specially...
The vulnerability of the management tool for virtual infrastructure, VMware vCenter Server, related to the unencrypted data transmission process, allows attackers to access confidential information.
The vulnerability of the VMware vCenter Server virtualization infrastructure relates to the unencrypted data transfer between storage repositories. Exploiting this vulnerability can allow an attacker to gain access to confidential information during the movement of a virtual machine between stora...
The vulnerability of the ihevcd_sao_shift_ctb function in the Android operating system allows a hacker to disclose protected information.
The vulnerability of the ihevcdsaoshiftctb function ihevcdsao.c in the Android operating system is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker to disclose sensitive information that is protected by security measures...
The vulnerability of the libmpeg2 library in the Media Framework of the Android operating system allows a hacker to execute arbitrary code within the context of a privileged process.
The vulnerability of the libmpeg2 library in the Media Framework of the Android operating system is related to lack of access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of a privileged process using a specially crafted file...
The vulnerability of the dynamic analyzer for XML files in the wsisapi.dll library of the enterprise automation system 1C:Enterprise allows a perpetrator to cause service failures and gain access to internal network resources.
The vulnerability of the dynamic analyzer for XML files in the wsisapi.dll library of the enterprise automation system 1C:Enterprise is related to the implementation of XML. Exploiting this vulnerability can allow a malicious actor to cause service failures and gain access to internal network...
The vulnerability of the Android operating system, which allows a malicious actor to compromise the confidentiality of information
The vulnerability of the decoder/ihevcdDecode.c function in the libhevc service of the Android operating system is related to access control deficiencies. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality of information...
Vulnerability of the Java Platform software platform, allowing a remote attacker to compromise the integrity of protected information
The vulnerability of the Java SE and Java SE Embedded software platform allows a malicious actor to compromise data integrity by using the Security subcomponent...
The vulnerability of the nghttp2 library allows attackers to trigger a service failure or execute arbitrary code.
The vulnerability of the nghttp2 library is related to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to cause service interruptions or execute arbitrary code...
The vulnerability of the LibreOffice office software package, which allows a hacker to trigger a service failure or cause other adverse effects
The vulnerability of the LibreOffice office software’s filter function arises from buffer overflow. Exploiting this vulnerability can allow an attacker, operating remotely, to cause a service failure memory corruption, or possibly have other effects using a specially crafted document called...
The vulnerability of the Android operating system, which allows a hacker to execute arbitrary code or cause a service failure
The vulnerability of the MPEG4Extractor::parseChunk function in the libstagefright library of the Android operating system is related to integer overflow. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a service failure by using specially crafted MPEG-4...
Vulnerabilities of the Gentoo Linux operating system, which allow a remote attacker to compromise the integrity and accessibility of protected information
Multiple vulnerabilities exist in the openssl package up to version 0.9.8l-r2 of the Gentoo Linux operating system. Exploitation of these vulnerabilities may lead to the compromise of the integrity and accessibility of protected information. These vulnerabilities can be exploited remotely...
Vulnerabilities in the OpenSUSE operating system that allow malicious actors to compromise the confidentiality, integrity, and accessibility of protected information
The multiple vulnerabilities in the cloop-kmp-desktop package of the OpenSUSE operating system can be exploited, leading to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...
The vulnerability of the _.unset and _.omit functions in the Lodash library, which allows an attacker to compromise data integrity
The vulnerability of the unset and omit functions in the Lodash library is related to uncontrolled changes to prototype attributes of objects. Exploiting this vulnerability could allow a malicious actor to compromise data integrity...
The vulnerability of the Lodash library lies in the uncontrolled modification of prototype attributes of objects, which allows attackers to compromise the integrity and accessibility of the protected information.
The vulnerability of the Lodash library is related to uncontrolled changes to the attributes of the object’s prototype. Exploiting this vulnerability could allow an attacker, operating remotely, to compromise the integrity and accessibility of the protected information...
The vulnerability of the software interface of the CI/CD subsystem of the Git-based software platform for collaborative code development on GitLab EE/CE allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the software interface of the CI/CD subsystem of the Git-based software platform for collaborative code development in GitLab EE/CE is related to insufficient protection of registration data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain...
The vulnerability of Ruckus Virtual SmartZone’s microprogrammed software controllers, related to authentication procedures that lack sufficient safeguards, allows attackers to circumvent existing security restrictions.
The vulnerability of Ruckus Virtual SmartZone wireless network controller’s microprogramming software is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow an attacker to circumvent existing security restrictions remotely...