90509 matches found
The vulnerability of the libmpeg2 library in the Media Framework of the Android operating system allows a hacker to execute arbitrary code within the context of a privileged process.
The vulnerability of the libmpeg2 library in the Media Framework of the Android operating system is related to lack of access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of a privileged process using a specially crafted file...
The vulnerability of the Android operating system, which allows a malicious actor to compromise the confidentiality of information
The vulnerability of the decoder/ihevcdDecode.c function in the libhevc service of the Android operating system is related to access control deficiencies. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality of information...
Vulnerability of the Java Platform software platform, allowing a remote attacker to compromise the integrity of protected information
The vulnerability of the Java SE and Java SE Embedded software platform allows a malicious actor to compromise data integrity by using the Security subcomponent...
The vulnerability of the LibreOffice office software package, which allows a hacker to trigger a service failure or cause other adverse effects
The vulnerability of the LibreOffice office software’s filter function arises from buffer overflow. Exploiting this vulnerability can allow an attacker, operating remotely, to cause a service failure memory corruption, or possibly have other effects using a specially crafted document called...
The vulnerability of the Cisco IOS operating system, which allows a perpetrator to gain unauthorized access to the device
The vulnerability of the SSHv2 component in Cisco IOS systems is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to a device by manipulating information about known user names and their associated RSA keys...
Vulnerabilities in the OpenSUSE operating system that allow malicious actors to compromise the confidentiality, integrity, and accessibility of protected information
The multiple vulnerabilities in the cloop-kmp-desktop package of the OpenSUSE operating system can be exploited, leading to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...
Vulnerabilities of the Gentoo Linux operating system, which allow a remote attacker to compromise the integrity and accessibility of protected information
Multiple vulnerabilities exist in the openssl package up to version 0.9.8l-r2 of the Gentoo Linux operating system. Exploitation of these vulnerabilities may lead to the compromise of the integrity and accessibility of protected information. These vulnerabilities can be exploited remotely...
The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.
The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the inclusion of functions from an unverified and uncontrolled area. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the astra-safepolicy security configuration software lies in the lack of data security mechanisms. This allows attackers to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the astra-safepolicy security configuration software is related to the lack of a data security mechanism. Exploiting this vulnerability allows attackers to access confidential data, compromise its integrity, and cause service failures...
The vulnerability of the meeting-join function in Cisco WebEx Meetings software allows a perpetrator to carry out a “man-in-the-middle” attack.
The vulnerability of the meeting-join function in Cisco WebEx Meetings software is related to improper verification of certificates. Exploiting this vulnerability could allow a malicious actor to carry out a “man-in-the-middle” attack...
The vulnerability of PackageKit for macOS operating systems, which allows a hacker to trigger a service failure.
The vulnerability of PackageKit for macOS operating systems is related to access control deficiencies. Exploiting this vulnerability can allow an attacker to cause service failures...
The vulnerability of Autodesk 3dsMax software for 3D modeling, animation, and visualization lies in the possibility of an operation going beyond the buffer boundaries in memory. This allows a malicious actor to execute arbitrary code or cause system failures.
The vulnerability of the software for 3D modeling, animation, and visualization in Autodesk 3dsMax relates to the execution of operations beyond the buffer boundaries in memory when processing TGA files. Exploiting this vulnerability can allow an attacker to execute arbitrary code or cause system...
The vulnerability in the web interface of Qtech switches, related to incorrect processing of cookie files, allows attackers to elevate their privileges to the level of administrators.
A vulnerability in the web interface of Qtech switches, related to improper handling of cookie files. Exploiting this vulnerability can allow a remote attacker to elevate their privileges to the level of an administrator...
The vulnerability of Adobe InDesign’s computer layout automation tool, related to the execution of operations beyond the buffer in memory, allows attackers to execute arbitrary code.
The vulnerability of Adobe InDesign’s computer layout automation tool is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially created malicious file...
The vulnerability of the Input Method Editor (IME) component of Microsoft Windows, which allows a hacker to gain elevated privileges
The vulnerability of the Input Method Editor IME component in Microsoft Windows is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to gain increased privileges remotely...
The vulnerability of the SCADA system Pult.online, related to inconsistencies in responses to incoming requests, allows a intruder to gain unauthorized access to protected information.
The vulnerability of the SCADA system Pult.online is related to inconsistencies in responses to incoming requests. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information by sending a specially crafted POST request...
The vulnerability of VideoGrace video conferencing software, related to improper access control, allows a intruder to compromise the accessibility of protected information.
The vulnerability of VideoGrace video conferencing software is related to improper access control. Exploiting this vulnerability can allow a remote attacker to compromise the accessibility of protected information...
The vulnerability of the SimpleOne ITSM automation system allows a perpetrator to carry out an SSRF attack and gain unauthorized access to protected information.
The vulnerability of the SimpleOne ITSM automation system is related to insufficient verification of incoming requests. Exploiting this vulnerability could allow a malicious actor to carry out an SRF attack and gain unauthorized access to protected information...
The vulnerability of the resource_build_bit_depth_reduction_params() function in the DRI driver for AMD kernel-based Linux graphics cards allows a attacker to cause a service failure.
The vulnerability of the resourcebuildbitdepthreductionparams function in the Direct Rendering Infrastructure DRI driver for AMD graphics cards in Linux operating systems is related to pointer manipulation. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the Avaya Equinox collaboration platform, related to deficiencies in the mechanism for checking uploaded files, allows a hacker to execute arbitrary code.
The vulnerability of the Avaya Equinox collaboration platform is related to deficiencies in the mechanism for checking uploaded files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by uploading a specially crafted file into the system...
The vulnerability of the UpdateProjectConnections method in the software for managing and monitoring removed objects in telemetry and telemechanics systems, allowing a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the UpdateProjectConnections method in the software for managing and monitoring removed objects in telemetry and telemechanics systems, such as the TeleControl Server Basic, is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerabili...
The vulnerability of the SINAMICS S200 servo-system loader, related to deficiencies in authentication procedures, allows a perpetrator to execute arbitrary code.
The vulnerability of the SINAMICS S200 servo drive system’s loader is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the Delegated License Service (DLS) component of the NVIDIA licensing system allows a perpetrator to gain unauthorized access to protected information and cause service failures.
The vulnerability of the Delegated License Service DLS component of NVIDIA’s licensing system lies in the absence of authentication procedures. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information and cause service...
The vulnerability of the implementation of service protocols in the software products of the LLC “NPO ‘MIR’ relates to the transmission of data in an open manner, which allows a perpetrator to disclose the protected information.
The vulnerability of the implementation of service protocols in the software products of the LLC “NPO ‘MIR’ relates to the transmission of data in an open manner. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose the protected information.”...
The vulnerability of the Telnet protocol implementation for the MIR KT-51 controller and the MIR controller configuration tool, related to the transmission of data in an open manner, allows a perpetrator to disclose the protected information.
The vulnerability of the Telnet protocol implementation for the MIR KT-51 controller and the MIR controller configuration software is related to the transmission of data in an open manner. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...
The vulnerability of the implementation of the Factory Interface Network Service (FINS) protocol in the microcomputer-based software for programmable logic controllers SYSMAC allows a intruder to gain unauthorized access to protected information and execute arbitrary commands.
The vulnerability of the Factory Interface Network Service FINS protocol implemented in SYSMAC programmable logic controllers is related to the absence of authentication. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to sensitive informati...
The vulnerability of the verify_dnskey_rrset() function in the Hickory DNS client (formerly Trust-DNS) allows a attacker to circumvent security restrictions and gain unauthorized access to protected information.
The vulnerability of the verifydnskeyrrset function in the Hickory DNS client formerly Trust-DNS is related to insufficient verification of data authenticity. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain unauthorized access to protected informati...
The vulnerability of Windows operating system DHCP clients allows a perpetrator to execute arbitrary code.
The vulnerability of DHCP clients of Windows operating systems relates to the possibility of using memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the generateRow() function in the PHP Spreadsheet library allows attackers to perform cross-site scripting attacks.
The vulnerability of the generateRow function in the PHP Spreadsheet library is related to the lack of protective measures for web page structures. Exploiting this vulnerability allows an attacker to perform cross-site scripting attacks remotely...
The vulnerability of the `ucsi_ccg_update_set_new_cam_cmd()` function in the Linux kernel’s drivers/usb/typec/ucsi/ucsi_ccg.c file allows a attacker to compromise the confidentiality and accessibility of protected information.
The vulnerability of the ucsiccgupdatesetnewcamcmd function in the Linux kernel’s drivers/usb/typec/ucsi/ucsiccg.c file relates to reading memory beyond the bounds of the allocated buffer. Exploiting this vulnerability could allow an attacker to compromise the confidentiality and accessibility of...
The vulnerability of the Media Framework component of the Android operating system, which allows a hacker to increase their privileges
The vulnerability of the Media Framework component in the Android operating system relates to the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of Palo Alto Networks’ network switches, managed by the PAN-OS operating system, stems from insufficient checks for unusual or exceptional states. This allows attackers to trigger service interruptions.
The vulnerability of Palo Alto Networks’ network switches, managed by the PAN-OS operating system, is related to insufficient checking of unusual or exceptional states. Exploiting this vulnerability can allow a malicious actor to trigger a service failure by sending a specially crafted network...
The vulnerability of components related to DRM/AMDKFD in Linux kernel allows attackers to increase their privileges within the system.
The vulnerability of DRM/AMDKFD components in Linux kernel relates to memory management errors that occur after memory is freed in the svmrangevramnodefree function. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of GigaDevice’s GD32 microprogrammed software controllers, models GD32E23x and GD32E50x, is related to access control deficiencies. This vulnerability allows attackers to read data from SRAM or alter its state.
The vulnerability of GigaDevice’s GD32 microprogrammed device controllers, such as GD32E23x and GD32E50x, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to read data from SRAM or alter its state...
The vulnerability of GigaDevice’s GD32 microprogrammed device controllers, such as GD32F1x0, GD32F4xx, and GD32F3x0, is related to insufficient access control mechanisms. This allows attackers to read data from the RAM or modify its state.
The vulnerability of GigaDevice’s GD32 microprogrammed device controllers, such as GD32F1x0, GD32F4xx, and GD32F3x0, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to read data from the RAM or alter its state...
The vulnerability of the msdosfs driver in the FreeBSD operating system, related to the use of an uninitialized resource, allows a hacker to read data from deleted system files.
The vulnerability of the msdosfs driver in the FreeBSD operating system is related to the use of an uninitialized resource. Exploiting this vulnerability could allow a hacker to read data from deleted system files...
The vulnerability of the Windows USB Video Class System Driver for Windows operating systems allows attackers to gain elevated privileges.
The vulnerability of the Windows USB Video Class System Driver for Windows operating systems is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to gain increased privileges...
The vulnerability of the SCSI component in the Linux operating system allows a hacker to gain access to confidential information.
The vulnerability of the Linux operating system’s SCSI kernel component is related to excessive data output in the scsihostdevrelease function. Exploiting this vulnerability can allow an attacker to gain access to confidential information...
The vulnerability of the `changeFileRights` function in the `osUtils.cpp` module of the database management system “Red Database” is related to improper access control, allowing attackers to trigger a service failure for the DBMS.
The vulnerability of the changeFileRights function in the osUtils.cpp module of the database management system “Red Database” is related to the fact that if the server is run under the user’s identity other than the default user reddatabase, then running the server’s utilities under the root user...
The vulnerability of the YouGile project management service lies in the lack of file upload restrictions, which allows a hacker to execute arbitrary code.
The vulnerability of the YouGile project management service lies in the lack of restrictions on file downloads. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the SCADA system MasterSCADA, related to deficiencies in the deserialization mechanism, allows a intruder to execute arbitrary code.
The vulnerability of the SCADA system MasterSCADA is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the Kernel Streaming WOW Thunk Service Driver (Drivers\ksthunk.sys) on Windows operating systems, which allows a hacker to escalate their privileges.
The vulnerability of the Kernel Streaming WOW Thunk Service Driver Drivers\ksthunk.sys on Windows operating systems is related to numerical truncation errors. Exploiting this vulnerability can allow an attacker to gain increased privileges...
The vulnerability of D-Link router microprogramming software arises from the lack of measures taken to neutralize special elements used in the operating system command. This allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of D-Link DIR-1960-US, DIR-2640-US, DIR-2660-US, DIR-3040-US, DIR-3060-US, DIR-867-US, DIR-878, DIR-882-US, DIR-882/RE, DIR-882-CA, and DIR-882-US/RE routers exists due to the lack of measures to neutralize specific elements. Exploiting this vulnerability can allow a malicious...
The vulnerability of the mp_unescape03() function in the Mplayer media player, related to writing beyond the memory boundaries, allows a hacker to cause a service failure.
The vulnerability of the mpunescape03 function in the Mplayer media player is related to writing beyond the memory boundaries. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the Adobe Experience Manager content and media data management system lies in the insufficient protection of the website structure, which allows an attacker to execute XSS attacks.
The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to carry out XSS attacks...
The vulnerability of the file /view/systemConfig/reboot/reboot_commit.php in the Ruijie RG-UAC router microprogramming system allows a attacker to execute arbitrary commands.
The vulnerability of the file /view/systemConfig/reboot/rebootcommit.php in the Ruijie RG-UAC router microprogramming system exists due to the failure to take measures to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a malicious actor to...
The vulnerability of the BPMSoft web application is related to deficiencies in access control, which allows attackers to increase their privileges within the system.
The vulnerability of the BPMSoft web application is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to enhance their privileges within the system...
The vulnerability of the Intel Chipset Driver Software in managing and updating chipset drivers is related to incorrect default permissions, allowing an attacker to escalate their privileges.
The vulnerability of the Intel Chipset Driver Software for software-based control and driver updates is related to incorrect default permissions. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability in the `src/media_tools/avilib.c` file of the multimedia platform GPAC allows a hacker to execute arbitrary code.
The vulnerability in the src/mediatools/avilib.c file of the multimedia platform GPAC is related to the ability to write beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the Apache InLong data integration platform lies in its reliance on files and directories accessible from external parties, allowing attackers to execute arbitrary code.
The vulnerability of the Apache InLong data integration platform lies in the use of files and directories accessible to external parties due to incorrect restrictions on the path to the restricted directory during file loading. Exploiting this vulnerability allows a malicious actor to execute...