90279 matches found
The vulnerability of the FluentSMTP plugin of the WordPress content management system allows a hacker to execute arbitrary code.
The vulnerability of the FluentSMTP plugin of the WordPress content management system is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the INF-file utility for Intel chipset and circuit boards, known as the Intel Chipset INF Utility (previously called Intel Chipset Device Software or Intel Chipset Software Installation Utility), is related to an uncontrolled search path element. This allows a malicious user to gain elevated privileges.
The vulnerability of the INF-file utility for Intel chipset and circuit boards is related to an uncontrolled search path element. Exploiting this vulnerability can allow a hacker to gain increased privileges...
The vulnerability of the /etc/shadow file in microprogramming-based router software like LB-LINK allows a hacker to gain unauthorized access to protected information.
The vulnerability of the /etc/shadow file in microprogramming-based router software like LB-LINK lies in the use of strictly encrypted user credentials. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...
The vulnerability of the SSH service on the SmartOS Wi-Fi router AdTran SRG 834-5 allows a attacker to execute arbitrary operating system commands with root privileges.
The vulnerability of the SSH service on the SmartOS Wi-Fi router AdTran SRG 834-5 is related to the use of pre-installed credentials due to incorrect processing of the MAC address sequence. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands on the operating syste...
The vulnerability in the virtual network adapter vmxnet3 of VMware ESXi, VMware Workstation, and VMware Fusion allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the virtual network adapter vmxnet3 in VMware ESXi, VMware Workstation, and VMware Fusion lies in the issue of data writing beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of many components of the OpenOffice.org module of the LibreOffice office software package allows a hacker to trigger a service failure.
The vulnerability of many components of the OpenOffice.org module of the LibreOffice office software package is related to errors in number processing. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of the libparsec-mac-qt5 library, used for developing graphical applications with Qt5 graphical interfaces on the Astra Linux operating system, allows a hacker to cause a service failure.
The vulnerability of the libparsec-mac-qt5 library for developing graphical applications using Qt5 graphical interfaces on the Astra Linux operating system is related to errors that lead to multiple accesses to the macdb memory area. Exploiting this vulnerability can allow an attacker to cause a...
The vulnerability of the pitchmark tool in the Edinburgh Speech Tool Library allows a perpetrator to trigger a service failure.
The vulnerability of the pitchmark tool in the Edinburgh Speech Tool Library is related to initialization errors. Exploiting this vulnerability can allow attackers to cause service failures in applications by entering specially crafted data...
The vulnerability of the xsk_pool_get_rx_frame_size() function in the virtio-net component of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the xskpoolgetrxframesize function in the virtio-net component of the Linux operating system is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, a...
The vulnerability of the VsapiNT.sys module in anti-virus software from Trend Micro’s Apex One and Apex One as a Service allows a malicious actor to elevate their privileges and execute arbitrary code within the SYSTEM context.
The vulnerability of the VsapiNT.sys module in anti-virus software from Trend Micro’s Apex One and Apex One as a Service is related to an incorrect definition of the link before accessing the file. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitra...
The vulnerability of the gf_filter_pid_inst_swap function in the MP4Box multimedia platform GPAC allows a intruder to cause a service failure or execute arbitrary code.
The vulnerability of the gffilterpidinstswap function in the MP4Box multimedia platform of GPAC relates to the use of memory after deallocation. Exploiting this vulnerability could allow an attacker to cause a service failure or execute arbitrary code...
The vulnerability of the edna Chat Center’s customer request processing system, related to the improper handling of exceptional states, allows a violator to determine the true identities of users.
The vulnerability of the edna Chat Center’s customer request processing system is related to the improper handling of exceptional states. Exploiting this vulnerability allows a malicious actor to determine the true identities of users...
The vulnerability of the IBM Guardium Data Protection platform regarding data security, related to the leakage of information in error messages, allows attackers to disclose protected information.
The vulnerability of the IBM Guardium Data Protection platform relates to the leakage of information in error messages. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose the protected information...
The vulnerability of the ICOInput::seek_subimage function in the src/ico.imageio/icoinput.cpp module of the OpenImageIO library allows a attacker to cause a service failure.
The vulnerability of the ICOInput::seeksubimage function in the src/ico.imageio/icoinput.cpp module of the OpenImageIO library is related to the lack of checks for division by zero. Exploiting this vulnerability could allow a remote attacker to cause a service failure...
The vulnerability of the enable_phantom_plane() function in the drivers/gpu/drm/amd/display/dc/dml2/dml2_mall_phantom.c kernel of the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the enablephantomplane function in the drivers/gpu/drm/amd/display/dc/dml2/dml2mallphantom.c kernel of the Linux operating system is related to pointer manipulation. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the ActUWzd.dll library component of the Mitsubishi MX Component 3 system for data collection and process control in industrial automation systems, allowing a hacker to execute arbitrary code.
The vulnerability of the ActUWzd.dll library component of the Mitsubishi MX Component 3 system used for data collection and process control in Citect SCADA is due to buffer overflow. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely using a long string...
The vulnerability of the Windows GDI component in Windows operating systems allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Windows GDI component in Windows operating systems is related to deficiencies in security mechanisms. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
Vulnerability of the Cyrus IMAP mail server and operating systems openSUSE and OpenSUSE Leap, allowing attackers to compromise the integrity and accessibility of protected information
The vulnerability of the indexurlfetch function imap/index.c in the Cyrus IMAP server and on the OpenSUSE and OpenSUSE Leap operating systems is caused by a numerical overflow issue. Exploiting this vulnerability allows an attacker to compromise the integrity and accessibility of protected...
The vulnerability of the web interface of Xerox WorkCentre 3025 microprogramming software allows a perpetrator to gain unauthorized access to account data.
The vulnerability of the web interface of Xerox WorkCentre 3025 microprogramming software is related to the improper processing of special symbols in input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to account information by sending a specially crafted...
The vulnerability of Firefox browser, related to an error in displaying the domain name in the address bar, allows attackers to compromise data integrity.
The vulnerability of Firefox browsers is related to an error in the display of the domain name in the address bar. Exploiting this vulnerability can allow a remote attacker to compromise the integrity of data...
The vulnerability in web browsers Firefox, Firefox ESR, and the email client Thunderbird, related to the storage of passwords in unencrypted form, allows attackers to gain unauthorized access to protected information.
The vulnerability in web browsers Firefox, Firefox ESR, and the email client Thunderbird relates to the storage of passwords in an unencrypted form. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of the graphical user input component in the fly-qdm system of the Astra Linux operating system allows a hacker to cause a service failure or execute arbitrary code.
The vulnerability of the graphical user input component in the fly-qdm system of the Astra Linux operating system is related to buffer overflows when copying a command string from the virtual keyboard. Exploiting this vulnerability can allow an attacker to cause service failures or execute...
The vulnerability of the AccessCtrlTimeSchedRpm component (/userRpm/AccessCtrlTimeSchedRpm.htm) in the TP-Link routers such as TL-WR940N, TL-WR841N, TL-WR941N, TL-WR940N, and TL-WR740N allows a hacker to cause service failures.
The vulnerability of the AccessCtrlTimeSchedRpm component /userRpm/AccessCtrlTimeSchedRpm.htm of the TP-Link routers TL-WR940N, TL-WR841N, TL-WR941N, TL-WR940N, and TL-WR740N is related to the execution of an operation outside the buffer in memory when processing the Changed parameter. Exploiting...
The vulnerability of the Traffic Management User Interface (TMUI) of BIG-IP application protection tools allows a hacker to execute arbitrary commands, create or delete files.
The vulnerability of the Traffic Management User Interface TMUI of BIG-IP application protection tools is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands, create or delete files remotely...
The vulnerabilities of PDF editing programs like Adobe Acrobat and Adobe Acrobat Document Cloud, as well as PDF viewing programs like Adobe Reader and Adobe Reader Document Cloud, allow attackers to execute arbitrary code.
The vulnerability of the SaveAs component in PDF editing programs like Adobe Acrobat and Adobe Acrobat Document Cloud, as well as PDF viewing programs like Adobe Reader and Adobe Reader Document Cloud, is related to the use of memory after it is freed. Exploiting this vulnerability could allow a...
The vulnerability of the Routing Protocols Daemon (RPD) service on the JunOS operating system allows a hacker to trigger a service failure.
The vulnerability of the Routing Protocols Daemon RPD service on the JunOS operating system is related to an uncontrolled memory consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the modular IRC server InspIRCd for the Debian GNU/Linux operating system allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the modular IRC server InspIRCd for the Debian GNU/Linux operating system is related to improper handling of integer variables. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...
Vulnerability of the 1C-Bitrix web project management system: Website management that allows malicious actors to bypass access restrictions
Vulnerability of the 1C-Bitrix web project management system: Website management related to errors in the integrity control mechanism of the control scripts. Exploiting this vulnerability allows a malicious actor to manipulate the integrity check mechanism and modify files within the system witho...
The vulnerability of the Cyrus IMAP mail server and the OpenSUSE and OpenSUSE Leap operating systems allows attackers to compromise the integrity and accessibility of protected information.
The vulnerability of the indexurlfetch function imap/index.c in the Cyrus IMAP server is caused by a numerical overflow condition. Exploiting this vulnerability allows an attacker to compromise the integrity and accessibility of protected information by using the UrlFetch function and the...
The vulnerability of the `block_type_get_arity` function in the `core/iwasm/interpreter/wasm.h` file in the execution environment for WebAssembly applications, such as WebAssembly Micro Runtime (WAMR), allows a malicious actor to cause a service failure.
The vulnerability of the blocktypegetarity function in the core/iwasm/interpreter/wasm.h file, within the WebAssembly environment for WebAssembly Micro Runtime applications WAMR, involves reading beyond the permitted range of memory. Exploiting this vulnerability could allow a malicious actor to...
The vulnerability of the Apex One antivirus software lies in its improper handling of links before accessing a file, allowing attackers to escalate their privileges.
The vulnerability of the anti-virus software Apex One is related to an incorrect definition of the link before accessing the file. Exploiting this vulnerability can allow a hacker to increase their privileges...
The vulnerability of the SCADA system “KRUG-2000” software, related to insufficient verification of script integrity, allows a perpetrator to trigger a service failure.
The vulnerability of the SCADA system “KRUG-2000” software is related to insufficient verification of the integrity of scripts. Exploiting this vulnerability can allow an intruder to cause a service failure...
The vulnerability of the TrustAccess network firewall lies in its improperly implemented user authentication mechanism, which allows attackers to carry out authentication procedures.
The vulnerability of the TrustAccess network firewall is related to an improperly implemented user authentication mechanism. Exploiting this vulnerability allows a perpetrator who has access to user credentials to perform authentication procedures without using the TrustAccess graphical interface...
The vulnerability of the operating environment of the information protection software “Blockhost-Net” and “Blockhost-Net K” allows a perpetrator to execute the application through the operating system’s regsvr32 component, bypassing the closed-loop programming environment.
The vulnerability of the operating environments of the information protection software “Blockhost-Net” and “Blockhost-Net K” is related to the use of the regsvr32 function to access system components. Exploiting this vulnerability could allow a perpetrator with administrative privileges to execut...
The vulnerability of the lz4::decompress function in the Graphite library used by Mozilla Firefox and Mozilla Firefox ESR browsers allows a hacker to cause a service failure or execute arbitrary code.
The vulnerability of the lz4::decompress function in the Graphite library of Mozilla Firefox and Mozilla Firefox ESR browsers is caused by a buffer overflow in memory. Exploiting this vulnerability can allow an attacker to cause a service failure or execute arbitrary code...
The vulnerability of the file_manage_view.php component in the DedeCMS content management system, which stems from the lack of protective measures for website structures, allows attackers to carry out XSS attacks.
The vulnerability of the filemanageview.php component in the DedeCMS content management system is related to the lack of measures taken to protect the website’s structure. Exploiting this vulnerability allows a malicious actor to perform XSS attacks remotely...
The vulnerability in the CDCreateKernlConnection function of the condrv.sys driver in the Windows operating system allows a hacker to cause a service failure.
The vulnerability of the CDCreateKernlConnection function in the condrv.sys driver of the Windows operating system is related to deficiencies in the path name validation process. Exploiting this vulnerability allows a malicious actor to trigger service failures by using a specially crafted path...
The vulnerability of the Malformed File Handler component in the cross-platform import library for 3D models, Assimp (Open Asset Import Library), allows a hacker to trigger a service failure.
The vulnerability of the Malformed File Handler component in the cross-platform 3D model import library Assimp Open Asset Import Library is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the Craft CMS content management system lies in the improper restriction on the path to the restricted catalog. This allows a hacker to execute arbitrary code or perform Server Side Template Injection (SSTI) attacks.
The vulnerability of the Craft CMS content management system is related to incorrect restrictions on the path to the restricted catalog. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or perform Server Side Template Injection SSTI attacks...
Vulnerability of the H5O__dtypeDecodeHelper function in the H5Odtype.c file of the HDF5 library, allowing a hacker to cause a service failure.
The vulnerability of the H5Odtypedecodehelper function in the H5Odtype.c file is related to the dereferencing of NULL pointers. Exploiting this vulnerability could allow an attacker to cause service failures remotely...
The vulnerability of the GGUF_TYPE_ARRAY/GGUF_TYPE_STRING component in the llama.cpp file of the GGUF library allows a attacker to execute arbitrary code.
The vulnerability of the GGUFTYPEARRAY/GGUFTYPESTRING component in the llama.cpp file of the GGUF library is related to integer overflow. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the httpd daemon in the microprogramming software of TP-Link’s TL-WR940N router allows a hacker to execute arbitrary code.
The vulnerability of the httpd daemon in the microprogramming-based router software from TP-Link, the TL-WR940N, is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows an attacker to execute arbitrary code...
The vulnerability of the microprogrammed Ethernet module WISE-4060 and Adam-6050 D lies in the use of weak encryption algorithms, allowing attackers to gain full access to the device with administrator privileges.
The vulnerability of the microprogrammed Ethernet module WISE-4060 and Adam-6050 D lies in the use of weak encryption algorithms. Exploiting this vulnerability can allow an attacker operating remotely to gain full access to the device with administrator privileges...
The vulnerabilities of the `alloc_large()` and `alloc_sarray()` functions in the libjpeg-turbo image processing library allow a malicious actor to perform division operations with zero.
The vulnerability of the alloclarge and allocsarray functions in the libjpeg-turbo image processing library is related to deficiencies in the handling of input values. Exploiting this vulnerability could allow a malicious actor to trigger a zero-division operation remotely...
The vulnerability of the software-hardware complex for protecting information from unauthorized access—“Akord-V”—is related to the violation of established role assignments. This allows an intruder to bypass the access restrictions for resources of the ABI/AVI system for the system administrators and execute arbitrary code on behalf of the system.
The vulnerability of the software-hardware complex for protecting information from unauthorized access, “Akord-V,” is related to the violation of established role assignments. Exploiting this vulnerability allows an intruder to bypass the access restrictions for ARMs of types ABI/AVI for ARM...
The vulnerability of the config_set function in the libconfig.so library of the web server’s embedded software is related to buffer overflows in the stack due to insufficient input data processing. This allows attackers to execute arbitrary code or cause service interruptions by exploiting this vulnerability.
The vulnerability of the configset function in the libconfig.so library, a built-in software library for web servers, is related to buffer overflows in the stack due to insufficient input handling. Exploiting this vulnerability can allow an attacker to enhance their privileges, execute arbitrary...
The vulnerability of Moxa VPORT 06EC-2V series IP cameras’ microprogramming software is related to integer overflow. This allows a intruder to trigger a service failure.
The vulnerability of Moxa VPORT 06EC-2V series IP cameras’ microprogramming software is related to a numerical overflow condition. Exploiting this vulnerability can allow an attacker to trigger a service failure through a specially crafted HTTP request...
The vulnerability of the syntax analyzer for RTSP connections in the Gstreamer multimedia framework allows a hacker to execute arbitrary code.
The vulnerability of the RTSP parser in the Gstreamer multimedia framework is related to buffer overflow attacks. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Mediaserver application in the Android operating system’s libmpeg2 library allows a hacker to cause memory corruption and execute code remotely within the Mediaserver context.
The vulnerability of the Mediaserver application in the Android operating system’s libmpeg2 library arises from the execution of operations outside of the buffer in memory. Exploiting this vulnerability allows a malicious actor to cause memory corruption and remotely execute code within the...
The vulnerability of the libhevc library in the Mediaserver application of the Android operating system allows a hacker to cause service failure, device freezing, and reloading of the device.
The vulnerability of the libhevc library in the Mediaserver application of the Android operating system is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to cause service failures, device freezes, and reboots by using a specially created file...