90509 matches found
The vulnerability of the Linux operating system’s interrupt handler `snd_korg1212_interrupt` allows a hacker to cause a service failure.
The vulnerability of the interrupt handler sndkorg1212interrupt in the Linux kernel’s sound/pci/korg1212/snd-korg1212.ko module is related to the swapping of the zero pointer. Exploiting this vulnerability could allow an attacker to cause a system failure when a Korg 1212 device is connected. Thi...
The vulnerability of the sis5595_probe driver in the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the sis5595probe handler in the loaded modules of drivers/hwmon/sis5595.ko in the Linux operating system arises due to the assignment of a null pointer. Exploiting this vulnerability can allow an attacker to cause a system failure by connecting a device that appears to be LM...
The vulnerability of the Windows Secure Kernel Mode mechanism allows a malicious actor to induce incorrect application of virtual trust levels.
The vulnerability of the Windows Secure Kernel Mode mechanism in Windows operating systems is related to errors in memory object handling. Exploiting this vulnerability can allow an attacker to improperly apply Virtual Trust Levels VTLs through a specially created application...
A vulnerability in the Google Chrome browser, related to a bug in network authentication implementation, allows attackers to compromise the integrity of protected information.
The vulnerability in Google Chrome relates to a implementation error in network authentication. Exploiting this vulnerability allows an attacker to compromise the integrity of protected information through a specially created HTML page...
The vulnerability of the component for integrating various authentication methods in the Astra Linux operating system allows a hacker to circumvent security policies set by the system, due to configuration errors in the password policies for user domain accounts.
The vulnerability of the component for integrating various authentication methods in the Astra Linux operating system is related to configuration errors in password policies, which result in the lack of checks to ensure that the specified restrictions on user domain account passwords are met...
The vulnerability of the fly-admin-printer-mac utility in the Astra Linux operating system, which allows a hacker to gain access to confidential data
The vulnerability of the fly-admin-printer-mac utility in the Astra Linux operating system relates to the printing of content from the GECOS field instead of the user’s domain username. Exploiting this vulnerability can allow an attacker to gain access to confidential data...
The vulnerability of the PIA Search Functionality component in the Oracle PeopleSoft Enterprise PeopleTools business application suite allows a perpetrator to gain unauthorized access to protected data.
The vulnerability of the PIA Search Functionality component in the Oracle PeopleSoft Enterprise PeopleTools business application suite is related to access control deficiencies. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected dat...
The vulnerability of the Portal component in the Oracle PeopleSoft Enterprise PeopleTools business application suite allows a perpetrator to gain unauthorized access to protected data.
The vulnerability of the Portal component in the Oracle PeopleSoft Enterprise PeopleTools business application suite is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected data using the HTT...
The vulnerability of the xmlParsePEReference component in the libxml2 library, which is used for working with XML and HTML files, allows a attacker to execute arbitrary code or cause a service failure.
The vulnerability of the xmlParsePEReference component in the libxml2 XML parsing library is related to insufficient restrictions on XML references to external objects. Exploiting this vulnerability could allow an attacker to execute arbitrary code or cause service failures through a specially...
The vulnerability of the Microsoft JET Database Engine database driver on the Windows operating system allows a hacker to execute arbitrary code.
The vulnerability of the Microsoft JET Database Engine database driver for the Windows operating system exists due to errors in object handling in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created file...
The vulnerability of Cisco Email Security Appliances arises from deficiencies in the mechanisms for detecting malicious content in executable files. This allows attackers to circumvent security restrictions.
The vulnerability of Cisco Email Security Appliances’ security systems stems from deficiencies in the mechanisms for detecting malicious content in executable files EXE files. Exploiting this vulnerability allows a malicious actor to send messages containing malicious files remotely...
The vulnerability of the _mediaLibraryPlayCb function in the Pitivi video editor allows a hacker to execute arbitrary code.
The vulnerability of the mediaLibraryPlayCb function in the mainwindow.py file of the Pitiv video editor is related to incorrect handling of code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using metashell frameworks along the way to the target fil...
The vulnerability of the dynamic analyzer for XML files in the wsisapi.dll library of the enterprise automation system 1C:Enterprise allows a perpetrator to cause service failures and gain access to internal network resources.
The vulnerability of the dynamic analyzer for XML files in the wsisapi.dll library of the enterprise automation system 1C:Enterprise is related to the implementation of XML. Exploiting this vulnerability can allow a malicious actor to cause service failures and gain access to internal network...
The vulnerability in the Chakra JavaScript engine of the Microsoft Edge browser allows a hacker to trigger a service failure or execute arbitrary code.
The vulnerability in the Chakra JavaScript engine of Microsoft Edge arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure memory corruption by using a specially crafted...
The vulnerability of the Android operating system, which allows a hacker to trigger memory corruption
The vulnerability of the Mediaserver application in the Android operating system arises from an operation that occurs outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to cause memory corruption during the processing of media files and data using a specially...
Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the accessibility of protected information
The multiple vulnerabilities in the linux-headers-2.6.26-2-iop32x package of the Debian GNU/Linux operating system may lead to a violation of the accessibility of protected information. These vulnerabilities can be exploited remotely...
Vulnerability of the Java Platform software platform, allowing a remote attacker to compromise the integrity of protected information
The vulnerability of the Java SE and Java SE Embedded software platform allows a malicious actor to compromise data integrity by using the Security subcomponent...
The vulnerability of the Wireshark Network Protocol Analyzer software allows a remote attacker to compromise the accessibility of protected information.
A vulnerability exists in the readnewline function of the Catapult DCT2000 dissector in Wireshark, due to incorrect processing of the '\n' and '\r' characters. Exploiting this vulnerability allows malicious actors to cause service failures—such as insufficient buffer filling, related to a...
The vulnerability of the nghttp2 library allows attackers to trigger a service failure or execute arbitrary code.
The vulnerability of the nghttp2 library is related to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to cause service interruptions or execute arbitrary code...
The vulnerability of the embedded software in industrial Ethernet switches of the EKI series, models 1321 and 1322, allows a hacker to bypass the authentication process.
The vulnerability of the embedded software in the EKI series 1321 and 1322 industrial Ethernet switches is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to bypass the authentication process remotely...
The vulnerability of the Silverlight software platform allows a perpetrator to trigger a service failure or execute arbitrary code.
The vulnerability of the Silverlight software platform is related to errors in reverse displacement processing during the decoding process. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause service failures through a specially crafted web page...
The vulnerability of the Android operating system, which allows a hacker to execute arbitrary code or cause a service failure
The vulnerability of the MPEG4Extractor::parseChunk function in the libstagefright library of the Android operating system is related to integer overflow. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a service failure by using specially crafted MPEG-4...
The vulnerability of the Red Hat Enterprise Linux operating system allows a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the openssl-debuginfo-0.9.8e package for the Red Hat Enterprise Linux operating system can lead to violations of the confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited remotely...
The vulnerability of the software interface of the CI/CD subsystem of the Git-based software platform for collaborative code development on GitLab EE/CE allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the software interface of the CI/CD subsystem of the Git-based software platform for collaborative code development in GitLab EE/CE is related to insufficient protection of registration data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain...
The vulnerability of the library for creating and editing PDF documents in OpenPDF, related to insufficient validation of input data, allows a hacker to read arbitrary files.
The vulnerability of the OpenPDF library for creating and editing PDF documents is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to read arbitrary files...
The vulnerability of the developer tool “1C:Standard Subsystems Library” relates to deficiencies in code generation process management, allowing a hacker to execute arbitrary code.
The vulnerability of the developer tool “1C:Standard Subsystems Library” is related to deficiencies in process management for code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...
The vulnerability of the "Health check-up" platform for remote monitoring of patient physiological indicators, related to the use of dangerous methods or functions, allows a perpetrator to access confidential information.
The vulnerability of the "Health check-up" patient physiological monitoring platform involves the use of dangerous methods or functions. Exploiting this vulnerability could allow a malicious actor to gain access to confidential information...
The vulnerability of the Open Asset Import Library’s 3D model import library (Assimp) lies in buffer overflows in dynamic memory, allowing attackers to access confidential information without authorization.
The vulnerability of the Open Asset Import Library Assimp, a library for importing 3D models, is related to buffer overflows in dynamic memory. Exploiting this vulnerability could allow an attacker to gain unauthorized access to confidential information...
The vulnerability in the Linux operating system’s TUN network interface kernel allows a hacker to trigger a service failure.
The vulnerability of the TUN network interface in Linux operating systems is related to pointer manipulation. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the software for deploying and executing AI models developed with NVIDIA Triton Inference Server (previously known as TensorRT Inference Server) allows a malicious actor to trigger a service failure. This vulnerability is related to zero-division errors.
The vulnerability of the software for deploying and executing NVIDIA Triton Inference Server formerly TensorRT Inference Server is related to division by zero errors. Exploiting this vulnerability can allow a malicious actor to trigger a service failure by sending a specially crafted request...
The vulnerability of the usbhs_probe() function in the Linux kernel’s USB component allows a hacker to induce a service failure.
The vulnerability of the usbhsprobe function in the Linux kernel’s USB component is related to incorrect initialization of resources. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the snd_usb_get_audioformat_uac3() function (sound/usb/stream.c) in Linux kernel allows a hacker to trigger a service failure.
The vulnerability of the sndusbgetaudioformatuac3 function in the Linux kernel’s sound/usb/stream.c file is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to access and modify data.
The vulnerability of the Cisco Identity Services Engine ISE’s web management interface is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to gain access and modify data by sending a specially crafted HTTP request...
The vulnerability of the read_one inode() function in the fs/btrfs/tree-log.c module of the Linux kernel allows a hacker to cause a service failure.
The vulnerability of the readone inode function in the fs/btrfs/tree-log.c module of the Linux kernel is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability in the `net/ipv4/udp_offload.c` module of the Linux operating system allows a hacker to cause a service failure.
The vulnerability in the net/ipv4/udpoffload.c module of the Linux operating system is related to incorrect data type conversion. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the `cscfg_csdev_enable_active_config()` function in the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the cscfgcsdevenableactiveconfig function in the Linux operating system kernel is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the `net_sched` component in the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the netsched component in the Linux operating system’s kernel is related to the simultaneous execution using shared resources with incorrect synchronization. Exploiting this vulnerability allows an attacker to cause service failures...
The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to the execution of operations outside the buffer in memory, allowing an attacker to cause a service failure.
The vulnerability in Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to the execution of operations outside of the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...
The vulnerability of the InboundEmail module in the SuiteCRM customer relationship management system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the InboundEmail module in the SuiteCRM customer relationship management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the...
The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers allows attackers to trigger a service failure.
The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers is related to type conversion errors. Exploiting this vulnerability can allow a malicious actor to cause service interruptions through a specially crafted HTML page...
The vulnerability of the General HTML Support function (GHS) and the HTML embed panel in the Block Toolbar of the CKEditor editor allows attackers to execute XSS attacks.
The vulnerability of the General HTML Support function and the HTML embed panel in the Block Toolbar WYSIWYG-editor CKEditor is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability may allow a malicious actor to carry out XSS attacks remotely...
The vulnerability of the KVv2 plugin for the Vault Community Edition and Vault Enterprise archiving platform allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the KVv2 plugin for the Vault Community Edition and Vault Enterprise archiving platform relates to deficiencies in the error reporting mechanism. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected informatio...
The vulnerability of the sys_login function in the /cgi-bin/login.cgi script of the WAVLINK QUANTUM D2G, QUANTUM D3G, WL-WN530G3A, WL-WN530HG3, WL-WN532A3, and WL-WN576K1 routers allows a hacker to execute arbitrary code.
The vulnerability of the syslogin function in the /cgi-bin/login.cgi script of the WAVLINK QUANTUM D2G, QUANTUM D3G, WL-WN530G3A, WL-WN530HG3, WL-WN532A3, and WL-WN576K1 routers is related to the copying of buffers without checking the size of the input data during the processing of the loginpage...
The vulnerability of the SimpleOne ITSM automation system allows a perpetrator to carry out an SSRF attack and gain unauthorized access to protected information.
The vulnerability of the SimpleOne ITSM automation system is related to insufficient verification of incoming requests. Exploiting this vulnerability could allow a malicious actor to carry out an SRF attack and gain unauthorized access to protected information...
The vulnerability in the XMLRPC software of the UserGate Next-Generation Firewall (NGFW), a unified management center called the UserGate Management Center (UGMC), the UserGate Log Analyzer (LogAn) system for log collection, the UserGate Security Information and Event Management (SIEM) system, and the UserGate Web Application Firewall (WAF) allows attackers to disclose protected information.
The vulnerability of the XMLRPC software on the UserGate Next-Generation Firewall NGFW, as well as the UserGate Management Center UGMC and the UserGate Log Analyzer LogAn system, is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to...
The vulnerability of the UserGate Next-Generation Firewall (NGFW), which is managed by the UserGate Management Center (UGMC), along with the UserGate Log Analyzer (LogAn), UserGate Security Information and Event Management (SIEM), arises due to insufficient security checks on the protected connection. This allows attackers to execute arbitrary operating system commands.
The vulnerability of the UserGate Next-Generation Firewall NGFW, which is managed by the UserGate Management Center UGMC, the log collection system UserGate Log Analyzer LogAn, and the UserGate Security Information and Event Management SIEM system, is related to insufficient security checks for...
The vulnerability of the AES-128-CBC encryption algorithm in the microprogramming-based router software Tenda RX2 Pro allows a hacker to disclose the protected information.
The vulnerability of the AES-128-CBC encryption algorithm in the microprogramming-based router software Tenda RX2 Pro relates to the storage of encryption keys in an open manner. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...
The vulnerability of the ext4_fill_super() function in the fs/ext4/super.c module of the Linux file system support module allows a hacker to cause a service failure.
The vulnerability of the ext4fillsuper function in the fs/ext4/super.c module of the Linux file system support module is related to improper memory release before deleting the last reference „memory leak“. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the E-Staff automated recruitment process system, related to data filtering errors, allows a perpetrator to compromise the integrity and accessibility of the protected information.
The vulnerability of the E-Staff recruitment automation system is related to errors in data filtering. Exploiting this vulnerability can allow a malicious actor, operating remotely, to compromise the integrity and accessibility of the protected information...
The vulnerability of the JSON-RPC API function of the Cisco Crosswork Network Services Orchestrator (NSO) and ConfD software, which is used by the web-based management interfaces for Cisco Optical Site Manager and Gigabit VPN routers Cisco RV340 Dual WAN, allows a malicious actor to escalate their privileges.
The vulnerability of the JSON-RPC API function of the Cisco Crosswork Network Services Orchestrator NSO and ConfD software, which is used by the Cisco Optical Site Manager and Gigabit VPN routers Cisco RV340 Dual WAN control web interfaces, is related to incorrect authentication checks in the API...