90604 matches found
The vulnerability of the message exchange component of the system for loading user files in the Apex-VUZ education automation system allows a perpetrator to upload any files onto the server.
The vulnerability of the message exchange component of the system for loading user files in the Apex-VUZ education automation system is related to the unlimited loading of malicious files. Exploiting this vulnerability allows a remote attacker to load malicious files onto the server...
The vulnerability of the InnoDB component of the MySQL Database Server allows a perpetrator to gain unauthorized access for reading, modifying, or deleting data, or to cause service failures.
The vulnerability of the InnoDB component in the MySQL Database Management System is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to read, modify, or delete data, or to cause service failures...
The vulnerability in the driver drivers/net/wireless/rndis_wlan.c of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability in the driver drivers/net/wireless/rndiswlan.c of the Linux operating system is related to a numerical overflow in the buffer of the rndisqueryoid function during addition operations. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...
The vulnerability of Moxa VPORT 06EC-2V IP camera software and Moxa VPort 461A video encoder software lies in the reading of data beyond the buffer in memory. This allows an intruder to gain unauthorized access to protected information or cause a service failure.
The vulnerability of Moxa VPORT 06EC-2V microprogrammed software for IP cameras and the Moxa VPort 461A microprogrammed software for video encoders lies in the reading of data beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected...
The vulnerability of NSD and Unbound DNS servers lies in the improper handling of symbolic links before accessing a file. This allows attackers to cause service failures.
The vulnerability of NSD and Unbound DNS servers is related to the incorrect handling of symbolic links before accessing a file. Exploiting this vulnerability allows an attacker to cause service failures...
The vulnerability of the internal/dcraw_common.cpp component in the LibRaw image processing library allows a hacker to trigger a service failure.
The vulnerability of the internal/dcrawcommon.cpp component in the LibRaw image processing library is related to reading data beyond the permissible buffer size. Exploiting this vulnerability allows a remote attacker to cause service interruptions...
The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software allows a perpetrator to trigger a service failure.
The vulnerability of Oracle Banking Trade Finance software’s Infrastructure component exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to cause service interruptions remotely...
The vulnerabilities of the merge, mergeWith, and defaultsDeep functions in the Lodash library allow attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the merge, mergeWith, and defaultsDeep functions in the Lodash library is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of the QPDF::processXRefStream function in the command-line utility for converting QPDF documents allows a attacker to cause a service failure.
The vulnerability of the QPDF::processXRefStream command-line utility for converting PDF documents is related to the lack of resource release after the expiration of its useful period. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the Inter-controller protocol implementation in Honeywell’s programmable logic controllers’ microprogramming software arises from the transmission of PIN codes, user names, and passwords as plain text. This allows attackers to gain unauthorized access to protected information.
The vulnerability of the Inter-controller protocol implementation for Honeywell programmable logic controllers involves the transmission of PIN codes, user names, and passwords as plain text. Exploiting this vulnerability could allow an unauthorized attacker to gain unauthorized access to protect...
The vulnerability of the SCADA system “SKADA-NEV” lies in the unencrypted storage of critical information in memory, allowing attackers to gain access to user account data.
The vulnerability of the SCADA system “SKADA-NEV” is related to the unencrypted storage of critical information in memory. Exploiting this vulnerability can allow an intruder to gain access to user account data...
The vulnerability of Huawei HG532 Wi-Fi routers’ microprogramming software lies in insufficient validation of input data, allowing a hacker to execute arbitrary codes.
The vulnerability of Huawei HG532 Wi-Fi routers’ microprogramming software is related to insufficient verification of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted malware packets through port 37215...
The vulnerability of the decoder in the MPEG-4 multimedia platform GPAC’s decoding function allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of the decoder in the MPEG-4 multimedia platform GPAC’s decoding function is related to the lack of a mechanism for converting data types. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures...
The vulnerability of the convolution_y_10bit function in the Ffmpeg multimedia library, related to buffer overflow in memory, allows a hacker to cause a service failure.
The vulnerability of the convolutiony10bit function in the Ffmpeg multimedia library is related to buffer overflow in memory. Exploiting this vulnerability could allow a remote attacker to cause a service failure...
The vulnerability of Google Chrome’s web storage mechanism, which allows a hacker to circumvent existing security restrictions
The vulnerability of Google Chrome browser-based web storage is caused by synchronization errors when using a common resource. Exploiting this vulnerability can allow an attacker to bypass existing security restrictions remotely...
The vulnerability of the Ethernet software solutions WISE-4060, Adam-6050 D, and Adam.NET Utility lies in the lack of authentication attempt limits, allowing attackers to gain full access to the device.
The vulnerability of the Microprogrammed Ethernet module WISE-4060, Adam-6050 D, and Adam.NET Utility is related to the absence of authentication attempt limits. Exploiting this vulnerability can allow a malicious actor to gain full access to the device remotely...
The vulnerability of OPPO’s 5G router, related to the insecure storage of confidential information, allows a intruder to gain unauthorized access to protected data.
The vulnerability of OPPO’s 5G router is related to the insecure storage of confidential information. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of microprogrammed software in programmable logic controllers like ioLogik, related to deficiencies in access control, allows a intruder to gain access to the device.
The vulnerability of microprogrammed software in programmable logic controllers like ioLogik is related to deficiencies in access control. Exploiting this vulnerability can allow an intruder to gain access to the device...
The vulnerability of the microprogrammed logic controller ioLogik software, related to insufficient requirements for password complexity, allows a hacker to obtain user passwords by brute-force methods.
The vulnerability of the microprogrammed logic controller ioLogik software is related to insufficient requirements for the complexity of passwords. Exploiting this vulnerability allows a malicious actor to manually select user passwords using brute-force methods...
The vulnerability of the cloud-based video conversion, annotation, and format conversion application for Adobe Prelude involves an operation that goes beyond buffer boundaries into memory, allowing attackers to execute arbitrary code.
The vulnerability of the cloud-based video conversion, annotation, and format conversion application for Adobe Prelude lies in the execution of operations beyond the buffer boundaries in memory when processing media files. Exploiting this vulnerability allows a malicious actor to execute arbitrar...
The vulnerability of the Zabbix universal monitoring system, related to deficiencies in access control, allows a intruder to bypass the authentication process on the administrator panel.
The vulnerability of the Zabbix universal monitoring system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to bypass the administrative panel’s authentication process by sending specially crafted requests...
The vulnerability of the implementation of the VXLAN technology by Juniper Networks’ Modular Port Concentrator devices for Junos OS-based MX routers allows a attacker to cause a service failure.
The vulnerability of the VXLAN technology implemented by Juniper Networks’ Modular Port Concentrator for Junos OS routers of the MX series is related to insufficient checking of unusual or exceptional states when using the LACP protocol. Exploiting this vulnerability can allow a malicious actor t...
The vulnerability of the AVEVA Enterprise Data Management Web (eDNA Web) software platform, related to the lack of measures taken to protect the SQL query structure, allows a hacker to execute arbitrary SQL commands.
The vulnerability of the AVEVA Enterprise Data Management Web eDNA Web software platform is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands remotely...
The vulnerability of the parse_args() function in the Sudo system administration program allows a malicious user to elevate their privileges to root level.
The vulnerability of the parseargs function in Sudo system administration software is related to buffer overflow in dynamic memory. Exploiting this vulnerability can allow an attacker to elevate their privileges to the root level...
Vulnerability of the /processReportGetter.php component of the KTS “Mayak” system, which allows a hacker to gain access to and read arbitrary files.
The vulnerability of the /processReportGetter.php component of the KTS “Mayak” is related to errors in the logic of the web application’s operation. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to and read arbitrary files...
The vulnerability of the web application of the enterprise automation system 1C:Enterprise lies in the lack of measures taken to protect the website structure, allowing attackers to carry out cross-site scripting attacks.
The vulnerability of the 1C:Enterprise web application lies in the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks by sending specially crafted requests...
The vulnerability of the RemoteFX vGPU component in the Microsoft Hyper-V hardware virtualization system’s operating system Windows allows a attacker to execute arbitrary code.
The vulnerability of the RemoteFX vGPU component in the Microsoft Hyper-V hardware virtualization system’s operating system Windows exists due to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially crafted...
The vulnerability of the XML analyzer for software that manages Cisco Firepower Device Manager On-Box allows a hacker to trigger a maintenance failure.
The vulnerability of the XML analyzer for software that manages Cisco Firepower Device Manager On-Box devices is related to an operation where data escapes beyond the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service failure...
The vulnerability of the Server:Optimizer component of the MySQL database management system allows a hacker to cause a service failure.
The vulnerability of the Server:Optimizer component of the MySQL database management system is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to cause service interruptions using specially crafted network packets...
The vulnerability of Intel Graphics Drivers relates to an uncontrolled search path, which allows attackers to escalate their privileges.
The vulnerability of Intel Graphics Drivers is related to an uncontrolled search process. Exploiting this vulnerability can allow attackers to gain increased privileges...
The vulnerability of Brodade’s IP and SAN network management system, related to deficiencies in user account storage, allows unauthorized access to protected information by attackers.
The vulnerability of the Brocade Network Advisor system for managing IP networks and Storage Area Networks is related to deficiencies in data storage. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information through access to the JMX console...
The vulnerability in the built-in software of the Intel NUC Kit relates to the execution of operations outside the buffer in memory. This allows an attacker to exploit their privileges, cause system failures, or gain unauthorized access to protected information.
The vulnerability in the built-in software of the Intel NUC Kit relates to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker to enhance their privileges, cause system failures, or gain unauthorized access to protected information...
The vulnerability of Adobe Illustrator CC 2019, related to the execution of operations beyond buffer boundaries in memory, allows attackers to execute arbitrary code.
The vulnerability of Adobe Illustrator CC 2019 is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...
The vulnerability of the Intel Graphics Driver’s API driver component allows a hacker to disclose protected information.
The vulnerability of the Intel Graphics Driver’s API driver component is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to disclose protected information...
The vulnerability of the Office Online Server, related to information representation errors in the user interface, allows attackers to perform spoofing attacks.
The vulnerability of the Office Online Server web server is related to information representation errors in the user interface. Exploiting this vulnerability allows a malicious actor to perform spoofing attacks using specially crafted requests...
The vulnerability of the Samba networking communication package lies in its susceptibility to resource exhaustion by the system, allowing attackers to trigger a service failure.
The vulnerability of the Samba networking communication package is related to the exhaustion of system resources. Exploiting this vulnerability can allow a hacker to cause service failures by initiating multiple connections...
The vulnerability of the fly-admin-mic component in the FLY operating environment of the Astra Linux system allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the fly-admin-mic component in the FLY operating environment of the Astra Linux system is related to a flaw in the file system integrity checking mechanism. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of the fly-admin-gmc-se component in the FLY operating system environment of Astra Linux, related to improper access control, allows a intruder to trigger a service failure.
The vulnerability of the fly-admin-gmc-se component in the FLY operating system environment of Astra Linux is related to an error that causes a significant delay in opening a folder with the ELF filter enabled. Exploiting this vulnerability allows a remote attacker to cause a service failure...
The vulnerability of the astra-sambadc component of the Astra Linux operating system, which allows a hacker to trigger a service failure.
The vulnerability of the astra-sambadc component of the Astra Linux operating system is related to improper interaction with the “Kerberos” authentication program. Exploiting this vulnerability can allow a perpetrator to cause service failures...
The vulnerability of the GManager.exe console of the Information Protection System, which allows unauthorized access by attackers, enabling them to cause a service failure.
The vulnerability of the GManager.exe console of the information protection system against unauthorized access is related to incorrect processing of data read from the named channel. Exploiting this vulnerability could allow an intruder acting locally to cause a service failure...
The vulnerability of the kalmiabind handler in Linux kernel allows a hacker to trigger a service failure.
The vulnerability of the kalmiabind implementation in Linux kernel drivers drivers/net/usb/kalmia.ko is related to a memory allocation error. Exploiting this vulnerability can allow an attacker to cause a service failure when connecting a Samsung Kalmia-based LTE USB modem. This creates an...
The vulnerability of the sis5595_probe driver in the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the sis5595probe handler in the loaded modules of drivers/hwmon/sis5595.ko in the Linux operating system arises due to the assignment of a null pointer. Exploiting this vulnerability can allow an attacker to cause a system failure by connecting a device that appears to be LM...
The vulnerability of the Linux operating system’s interrupt handler `snd_korg1212_interrupt` allows a hacker to cause a service failure.
The vulnerability of the interrupt handler sndkorg1212interrupt in the Linux kernel’s sound/pci/korg1212/snd-korg1212.ko module is related to the swapping of the zero pointer. Exploiting this vulnerability could allow an attacker to cause a system failure when a Korg 1212 device is connected. Thi...
The vulnerability of the Windows Secure Kernel Mode mechanism allows a malicious actor to induce incorrect application of virtual trust levels.
The vulnerability of the Windows Secure Kernel Mode mechanism in Windows operating systems is related to errors in memory object handling. Exploiting this vulnerability can allow an attacker to improperly apply Virtual Trust Levels VTLs through a specially created application...
A vulnerability in the Google Chrome browser, related to a bug in network authentication implementation, allows attackers to compromise the integrity of protected information.
The vulnerability in Google Chrome relates to a implementation error in network authentication. Exploiting this vulnerability allows an attacker to compromise the integrity of protected information through a specially created HTML page...
The vulnerability of the graphical user input component in the fly-dm operating system of Astra Linux allows a hacker to cause a service failure.
The vulnerability of the graphical user input component in the fly-dm operating system of Astra Linux is related to an error that causes a failure when executing the “fly-dmctl rtcwake” command without specifying the arguments “-t/-s secs”. Exploiting this vulnerability could allow a perpetrator ...
The vulnerability of the Microsoft JET Database Engine database driver on the Windows operating system allows a hacker to execute arbitrary code.
The vulnerability of the Microsoft JET Database Engine database driver for the Windows operating system exists due to errors in object handling in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created file...
The vulnerability of Cisco Email Security Appliances arises from deficiencies in the mechanisms for detecting malicious content in executable files. This allows attackers to circumvent security restrictions.
The vulnerability of Cisco Email Security Appliances’ security systems stems from deficiencies in the mechanisms for detecting malicious content in executable files EXE files. Exploiting this vulnerability allows a malicious actor to send messages containing malicious files remotely...
The vulnerability of the _mediaLibraryPlayCb function in the Pitivi video editor allows a hacker to execute arbitrary code.
The vulnerability of the mediaLibraryPlayCb function in the mainwindow.py file of the Pitiv video editor is related to incorrect handling of code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using metashell frameworks along the way to the target fil...
The vulnerability in the Chakra JavaScript engine of the Microsoft Edge browser allows a hacker to trigger a service failure or execute arbitrary code.
The vulnerability in the Chakra JavaScript engine of Microsoft Edge arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure memory corruption by using a specially crafted...