90509 matches found
The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to access and modify data.
The vulnerability of the Cisco Identity Services Engine ISE’s web management interface is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to gain access and modify data by sending a specially crafted HTTP request...
The vulnerability in the `net/ipv4/udp_offload.c` module of the Linux operating system allows a hacker to cause a service failure.
The vulnerability in the net/ipv4/udpoffload.c module of the Linux operating system is related to incorrect data type conversion. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the `net_sched` component in the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the netsched component in the Linux operating system’s kernel is related to the simultaneous execution using shared resources with incorrect synchronization. Exploiting this vulnerability allows an attacker to cause service failures...
The vulnerability of the snd_usb_get_audioformat_uac3() function (sound/usb/stream.c) in Linux kernel allows a hacker to trigger a service failure.
The vulnerability of the sndusbgetaudioformatuac3 function in the Linux kernel’s sound/usb/stream.c file is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the usbhs_probe() function in the Linux kernel’s USB component allows a hacker to induce a service failure.
The vulnerability of the usbhsprobe function in the Linux kernel’s USB component is related to incorrect initialization of resources. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the read_one inode() function in the fs/btrfs/tree-log.c module of the Linux kernel allows a hacker to cause a service failure.
The vulnerability of the readone inode function in the fs/btrfs/tree-log.c module of the Linux kernel is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the `cscfg_csdev_enable_active_config()` function in the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the cscfgcsdevenableactiveconfig function in the Linux operating system kernel is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to the execution of operations outside the buffer in memory, allowing an attacker to cause a service failure.
The vulnerability in Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to the execution of operations outside of the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...
The vulnerability of the InboundEmail module in the SuiteCRM customer relationship management system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the InboundEmail module in the SuiteCRM customer relationship management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the...
The vulnerability of the WeGIA web manager’s personalizacao_imagem.php script allows attackers to perform cross-site scripting (XSS) attacks.
The vulnerability of the personalizacaoimagem.php web handler of the WeGIA browser is related to the failure to protect the website structure when processing the err parameter. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...
Yandex Punto Switcher
...
The vulnerability of the General HTML Support function (GHS) and the HTML embed panel in the Block Toolbar of the CKEditor editor allows attackers to execute XSS attacks.
The vulnerability of the General HTML Support function and the HTML embed panel in the Block Toolbar WYSIWYG-editor CKEditor is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability may allow a malicious actor to carry out XSS attacks remotely...
The vulnerability of the KVv2 plugin for the Vault Community Edition and Vault Enterprise archiving platform allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the KVv2 plugin for the Vault Community Edition and Vault Enterprise archiving platform relates to deficiencies in the error reporting mechanism. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected informatio...
The vulnerability of the sys_login function in the /cgi-bin/login.cgi script of the WAVLINK QUANTUM D2G, QUANTUM D3G, WL-WN530G3A, WL-WN530HG3, WL-WN532A3, and WL-WN576K1 routers allows a hacker to execute arbitrary code.
The vulnerability of the syslogin function in the /cgi-bin/login.cgi script of the WAVLINK QUANTUM D2G, QUANTUM D3G, WL-WN530G3A, WL-WN530HG3, WL-WN532A3, and WL-WN576K1 routers is related to the copying of buffers without checking the size of the input data during the processing of the loginpage...
The vulnerability in the XMLRPC software of the UserGate Next-Generation Firewall (NGFW), a unified management center called the UserGate Management Center (UGMC), the UserGate Log Analyzer (LogAn) system for log collection, the UserGate Security Information and Event Management (SIEM) system, and the UserGate Web Application Firewall (WAF) allows attackers to disclose protected information.
The vulnerability of the XMLRPC software on the UserGate Next-Generation Firewall NGFW, as well as the UserGate Management Center UGMC and the UserGate Log Analyzer LogAn system, is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to...
The vulnerability of the UserGate Next-Generation Firewall (NGFW), which is managed by the UserGate Management Center (UGMC), along with the UserGate Log Analyzer (LogAn), UserGate Security Information and Event Management (SIEM), arises due to insufficient security checks on the protected connection. This allows attackers to execute arbitrary operating system commands.
The vulnerability of the UserGate Next-Generation Firewall NGFW, which is managed by the UserGate Management Center UGMC, the log collection system UserGate Log Analyzer LogAn, and the UserGate Security Information and Event Management SIEM system, is related to insufficient security checks for...
The vulnerability of the AES-128-CBC encryption algorithm in the microprogramming-based router software Tenda RX2 Pro allows a hacker to disclose the protected information.
The vulnerability of the AES-128-CBC encryption algorithm in the microprogramming-based router software Tenda RX2 Pro relates to the storage of encryption keys in an open manner. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...
The vulnerability of the ext4_fill_super() function in the fs/ext4/super.c module of the Linux file system support module allows a hacker to cause a service failure.
The vulnerability of the ext4fillsuper function in the fs/ext4/super.c module of the Linux file system support module is related to improper memory release before deleting the last reference „memory leak“. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the E-Staff automated recruitment process system, related to data filtering errors, allows a perpetrator to compromise the integrity and accessibility of the protected information.
The vulnerability of the E-Staff recruitment automation system is related to errors in data filtering. Exploiting this vulnerability can allow a malicious actor, operating remotely, to compromise the integrity and accessibility of the protected information...
The vulnerability of the hugetlb component of the try_get_folio() function in the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the hugetlb component in the trygetfolio function of the Linux operating system is related to errors during link counter updates. Exploiting this vulnerability can allow an attacker to cause service failures remotely...
The vulnerability of the nsim_dev_trap_report_work() function in the drivers/net/netdevsim/dev.c module of the Linux kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the nsimdevtrapreportwork function in the drivers/net/netdevsim/dev.c module of the Linux kernel is related to code errors. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of the setUmountUSBPartition function in the microprogramming software for wireless Wi-Fi routers Tenda W30E allows a hacker to execute arbitrary commands.
The vulnerability of the setUmountUSBPartition function in the microprogramming software for Tenda W30E wireless Wi-Fi routers is related to reading data beyond the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the SCSI component in the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the SCSI component in the Linux operating system is related to resource management errors. Exploiting this vulnerability can allow an attacker to cause service failures...
The vulnerability of the JSON-RPC API function of the Cisco Crosswork Network Services Orchestrator (NSO) and ConfD software, which is used by the web-based management interfaces for Cisco Optical Site Manager and Gigabit VPN routers Cisco RV340 Dual WAN, allows a malicious actor to escalate their privileges.
The vulnerability of the JSON-RPC API function of the Cisco Crosswork Network Services Orchestrator NSO and ConfD software, which is used by the Cisco Optical Site Manager and Gigabit VPN routers Cisco RV340 Dual WAN control web interfaces, is related to incorrect authentication checks in the API...
The vulnerability of the sub_422eb8 function in Linksys E8450 Wi-Fi routers allows a hacker to execute arbitrary code or cause a service failure.
The vulnerability of the sub422eb8 function in Linksys E8450 Wi-Fi routers’ microprogramming software is related to the copying of buffers without checking the size of the input data during the processing of the strncpy parameter. Exploiting this vulnerability allows an attacker to execute...
The vulnerability of the Open Social CMS system’s Drupal module, related to deficiencies in authentication procedures, allows attackers to circumvent security restrictions and execute a forced browsing attack.
The vulnerability of the Open Social CMS system, Drupal, is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and execute a Forceful Browsing attack...
The vulnerability of the PrintWorkflowUserSvc service in Windows operating systems allows a hacker to increase their privileges.
The vulnerability of the PrintWorkflowUserSvc service in Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow attackers to increase their privileges...
The vulnerability of the Teamcenter Visualization lifecycle management system and the Siemens Tecnomatix Plant Simulation software environment, related to the execution of operations beyond the buffer in memory, allows attackers to trigger service failures or execute arbitrary code.
The vulnerability of the Teamcenter Visualization lifecycle management system and the Siemens Tecnomatix Plant Simulation software environment relates to the execution of operations beyond the buffer in memory. Exploiting this vulnerability could allow an attacker to trigger service failures or...
The vulnerability of the ethtool component in the Linux operating system’s kernel allows a hacker to gain elevated privileges within the system.
The vulnerability of the ethtool component in the Linux operating system’s kernel is related to memory-related errors after deallocation. Exploiting this vulnerability can allow an attacker to gain elevated privileges within the system...
The vulnerability of GRUB’s NTFS driver, a loader program for operating systems, relates to reading memory beyond the buffer boundaries, allowing an attacker to read the contents of the RAM.
The vulnerability of the GRUB loader driver for NTFS operating systems involves reading memory beyond the buffer boundaries. Exploiting this vulnerability could allow an attacker to read the contents of the RAM...
The vulnerability of the SetVLANSettings() function in the prog.cgi script of D-Link DIR-878 and DIR-882 routers allows a hacker to execute arbitrary commands.
The vulnerability of the SetVLANSettings function in the prog.cgi script of D-Link DIR-878 and DIR-882 routers exists due to the failure to take measures to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary...
The vulnerabilities of SAP NetWeaver AS ABAP, SAP NetWeaver AS for Java, SAP Content Server, and SAP Web Dispatcher integration platforms are related to authentication procedures that lack sufficient safeguards. This allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
Vulnerabilities of SAP NetWeaver AS ABAP, SAP NetWeaver AS for Java, SAP Content Server, and SAP Web Dispatcher programming integration platforms are related to deficiencies in authentication procedures. Exploiting these vulnerabilities can allow attackers to compromise the confidentiality,...
The vulnerability of the Graphics component in Windows operating systems allows attackers to exploit their privileges.
The vulnerability of the Graphics component in Windows operating systems is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the HID Profile interface of the Bluetooth protocol stack for the Linux BlueZ operating system allows a perpetrator to execute arbitrary commands.
The vulnerability of the HID Profile interface of the Bluetooth protocol stack for the Linux BlueZ operating system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...
The vulnerability of the software platforms for developing and managing Magento Open Source and Adobe Commerce online stores lies in the incorrect limitation of the path to the restricted catalog. This allows attackers to read arbitrary files.
The vulnerability of the Magento Open Source and Adobe Commerce software platforms for developing and managing online stores is related to incorrect path name restrictions for access to restricted catalogs. Exploiting this vulnerability allows a malicious actor to remotely read arbitrary files...
The vulnerability affects the file function /tmp/out of the Tesseract component of the software suite for processing, transforming, and generating Ghostscript documents. This vulnerability allows an attacker to gain unauthorized access to protected information.
The vulnerability of the software for processing, transforming, and generating Ghostscript documents is related to incorrect restrictions on the path to the restricted directory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information through...
The vulnerability of the Adobe Experience Manager content and media data management system lies in the insufficient protection of the website structure, which allows an attacker to execute XSS attacks.
The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to carry out XSS attacks...
The vulnerability of Clang’s tooling interface for developing, optimizing, and compiling software using the LLVM framework allows attackers to execute arbitrary code or cause service interruptions.
The vulnerability of Clang’s toolset for developing, optimizing, and compiling software involves an operation that occurs outside the buffer in memory when processing LR registers, due to incorrect code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code o...
The vulnerability of the CMS system Netcat, related to the unlimited loading of dangerous types of files, allows attackers to execute arbitrary code.
The vulnerability of the CMS system Netcat is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the io_uring subsystem in the Linux operating system allows a hacker to increase their privileges.
The vulnerability of the iouring subsystem in the Linux operating system is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the Linux operating system’s Intel Hardware Feedback Interface driver allows attackers to compromise the integrity and accessibility of protected information.
The vulnerability of the Intel Hardware Feedback Interface driver in the drivers/thermal/intel/intelhfi.c file of the Linux kernel is related to the improper use of a reserved buffer after resuming from sleep mode. Exploiting this vulnerability could allow an attacker to compromise the integrity...
The vulnerability in the TLS certificate verification component of HashiCorp Vault and Vault Enterprise, a platform for archiving corporate information, allows a perpetrator to bypass the authentication process.
The vulnerability of the TLS protocol verification component in HashiCorp’s Vault and Vault Enterprise archiving platforms relates to improper handling of exceptional states. Exploiting this vulnerability can allow attackers to bypass authentication processes...
The vulnerability of the CampaignEvents extension of the software platform for implementing the hypertext environment of MediaWiki allows a hacker to perform cross-site scripting attacks.
The vulnerability of the CampaignEvents extension of the software for implementing the hypertext environment in MediaWiki is related to improper input validation during the creation of web pages. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks...
The vulnerability of the Canvas component in the Google Chrome browser allows a hacker to execute arbitrary code.
The vulnerability of the Canvas component in Google Chrome browser relates to the use of memory after it is freed. Exploiting this vulnerability could allow a local attacker to execute arbitrary code using a specially created HTML page...
The vulnerability of the log management page (journals) of the web application of the command-and-control platform for NorthStar C2 penetration testing allows a attacker to execute arbitrary code.
The vulnerability of the log management page journal of the command-and-control platform-based web application for NorthStar C2 exists due to the lack of protective measures for the web page structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the Apache Aurora task scheduling framework, related to information disclosure, allows attackers to gain unauthorized access to protected information.
The vulnerability of the Apache Aurora task scheduler framework is related to the disclosure of information. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...
The vulnerability in the web interface for controlling the Flowmon operating system of network monitoring devices allows a perpetrator to execute arbitrary commands.
The vulnerability of the web interface for controlling the Flowmon operating system in devices for network monitoring exists due to the lack of measures taken to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a malicious actor to execute...
The vulnerability of the Object.prototype component of the Node.js programming platform’s extend module allows attackers to add or modify any properties of an object prototype.
The vulnerability of the Object.prototype component of the Node.js programming platform’s extend module is related to uncontrolled resource consumption. Exploiting this vulnerability allows an attacker to add or modify any properties of the object prototype at will...
The vulnerability in the PMRChangeSparseMemOSMem driver of the PowerVR GPU graphics processing unit in Android and ChromeOS operating systems allows attackers to escalate their privileges.
The vulnerability of the PMRChangeSparseMemOSMem driver in the PowerVR GPU graphics processing subsystem for Android and ChromeOS systems stems from the execution of operations outside of the buffer boundaries in memory. Exploiting this vulnerability can allow attackers to gain increased privileg...
The vulnerability of the OpenSSH cryptographic protection lies in the possibility of introducing or modifying arguments, allowing attackers to execute arbitrary commands.
The vulnerability of the SSH protocol lies in the fact that it relies on the execution or modification of arguments. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...