90604 matches found
The vulnerability of GRUB’s NTFS driver, a loader program for operating systems, relates to reading memory beyond the buffer boundaries, allowing an attacker to read the contents of the RAM.
The vulnerability of the GRUB loader driver for NTFS operating systems involves reading memory beyond the buffer boundaries. Exploiting this vulnerability could allow an attacker to read the contents of the RAM...
Vulnerability of Linux operating system’s kernel components related to memory failures, allowing attackers to cause service interruptions
The vulnerability of Linux operating system’s kernel’s mm/memory-failure components is related to incorrect blocking in the pagehandlepoison function. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the PKIAuthenticationPlugin plugin for the Apache Solr search server allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the PKIAuthenticationPlugin plugin for the Apache Solr search server is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected...
The vulnerability of the SetVLANSettings() function in the prog.cgi script of D-Link DIR-878 and DIR-882 routers allows a hacker to execute arbitrary commands.
The vulnerability of the SetVLANSettings function in the prog.cgi script of D-Link DIR-878 and DIR-882 routers exists due to the failure to take measures to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary...
The vulnerabilities of SAP NetWeaver AS ABAP, SAP NetWeaver AS for Java, SAP Content Server, and SAP Web Dispatcher integration platforms are related to authentication procedures that lack sufficient safeguards. This allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
Vulnerabilities of SAP NetWeaver AS ABAP, SAP NetWeaver AS for Java, SAP Content Server, and SAP Web Dispatcher programming integration platforms are related to deficiencies in authentication procedures. Exploiting these vulnerabilities can allow attackers to compromise the confidentiality,...
The vulnerability of the HID Profile interface of the Bluetooth protocol stack for the Linux BlueZ operating system allows a perpetrator to execute arbitrary commands.
The vulnerability of the HID Profile interface of the Bluetooth protocol stack for the Linux BlueZ operating system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...
The vulnerability of the block_dirty_buffer component in the NILFS file system of Linux operating systems allows a attacker to trigger a service failure.
The vulnerability of the blockdirtybuffer component in the NILFS file system of Linux operating systems is related to pointer arithmetic errors. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the software platforms for developing and managing Magento Open Source and Adobe Commerce online stores lies in the incorrect limitation of the path to the restricted catalog. This allows attackers to read arbitrary files.
The vulnerability of the Magento Open Source and Adobe Commerce software platforms for developing and managing online stores is related to incorrect path name restrictions for access to restricted catalogs. Exploiting this vulnerability allows a malicious actor to remotely read arbitrary files...
The vulnerability of the Suricata intrusion detection and prevention system, related to overflowing buffers in dynamic memory, allows an intruder to trigger a service failure.
The vulnerability of the Suricata intrusion detection and prevention system is related to the overflow of the buffer in the dynamic memory. Exploiting this vulnerability can allow a malicious actor to cause a service failure...
The vulnerability affects the file function /tmp/out of the Tesseract component of the software suite for processing, transforming, and generating Ghostscript documents. This vulnerability allows an attacker to gain unauthorized access to protected information.
The vulnerability of the software for processing, transforming, and generating Ghostscript documents is related to incorrect restrictions on the path to the restricted directory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information through...
The vulnerability of Clang’s tooling interface for developing, optimizing, and compiling software using the LLVM framework allows attackers to execute arbitrary code or cause service interruptions.
The vulnerability of Clang’s toolset for developing, optimizing, and compiling software involves an operation that occurs outside the buffer in memory when processing LR registers, due to incorrect code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code o...
The vulnerability of the io_uring subsystem in the Linux operating system allows a hacker to increase their privileges.
The vulnerability of the iouring subsystem in the Linux operating system is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the Linux operating system’s Intel Hardware Feedback Interface driver allows attackers to compromise the integrity and accessibility of protected information.
The vulnerability of the Intel Hardware Feedback Interface driver in the drivers/thermal/intel/intelhfi.c file of the Linux kernel is related to the improper use of a reserved buffer after resuming from sleep mode. Exploiting this vulnerability could allow an attacker to compromise the integrity...
The vulnerability in the TLS certificate verification component of HashiCorp Vault and Vault Enterprise, a platform for archiving corporate information, allows a perpetrator to bypass the authentication process.
The vulnerability of the TLS protocol verification component in HashiCorp’s Vault and Vault Enterprise archiving platforms relates to improper handling of exceptional states. Exploiting this vulnerability can allow attackers to bypass authentication processes...
The vulnerability of the CampaignEvents extension of the software platform for implementing the hypertext environment of MediaWiki allows a hacker to perform cross-site scripting attacks.
The vulnerability of the CampaignEvents extension of the software for implementing the hypertext environment in MediaWiki is related to improper input validation during the creation of web pages. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks...
The vulnerability of the CGI script nas_sharing.cgi of the D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L NAS devices allows a hacker to execute arbitrary code.
The vulnerability of the CGI script nassharing.cgi of the D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L devices lies in the lack of measures taken to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary code ...
The vulnerability in the web interface for controlling the Flowmon operating system of network monitoring devices allows a perpetrator to execute arbitrary commands.
The vulnerability of the web interface for controlling the Flowmon operating system in devices for network monitoring exists due to the lack of measures taken to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a malicious actor to execute...
The vulnerability of the Object.prototype component of the Node.js programming platform’s extend module allows attackers to add or modify any properties of an object prototype.
The vulnerability of the Object.prototype component of the Node.js programming platform’s extend module is related to uncontrolled resource consumption. Exploiting this vulnerability allows an attacker to add or modify any properties of the object prototype at will...
The vulnerability in the PMRChangeSparseMemOSMem driver of the PowerVR GPU graphics processing unit in Android and ChromeOS operating systems allows attackers to escalate their privileges.
The vulnerability of the PMRChangeSparseMemOSMem driver in the PowerVR GPU graphics processing subsystem for Android and ChromeOS systems stems from the execution of operations outside of the buffer boundaries in memory. Exploiting this vulnerability can allow attackers to gain increased privileg...
The vulnerability of the OpenSSH cryptographic protection lies in the possibility of introducing or modifying arguments, allowing attackers to execute arbitrary commands.
The vulnerability of the SSH protocol lies in the fact that it relies on the execution or modification of arguments. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...
The vulnerability of Blink’s web page rendering mechanism in Google Chrome browser allows a hacker to execute arbitrary code or cause a service failure.
The vulnerability of Blink’s web page rendering mechanism in Google Chrome browsers is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure by using a specially created malicious web page...
The vulnerability of Google Chrome’s WebRTC technology allows a perpetrator to execute arbitrary code or trigger a service failure.
The vulnerability of Google Chrome’s WebRTC technology is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure through a specially created malicious web page...
The vulnerability of the application programming interface of the interactive data analysis, visualization, and Jupyter Server document creation software allows a perpetrator to gain access to confidential information.
The vulnerability of the application programming interface of the interactive data analysis, visualization, and Jupyter Server document creation software is related to deficiencies in the error reporting mechanism. Exploiting this vulnerability can allow a malicious actor, operating remotely, to...
The vulnerability in the interface for connecting peripheral devices via USB browsers like Google Chrome allows a hacker to execute arbitrary code.
The vulnerability of the interface for connecting peripheral devices via USB in Google Chrome browsers is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code through a specially created web page...
The vulnerability of the Downloads component of the Google Chrome browser allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Downloads component of the Google Chrome browser is related to improperly implemented security checks for standard elements. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information through a specially...
The vulnerability of the Conversations messaging software, related to insufficient validation of input data, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Conversations messaging software is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information by opening a backup file...
The vulnerability of the nft_set_catchallFlush() function in the net/netfilter/nf_tables_api.c module of the Linux kernel’s netfilter component allows a attacker to access protected information or cause a service failure.
The vulnerability of the nftsetcatchallFlush function in the net/netfilter/nftablesapi.c module of the Linux kernel’s netfilter component is related to the re-release of previously released memory. Exploiting this vulnerability could allow an attacker to access protected information or cause...
The vulnerability of the formSetSpeedWan() function in Tenda’s microprogrammed router software allows a hacker to execute arbitrary code or cause a service failure.
The vulnerability of the formSetSpeedWan function in the Tenda router’s microprogramming software stems from the operation that goes beyond the buffer in memory when processing the speeddir parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause servic...
The vulnerability of the kernel of operating systems such as MacOS, iOS, tvOS, iPadOS, and watchOS allows attackers to execute arbitrary code with kernel privileges.
The vulnerability in the kernels of operating systems such as MacOS, iOS, tvOS, iPadOS, and watchOS relates to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code with kernel privileges...
The vulnerability of the aws-sigv4 library for collecting, processing, and transmitting metrics allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the aws-sigv4 library, which is responsible for collecting, processing, and transmitting metrics related to Vector, stems from insufficient protection of registration data during the processing of the awssigv4::SigningParams structure. Exploiting this vulnerability can allow...
The vulnerabilities of SAP Plant Connectivity and Production Connector software components, which are used for managing production operations and processes in SAP Digital Manufacturing, allow attackers to execute arbitrary code.
The vulnerability of SAP Plant Connectivity and Production Connector software components, which are used for managing production operations and processes in SAP Digital Manufacturing, stems from the lack of authentication for a critical function. Exploiting this vulnerability could allow an...
The vulnerability of the backtrack_insn() function in the kernel/bpf/verifier.c module of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the backtrackinsn function in the kernel/bpf/verifier.c module of the Linux operating system is related to calls outside of the allocated buffer. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the...
The vulnerability in the isolated iframe of the Google Chrome browser allows a perpetrator to circumvent existing restrictions on file downloads.
The vulnerability in the isolated iframe environment of Google Chrome relates to improperly implemented security checks for standard elements. Exploiting this vulnerability allows a malicious actor to circumvent existing restrictions on file downloads by using a specially created HTML page...
The vulnerability of the HNAP1 protocol implementation in D-Link DIR-846 router microprogramming software allows a attacker to execute arbitrary commands.
The vulnerability of the HNAP1 protocol implementation in D-Link DIR-846 router microprogramming software is related to the failure to take measures to neutralize special elements used in the operating system’s command processing for handling the tomographypingaddress parameter. Exploiting this...
The vulnerability of the built-in software of the ARIS controller is related to deficiencies in the authentication process, allowing a perpetrator to execute arbitrary code.
The vulnerability of the built-in software of the ARIS controller is related to deficiencies in the authentication process, allowing a perpetrator to execute arbitrary code using a specially crafted request...
The vulnerability of the built-in software of the ARIS controller, related to the use of cryptographic algorithms that contain defects and risks, allows a perpetrator to gain access to critical information.
The vulnerability of the built-in software of the ARIS controller is related to the use of cryptographic algorithms that contain defects and risks. Exploiting this vulnerability could allow a malicious actor to gain access to critical information...
The vulnerability of the xt_replace_table() function in the net/netfilter/x_tables.c module of the Linux kernel’s netfilter firewall allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the xtreplacetable function in the net/netfilter/xtables.c module of the Linux kernel’s netfilter firewall is related to the use of previously freed memory due to competitive access to resources. This occurs due to insufficient synchronization between processes. Exploiting th...
The vulnerability of Adobe Experience Manager’s content and media data management system, which stems from the lack of measures taken to protect the website structure, allows attackers to execute arbitrary code.
The vulnerability of Adobe Experience Manager’s content and media data management system exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created link...
Vulnerability of the intr_callback() function (drivers/net/usb/r8152.c) in Linux operating system kernels, allowing a hacker to cause a service failure
The vulnerability of the intrcallback function drivers/net/usb/r8152.c in Linux operating systems is related to improper cleaning or release of resources. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
The vulnerability of the `__do_proc_dointvec` function in the Linux operating system’s kernel allows a hacker to cause a service failure or enhance their privileges.
The vulnerability of the doprocdointvec function in the Linux operating system’s kernel is related to the use of functions with non-standard implementations. Exploiting this vulnerability can allow an attacker to cause service failures or enhance their privileges...
The vulnerability of the httpd daemon in the embedded software of the NETGEAR R7000P router allows a hacker to execute arbitrary code.
The vulnerability of the httpd daemon in the NETGEAR R7000P router’s embedded software is related to buffer overflow errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through the wandns1sec parameter...
The vulnerability of the Home Network Administration Protocol (HNAP) implementation in D-Link DIR-1935 router microsoftware allows a hacker to circumvent security restrictions.
The vulnerability of the Home Network Administration Protocol HNAP implementation in D-Link DIR-1935 router microprogramming software is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to circumvent security restrictions remotely...
The vulnerability of the disaster recovery tool for Azure Site Recovery and VMWare to Azure, related to access control deficiencies, allows attackers to escalate their privileges.
The vulnerability of the disaster recovery tool for Azure virtual machines, Azure Site Recovery, and VMWare to Azure is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...
The vulnerability of the telnet server’s microprogramming software for the CentreCOM AR260S V2 allows a hacker to gain access to user credentials.
The vulnerability of the telnet server software for CentreCOM AR260S V2 lies in the use of strictly encrypted login credentials. Exploiting this vulnerability allows a malicious actor to gain access to these login credentials remotely...
The vulnerability of the import function in GitHub’s software platform, based on Git, for collaborative code development on GitLab, allows a perpetrator to execute arbitrary code.
The vulnerability of the import function in GitHub’s software platform for GitLab-based collaborative code development is related to the lack of measures taken to clean up data at the management level. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the QTS operating system, specifically the QuTS Hero operating system, is related to deficiencies in pathname restriction, which allows attackers to compromise the confidentiality of information.
The vulnerability of the QTS operating system is related to deficiencies in pathname restriction. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality of information...
The vulnerability of the btrfs_alloc_tree_b function (fs/btrfs/extent-tree.c) in the file system of the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the btrfsalloctreeb function fs/btrfs/extent-tree.c in the file system of the Linux operating system is related to improper locking of resources. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the Infrastructure component of the Oracle FLEXCUBE Universal Banking system allows a perpetrator to gain access to data reading or cause a partial service disruption.
The vulnerability of the Infrastructure component of the Oracle FLEXCUBE Universal Banking system exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain read access to data or cause partial service interruption...
The vulnerability of the Cisco IOx software platform arises from an incorrect limitation on the path name to the restricted access directory. This allows a perpetrator to execute arbitrary code or carry out cross-site scripting attacks.
The vulnerability of the Cisco IOx software platform exists due to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or perform XSS attacks remotely...
The vulnerability of the infe_box_read function in the MP4Box component of the GPAC multimedia platform allows a hacker to gain access to confidential data.
The vulnerability of the infeboxread function in the MP4Box component of the GPAC multimedia platform is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to gain access to confidential data through a specially created file...