90509 matches found
The vulnerability of the log_entry_attr function in the 389-ds-base component of the Red Hat Enterprise Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the logentryattr function in the 389-ds-base component of the Red Hat Enterprise Linux operating system is related to buffer overflow in the “bucket” mechanism. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the Object.prototype component of the Node.js programming platform’s extend module allows attackers to add or modify any properties of an object prototype.
The vulnerability of the Object.prototype component of the Node.js programming platform’s extend module is related to uncontrolled resource consumption. Exploiting this vulnerability allows an attacker to add or modify any properties of the object prototype at will...
The vulnerability of the Microsoft Outlook email client, related to insufficient validation of input data, allows a hacker to execute arbitrary code.
The vulnerability of the Microsoft Outlook email client is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the prog.cgi component in D-Link DIR-X3260 Wi-Fi routers allows a hacker to execute arbitrary code.
The vulnerability of the prog.cgi component in D-Link DIR-X3260 Wi-Fi routers involves reading data outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability in the Web Browser UI interface of Google Chrome and Microsoft Edge allows attackers to perform spoofing attacks.
The vulnerability of the Web Browser UI interface in Google Chrome and Microsoft Edge is related to improperly implemented security checks for standard elements. Exploiting this vulnerability allows a malicious actor to carry out spear-phishing attacks using a specially created HTML page...
The vulnerability of the JWT implementation in Python PyJWT, related to the use of cryptographic algorithms containing defects, allows attackers to compromise the integrity of the data.
The vulnerability of the JWT implementation in Python PyJWT is related to the absence of blocking for certain formats of the secret key. Exploiting this vulnerability allows a malicious actor to compromise the integrity of the data...
The vulnerability of the “Login as User or Customer” plugin of the WordPress content management system, related to deficiencies in access control, allows attackers to influence the integrity, accessibility, and confidentiality of the protected information.
The vulnerability of the “Login as User or Customer” plugin of the WordPress content management system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to influence the integrity, accessibility, and confidentiality of the protected...
The vulnerability of the /goform/formEasySetupWizard3 component of the D-Link N300 WI-Fi Router DIR-605L wireless access point software allows a attacker to cause a service failure or execute arbitrary code.
The vulnerability of the /goform/formEasySetupWizard3 component of the D-Link N300 WI-Fi Router DIR-605L wireless access point lies in the ability to write data beyond the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service interruptions or execute...
The vulnerability of the Unified Management Console for VMware Workspace ONE UEM endpoints involves redirecting URLs to an unreliable website, allowing attackers to escalate their privileges.
The vulnerability of the Unified Management Console for VMware Workspace ONE UEM involves redirecting the URL to an unreliable website. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...
The vulnerability in the interface for connecting peripheral devices via USB browsers like Google Chrome allows a hacker to execute arbitrary code.
The vulnerability of the interface for connecting peripheral devices via USB in Google Chrome browsers is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code through a specially created web page...
The vulnerability of the Printing component in the Google Chrome browser allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Printing component in Google Chrome browser relates to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information through a specially created web page...
The vulnerability of the `update_read_cache_bitmap_v3_order` function in the RDP client FreeRDP allows a hacker to trigger a service failure.
The vulnerability of the updatereadcachebitmapv3order function in the RDP client FreeRDP is related to a memory reclamation error. Exploiting this vulnerability could allow a malicious actor to cause service interruptions remotely...
The vulnerability of the ShowTechDownloadView class in the Advanced Core Operating System (ACOS) controller A10 Thunder ADC allows a hacker to gain unauthorized access to protected information.
The vulnerability of the ShowTechDownloadView class in the Advanced Core Operating System ACOS controller A10 Thunder ADC is related to an incorrect path name limitation for access to restricted directories. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain...
The vulnerability of the Cast component of the Google Chrome browser, which allows a hacker to execute arbitrary code or cause a service failure.
The vulnerability of the Cast component of the Google Chrome browser relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code or cause a denial-of-service attack by loading a specially created web page...
The vulnerability of the `usb_giveback_urb` function in Linux kernel allows a hacker to trigger a service failure.
The vulnerability of the usbgivebackurb function in Linux operating systems is related to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability allows an attacker to cause a service failure...
The vulnerability of the backtrack_insn() function in the kernel/bpf/verifier.c module of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the backtrackinsn function in the kernel/bpf/verifier.c module of the Linux operating system is related to calls outside of the allocated buffer. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the...
The vulnerability in the isolated iframe of the Google Chrome browser allows a perpetrator to circumvent existing restrictions on file downloads.
The vulnerability in the isolated iframe environment of Google Chrome relates to improperly implemented security checks for standard elements. Exploiting this vulnerability allows a malicious actor to circumvent existing restrictions on file downloads by using a specially created HTML page...
The vulnerability of the 6LoWPAN kernel driver of the RIOT operating system, which allows a hacker to cause a service failure.
The vulnerability of the 6LoWPAN kernel in the RIOT operating system’s graphics driver relates to pointer arithmetic errors. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...
The vulnerability of the IBM DB2 database management system, related to insufficient validation of input data, allows a hacker to trigger a service failure.
The vulnerability of the IBM DB2 database management system is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to cause service interruptions by sending a specially crafted SQL query...
The vulnerability of the monitoring tool for VMware Aria Operations, related to deficiencies in the deserialization mechanism, allows a perpetrator to execute arbitrary code.
The vulnerability of the monitoring tool for VMware Aria Operations is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the built-in software of the ARIS controller lies in the ability to download unlimited files of a dangerous type, allowing a perpetrator to execute arbitrary code.
The vulnerability of the built-in software of the ARIS controller is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially crafted file...
The vulnerability of the SSLVPN service on FortiOS operating systems and the proxy servers for protecting against Internet attacks by FortiProxy allows attackers to execute arbitrary commands.
The vulnerability of the SSLVPN service on FortiOS operating systems and FortiProxy proxy servers for protecting against Internet attacks is related to writing data beyond the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending special...
The vulnerability of Google Chrome’s browser history allows a hacker to execute arbitrary code.
The vulnerability of Google Chrome’s browser is caused by an overflow in the buffer of dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code through a specially created web page...
The vulnerability of the seq_buf_putmem_hex() function in the Linux operating system’s kernel allows a hacker to cause a service failure.
The vulnerability of the seqbufputmemhex function in the Linux operating system’s kernel is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the installed Windows operating system on HP laptops allows attackers to gain elevated privileges.
The vulnerability of the installed Windows operating system on HP laptops relates to incorrect path name restrictions for the restricted access directory. Exploiting this vulnerability can allow attackers to gain increased privileges...
The vulnerability of the libssh2 library, which implements Git methods in C language using Libgit2, allows a attacker to perform a type of “man-in-the-middle” attack.
The vulnerability of the libssh2 library, which implements Git methods in C using Libgit2, is related to errors in verifying the cryptographic signature. Exploiting this vulnerability could allow a remote attacker to execute a “man-in-the-middle” attack...
The vulnerability in the driver drivers/net/wireless/rndis_wlan.c of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability in the driver drivers/net/wireless/rndiswlan.c of the Linux operating system is related to a numerical overflow in the buffer of the rndisqueryoid function during addition operations. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...
The vulnerability of Adobe Experience Manager’s content and media data management system, which stems from the lack of measures taken to protect the website structure, allows attackers to execute arbitrary code.
The vulnerability of Adobe Experience Manager’s content and media data management system exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created link...
Vulnerability of the intr_callback() function (drivers/net/usb/r8152.c) in Linux operating system kernels, allowing a hacker to cause a service failure
The vulnerability of the intrcallback function drivers/net/usb/r8152.c in Linux operating systems is related to improper cleaning or release of resources. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
The vulnerability of the xrdp_mm_process_rail_update_window_text() function on the XRDP server allows a hacker to execute arbitrary code.
The vulnerability of the xrdpmmprocessrailupdatewindowtext function on the XRDP server is related to integer overflow. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the disk redirect channel in the implementation of the FreeRDP remote desktop protocol allows a intruder to gain unauthorized access to protected information or cause a service failure.
The vulnerability of the disk redirecting channel in the implementation of the FreeRDP remote desktop protocol is related to the issue where the operation goes beyond the buffer boundaries when checking the input length for parameters /drive, +drives, or +home-drive. Exploiting this vulnerability...
The vulnerability of the software platform for managing administrative policies and privileges, Policykit, is related to the lack of mechanisms for encoding or shielding output data. This allows attackers to gain access to confidential data, compromise its integrity, and cause service interruptions.
The vulnerability of the software platform for managing administrative policies and privileges related to Policykit lies in the lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity,...
The vulnerability of Microsoft Office packages, Microsoft 365 Apps for Enterprise, Microsoft SharePoint, Microsoft Excel, and Microsoft Office Web Apps Server, which stems from the lack of data protection measures, allows attackers to gain unauthorized access to devices.
The vulnerabilities of Microsoft Office packages, Microsoft 365 Apps for Enterprise, Microsoft SharePoint, Microsoft Excel, and Microsoft Office Web Apps Server are related to the lack of protection for sensitive data. Exploiting these vulnerabilities can allow attackers to gain unauthorized acce...
The vulnerability of the Moxa MXView network control software lies in the improper restriction of the path name to the restricted access directory. This allows a violator to gain read, modify, or delete access to files.
The vulnerability of the Moxa MXView network control software relates to incorrect restrictions on the path name to the restricted access catalog. Exploiting this vulnerability could allow an attacker to gain read, modify, or delete access to files...
The vulnerability in the implementation of the backup script backupConfig.sh allows a attacker to escalate their privileges. This vulnerability is related to the Fortinet FortiClient for Linux security solution.
The vulnerability of the backupConfig.sh script, which is used for creating a backup copy as part of the Fortinet FortiClient Linux security solution, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to enhance their privileges by sending special...
The vulnerability of the WLAN microprogramming technology implementation in Qualcomm’s embedded chips allows a intruder to gain unauthorized access to protected information.
The vulnerability of the WLAN microprogramming software implementation in Qualcomm’s embedded chips relates to unvalidated array indexing during the processing of ANQP elements. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information by sending...
The vulnerability in the Maintenance Service of Mozilla Firefox, Mozilla Firefox ESR, and the Thunderbird email client for Windows allows a malicious actor to execute arbitrary code with elevated privileges.
The vulnerability of the Maintenance Service for Mozilla Firefox, Mozilla Firefox ESR, and the Thunderbird email client for Windows is related to access control deficiencies. Exploiting this vulnerability allows a malicious actor to execute arbitrary code with elevated privileges remotely...
The vulnerability of the create function in the Horde Webmail software allows a hacker to execute arbitrary code.
The vulnerability of the create function in the Horde Webmail software exists because measures to neutralize special elements have not been taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the disaster recovery tool for Azure Site Recovery and VMWare to Azure, related to access control deficiencies, allows attackers to escalate their privileges.
The vulnerability of the disaster recovery tool for Azure virtual machines, Azure Site Recovery, and VMWare to Azure is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...
The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software allows a perpetrator to trigger a service failure.
The vulnerability of Oracle Banking Trade Finance software’s Infrastructure component exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to cause service interruptions remotely...
The vulnerability of the import function in GitHub’s software platform, based on Git, for collaborative code development on GitLab, allows a perpetrator to execute arbitrary code.
The vulnerability of the import function in GitHub’s software platform for GitLab-based collaborative code development is related to the lack of measures taken to clean up data at the management level. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of HP PageWide and HP PageWide Pro printer software, related to insufficient validation of input data, allows a hacker to trigger a service failure.
The vulnerability of HP PageWide and HP PageWide Pro printer software-related microprograms is related to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of the XWiki Crypto API interface of the XWiki Platform, a platform for creating collaborative web applications, allows a perpetrator to execute arbitrary code.
The vulnerability of the XWiki Crypto API interface of the XWiki Platform, a platform for creating collaborative web applications, is related to the generation of X509 certificates, which are signed by default using SHA1. Exploiting this vulnerability could allow a malicious actor to execute...
The vulnerability of the QTS operating system, specifically the QuTS Hero operating system, is related to deficiencies in pathname restriction, which allows attackers to compromise the confidentiality of information.
The vulnerability of the QTS operating system is related to deficiencies in pathname restriction. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality of information...
The vulnerability of the Console component of the Oracle WebLogic Server application server allows a attacker to gain read access to data or modify data.
The vulnerability of the Console component of the Oracle WebLogic Server application lies in reading data beyond the buffer in memory. Exploiting this vulnerability allows a malicious actor to gain access to read data or modify data through specially crafted HTTP requests...
The vulnerability of the web interface of Cisco Small Business RV340, RV340W, RV345, and RV345P router software allows a hacker to cause service interruptions.
The vulnerability of the web interface of Cisco Small Business RV340, RV340W, RV345, and RV345P microprogrammed software routers lies in the absence of restrictions on file loading. Exploiting this vulnerability can allow a malicious actor to cause service failures by loading arbitrary files onto...
The vulnerability of the web interface of Cisco Small Business routers such as RV160, RV160W, RV260, RV260P, RV260W, RV340, RV340W, RV345, and RV345P allows attackers to elevate their privileges to the root level.
The vulnerability of the web interface of Cisco Small Business RV160, RV160W, RV260, RV260P, RV260W, RV340, RV340W, RV345, and RV345P routers is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow attackers to elevate their privileges to the root level...
The vulnerability of the web interface of Cisco Small Business RV340, RV340W, RV345, and RV345P router software allows a hacker to disclose protected information or rewrite arbitrary files.
The vulnerability of the web interface of Cisco Small Business RV340, RV340W, RV345, and RV345P microprogramming software routers exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information or re-write arbitrar...
The vulnerability of the Cisco IOx software platform arises from an incorrect limitation on the path name to the restricted access directory. This allows a perpetrator to execute arbitrary code or carry out cross-site scripting attacks.
The vulnerability of the Cisco IOx software platform exists due to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or perform XSS attacks remotely...
The vulnerability of GUI temperature control software lies in its ability to write beyond the buffer boundaries when processing configuration files in the *.gd1 format. This allows a hacker to execute arbitrary code.
The vulnerability of GUI temperature control software relates to the possibility of writing beyond the buffer boundaries when processing configuration files in the .gd1 format. Exploiting this vulnerability allows an attacker to execute arbitrary code...