90604 matches found
The vulnerability of the USB-Audio component in the Linux operating system’s kernel allows a hacker to cause a service failure.
The vulnerability of the USB-Audio component in the Linux operating system’s kernel is related to errors in reading beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of VMware ESXi and VMware Workstation relates to synchronization errors when using shared resources, allowing a hacker to execute arbitrary code.
The vulnerability of VMware ESXi and VMware Workstation lies in synchronization errors when using shared resources „Race Conditions“. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the iio component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the iio component in the Linux operating system’s kernel is related to improper validation of input data in the afe4403readraw function. Exploiting this vulnerability can allow an attacker to cause service failures...
The vulnerability of the Adobe Experience Manager content and media data management system lies in the insufficient protection of the website structure, allowing attackers to execute arbitrary code.
The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers allows attackers to execute arbitrary code or cause service interruptions.
The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers relates to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a denial-of-service attack through a specially crafted HTML page...
The vulnerability of the distributed database management system Apache Cassandra lies in its insecure handling of privileges, allowing attackers to elevate their own privileges.
The vulnerability of the distributed database management system Apache Cassandra lies in the insecure management of privileges. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...
The vulnerability in the software web interface for controlling power supply units like PowerChute Serial Shutdown allows a intruder to trigger a service failure.
The vulnerability in the software web interface for controlling power supply units like PowerChute Serial Shutdown is related to improper authentication. Exploiting this vulnerability could allow an attacker, operating remotely, to cause a service failure...
The vulnerability of the Microsoft Digest Authentication (wDigest) authentication mechanism in Windows operating systems allows a perpetrator to execute arbitrary code.
The vulnerability of the Microsoft Digest Authentication wDigest authentication mechanism in Windows operating systems is related to integer overflow. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the installer for Microsoft Visual Studio allows a hacker to increase their privileges.
The vulnerability of the installer of the Microsoft Visual Studio software is related to an uncontrolled element in the search process. Exploiting this vulnerability can allow a perpetrator to enhance their privileges...
The vulnerability of the Internet Connection Sharing (ICS) function in Windows operating systems allows a hacker to cause a service failure.
The vulnerability of the Internet Connection Sharing ICS function in Windows operating systems is related to reading data beyond the allowed range in memory. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
The vulnerability of the formSetClientState function in the Tenda AC18 router software allows a attacker to trigger a service failure or execute arbitrary code.
The vulnerability of the formSetClientState function in the Tenda AC18 router software is related to buffer overflows in the stack when processing the limitSpeedUp parameter. Exploiting this vulnerability can allow an attacker to cause service failures or execute arbitrary code using a specially...
The vulnerability of the formSetFirewallCfg function in the microprogramming software for Tenda AC18 allows a hacker to trigger a service failure.
The vulnerability of the formSetFirewallCfg function in the Tenda AC18 router microprogramming system is related to buffer overflow during the processing of the firewallEn parameter. Exploiting this vulnerability can allow a remote attacker to cause a service failure...
The vulnerability of the netfilter component in the Linux operating system’s kernel allows a hacker to induce a service failure.
The vulnerability of the netfilter component in the Linux operating system’s kernel is related to the assignment of the NULL pointer. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the Swift Mailer module in the Drupal CMS system, related to the use of dangerous methods or functions, allows attackers to exploit it.
The vulnerability of the Swift Mailer module in the Drupal CMS system is related to the use of dangerous methods or functions. Exploiting this vulnerability could allow a malicious actor to execute a spear-phishing attack remotely...
The vulnerability of the Windows operating system’s Telephony Service allows a perpetrator to execute arbitrary code.
The vulnerability of the Windows operating system’s Telephony Service is related to overflowing buffers in the dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Teamcenter Visualization lifecycle management system and the Siemens Tecnomatix Plant Simulation software environment, related to the execution of operations beyond the buffer in memory, allows attackers to execute arbitrary code.
The vulnerability of the Teamcenter Visualization lifecycle management system and the Siemens Tecnomatix Plant Simulation software environment relates to the execution of operations beyond the buffer in memory when processing WRL files. Exploiting this vulnerability could allow an attacker to...
The vulnerability of the cdc-wdm component in the Linux operating system’s kernel allows a hacker to cause a service failure.
The vulnerability of the cdc-wdm component in the Linux operating system’s kernel is related to incorrect blocking in the wdmintcallback function. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the lack of security measures for website structures, allowing attackers to trigger service failures.
The vulnerability of cloud-based software for creating and using Nextcloud Server and Nextcloud Enterprise Server is related to the lack of protective measures for the website structure. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...
The vulnerability of the Intel Extension for Transformers tool set arises from incorrect name restrictions for paths to the restricted catalog. This allows attackers to escalate their privileges.
The vulnerability of the Intel Extension for Transformers tool set is related to an incorrect name restriction for the path to the restricted access catalog. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the SSL VPN remote access technology for FortiOS operating systems allows a hacker to execute arbitrary code or commands.
The vulnerability of the SSL VPN remote access technology for FortiOS operating systems relates to the interception of user sessions. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or commands remotely...
The vulnerability of the Firmware Update Handler component of the Siemens SINEMA Remote Connect server allows a hacker to gain increased privileges.
The vulnerability of the Firmware Update Handler component in Siemens SINEMA Remote Connect relates to the creation of temporary files with insecure permissions. Exploiting this vulnerability can allow a remote attacker to increase their privileges...
The vulnerability of the udc component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the udc component in the Linux operating system’s kernel is related to improper locking of resources in the usbepqueue function. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the ubifs component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the ubifs component in the Linux operating system’s kernel is related to improper locking of resources. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the Linux operating system’s serial kernel component, which allows a hacker to trigger a service failure
The vulnerability of the Linux operating system’s serial kernel component is related to the assignment of the NULL pointer in the function uartttyportshutdown. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the YouGile project management service lies in its improper handling of logical operations, allowing attackers to escalate their privileges.
The vulnerability of the YouGile project management service is related to incorrect processing of logical operations. Exploiting this vulnerability allows a remote attacker to gain increased privileges...
The vulnerability of the .NET software platform and Microsoft Visual Studio, a development environment for software, stems from insufficient testing of input data. This allows attackers to exploit their privileges.
The vulnerability of the .NET software platform and the Microsoft Visual Studio development environment exists due to insufficient testing of input data. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the optee component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the optee component in the Linux operating system’s kernel is related to memory release after the effective lifespan has ended. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the Auctions component of the Oracle Sourcing supply management platform, a part of the Oracle E-Business Suite, allows a malicious individual to gain unauthorized access to create, modify, and delete data.
The vulnerability of the Auctions component of the Oracle Sourcing supply management platform, part of the Oracle E-Business Suite, is related to deficiencies in the authentication mechanism. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to...
The vulnerability of the Graphics component in Windows operating systems allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Graphics component in Windows operating systems is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of the `requestLetsEncryptSsl` function in the NGINX Proxy Manager’s proxy server allows a hacker to execute arbitrary code.
The vulnerability of the requestLetsEncryptSsl function in the NGINX Proxy Manager’s proxy management module is related to the lack of measures taken to sanitize data at the control level. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by adding a specially craft...
The vulnerability of the WebRTC component in Google Chrome browsers, related to recording beyond the buffer limit, allows attackers to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the WebRTC component in the Google Chrome web browser is related to memory corruption beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to access sensitive data, compromise its integrity, and cause service interruptions...
The vulnerability of the OpenCV library, which is used for computer vision, image processing, and general numerical algorithms, relates to the issue of re-liberating memory. This allows attackers to gain access to confidential data, compromise its integrity, and cause service interruptions.
The vulnerability of the OpenCV library, which is used for computer vision, image processing, and general numerical algorithms, relates to repeated memory reclamation. Exploiting this vulnerability can allow remote attackers to gain access to confidential data, compromise its integrity, and cause...
The vulnerability of the iommu/arm-smmu-v3 component of the Linux operating system, which allows a hacker to trigger a service failure.
The vulnerability of the iommu/arm-smmu-v3 component in the Linux operating system is related to the lack of a mechanism to cancel registration when the device is disabled. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the CORS mechanism implementation in Python PyPi storage solutions allows attackers to disclose protected information.
The vulnerability of the CORS mechanism implemented in Python PyPi software repositories is related to lack of access control. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information...
The vulnerability of the swpm component in the “Avora” operating system, related to the ability to read beyond the buffer limit of memory, allows a hacker to cause a failure in the execution of the program.
The vulnerability of the software power management component in the “Avora” operating system is related to the ability to read data beyond the buffer limit of memory. Exploiting this vulnerability can lead to service failure...
The vulnerability of the SCADA system MasterSCADA, related to deficiencies in password protection mechanisms, allows unauthorized access to the project by intruders.
The vulnerability of the SCADA system MasterSCADA is related to deficiencies in the password protection mechanism of the project file. Exploiting this vulnerability can allow an intruder to gain unauthorized access to the project by reverting the password hash value...
The vulnerability in the session_login.cgi script of the Webmin hosting panel and the web interface for Unix-like systems, Usermin, allows attackers to perform cross-site scripting attacks.
The vulnerability in the sessionlogin.cgi script of the Webmin hosting panel and the web interface for Unix-like systems Usermin exists due to the lack of security measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripti...
The vulnerability of the administrative interface of the FortiADC application controller allows a perpetrator to gain access to write arbitrary files.
The vulnerability of the FortiADC application delivery controller’s administrative interface is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain write access to arbitrary files by sending specially crafted HTTP or HTTPS requests...
Vulnerability of the Server component: Security: Privileges of the MySQL Server database management system, which allows a hacker to cause a service failure.
The vulnerability of the MySQL Server component relates to improper cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...
The vulnerability of the HTTP File Server, related to deficiencies in access control, allows a perpetrator to execute arbitrary code.
The vulnerability of the HTTP File Server is related to deficiencies in access control. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the unflattendtnodes() function in the Linux kernel’s Device Tree driver allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the unflattendtnodes function in the drivers/of/fdt.c module of the Linux kernel’s Device Tree driver is related to a single-issue error. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected...
The vulnerability of the qla2x00_mem_alloc() function in the drivers/scsi/qla2xxx/qla_os.c module of the QLogic QLA2XXX kernel driver for the Linux operating system allows a hacker to cause service failure or exert other adverse effects.
The vulnerability of the qla2x00memalloc function in the drivers/scsi/qla2xxx/qlaos.c file of the QLogic QLA2XXX kernel in the Linux operating system is related to the reallocation of previously released memory. Exploiting this vulnerability could allow an attacker to cause a service failure or...
The vulnerability of the Tutor LMS plugin for the WordPress content management system allows a hacker to execute arbitrary SQL queries and gain unauthorized access to protected information.
The vulnerability of the Tutor LMS plugin for the WordPress content management system is related to the lack of protection for the SQL query structure when processing the questionid parameter. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries and gain unauthorized...
The vulnerability of the hevc_parse_vps_extension() function in the media_tools/av_parsers.c file of the GPAC multimedia platform allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the hevcparsevpsextension function in the mediatools/avparsers.c file of the GPAC multimedia platform is related to the incorrect use of dynamic memory during program execution. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity,...
The vulnerability of the cross-platform BitTorrent client qBittorrent, which stems from the use of rigidly programmed credentials, allows a hacker to execute arbitrary commands.
The vulnerability of the cross-platform BitTorrent client qBittorrent relates to the use of default credentials when the user’s web interface is enabled. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of thejq programming language lies in its ability to write data beyond the buffer boundaries in memory, which allows attackers to trigger a service failure.
The vulnerability of the JQ programming language lies in buffer overflow attacks. Exploiting this vulnerability can allow attackers to cause system failures...
The vulnerability of Google Chrome’s user interface allows a perpetrator to replace the user interface.
The vulnerability of Google Chrome’s user interface is related to an improper limitation on the visible layers of the user interface. Exploiting this vulnerability allows a malicious actor to replace the user interface with a specially created HTML page...
The vulnerability of the nghttp2 codec in the Envoy proxy server allows a attacker to cause a service failure.
The vulnerability of the nghttp2 codec in the Envoy proxy server relates to the implementation of the HTTP/2 protocol. It involves sending an unlimited number of CONTINUATION requests when the maximum header size limit is exceeded, due to the absence of the ENDHEADERS flag. Exploiting this...
The vulnerability of the caching mechanism of the declarative delivery tool for GitOps in Kubernetes Argo CD allows attackers to circumvent security restrictions and execute an brute-force attack.
The vulnerability of the caching mechanism for the declarative delivery tool in GitOps for Kubernetes Argo CD lies in the absence of restrictions on authentication attempts when processing the defaultMaxCacheSize parameter. Exploiting this vulnerability allows a malicious actor to bypass security...
The vulnerability in the web interface for managing microprogrammed software on Cisco Small Business 100, 300, 500 Series Wireless Access Points allows a hacker to execute arbitrary code with root user privileges.
The vulnerability of the web interface for managing microprogrammed software on Cisco Small Business 100, 300, 500 Series Wireless Access Points is related to buffer overflow in the stack. Exploiting this vulnerability allows a malicious actor to execute arbitrary code with root user privileges...