90604 matches found
The vulnerability of the Clam AntiVirus antivirus software lies in its insufficient validation of input data, allowing a hacker to perform denial-of-service attacks.
The vulnerability of the Clam AntiVirus antivirus software is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to perform a denial-of-service attack by sending a specially crafted OOXML file...
The vulnerability of the library for viewing, printing, rendering, creating, and processing PDF files. The PDFTron SDK is software for modeling, designing, and drafting in AutoCAD. This vulnerability relates to errors in the mechanism for checking path searching for dynamically attached libraries, allowing a perpetrator to execute arbitrary code.
The vulnerability of the library for viewing, printing, rendering, creating, and processing PDF files is related to errors in the mechanism for checking the path to dynamically linked libraries DLLs. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by opening a...
The vulnerability of the WISE-4060 Ethernet module’s microprogramming software, related to session management errors, allows a intruder to gain unauthorized access to the device.
The vulnerability of the WISE-4060 Ethernet module’s microprogramming software is related to session management errors. Exploiting this vulnerability could allow an attacker to gain unauthorized access to the device remotely...
The vulnerability of Cisco Small Business LLDP switches, related to copying buffers without checking input data, allows a perpetrator to execute arbitrary code.
The vulnerability of Cisco Small Business LLDP switches lies in the copying of buffers without checking the input data. Exploiting this vulnerability allows an attacker to execute arbitrary code...
The vulnerability of the SSL/TLS message processor in microprogramming network devices from Cisco Adaptive Security Appliances and Cisco Firepower Threat Defense allows attackers to induce service failures.
The vulnerability of SSL/TLS message processors in microprogramming network interface devices from Cisco Adaptive Security Appliances and Cisco Firepower Threat Defense involves an operation that goes beyond the buffer in memory. Exploiting this vulnerability could allow a malicious actor to caus...
The vulnerability of the KrugCorrectTime.exe software of the SCADA system “KRUG-2000” lies in the lack of authentication for a critical function, allowing a intruder to cause a malfunction in the normal operation of the SCADA system.
The vulnerability of the KrugCorrectTime.exe software component of the SCADA system “KRUG-2000” lies in the lack of authentication for a critical function. Exploiting this vulnerability could allow an intruder to cause malfunctions in the normal operation of the SCADA system...
The vulnerability of the Media Audio Decoder decoder in the Windows operating system allows a hacker to execute arbitrary code.
The vulnerability of the Media Audio Decoder driver for the Windows operating system is related to errors in code generation. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
The vulnerability of the Wine package on the Astra Linux (Orel) operating system relates to the display of external program windows over the Astra Linux (Orel) lock window, allowing a intruder to gain unauthorized access to confidential information.
The vulnerability of the Wine software on the Astra Linux operating system Orel relates to the display of modal windows of third-party programs such as “MediaLog” over the Astra Linux lock screen. Exploiting this vulnerability could allow a malicious individual to gain unauthorized access to...
The vulnerability of the Oniguruma regular expression library, related to an uncontrolled recursion, allows a hacker to trigger a service failure.
The vulnerability of the Oniguruma regular expression library is related to an uncontrolled recursion. Exploiting this vulnerability could allow a remote attacker to cause a service failure...
The vulnerability of the central module for managing engineering data and the product’s life cycle in the “LOCMAN Client” system, a system for managing engineering data and the product’s life cycle, arises from the possibility of unlimited loading of dangerous type files, allowing attackers to execute arbitrary codes.
The vulnerability of the central module responsible for managing engineering data and the product’s lifecycle in the LOCsMAN Engineering Data and Product Lifecycle Management system is related to the possibility of unlimited loading of dangerous files. Exploiting this vulnerability could allow...
The vulnerability of the data synchronization module at any time, triggered by user requests or by a special scheduler utility “LOCMAN Master Synchronization” of the engineering data and product lifecycle management system LOCMAN. This vulnerability is related to the unlimited loading of dangerous type files, allowing attackers to execute arbitrary code.
The vulnerability of the data synchronization module at any time, triggered by user requests or by special planning tools like “LOZMAN Master Synchronization” of the Engineering Data and Product Lifecycle management system LOZMAN, is related to the unlimited loading of dangerous files. Exploiting...
The vulnerability of the sub-components of the General Ledger Update Transform and Reports component of the Oracle iSetup system, a business automation solution from Oracle E-Business Suite. This vulnerability allows an intruder to gain unauthorized access to the device.
The vulnerability of the General Ledger Update Transform and Reports components of the Oracle iSetup component in the Oracle E-Business Suite system involves code errors. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the device through HTT...
The vulnerability of Microprogramming Software for Cisco Adaptive Security Appliance Software (ASA) and Cisco Firepower Threat Defense (FTD) relates to writing beyond the buffer boundaries, allowing attackers to trigger a system reboot or cause service failure.
The vulnerability of Microprogrammed Network Interface Software of Cisco Adaptive Security Appliance Software ASA and Cisco Firepower Threat Defense FTD is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow a malicious actor to trigger a system reboot or caus...
The vulnerability of the fly-qdm graphical interface, related to uncontrolled resource consumption, allows a hacker to cause a service failure.
The vulnerability of the fly-qdm graphical interface is related to an uncontrolled consumption of resources. Exploiting this vulnerability can allow a hacker to cause a service failure...
The vulnerability of the KTS “Lighthouse” web interface, which stems from the lack of measures to sanitize input data, allows a perpetrator to inject any desired web script or HTML code.
The vulnerability of the KTS “Lighthouse” web interface is related to the lack of measures to sanitize input data. Exploiting this vulnerability allows a remote attacker to inject arbitrary web scripts or HTML code...
The vulnerability of the KTS web interface “Mayak,” related to the failure to protect the SQL query structure, allows attackers to execute arbitrary SQL commands.
The vulnerability of the KTS “Lighthouse” web interface is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands using a specially crafted HTTP POST request...
The vulnerability of the Kryo Codec component in the software platform for integrating corporate applications in Spring Integration allows a hacker to execute arbitrary code.
The vulnerability of the Kryo Codec component in the software platform for integrating corporate applications in Spring Integration is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of microprogrammed software in server boards, server systems, and Intel computing modules arises from copying buffers without checking the size of the input data. This allows attackers to exploit their privileges.
The vulnerability of microprogrammed software in server boards, server systems, and Intel computing modules is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of microprogramming software in server boards, server systems, and Intel computing modules relates to writing beyond the buffer memory boundaries, allowing attackers to exploit their privileges.
The vulnerability of microprogrammed software in server boards, server systems, and Intel computing modules is related to writing beyond the buffer memory boundaries. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...
The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, and Adobe Acrobat 2015/Reader 2015 involve reading beyond the buffer in memory, allowing attackers to gain unauthorized access to protected information.
The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, and Adobe Acrobat 2015 are related to reading data beyond the buffer in memory. Exploiting these vulnerabilities can...
The vulnerabilities of PDF viewing and editing programs like Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, and Adobe Acrobat Reader 2017 are related to writing data beyond the buffer in memory, allowing attackers to execute arbitrary code in the context of the current user.
The vulnerability of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, and Adobe Acrobat 2015 is related to data writing beyond the buffer boundaries in memory. Exploiting this vulnerability...
The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to trigger a service failure.
The vulnerability of the Core component of the Oracle VM VirtualBox software lies in improper cleaning or release of resources. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the InnoDB component of the MySQL Database Server management system, which allows a hacker to cause a service failure.
The vulnerability of the InnoDB component in the MySQL Database Management System is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to cause service interruptions using the MySQL Protocol...
Huawei routers’ vulnerabilities related to authentication errors allow attackers to execute arbitrary code and increase their privileges.
The vulnerability of Huawei routers is related to authentication errors. Exploiting this vulnerability allows a hacker to execute arbitrary code and increase their privileges...
The vulnerability in the driver drivers/net/wireless/ath/ath9k/htc_hst.c of the Linux operating system allows a hacker to cause a service failure.
The vulnerability in the drivers/net/wireless/ath/ath9k/htchst.c kernel of the Linux operating system is related to an uncontrolled consumption of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of the image loading module in the software suite for creating 3D computer graphics in Blender arises from a numerical overflow condition. This allows an attacker to execute arbitrary code.
The vulnerability of the image loading module in Blender’s 3D computer graphics software is caused by a numerical overflow. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created malicious .blend file...
The vulnerability of the Layer 2 Traceroute tool for Cisco IOS XE and Cisco IOS operating systems allows a hacker to create a complete L2 topology of a vulnerable network.
The vulnerability of the Layer 2 Traceroute tool for Cisco IOS XE and Cisco IOS operating systems is related to the lack of authentication. Exploiting this vulnerability allows a malicious actor to remotely construct a complete L2 topology of the vulnerable network...
The vulnerability of the libgost-astra library in the Astra Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the libgost-astra library in the Astra Linux operating system is related to errors during the automatic configuration of the algorithms according to GOST standards. Exploiting this vulnerability can allow attackers to cause service failures...
The vulnerability of the FortiSIEM security management portal allows a attacker to execute a cross-site scripting attack.
The vulnerability of the FortiSIEM security management portal is related to the disclosure of the unencrypted LDAP server password. Exploiting this vulnerability could allow a malicious actor to perform a cross-site scripting attack remotely...
The vulnerability of the maxiradioremove handler’s implementation in the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the maxiradioremove implementation for loading the drivers/media/radio/radio-maxiradio.ko module into the Linux kernel is related to a memory leak. Exploiting this vulnerability could allow an attacker to cause a system failure by repeatedly connecting and disconnecting the...
The vulnerability in the implementation of the mpi_alloc function in the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the mpialloc function in the loaded module of the digsig/digsigverif.ko kernel of the Linux operating system is related to the assignment of the null pointer. Exploiting this vulnerability could allow an attacker to cause a system failure when there is a memory shortage in th...
Vulnerability of the Server component: Security: Privileges of the MySQL database management system, which allows a hacker to cause a service failure.
The vulnerability of the Server component: Security: Privileges of the MySQL database management system is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...
The vulnerability of the Partner Detail sub-component of the Oracle Partner Management component in the Oracle E-Business Suite allows a malicious actor to gain access to modify, add, or delete data.
The vulnerability of the Partner Detail sub-component of the Oracle Partner Management component in the Oracle E-Business Suite is related to code errors. Exploiting this vulnerability may allow an attacker, operating remotely, to gain access to modify, add, or delete data using the HTTP protocol...
The vulnerability of the Core RDBMS component of the database management system Oracle Database Server allows a hacker to gain full control over the application.
The vulnerability of the Core RDBMS component of the database management system Oracle Database Server is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to gain full control over the application...
The vulnerability in the implementation of TCP sockets in Cisco IOS and Cisco IOS XE operating systems allows a hacker to trigger a device reboot and a service failure.
The vulnerability of TCP socket implementations in Cisco IOS and Cisco IOS XE systems is related to state management errors. Exploiting this vulnerability can allow a malicious actor to trigger a device reboot and a service failure by sending specially crafted HTTP packets...
The vulnerability of the distributed Git version control system, related to errors in the processing of specially crafted submodule names, allows a hacker to execute arbitrary code.
The vulnerability of the distributed Git version control system is related to errors in the processing of specially crafted module names in the .gitmodules file. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Media framework component of the Android operating system allows a hacker to enhance their privileges and execute arbitrary code.
The vulnerability of the Media framework component of the Android operating system relates to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow a remote attacker to increase their privileges and execute arbitrary code...
The vulnerability of the spring-messaging module in the Spring Framework software platform allows a hacker to gain full control over the application.
The vulnerability of the spring-messaging module in the Spring Framework is caused by errors in the handling of STOMP messages. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain full control over the application through a specially crafted message...
The vulnerability of the NVIDIA Graphics Drivers component for the Mac OS X operating system allows a hacker to execute arbitrary code with root privileges.
The vulnerability of the NVIDIA Graphics Drivers component for the Mac OS X operating system is related to synchronization errors when using a shared resource “Race Condition”. Exploiting this vulnerability allows an attacker to execute arbitrary code with kernel privileges through a specially...
The vulnerability of the nsv_parse_NSVf_header function in the nsvdec.c component of the FFmpeg multimedia library allows a attacker to cause a waste of computational resources and a denial of service.
The vulnerability of the nsvparseNSVfheader function in the FFmpeg’s multimedia library libavformat/nsvdec.c is related to resource management errors. Exploiting this vulnerability allows a malicious actor to unnecessarily consume computing resources and cause service failures by using a speciall...
The vulnerability in the JavaScript engine of Microsoft Edge and Internet Explorer allows a hacker to execute arbitrary code.
The vulnerability in Microsoft Edge and Internet Explorer JavaScript engines arises from an operation that goes beyond the buffer boundaries in memory memory corruption due to script execution. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the...
Vulnerabilities in the Pidgin instant messaging program, which allow a hacker to trigger memory disclosure, as well as the ability to inject arbitrary code
The multiple vulnerabilities related to memory corruption in the Pidgin instant messaging application are linked to the processing of the MXIT protocol. Exploiting these vulnerabilities can allow a remote attacker to trigger memory disclosure and the injection of arbitrary code by sending special...
The vulnerability of the iOS operating system and the Safari browser allows attackers to trigger a service failure or execute arbitrary code.
The vulnerability of the WebKit component of the iOS operating system and the Safari browser arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a service failure memory corruption,...
The vulnerability of Microsoft Excel spreadsheet editors, the Microsoft SharePoint Server corporate application suite, and the Microsoft Office Compatibility Pack compatibility suite allows a perpetrator to obtain confidential information from the process memory.
The vulnerability of Microsoft Excel spreadsheet editors, the Microsoft SharePoint Server corporate application suite, and the Microsoft Office Compatibility Pack relates to the lack of protection for operational data. Exploitation of this vulnerability can allow a malicious actor, operating...
Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the accessibility of protected information
The multiple vulnerabilities in the linux-headers-2.6.26-2-openvz-amd64 package of the Debian GNU/Linux operating system may lead to a violation of the accessibility of protected information. These vulnerabilities can be exploited remotely...
The vulnerability of the Windows operating system, which allows a perpetrator to increase their privileges or execute arbitrary code
Vulnerability exists in the Message Queue Service MSMQ, the BthPan.sys and MQAC.sys drivers. This allows a malicious individual to elevate their privileges within the system and execute arbitrary code...
Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the accessibility of protected information
The multiple vulnerabilities in the krb5-kdc package of the Debian GNU/Linux operating system may lead to a violation of the accessibility of protected information. These vulnerabilities can be exploited remotely...
The vulnerability of the OpenOffice.org module of the LibreOffice office software package, related to the execution of operations beyond the buffer boundaries in memory, allows an attacker to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the OpenOffice.org module of the LibreOffice office software package is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause...
The vulnerability of the Android operating system allows a hacker to circumvent restrictions
The vulnerability of the server/pm/UserManagerService.java function in the Android Wi-Fi operating system is related to deficiencies in access control. Exploiting this vulnerability allows a local attacker to circumvent restrictions on Wi-Fi configuration changes by using guest access...
The vulnerability of the Android operating system, which allows a perpetrator to obtain confidential information or bypass security mechanisms
The vulnerability of the BnGraphicBufferProducer::onTransact function libs/gui/IGraphicBufferConsumer.cpp in the mediaserver component of the Android operating system exists due to the lack of initialization for certain input data structures. Exploiting this vulnerability could allow an attacker ...