90509 matches found
The vulnerability of the Profiles component in the Google Chrome browser allows a hacker to execute arbitrary code.
The vulnerability of the Profiles component in Google Chrome browser relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the malidp_crtc_reset() function in the Linux kernel’s drivers/gpu/drm/arm/malidp_crtc.c file allows a hacker to trigger a service failure or increase their privileges.
The vulnerability of the malidpcrtcreset function in the Linux kernel’s drivers/gpu/drm/arm/malidpcrtc.c file is related to a pointer arithmetic error. Exploiting this vulnerability could allow an attacker to cause system failures or gain increased privileges...
The vulnerability of the imx_register_uart_clocks() function in the drivers/clk/imx/clk.c file of the Linux kernel allows a hacker to cause system failures or gain increased privileges.
The vulnerability of the imxregisteruartclocks function in the drivers/clk/imx/clk.c file of the Linux kernel is related to a pointer assignment error. Exploiting this vulnerability could allow an attacker to cause system failures or gain increased privileges...
The vulnerability in the driver drivers/usb/mon/mon_bin.c of Linux operating systems allows a hacker to execute arbitrary code.
The vulnerability in the driver drivers/usb/mon/monbin.c of Linux operating systems arises from the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the Microsoft Outlook email client for the MacOS operating system, related to information representation errors in the user interface, allows attackers to perform spearishing attacks.
The vulnerability of the Microsoft Outlook email client for the MacOS operating system is related to information representation errors in the user interface. Exploiting this vulnerability allows a malicious actor to carry out spear-phishing attacks using a specially created email message...
The vulnerability of the devredir_proc_client_devlist_announce_req() function on the XRDP server allows a hacker to execute arbitrary code.
The vulnerability of the devredirprocclientdevlistannouncereq function on the XRDP server is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the Microsoft Dynamics CRM resource planning software lies in the lack of measures taken to protect the SQL query structure, allowing attackers to execute arbitrary code.
The vulnerability of the Microsoft Dynamics CRM resource planning software relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using specially created queries...
The vulnerability of the endpoint protection module of the Anti-Ransomware analysis tool for network traffic, network detection, and response of the Cortex XDR Agent on Windows operating systems allows attackers to gain unauthorized access to protected information.
The vulnerability of the endpoint protection module of the Anti-Ransomware analysis tool for network traffic, network detection, and response of the Cortex XDR Agent on Windows operating systems is related to insufficient protection of operational data. Exploiting this vulnerability can allow...
The vulnerability of the vector graphics editor CorelDRAW Graphics Suite (formerly CorelDRAW) lies in the ability to read data beyond the buffer boundaries in memory, allowing attackers to gain unauthorized access to protected information.
The vulnerability of the CorelDRAW Graphics Suite formerly CorelDRAW graphic editor relates to the reading of data beyond the buffer boundaries in memory during the syntax analysis of GIF files. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...
The vulnerability of the FortiClient NAC (fcnacd) operating system allows a perpetrator to execute arbitrary code or cause service interruptions.
The vulnerability of the FortiOS operating system’s FortiClient NAC fcnacd is related to buffer overflow in the stack. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a service failure by sending a specially crafted request...
The vulnerability of the `kodak_radc_load_raw` function in the `dcraw_common.cpp` component of the LibRaw image processing library allows a hacker to trigger a service failure.
The vulnerability of the kodakradcloadraw function in the dcrawcommon.cpp component of the LibRaw image processing library is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to trigger a service failure using a specially created POC file...
The vulnerability of the LibXfont library lies in the improper definition of symbolic links before accessing the file, allowing attackers to trigger a service failure.
The vulnerability of the LibXfont library is related to the incorrect definition of symbolic links before accessing the file. Exploiting this vulnerability allows an attacker to cause service failures...
The vulnerability of the JBIG2Stream::readTextRegionSeg() function in the JBIG2 decoder for PDF file rendering by Poppler allows a malicious actor to cause a service failure or execute arbitrary code.
The vulnerability of the JBIG2Stream::readTextRegionSeg function in the JBIG2 decoder for processing PDF files with Poppler is related to integer overflow. Exploiting this vulnerability could allow an attacker to cause a service failure or execute arbitrary code by opening a specially created PDF...
The vulnerability of the Roundcube webmail client, related to the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks.
The vulnerability of the Roundcube email client relates to the lack of measures taken to protect the website structure during the processing of CSS style sheets. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks by sending specially crafted email...
The vulnerability of the GetValue function in the microprogramming software for LinkHub Mesh Wi-Fi AC1200 allows a hacker to execute arbitrary code.
The vulnerability of the GetValue function in the microprogramming software for LinkHub Mesh Wi-Fi AC1200 lies in the copying of buffers without checking the size of the input data during the processing of the confcli file. Exploiting this vulnerability allows a remote attacker to execute arbitra...
The vulnerability of the ActiveX control on SCADA servers of Measuresoft ScadaPro Server and ScadaPro Server Client allows attackers to enhance their privileges.
The vulnerability of the ActiveX control used by SCADA servers of Measuresoft ScadaPro Server and ScadaPro Server Client is related to an incorrect definition of the link before accessing the file. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...
The vulnerability in the web interface for managing microprogrammed software routers of Cisco Small Business RV110W, RV130, RV130W, and RV215W allows a perpetrator to execute arbitrary commands or cause service failures.
The vulnerability in the web interface for managing microprogrammed software routers of Cisco Small Business RV110W, RV130, RV130W, and RV215W arises from the copying of buffers without checking the size of the input data during the processing of user fields in incoming HTTP packets. Exploiting...
The vulnerability of the software for adjusting Intel XTU performance lies in the uncontrolled search path element, which allows a hacker to increase their privileges.
The vulnerability of the software for adjusting Intel XTU performance is related to an uncontrollable element in the search process. Exploiting this vulnerability can allow a perpetrator to enhance their privileges...
The vulnerability of the VMware Workspace One Access application management platform, the VMware Identity Manager administration console, and the VMware vRealize Automation virtual infrastructure management tools is related to deficiencies in access control. This allows a malicious individual to elevate their privileges to the root level.
The vulnerabilities of the VMware Workspace One Access application management platform, the VMware Identity Manager administration console, and the VMware vRealize Automation virtual infrastructure management tools are related to deficiencies in access control. Exploiting these vulnerabilities ca...
The vulnerability of the BIOS microprogramming system of Intel processors allows attackers to enhance their privileges and execute arbitrary code.
The vulnerability of the BIOS microprogramming system of Intel processors is related to the implementation of incorrect control flow. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary code...
The vulnerability of the microprogrammed network interface devices of Advanced Secure Gateway (ASG) and ProxySG, related to HTTP request processing flaws, allows attackers to execute the “HTTP request hijacking” attack.
The vulnerability of the Advanced Secure Gateway ASG and ProxySG’s microprogramming software lies in the shortcomings of their HTTP request processing. Exploiting this vulnerability allows a remote attacker to execute an “HTTP request hijacking” attack...
The vulnerability in the web interface of the Cisco Smart Software Manager On-Prem administration tool allows a perpetrator to trigger a service failure.
The vulnerability in the web interface of the Cisco Smart Software Manager On-Prem administration tool is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions remotely...
The vulnerability of the append_command() function (ex_docmd.c) in the Vim text editor, which allows a hacker to execute arbitrary code.
The vulnerability of the appendcommand function exdocmd.c in the Vim text editor is related to writing beyond buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the executable files instup.exe and wsc_proxy.exe of the antivirus protection software Avast Premium Security allows a perpetrator to execute arbitrary code or cause service failure.
The vulnerability of the installed files instup.exe and wscproxy.exe of the antivirus protection software Avast Premium Security is related to the use of an insecure search path. Exploiting this vulnerability can allow a hacker to execute arbitrary code or cause service failures...
The vulnerability of the Infrastructure component of the Oracle FLEXCUBE Universal Banking system allows a perpetrator to gain access to data reading or cause a partial service disruption.
The vulnerability of the Infrastructure component of the Oracle FLEXCUBE Universal Banking system exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain read access to data or cause partial service interruption...
The vulnerability of the Fax Compose Form component in Windows operating systems allows a perpetrator to execute arbitrary code.
The vulnerability of the Fax Compose Form component in Windows operating systems is related to insufficient validation of entered data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the networkd-dispatcher component, which manages connection states in Linux operating systems, and is part of the Systemd subsystem responsible for service initialization and management, allows a malicious actor to escalate their privileges or execute arbitrary code.
The vulnerabilities of the networkd-dispatcher component, which manages connection states and initializes services within Systemd in Linux operating systems, stem from synchronization errors when using shared resources. Exploiting these vulnerabilities can allow attackers to increase their...
The vulnerability in the web interface for managing microprogrammed software routers of Cisco Small Business RV340, RV340W, RV345, and RV345P allows a perpetrator to execute arbitrary commands.
The vulnerability of the web-based management interface for Cisco Small Business RV340, RV340W, RV345, and RV345P microprogramming systems exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a...
The vulnerability of the ext/snmp/snmp.c component of the PHP programming language interpreter allows a attacker to cause a service failure or potentially have other adverse effects.
The vulnerability of the ext/snmp/snmp.c component of the PHP programming language interpreter is related to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to cause service interruptions or potentially have other effects through specially created...
The vulnerability of the Display Key Combination Fast Access swhkd in the Wayland display server protocol allows a hacker to access protected information or cause a service failure.
The vulnerability of the Display Key Combination daemon swhkd in the Wayland display server protocol implementation relates to the ability to save the PID of a process in the file /tmp/swhkd.pid and incorporate the PID of an existing process into it. Exploiting this vulnerability can allow a remo...
The vulnerability of the Databuf function in the types.cpp component of the Exiv2 media metadata management library allows a attacker to cause a service failure.
The vulnerability of the Databuf function in the types.cpp component of the Exiv2 media metadata management library is related to the copying of buffers without checking the input data. Exploiting this vulnerability allows a remote attacker to cause service interruptions...
The vulnerability of the PuppetDB database management system lies in the lack of protective measures for SQL query structures. This allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of the PuppetDB database management system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to gain access to confidential data, compromise its integrity, and cause service interruptions...
Vulnerabilities of functions mbedtls_ecp_check_pub_priv, mbedtls_pk_parse_key, mbedtls_pk_parse_keyfile, mbedtls_ecp_mul, and mbedtls_ecp_mul_restartable in TLS and SSL protocol implementations. These vulnerabilities allow attackers to access confidential data.
The vulnerabilities of functions mbedtlsecpcheckpubpriv, mbedtlspkparsekey, mbedtlspkparsekeyfile, mbedtlsecpmul, and mbedtlsecpmulrestartable in TLS and SSL protocols involve information disclosure due to inconsistencies. Exploiting these vulnerabilities allows a remote attacker to gain access t...
The vulnerability of the HTTP library for Rust Hyper, related to shortcomings in HTTP request processing, allows attackers to compromise data integrity.
The vulnerability of the HTTP library for Rust Hyper relates to the improper handling of requests with a “+” prefix in the Content-Length header. Exploiting this vulnerability allows an attacker to compromise data integrity...
Vulnerability of the Server component: The Optimizer component of the MySQL Server database management system, which allows a hacker to cause a service failure.
The vulnerability of the MySQL Server component involves errors in resource release. Exploiting this vulnerability can allow an attacker to cause service interruptions using the MySQL network protocol...
The vulnerability of the WLAN AutoConfig service in the Microsoft Windows operating system allows a hacker to gain increased privileges.
The vulnerability of the WLAN AutoConfig service in the Microsoft Windows operating system is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the Microsoft Exchange Server mail server, related to errors in code generation, allows a hacker to execute arbitrary code.
The vulnerability of Microsoft Exchange Server is related to errors in code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of NETGEAR’s integrated router software, including models R6260, R6800, R6700v2, R6900v2, R7450, AC2100, AC2400, and AC2600, arises due to buffer overflows in the stack. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the embedded software of NETGEAR routers such as R6260, R6800, R6700v2, R6900v2, R7450, AC2100, AC2400, and AC2600 arises due to buffer overflow on the stack. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility o...
The vulnerability of the built-in software of NETGEAR routers such as LBR20, RBS50Y, RBR10, RBR20, RBR40, RBR50, RBS10, RBS20, RBS40, RBS50, RBK12, RBK20, RBK40, and RBK50 lies in the lack of measures to sanitize input data. This allows a malicious actor to execute arbitrary commands.
The vulnerability of NETGEAR’s integrated routing software, including models like LBR20, RBS50Y, RBR10, RBR20, RBR40, RBR50, RBS10, RBS20, RBS40, RBS50, RBK12, RBK20, RBK40, and RBK50, stems from the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a remote attack...
The vulnerability of the embedded software of NETGEAR’s routers such as LAX20, MK62, MR60, MS60, R6400v2, R6700v3, R6900P, R7000, R7000P, R7850, R7900, R7900P, R7960P, R8000, R8000P, RAX15, RAX20, RAX200, RAX35v2, RAX40v2, RAX43, RAX45, RAX50, RAX75, RAX80, RS400, and XR1000 arises due to the lack of measures for cleaning input data. This allows a malicious actor to execute arbitrary commands.
The vulnerability of NETGEAR’s integrated router software, including models such as LAX20, MK62, MR60, MS60, R6400v2, R6700v3, R6900P, R7000, R7000P, R7850, R7900, R7900P, R7960P, R8000, R8000P, RAX15, RAX20, RAX200, RAX35v2, RAX40v2, RAX43, RAX45, RAX50, RAX75, RAX80, RS400, and XR1000, stems fr...
The vulnerability of NETGEAR’s integrated routing software, including models like RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850, stems from the lack of measures to sanitize input data. This allows attackers to execute arbitrary commands.
The vulnerability of NETGEAR’s integrated routing software, including models like RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850, stems from the lack of measures to sanitize input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the FortiMail email security system, related to errors during authentication procedures, allows attackers to obtain the authentication token of the administrative account.
The vulnerability of the FortiMail email security system is related to errors during the authentication process. Exploiting this vulnerability can allow a malicious actor to obtain the authentication token of the administrative account...
The vulnerability of the GlobalProtect for Windows endpoint protection software lies in the incorrect definition of the link before accessing the file. This allows attackers to escalate their privileges.
The vulnerability of the GlobalProtect for Windows endpoint protection software lies in the incorrect definition of the link before accessing the file. Exploiting this vulnerability can allow attackers to increase their privileges...
The vulnerability of the msp_info.htm file implementation in D-Link DI-7200G V2.E1 microprogrammable router software allows a hacker to execute arbitrary commands.
The vulnerability of the mspinfo.htm file implementation of the D-Link DI-7200G V2.E1 router microprogramming system is related to insufficient cleaning of input data during the processing of the cmd parameter. Exploiting this vulnerability allows an attacker to execute arbitrary commands remotel...
The vulnerability of the Windows GDI+ component in Windows operating systems allows attackers to disclose sensitive information that is protected by security measures.
The vulnerability of the Windows GDI+ component in Windows operating systems is related to deficiencies in the system’s controlled areas. Exploiting this vulnerability can allow attackers to disclose sensitive information that should be protected...
The vulnerability of the Tablet Windows User Interface Application Core component in the Windows operating system allows a hacker to enhance their privileges.
The vulnerability of the Tablet Windows User Interface Application Core component of the Windows operating system is related to insecure management of privileges. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the logback logging library, related to deficiencies in the deserialization mechanism, allows attackers to execute arbitrary code.
The vulnerability of the logback logging library is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code...
The vulnerability of the Clam AntiVirus antivirus software lies in its insufficient validation of input data, allowing a hacker to perform denial-of-service attacks.
The vulnerability of the Clam AntiVirus antivirus software is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to perform a denial-of-service attack by sending a specially crafted OOXML file...
The vulnerability of the “BKCLogSvr.exe” service in Yokogawa’s software products arises from the issue of buffer overflows occurring outside the scope of the service. This allows attackers to escalate their privileges and execute arbitrary code.
The vulnerability of the “BKCLogSvr.exe” service in Yokogawa’s software products arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to increase their privileges and execute arbitrary code by sending a specially crafted...
The vulnerability in the CoreText application programming interface of operating systems such as iOS, macOS, iPadOS, iPhoneOS, watchOS, and tvOS allows attackers to gain access to protected information.
The vulnerability of the CoreText application interface in iOS, macOS, iPadOS, iPhoneOS, watchOS, and tvOS systems relates to the ability to read data beyond the buffer in memory when processing a specially crafted font file. Exploiting this vulnerability can allow an attacker to gain access to...