90509 matches found
The vulnerability of the U3D File Parser component in the PDF-XChange PDF document viewing and editing software allows a hacker to execute arbitrary code.
The vulnerability of the U3D File Parser component in the PDF-XChange PDF viewing and editing software is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
The vulnerability of Google Chrome’s user tabs allows a hacker to replace the user’s interface.
The vulnerability of Google Chrome’s user tabs is related to improperly implemented security checks for standard elements. Exploiting this vulnerability allows a malicious actor to replace the user interface with a specially created HTML page...
The vulnerability of the Prompts component in the Google Chrome browser allows attackers to perform spoofing attacks.
The vulnerability of the Prompts component in the Google Chrome browser is related to the improper use of standard permissions. Exploiting this vulnerability allows a malicious actor to carry out spam attacks using a specially created HTML page...
The vulnerability of the SafeHtml validator in the Hibernate Validator library allows attackers to perform cross-site scripting attacks.
The vulnerability in the SafeHtml validator of the Hibernate Validator library relates to the lack of measures taken to protect the structure of web pages during the processing of HTML content. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...
The vulnerability of the Fullscreen application interface of Google Chrome’s browser allows a hacker to bypass existing security restrictions.
The vulnerability of the Fullscreen application interface of Google Chrome’s browser is related to improperly implemented security checks for standard elements. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions on the browser page through a specially...
The vulnerability of Cisco AsyncOS operating system’s scanning mechanism for Cisco Secure Web Appliances allows attackers to circumvent traffic blocking rules.
The vulnerability of the Cisco AsyncOS operating system’s scanning mechanism for the Cisco Secure Web Appliance is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to circumvent traffic blocking rules when encoding types such as deflate, lzma,...
The vulnerability of the Visual Analyzer component of the Oracle Business Intelligence Enterprise Edition software platform allows a malicious individual to gain unauthorized access to protected information or to modify, add, or delete data.
The vulnerability of the Visual Analyzer component of the Oracle Business Intelligence Enterprise Edition software is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information or to modify, add, or delete...
The vulnerability of Google Chrome’s Autofill function allows attackers to gain access to confidential information.
The vulnerability of Google Chrome’s Autofill function is related to improperly implemented security checks for standard elements. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to confidential information...
The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine allows attackers to trigger a service failure or execute arbitrary code.
The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine is related to access to resources through incompatible types. Exploiting this vulnerability can allow a malicious actor to cause service failures or execute arbitrary code using a specially crafted HTML page...
The software of Cobalt Ashlar-Vellum has vulnerabilities that allow a hacker to execute arbitrary code.
The vulnerability of the Cobalt Ashlar-Vellum software for parametric automated design and 3D modeling is related to the use of an unreliable pointer. Exploiting this vulnerability allows a attacker to execute arbitrary code...
The vulnerability of Zoom video conferencing software, related to the disclosure of information in erroneous data fields, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of Zoom video conferencing software is related to the exposure of information in the erroneous data area. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to protected information...
The vulnerability of the monitoring system for critical equipment, StruxureWare Data Center Expert, arises from improper code generation. This allows a perpetrator to execute arbitrary code.
The vulnerability of the StruxureWare Data Center Exper monitoring system is related to incorrect code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary code when the “end point” parameter in network configuration settings is used...
The vulnerability of D-Link DSL-3782 router’s microprogramming software allows a hacker to bypass the authentication process and gain access to confidential information.
The vulnerability of the D-Link DSL-3782 router’s microprogramming software is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to bypass the authentication process and gain access to confidential information through a specially crafted...
The vulnerability of the PnPSCADA automation system’s software lies in the lack of protective measures for SQL query structures. This allows attackers to gain unauthorized access to protected information and compromise the system.
The vulnerability of the PnPSCADA automation system’s software is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information and compromise the system...
The vulnerability of the SetTriggerPPPoEValidate function in the application software interface of D-Link DIR-2150 router microprogramming system allows a hacker to execute arbitrary code.
The vulnerability of the SetTriggerPPPoEValidate function in the application software interface of D-Link DIR-2150 router microprogramming devices is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using specially...
The vulnerability of the HNAP1 protocol implementation in D-Link DIR-846 router microprogramming software allows a attacker to execute arbitrary commands.
The vulnerability of the HNAP1 protocol implementation in D-Link DIR-846 router microprogramming software is related to the failure to take measures to neutralize special elements used in the operating system’s command processing for handling the tomographypingaddress parameter. Exploiting this...
The vulnerability of the Schema Handler component in the PostgreSQL database management system allows attackers to circumvent security restrictions.
The vulnerability of the Schema Handler component in the PostgreSQL database management system is related to security configuration errors. Exploiting this vulnerability allows a malicious actor to bypass security restrictions remotely...
Vulnerability of the Decompression Enumeration function in Uncompressor::UncompressItem. This compression tool for XML data allows attackers to execute arbitrary code.
Vulnerability of Decompression Enumeration function: Uncompressor::UncompressItem, an XML data compression tool, is vulnerable to a memory boundary error during XML file processing. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
The vulnerability of the nf_tables_commit() function in the kernel’s net/netfilter/nf_tables_api.c file in the Linux operating system allows a attacker to compromise data confidentiality, integrity, and accessibility, or to enhance their privileges within the system and execute arbitrary code.
The vulnerability of the nftablescommit function in the net/netfilter/nftablesapi.c module of the Linux operating system is related to improper deletion of a list. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of data, or to...
The vulnerability of Microsoft Exchange Server servers, related to the use of dangerous methods or functions, allows attackers to execute arbitrary code.
The vulnerability of Microsoft Exchange Server servers is related to the use of dangerous methods or functions. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the kernel (NTOSKRNL) of Microsoft Windows operating systems, which allows a perpetrator to increase their privileges
The vulnerability of the kernel NTOSKRNL of Microsoft Windows is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the Microsoft .NET Framework software platform, related to improper cleaning or release of resources, allows a perpetrator to cause a service failure.
The vulnerability of the Microsoft .NET Framework software platform is related to improper cleaning or release of resources. Exploiting this vulnerability can allow an attacker to cause service failures...
The vulnerability of Microsoft Edge browsers, related to information representation errors in the user interface, allows attackers to perform spear-phishing attacks.
The vulnerability of Microsoft Edge browsers is related to information representation errors in the user interface. Exploiting this vulnerability allows a malicious actor to carry out spear-phishing attacks using a specially created malicious web page...
The vulnerability of the PowerScale OneFS operating systems, related to the disclosure of information through registration files, allows a perpetrator to gain full control over the system.
The vulnerability of the PowerScale OneFS operating system lies in the fact that information can be disclosed through registration files when changing the password via the interface. Exploiting this vulnerability could allow an attacker to gain full control over the system...
The vulnerability of Adobe After Effects’ video and dynamic image editing software lies in the ability to write code beyond the buffer boundaries in memory, allowing attackers to execute arbitrary code.
The vulnerability of Adobe After Effects’ video and dynamic image editing software lies in the writing of code beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code within the context of the current user...
The vulnerability of the microprogrammed software of D-Link DAP-2020 and DAP-1360 allows a intruder to execute arbitrary code.
The vulnerability of D-Link DAP-2020 and DAP-1360 wireless access points’ microprogramming software is related to buffer overflow attacks on the stack. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...
The vulnerability of the wireless network driver WILC1000 for Linux operating systems allows a hacker to trigger a service failure or increase the level of privileges.
The vulnerability of the wireless network driver WILC1000 drivers/net/wireless/microchip/wilc1000/hif.c in the Linux kernel is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a service failure or increase...
The vulnerability of the imx_register_uart_clocks() function in the drivers/clk/imx/clk.c file of the Linux kernel allows a hacker to cause system failures or gain increased privileges.
The vulnerability of the imxregisteruartclocks function in the drivers/clk/imx/clk.c file of the Linux kernel is related to a pointer assignment error. Exploiting this vulnerability could allow an attacker to cause system failures or gain increased privileges...
The vulnerability of the malidp_crtc_reset() function in the Linux kernel’s drivers/gpu/drm/arm/malidp_crtc.c file allows a hacker to trigger a service failure or increase their privileges.
The vulnerability of the malidpcrtcreset function in the Linux kernel’s drivers/gpu/drm/arm/malidpcrtc.c file is related to a pointer arithmetic error. Exploiting this vulnerability could allow an attacker to cause system failures or gain increased privileges...
The vulnerability of the Profiles component in the Google Chrome browser allows a hacker to execute arbitrary code.
The vulnerability of the Profiles component in Google Chrome browser relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the uapi_finalize() function in the drivers/infiniband/core/uverbs_uapi.c file of the Linux kernel allows a hacker to cause a service failure.
The vulnerability of the uapifinalize function in the drivers/infiniband/core/uverbsuapi.c file of the Linux kernel is related to a pointer dereferencing error. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability in the driver drivers/usb/mon/mon_bin.c of Linux operating systems allows a hacker to execute arbitrary code.
The vulnerability in the driver drivers/usb/mon/monbin.c of Linux operating systems arises from the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the Microsoft Outlook email client for the MacOS operating system, related to information representation errors in the user interface, allows attackers to perform spearishing attacks.
The vulnerability of the Microsoft Outlook email client for the MacOS operating system is related to information representation errors in the user interface. Exploiting this vulnerability allows a malicious actor to carry out spear-phishing attacks using a specially created email message...
The vulnerability of the devredir_proc_client_devlist_announce_req() function on the XRDP server allows a hacker to execute arbitrary code.
The vulnerability of the devredirprocclientdevlistannouncereq function on the XRDP server is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the Microsoft Dynamics CRM resource planning software lies in the lack of measures taken to protect the SQL query structure, allowing attackers to execute arbitrary code.
The vulnerability of the Microsoft Dynamics CRM resource planning software relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using specially created queries...
The vulnerability of the endpoint protection module of the Anti-Ransomware analysis tool for network traffic, network detection, and response of the Cortex XDR Agent on Windows operating systems allows attackers to gain unauthorized access to protected information.
The vulnerability of the endpoint protection module of the Anti-Ransomware analysis tool for network traffic, network detection, and response of the Cortex XDR Agent on Windows operating systems is related to insufficient protection of operational data. Exploiting this vulnerability can allow...
The vulnerability of the Microsoft Windows Sysmon system service, related to access control deficiencies, allows attackers to escalate their privileges.
The vulnerability of the Microsoft Windows Sysmon system service is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the vector graphics editor CorelDRAW Graphics Suite (formerly CorelDRAW) lies in the ability to read data beyond the buffer boundaries in memory, allowing attackers to gain unauthorized access to protected information.
The vulnerability of the CorelDRAW Graphics Suite formerly CorelDRAW graphic editor relates to the reading of data beyond the buffer boundaries in memory during the syntax analysis of GIF files. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...
The vulnerability of the FortiClient NAC (fcnacd) operating system allows a perpetrator to execute arbitrary code or cause service interruptions.
The vulnerability of the FortiOS operating system’s FortiClient NAC fcnacd is related to buffer overflow in the stack. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a service failure by sending a specially crafted request...
The vulnerability of the FortiTester software-based diagnostic and audit tools for computer networks, as well as the FortiAnalyzer tool for event monitoring and analysis, stems from the lack of protective measures taken for website structures. This allows attackers to carry out cross-site scripting attacks.
The vulnerability of the FortiTester software for diagnosing and auditing computer networks, as well as the FortiAnalyzer software for monitoring and analyzing security events, is related to the lack of protective measures taken for the website structure. Exploiting this vulnerability could allow...
The vulnerability of the LibXfont library lies in the improper definition of symbolic links before accessing the file, allowing attackers to trigger a service failure.
The vulnerability of the LibXfont library is related to the incorrect definition of symbolic links before accessing the file. Exploiting this vulnerability allows an attacker to cause service failures...
The vulnerability of the `kodak_radc_load_raw` function in the `dcraw_common.cpp` component of the LibRaw image processing library allows a hacker to trigger a service failure.
The vulnerability of the kodakradcloadraw function in the dcrawcommon.cpp component of the LibRaw image processing library is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to trigger a service failure using a specially created POC file...
The vulnerability of the JBIG2Stream::readTextRegionSeg() function in the JBIG2 decoder for PDF file rendering by Poppler allows a malicious actor to cause a service failure or execute arbitrary code.
The vulnerability of the JBIG2Stream::readTextRegionSeg function in the JBIG2 decoder for processing PDF files with Poppler is related to integer overflow. Exploiting this vulnerability could allow an attacker to cause a service failure or execute arbitrary code by opening a specially created PDF...
The vulnerability of the Roundcube webmail client, related to the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks.
The vulnerability of the Roundcube email client relates to the lack of measures taken to protect the website structure during the processing of CSS style sheets. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks by sending specially crafted email...
The vulnerability of the GetValue function in the microprogramming software for LinkHub Mesh Wi-Fi AC1200 allows a hacker to execute arbitrary code.
The vulnerability of the GetValue function in the microprogramming software for LinkHub Mesh Wi-Fi AC1200 lies in the copying of buffers without checking the size of the input data during the processing of the confcli file. Exploiting this vulnerability allows a remote attacker to execute arbitra...
The vulnerability of the ActiveX control on SCADA servers of Measuresoft ScadaPro Server and ScadaPro Server Client allows attackers to enhance their privileges.
The vulnerability of the ActiveX control used by SCADA servers of Measuresoft ScadaPro Server and ScadaPro Server Client is related to an incorrect definition of the link before accessing the file. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...
The vulnerability in the web interface for managing microprogrammed software routers of Cisco Small Business RV110W, RV130, RV130W, and RV215W allows a perpetrator to execute arbitrary commands or cause service failures.
The vulnerability in the web interface for managing microprogrammed software routers of Cisco Small Business RV110W, RV130, RV130W, and RV215W arises from the copying of buffers without checking the size of the input data during the processing of user fields in incoming HTTP packets. Exploiting...
The vulnerability of the Vim text editor lies in the fact that an operation can be performed outside the buffer, allowing an attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Vim text editor is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of the Microsoft Visual Studio software development tool and the Microsoft.NET Framework software platform lies in improper cleaning or release of resources, allowing a perpetrator to cause service failures.
The vulnerability of the Microsoft Visual Studio software development tool and the Microsoft.NET Framework software platform is related to improper cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of the software for adjusting Intel XTU performance lies in the uncontrolled search path element, which allows a hacker to increase their privileges.
The vulnerability of the software for adjusting Intel XTU performance is related to an uncontrollable element in the search process. Exploiting this vulnerability can allow a perpetrator to enhance their privileges...