90509 matches found
The vulnerability of the Linux operating system’s kernel, which allows a hacker to increase their privileges
The vulnerability of the Linux operating system’s kernel is related to incorrect initialization of process identifiers. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the webSetEMailAlert function in the embedded web server, due to insufficient validation of input data, allows a malicious user to elevate their privileges and execute system commands of the operating system.
The vulnerability of the webSetEMailAlert function in the embedded web server is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to enhance their privileges and execute system commands of the operating system...
The vulnerability of the webSetFrmUpgrade function in the embedded web server, which involves copying buffers without checking the size of the input data, allows a hacker to escalate their privileges and cause a service failure.
The vulnerability of the webSetFrmUpgrade function in the embedded web server is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow an attacker to increase their privileges and cause service interruptions using a specially crafte...
The vulnerability of SonicWall Email Security’s email security software lies in the improper restriction of the path to the restricted directory. This allows attackers to gain unauthorized access to the protected information.
The vulnerability of SonicWall Email Security’s email security software relates to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...
The vulnerability of Microsoft Office packages, Microsoft Office Web Apps Server, Microsoft Excel, Microsoft 365 Apps for Enterprise, and Microsoft Office Online Server relates to insufficient protection of sensitive data, allowing attackers to gain unauthorized access to protected information.
The vulnerabilities of Microsoft Office packages, Microsoft Office Web Apps Server, Microsoft Excel, Microsoft 365 Apps for Enterprise, and Microsoft Office Online Server are related to insufficient protection of sensitive data. Exploiting these vulnerabilities can allow attackers to gain...
The vulnerability of the Apache Guacamole software for remote administration of client machines lies in the fact that operations are performed outside the buffer in memory. This allows an attacker to increase their privileges and execute arbitrary code.
The vulnerability of the Apache Guacamole software for remote administration of client machines is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary code...
The vulnerability of the ICMP packet processing service in the NX-OS operating system allows a hacker to induce a service failure.
The vulnerability of the ICMP packet processing service in the NX-OS operating system is related to a memory release error. Exploiting this vulnerability could allow a malicious actor to cause a service failure remotely...
The vulnerability of the Log4j Java logging library, related to the restoration of unreliable data in memory, allows a hacker to execute arbitrary code.
The vulnerability of the Log4j logging library in Java programs relates to the restoration of unreliable data in memory. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...
The vulnerability of the process-interaction channel of the Cisco AnyConnect Secure Mobility Client encryption protection tool allows a intruder to trigger a service failure.
The vulnerability of the process-interaction channel of the Cisco AnyConnect Secure Mobility Client cryptographic security tool is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...
The vulnerability of Dollibarr’s software lies in its lack of protection for SQL query structures, allowing attackers to execute arbitrary SQL commands.
The vulnerability of Dollibarr’s software lies in the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands remotely...
The vulnerability of Microsoft Excel, Microsoft Office products, Microsoft Office Online Server, Microsoft Office Web Apps, Microsoft SharePoint Enterprise Server, and Microsoft 365 Apps relates to insufficient input validation, allowing an attacker to execute arbitrary code.
The vulnerability of Microsoft Excel, the Microsoft Office suite, Microsoft Office Online Server, Microsoft Office Web Apps, Microsoft SharePoint Enterprise Server, and Microsoft 365 Apps is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to...
The vulnerability of the service for managing access to remote catalogs and authentication mechanisms, related to deficiencies in access control, allows attackers to disclose protected information and compromise its integrity.
The vulnerability of the service for managing access to remote catalogs and the authentication mechanism sssd is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose protected information and compromise its integri...
The vulnerability of Microsoft SharePoint Server, Microsoft SharePoint Foundation, and Microsoft SharePoint Enterprise Server packages lies in memory object processing errors, which allow an attacker to gain unauthorized access to protected information.
The vulnerability of Microsoft SharePoint Server, Microsoft SharePoint Foundation, and Microsoft SharePoint Enterprise Server lies in memory object processing errors. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of the Microsoft Office Access Connectivity Engine component of the Microsoft Office software suite allows a perpetrator to execute arbitrary code.
The vulnerability of the Microsoft Office Access Connectivity Engine component of the Microsoft Office software suite is related to object processing errors in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created file...
The vulnerability of the InnoDB component in the MySQL Database Management System, which is related to insufficient validation of input data, allows attackers to trigger service failures.
The vulnerability of the InnoDB component in the MySQL Database Management System is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to cause downtime or service failures through the use of MySQL network protocols...
The vulnerabilities of PDF viewing and editing programs like Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, and Adobe Acrobat Reader 2017 are related to writing data beyond the buffer in memory, allowing attackers to execute arbitrary code in the context of the current user.
The vulnerability of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, and Adobe Acrobat 2015 is related to data writing beyond the buffer boundaries in memory. Exploiting this vulnerability...
The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to trigger a service failure.
The vulnerability of the Core component of the Oracle VM VirtualBox software lies in improper cleaning or release of resources. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to gain access to modify, add, or delete data.
The vulnerability of the Core component of the Oracle VM VirtualBox software lies in insufficient validation of input data. Exploiting this vulnerability can allow an attacker to modify, add, or delete data...
The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, and Adobe Acrobat 2015/Reader 2015 involve reading beyond the buffer in memory, allowing attackers to gain unauthorized access to protected information.
The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, and Adobe Acrobat 2015 are related to reading data beyond the buffer in memory. Exploiting these vulnerabilities can...
The vulnerability of the LoRaWAN LoRaMac-Node implementation lies in the copying from the buffer without checking the size of the input data, allowing a intruder to trigger a service failure.
The vulnerability of the LoRaWAN LoRaMac-Node implementation lies in the copying of data from the buffer without checking the size of the input data. Exploiting this vulnerability could allow a malicious actor to cause failures in the operation of end devices during wireless activation OTAA,...
The vulnerability of the evaluation tool allows an attacker to exploit privileges on Windows System Assessment Tool (WinSAT) running on Windows operating systems.
The vulnerability of the System Assessment Tool WinSAT for evaluating functions and capabilities of Windows operating systems is related to errors in file handling operations. Exploiting this vulnerability can allow attackers to enhance their privileges through a specially created application...
The vulnerability of Windows operating systems, related to errors in memory object handling, allows attackers to gain unauthorized access to protected information.
The vulnerability of Windows operating systems is related to errors in memory object handling. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of the JavaScript script handler ChakraCore in the Microsoft Edge browser allows a hacker to execute arbitrary code in the context of the current user.
The vulnerability of the ChakraCore JavaScript script handler in the Microsoft Edge browser is caused by an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user, using a...
The vulnerability of the PIA Core Technology component of the PeopleSoft Enterprise PeopleTools business application suite allows a hacker to gain access to modify, add, or delete data, or to unauthorizedly access protected information.
The vulnerability of the PIA Core Technology component in the PeopleSoft Enterprise PeopleTools business application suite is related to access control deficiencies. Exploiting this vulnerability could allow an attacker to gain access to modify, add, or delete data, or to unauthorizedly access...
The vulnerability of the C API component of the MySQL Database Management System client, which allows a hacker to trigger a service failure.
The vulnerability of the C API component of the MySQL Database Management System client is related to resource release errors. Exploiting this vulnerability can allow an attacker to cause service interruptions using the MySQL Protocol network protocol...
The vulnerability of the ath10k_usb_hif_tx_sg function in the Linux kernel’s drivers/net/wireless/ath/ath10k/usb.c file is related to improper memory release before removing last references. This allows a malicious actor to trigger a service failure.
The vulnerability of the ath10kusbhiftxsg function in the Linux kernel’s drivers/net/wireless/ath/ath10k/usb.c file is related to a lack of a memory release mechanism before deleting the last pointer. Exploiting this vulnerability allows an attacker to cause service failure remotely...
The vulnerability of the ca8210_probe() function in the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the ca8210probe function drivers/net/ieee802154/ca8210.c in the Linux kernel involves an uncontrolled consumption of resources. Exploiting this vulnerability could allow a malicious actor to cause service failures by triggering an error in the ca8210getplatformdata function...
The vulnerability in the driver drivers/net/wireless/ath/ath9k/htc_hst.c of the Linux operating system allows a hacker to cause a service failure.
The vulnerability in the drivers/net/wireless/ath/ath9k/htchst.c kernel of the Linux operating system is related to an uncontrolled consumption of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of Blink’s web page display mechanism in Google Chrome browser allows a hacker to gain unauthorized access to local files.
The vulnerability of Blink’s web page rendering mechanism in Google Chrome browsers is related to security configuration errors. Exploiting this vulnerability can allow an attacker to gain unauthorized access to local files through a specially created HTML page...
The vulnerability of the WebUSB protocol implementation in Google Chrome web browsers allows a perpetrator to execute arbitrary code.
The vulnerability of the WebUSB protocol implementation in Google Chrome’s web browser is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially crafted web page...
The vulnerability of the FortiSIEM security management portal allows a attacker to execute a cross-site scripting attack.
The vulnerability of the FortiSIEM security management portal is related to the disclosure of the unencrypted LDAP server password. Exploiting this vulnerability could allow a malicious actor to perform a cross-site scripting attack remotely...
The vulnerability of the Jenkins Token Macro plugin relates to incorrect restrictions on XML links to external objects. This allows attackers to forge requests on the server side or trigger service failures.
The vulnerability of the Jenkins Token Macro plugin is related to an incorrect limitation on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to forge requests on the server side or cause service failures...
The vulnerability of the twisted.web network framework’s Twisted component allows attackers to compromise the confidentiality and integrity of protected information.
The vulnerability of the twisted.web network framework exists due to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality and integrity of protected information by introducing invalid characters like CRLF...
The vulnerability of the seamless_process_line function in the RDP client rdesktop, related to buffer overflow, allows an attacker to execute arbitrary code.
The vulnerability of the seamlessprocessline function in the RDP client rdesktop is related to buffer overflow. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Connector/J sub-component of the MySQL Connectors component of the Oracle MySQL database management system allows a hacker to gain full control over the application.
The vulnerability of the Connector/J sub-component of the MySQL Connectors component of the Oracle MySQL database management system is related to access control deficiencies. Exploiting this vulnerability can allow an attacker to gain full control over the application using the JDBC protocol...
The vulnerability of the Cover Letter sub-component of the Oracle Content Manager component in the Oracle E-Business Suite allows a malicious actor to gain access to modify, add, or delete data.
The vulnerability of the Cover Letter sub-component of the Oracle Content Manager component in the Oracle E-Business Suite is related to lack of access control. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data using the HTTP protocol...
The vulnerability of the implementation of SMBv2 and SMBv3 protocols in Cisco Firepower System software allows a perpetrator to induce a service failure.
The vulnerability of the SMBv2 and SMBv3 protocols implemented by Cisco Firepower System arises from incorrect validation of the SMB message header. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...
The vulnerability of the distributed Git version control system, related to errors in the processing of specially crafted submodule names, allows a hacker to execute arbitrary code.
The vulnerability of the distributed Git version control system is related to errors in the processing of specially crafted module names in the .gitmodules file. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the CUPS printing server lies in its ability to execute arbitrary IPP commands, allowing users to compromise the integrity of data.
The vulnerability of the CUPS printing server relates to the ability to execute arbitrary IPP commands. Exploiting this vulnerability allows a malicious actor to compromise data integrity by sending POST requests to the CUPS service along with reattached DNS information...
The vulnerability of the extractDir function in the JICompress component of the QuaZIP library allows a hacker to execute arbitrary code.
The vulnerability of the extractDir function in the JICompress component JlCompress.cpp from the QuaZIP library is related to deficiencies in checking the path name of the restricted-access directory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a...
The vulnerability of the `lim_send_sme_probe_req_ind` function in the Qualcomm WLAN operating system’s Android component from the CAF repository allows a hacker to escalate their privileges.
The vulnerability of the limsendsmeprobereqind function in the Qualcomm WLAN operating system’s Android component, as found in the CAF repository, is due to a buffer overflow. Exploiting this vulnerability could allow a malicious actor to gain increased privileges remotely...
The vulnerability of the `csr_update_fils_params_rso` function in the Qualcomm WLAN operating system for Android, found in the CAF file, allows a attacker to increase their privileges.
The vulnerability of the csrupdatefilsparamsrso function in the Qualcomm WLAN operating system’s Android component, found in the CAF file, is caused by a numerical overflow. Exploiting this vulnerability could allow a malicious actor to gain increased privileges remotely...
The vulnerability of the Windows Server operating system component in Mac OS X allows a hacker to execute arbitrary code with system privileges or cause a service failure.
The vulnerability of the Windows Server operating system component in Mac OS X is caused by an overflow in memory buffers. Exploiting this vulnerability can allow an attacker to execute arbitrary code with system privileges or cause a service failure using a specially created application...
The vulnerability of the NVBUBackup request handler’s software for data archiving and restoration by NetVault Backup allows a perpetrator to execute arbitrary code.
The vulnerability of the NVBUBackup request handler in software for data archiving and restoration by NetVault Backup is related to insufficient protection of the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the NVBUBackupSegment Get request handler in the NetVault Backup software allows a attacker to execute arbitrary code.
The vulnerability of the NVBUBackupSegment Get request handler in the NetVault Backup data archiving and restoration software relates to insufficient protection of the SQL query structure. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...
Vulnerability of the `ihevcd_allocate_static_bufs` and `ihevcd_create` functions in the Android operating system, allowing a hacker to execute arbitrary code
The vulnerability of the ihevcdallocatestaticbufs and ihevcdcreate/media/libstagefright/codecs/hevcdec/SoftHEVC.cpp functions in the Android operating system is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code within...
The vulnerability of the JavaScript script handler ChakraCore in the Microsoft Edge browser allows a hacker to execute arbitrary code.
The vulnerability of the JavaScript script handler ChakraCore in the Microsoft Edge browser is related to improper handling of objects in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user...
The vulnerability in the implementation of the WebSockets technology in Mozilla Firefox, Firefox ESR, and the Thunderbird email client allows a attacker to trigger a service failure.
The vulnerability in the implementation of the WebSockets technology in Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to the use of memory after deallocation. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of the G-Cam/EFD-2250 IP camera’s microprogramming software lies in the improper elimination of certain elements in the data request logic, allowing a intruder to execute arbitrary code.
The vulnerability of the G-Cam/EFD-2250 IP camera’s microprogramming software is related to improper elimination of certain elements in the data query logic. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to the operating system with root privileges...
The vulnerability of the ReadBMPImage function (coders/bmp.c) in the console-based image editing tool ImageMagick allows a hacker to cause a service failure.
The vulnerability of the ReadBMPImage function coder/bmp.c in the console-based graphic editor ImageMagick is related to resource management errors. Exploiting this vulnerability can allow an attacker, operating remotely, to cause a service failure memory consumption through a specially created B...