90604 matches found
The vulnerability of the newlib library, caused by a numerical overflow, allows an attacker to trigger a buffer overflow.
The vulnerability of the newlib library is caused by a numerical overflow. Exploiting this vulnerability could allow an attacker, operating remotely, to trigger a buffer overflow...
Vulnerability of Windows operating systems, related to errors in code generation, allows a hacker to execute arbitrary code.
The vulnerability of Windows operating systems is related to errors in code generation control. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially created file containing a malicious OLE object...
The vulnerability of the Moxa MXView network control software lies in its failure to eliminate special elements, allowing a violator to execute arbitrary code.
The vulnerability of the Moxa MXView network control software lies in the lack of measures taken to neutralize special elements in the output data used by the incoming component. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially crafted reques...
The vulnerability of the iOS operating system, caused by overflow in the dynamic memory buffer, allows a hacker to execute arbitrary code with root privileges.
The vulnerability of the iOS operating system arises from an overflow in the buffer of dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code with root privileges...
The vulnerabilities of the ServerProtect Management Console, including the ServerProtect for Storage (SPFS), ServerProtect for EMC Celerra (SPEMC), ServerProtect for Network Appliance Filers (SPNAF), and ServerProtect for Microsoft Windows/Novell Netware (SPNT), allow attackers to bypass authentication procedures and gain unauthorized access to protected information.
The vulnerability of the ServerProtect Management Console for Server Protection and ServerProtect for Storage Systems SPFS, ServerProtect for EMC Celerra SPEMC, ServerProtect for Network Appliance Filers SPNAF, and ServerProtect for Microsoft Windows/Novell Netware SPNT is related to authenticati...
The vulnerability of the ColdFusion software platform, related to incorrect handling of the path to libraries’ DLL files, allows attackers to escalate their privileges.
The vulnerability of the ColdFusion software platform is related to incorrect handling of the path for accessing DLL libraries. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the Kalay P2P SDK, related to bypassing authentication through spoofing, allows a perpetrator to compromise IoT devices and gain unauthorized access to protected information.
The vulnerability of the Kalay P2P SDK lies in the ability to bypass authentication through spoofing. Exploiting this vulnerability allows a malicious actor to compromise IoT devices and gain unauthorized access to protected information...
The vulnerability of TrustAccess’s network firewall, related to access control deficiencies, allows a hacker to bypass application access restrictions to network services.
The vulnerability of TrustAccess relates to deficiencies in access control. Exploiting this vulnerability could allow an attacker to bypass the restrictions on application access to network services...
The vulnerability of the FortiMail email protection system lies in the lack of measures to protect the SQL query structure, allowing attackers to execute arbitrary code or commands.
The vulnerability of the FortiMail email protection system lies in the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary codes or commands using specially crafted HTTP requests...
The vulnerability of the DNS server Dnsmasq, related to errors in the implementation of security checks for standard elements, allows attackers to compromise the integrity of the protected information.
The vulnerability of the Dnsmasq DNS server lies in the lack of checking for requests with the same name. Exploiting this vulnerability allows a malicious actor to compromise the integrity of the protected information...
The vulnerabilities of the functions MovePage::isValidMoveTarget(), Title::getArticleID(), and MovePage::moveToInternal() in the software for implementing the MediaWiki hypertext environment allow attackers to compromise the integrity of the protected information.
The vulnerabilities of the functions MovePage::isValidMoveTarget, Title::getArticleID, and MovePage::moveToInternal in the MediaWiki software environment for implementing a hypertext environment are related to deficiencies in access control. Exploiting these vulnerabilities could allow an attacke...
The vulnerability of the Linux operating system’s kernel, which allows a hacker to increase their privileges
The vulnerability of the Linux operating system’s kernel is related to incorrect initialization of process identifiers. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the ksys2.dll library of the KOMPAS-3D three-dimensional modeling system, related to the execution of operations outside the buffer in memory, allows a hacker to cause a service failure.
The vulnerability of the ksys2.dll library in the KOMPAS-3D three-dimensional modeling system is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker to cause a service failure using a specially crafted CDW format file...
The vulnerability of the webSetEMailAlert function in the embedded web server, due to insufficient validation of input data, allows a malicious user to elevate their privileges and execute system commands of the operating system.
The vulnerability of the webSetEMailAlert function in the embedded web server is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to enhance their privileges and execute system commands of the operating system...
The vulnerability of the webSetFrmUpgrade function in the embedded web server, which involves copying buffers without checking the size of the input data, allows a hacker to escalate their privileges and cause a service failure.
The vulnerability of the webSetFrmUpgrade function in the embedded web server is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow an attacker to increase their privileges and cause service interruptions using a specially crafte...
The vulnerability of the Bill Issues component of the Oracle Bills of Material application in the Oracle E-Business Suite allows a malicious individual to gain access to modify, add, or delete data, as well as to unauthorizedly access protected information.
The vulnerability of the Bill Issues component of the Oracle Bills of Material application within the Oracle E-Business Suite is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data, as well as gain...
The vulnerability of SonicWall Email Security’s email security software lies in the improper restriction of the path to the restricted directory. This allows attackers to gain unauthorized access to the protected information.
The vulnerability of SonicWall Email Security’s email security software relates to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...
The vulnerability of Microsoft Office packages, Microsoft Office Web Apps Server, Microsoft Excel, Microsoft 365 Apps for Enterprise, and Microsoft Office Online Server relates to insufficient protection of sensitive data, allowing attackers to gain unauthorized access to protected information.
The vulnerabilities of Microsoft Office packages, Microsoft Office Web Apps Server, Microsoft Excel, Microsoft 365 Apps for Enterprise, and Microsoft Office Online Server are related to insufficient protection of sensitive data. Exploiting these vulnerabilities can allow attackers to gain...
The vulnerability of the Apache Guacamole software for remote administration of client machines lies in the fact that operations are performed outside the buffer in memory. This allows an attacker to increase their privileges and execute arbitrary code.
The vulnerability of the Apache Guacamole software for remote administration of client machines is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary code...
The vulnerability of the `--userns-remap` option, a Docker containerization-enabled deployment and application management automation tool, is related to an incorrect path name limitation for the directory. This vulnerability allows attackers to compromise data integrity.
The vulnerability of the --userns-remap option, a tool for automating application deployment and management in Docker containerized environments, is related to an incorrect restriction on the path name to the directory. Exploiting this vulnerability allows a malicious actor to compromise data...
The vulnerability of the Node.js software platform, related to the presence of localhost6 in the white list, allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the Node.js software platform is related to the presence of localhost6 in the white list. Exploiting this vulnerability allows a remote attacker to access confidential data, compromise its integrity, and cause service failures...
The vulnerability of Dollibarr’s software lies in its lack of protection for SQL query structures, allowing attackers to execute arbitrary SQL commands.
The vulnerability of Dollibarr’s software lies in the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands remotely...
The vulnerability of the process-interaction channel of the Cisco AnyConnect Secure Mobility Client encryption protection tool allows a intruder to trigger a service failure.
The vulnerability of the process-interaction channel of the Cisco AnyConnect Secure Mobility Client cryptographic security tool is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...
The vulnerability of the Log4j Java logging library, related to the restoration of unreliable data in memory, allows a hacker to execute arbitrary code.
The vulnerability of the Log4j logging library in Java programs relates to the restoration of unreliable data in memory. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...
The vulnerability of the ICMP packet processing service in the NX-OS operating system allows a hacker to induce a service failure.
The vulnerability of the ICMP packet processing service in the NX-OS operating system is related to a memory release error. Exploiting this vulnerability could allow a malicious actor to cause a service failure remotely...
The vulnerability of Microsoft Excel, Microsoft Office products, Microsoft Office Online Server, Microsoft Office Web Apps, Microsoft SharePoint Enterprise Server, and Microsoft 365 Apps relates to insufficient input validation, allowing an attacker to execute arbitrary code.
The vulnerability of Microsoft Excel, the Microsoft Office suite, Microsoft Office Online Server, Microsoft Office Web Apps, Microsoft SharePoint Enterprise Server, and Microsoft 365 Apps is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to...
The vulnerability of the service for managing access to remote catalogs and authentication mechanisms, related to deficiencies in access control, allows attackers to disclose protected information and compromise its integrity.
The vulnerability of the service for managing access to remote catalogs and the authentication mechanism sssd is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose protected information and compromise its integri...
The vulnerability of Microsoft SharePoint Server, Microsoft SharePoint Foundation, and Microsoft SharePoint Enterprise Server packages lies in memory object processing errors, which allow an attacker to gain unauthorized access to protected information.
The vulnerability of Microsoft SharePoint Server, Microsoft SharePoint Foundation, and Microsoft SharePoint Enterprise Server lies in memory object processing errors. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of the Microsoft Office Access Connectivity Engine component of the Microsoft Office software suite allows a perpetrator to execute arbitrary code.
The vulnerability of the Microsoft Office Access Connectivity Engine component of the Microsoft Office software suite is related to object processing errors in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created file...
The vulnerability of the InnoDB component in the MySQL Database Management System, which is related to insufficient validation of input data, allows attackers to trigger service failures.
The vulnerability of the InnoDB component in the MySQL Database Management System is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to cause downtime or service failures through the use of MySQL network protocols...
The vulnerability of the Console component of the Oracle WebLogic Server application server allows a perpetrator to gain access to modify, add, or delete data, or to unauthorizedly access protected information.
The vulnerability of the Console component of the Oracle WebLogic Server application exists due to insufficient validation of input data. Exploiting this vulnerability allows an attacker, operating remotely, to modify, add, or delete data, or to gain unauthorized access to protected information...
The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to trigger a service failure.
The vulnerability of the Core component of the Oracle VM VirtualBox software lies in improper cleaning or release of resources. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the Oracle Application Express component of the Oracle Database Server database management system allows attackers to gain access to modify, add, or delete data, or to unauthorizedly access protected information.
The vulnerability of the Oracle Application Express component of the Oracle Database Server management system exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to modify, add, or delete data, or gain unauthorized access t...
The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to gain access to modify, add, or delete data.
The vulnerability of the Core component of the Oracle VM VirtualBox software lies in insufficient validation of input data. Exploiting this vulnerability can allow an attacker to modify, add, or delete data...
The vulnerability of the LoRaWAN LoRaMac-Node implementation lies in the copying from the buffer without checking the size of the input data, allowing a intruder to trigger a service failure.
The vulnerability of the LoRaWAN LoRaMac-Node implementation lies in the copying of data from the buffer without checking the size of the input data. Exploiting this vulnerability could allow a malicious actor to cause failures in the operation of end devices during wireless activation OTAA,...
The vulnerability of the evaluation tool allows an attacker to exploit privileges on Windows System Assessment Tool (WinSAT) running on Windows operating systems.
The vulnerability of the System Assessment Tool WinSAT for evaluating functions and capabilities of Windows operating systems is related to errors in file handling operations. Exploiting this vulnerability can allow attackers to enhance their privileges through a specially created application...
The vulnerability of Windows operating systems, related to errors in memory object handling, allows attackers to gain unauthorized access to protected information.
The vulnerability of Windows operating systems is related to errors in memory object handling. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of the HTMLParser module from django.utils.html.strip_tags in the Django web development framework allows a attacker to cause a denial-of-service attack.
The vulnerability of the HTMLParser module in django.utils.html.striptags of the Django web development framework is related to a slow evaluation of large input data, which contain large sequences of incomplete HTML objects. Exploiting this vulnerability may allow an attacker to cause service...
The vulnerability of the serialization mechanism in Firefox web browsers, Firefox ESR, and the Thunderbird email client arises from the lack of checks on the size of input data when using buffers. This allows attackers to gain unauthorized access to confidential data, cause service failures, and compromise data integrity.
The vulnerability of the serialization mechanism in Firefox web browsers, Firefox ESR, and the Thunderbird email client is related to the lack of checks on the size of input data when using buffers. Exploiting this vulnerability can allow an attacker to gain unauthorized access to confidential...
The vulnerability of the JavaScript script handler ChakraCore in the Microsoft Edge browser allows a hacker to execute arbitrary code in the context of the current user.
The vulnerability of the ChakraCore JavaScript script handler in the Microsoft Edge browser is caused by an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user, using a...
The vulnerability of the PIA Core Technology component of the PeopleSoft Enterprise PeopleTools business application suite allows a hacker to gain access to modify, add, or delete data, or to unauthorizedly access protected information.
The vulnerability of the PIA Core Technology component in the PeopleSoft Enterprise PeopleTools business application suite is related to access control deficiencies. Exploiting this vulnerability could allow an attacker to gain access to modify, add, or delete data, or to unauthorizedly access...
The vulnerability of the C API component of the MySQL Database Management System client, which allows a hacker to trigger a service failure.
The vulnerability of the C API component of the MySQL Database Management System client is related to resource release errors. Exploiting this vulnerability can allow an attacker to cause service interruptions using the MySQL Protocol network protocol...
The vulnerability of the ath10k_usb_hif_tx_sg function in the Linux kernel’s drivers/net/wireless/ath/ath10k/usb.c file is related to improper memory release before removing last references. This allows a malicious actor to trigger a service failure.
The vulnerability of the ath10kusbhiftxsg function in the Linux kernel’s drivers/net/wireless/ath/ath10k/usb.c file is related to a lack of a memory release mechanism before deleting the last pointer. Exploiting this vulnerability allows an attacker to cause service failure remotely...
The vulnerability of the ca8210_probe() function in the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the ca8210probe function drivers/net/ieee802154/ca8210.c in the Linux kernel involves an uncontrolled consumption of resources. Exploiting this vulnerability could allow a malicious actor to cause service failures by triggering an error in the ca8210getplatformdata function...
The vulnerability of Blink’s web page display mechanism in Google Chrome browser allows a hacker to gain unauthorized access to local files.
The vulnerability of Blink’s web page rendering mechanism in Google Chrome browsers is related to security configuration errors. Exploiting this vulnerability can allow an attacker to gain unauthorized access to local files through a specially created HTML page...
The vulnerability of the WebUSB protocol implementation in Google Chrome web browsers allows a perpetrator to execute arbitrary code.
The vulnerability of the WebUSB protocol implementation in Google Chrome’s web browser is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially crafted web page...
The vulnerability of the twisted.web network framework’s Twisted component allows attackers to compromise the confidentiality and integrity of protected information.
The vulnerability of the twisted.web network framework exists due to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality and integrity of protected information by introducing invalid characters like CRLF...
The vulnerability of the Jenkins Token Macro plugin relates to incorrect restrictions on XML links to external objects. This allows attackers to forge requests on the server side or trigger service failures.
The vulnerability of the Jenkins Token Macro plugin is related to an incorrect limitation on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to forge requests on the server side or cause service failures...
The vulnerability of the seamless_process_line function in the RDP client rdesktop, related to buffer overflow, allows an attacker to execute arbitrary code.
The vulnerability of the seamlessprocessline function in the RDP client rdesktop is related to buffer overflow. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the S/MIME signature verification mechanism in Thunderbird’s email processing software arises from incomplete verification of digital signatures. This allows attackers to re-sign emails with a valid digital signature.
The vulnerability of the S/MIME signature verification mechanism in Thunderbird’s email processing lies in the incomplete verification of digital signatures. Exploiting this vulnerability allows an attacker to re-sign emails with a valid digital signature...