90509 matches found
The vulnerability of the br_multicast_del_port() function in the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the br MulticastDelPort function in the net/bridge/br Multicast.c module of the Linux operating system is related to the reutilization of previously freed memory due to concurrent access to resources race condition. Exploiting this vulnerability could allow an attacker to...
The vulnerability of the btnxpuart component in the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the btnxpuart component in the Linux operating system is related to improper input validation in the btnxpuartclose function. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of Siemens Industrial Edge Management’s centralized control platform for industrial peripheral applications and devices lies in its ability to bypass authentication by using a user-controlled key. This allows attackers to circumvent security restrictions and gain unauthorized access to protected information.
The vulnerability of the centralized control platform for industrial peripheral applications and Siemens Industrial Edge Management IEM devices relates to the ability to bypass authentication by using a user-controlled key. Exploiting this vulnerability allows an attacker to circumvent security...
The vulnerability of the dwc3-am62 component of the Linux operating system’s kernel, which allows a hacker to cause a service failure
The vulnerability of the dwc3-am62 component in the Linux operating system is related to resource management errors. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the Orchid Platform, related to the use of dangerous methods or functions, allows a hacker to obtain the server’s IP address.
The vulnerability of the Orchid Platform is related to the use of dangerous methods or functions. Exploiting this vulnerability can allow a malicious actor, operating remotely, to obtain the server’s IP address through a brute-force attack...
The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from context switching errors related to privilege escalation. This allows attackers to increase their privileges and gain unauthorized access to protected information.
The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to errors in privilege context switching. Exploiting this vulnerability can allow a malicious actor to enhance their privileges and gain unauthorized access to protected information...
The vulnerability of the Git-based software platform for collaborative code development in GitLab Enterprise Edition, related to the lack of measures taken to clean up data at the management level, allows a violator to introduce commands into the system.
The vulnerability of the Git-based software platform for collaborative code development in GitLab Enterprise Edition is related to the lack of measures taken to clean up data at the management level. Exploiting this vulnerability allows a malicious actor to execute commands on the connected Cube...
The vulnerability of the w3dtk.dll library in Autodesk Navisworks allows a perpetrator to execute arbitrary code.
The vulnerability of the w3dtk.dll library in Autodesk Navisworks software relates to the possibility of using memory after it is freed. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
The vulnerability of the /htdocs/web/getcfg.php file in the D-Link DIR-815 router’s microprogramming software allows a hacker to access confidential information.
The vulnerability of the /htdocs/web/getcfg.php file in the D-Link DIR-815 router microprogramming system is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to disclose confidential information through a specially crafted GET request...
The vulnerability of the ocfs2_xattr_find_entry() function in the ocfs2 file system of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the ocfs2xattrfindentry function in the fs/ocfs2/xattr.c file of the Linux operating system’s file system ocfs2 is related to memory allocation beyond the bounds of the allocated buffer. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...
The vulnerability of the odxsw_dll.dll library in the AutoCAD simulation, design, and drafting software allows a perpetrator to gain unauthorized access to protected information, execute arbitrary code, or cause a service failure.
The vulnerability of the odxswdll.dll software for simulation, design, and drawing in AutoCAD is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information, execute arbitrary...
The vulnerability of the Red Hat 3scale API Management software, related to deficiencies in authentication mechanisms, allows attackers to circumvent existing security restrictions.
The vulnerability of the Red Hat 3scale API Management software lies in the deficiencies of its authentication mechanism. Exploiting this vulnerability could allow an attacker to circumvent existing security restrictions...
The vulnerability of the rt5645 component in the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the rt5645 component in the Linux operating system is related to incorrect resource locking. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability in the web interface of the microprogramming software for Cisco Analog Telephone Adapter (ATA) model 190 allows a perpetrator to make limited changes to the configuration or restart the device.
The vulnerability of the web interface for managing microprogrammed software in Cisco Analog Telephone Adapter ATA devices of the 190 series is related to the bypassing of authentication due to a root cause. Exploiting this vulnerability allows an attacker to make limited changes to the...
The vulnerability of the iCMS content management system, related to the manipulation of cross-site requests, allows a hacker to perform a CSRF attack.
The vulnerability of the iCMS content management system is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to execute a CSRF attack using a specially created HTTP request...
The vulnerability of the ntfs3 component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the ntfs3 component in the Linux operating system’s kernel is related to errors in reading data beyond the boundaries of the buffer memory. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability in the `usb_remote_smb_conf.cgi` script of NETGEAR XR1000 Wi-Fi routers allows a hacker to execute arbitrary commands.
The vulnerability in the usbremotesmbconf.cgi script of NETGEAR XR1000 Wi-Fi routers lies in the lack of measures for sanitizing input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands using the sharename parameter...
The vulnerability of Nomad application orchestrators, related to incorrect resolution of link references before the file name, allows attackers to execute arbitrary code.
The vulnerability of Nomad application orchestrators is related to incorrect resolution of the link before the file is downloaded. Exploiting this vulnerability allows an attacker to execute arbitrary code...
The vulnerability of the Substance 3D Stager software lies in its ability to store arbitrary values anywhere and to overflow the buffer, allowing an attacker to execute arbitrary code.
The vulnerability of the Substance 3D Stager software-related 3D design software lies in the ability to write any arbitrary value anywhere in the memory, thereby overflowing the buffer. Exploiting this vulnerability allows an attacker to execute arbitrary code in the context of the current user,...
The vulnerability of the Quality Manager Specification component in the Oracle Process Manufacturing (OPM) application for process development management system of the Oracle E-Business Suite allows a malicious actor to gain access to read, modify, or delete data.
The vulnerability of the Quality Manager Specification component in the Oracle Process Manufacturing OPM application for process development management system of the Oracle E-Business Suite is related to deficiencies in the authorization procedures. Exploiting this vulnerability could allow an...
The vulnerability of software platforms for developing and managing online stores like Magento Open Source, Adobe Commerce, and Adobe Commerce B2B, arises from lack of access control mechanisms. This allows attackers to bypass security restrictions.
The vulnerabilities of the software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B are related to lack of access control mechanisms. Exploiting these vulnerabilities can allow attackers to bypass security restrictions remote...
The vulnerability of the SAP NetWeaver AS ABAP software integration platform, related to deficiencies in access control, allows a perpetrator to gain read, modify, or delete access to data.
The vulnerability of the SAP NetWeaver AS ABAP software integration platform is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to gain read, modify, or delete access to data by injecting CSS code or loading a specially created malicious page...
The vulnerability of the Zimbra Collaboration Suite’s email management system, which stems from insufficient validation of incoming requests, allows attackers to carry out SRF attacks.
The vulnerability of the Zimbra Collaboration Suite’s email management system is related to insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to carry out a SRF attack remotely...
The vulnerability of the Insights Management component in the SAP CRM ABAP integration module for managing customer relationships allows a attacker to perform an SRF attack.
The vulnerability of the Insights Management component in the SAP CRM ABAP integration module for managing customer relationships is related to insufficient checking of incoming HTTP requests. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...
The vulnerability of the Windows Mobile Broadband Driver allows a hacker to execute arbitrary code.
The vulnerability of the Windows Mobile Broadband Driver for Windows operating systems is related to the execution of operations beyond the buffer in memory, due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the cdrom_ioctl_timed_media_change() function in the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the cdromioctltimedmediachange function in the Linux operating system is related to integer overflow. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of the mmio_read() function in the Linux operating system’s kernel allows a hacker to cause a service failure.
The vulnerability of the mmioread function in the Linux operating system’s kernel is related to a memory leak that occurs due to incorrect initialization of the variable val. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of Visual Studio Code’s source editor lies in its failure to properly eliminate special elements used in operating system commands, allowing attackers to execute arbitrary code.
The vulnerability of Visual Studio Code’s source editor is related to the lack of measures taken to neutralize special elements used in the operating system command line. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the seqpacket_allow() function in the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the seqpacketallow function in the Linux operating system’s kernel is related to improper initialization. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of the BitLocker data protection function in Microsoft Windows operating systems allows attackers to circumvent security restrictions.
The vulnerability of the BitLocker data protection function in Microsoft Windows operating systems is related to a breach of the data protection mechanism. Exploiting this vulnerability can allow attackers to circumvent existing security restrictions...
The vulnerability of the Passwork password manager, related to incorrect restrictions on the path to the restricted catalog, allows a intruder to gain unauthorized access to local files and directories on the server.
The vulnerability of the Passwork password manager is related to incorrect restrictions on the path to the restricted catalog. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to local files and directories on the server by manipulating URL...
The vulnerability of the Passwork password manager, related to the lack of protective measures for the website structure, allows attackers to execute arbitrary JavaScript code.
The vulnerability of the Passwork password manager is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code remotely...
The vulnerability of the “-Oallow-remote-pkcs11” configuration in the ssh-agent service of OpenSSH for Windows operating systems allows a hacker to execute arbitrary code.
The vulnerability of the -Oallow-remote-pkcs11 configuration in the ssh-agent service of OpenSSH for Windows is related to improper external management of file names or paths. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by loading a malicious DLL library...
The library’s vulnerability in converting files to the base64 format for uploading files to the Angular Base64 Upload web application, allowing a hacker to execute arbitrary code.
The vulnerability of the library for converting files to the base64 format, which is used to upload files to the web application’s server, relates to an incorrect restriction on the path name of the restricted directory. Exploiting this vulnerability could allow a malicious actor to execute...
The vulnerability of the blkpg_do_ioctl() function (block/ioctl.c) in the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the blkpgdoioctl function block/ioctl.c in the Linux operating system is related to integer overflow. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of the iopoib component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the iopoib component in the Linux operating system’s kernel is related to incorrect resource blocking. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the /core/authorize.php file in the Drupal CMS system allows a hacker to disclose protected information.
The vulnerability of the /core/authorize.php file in the Drupal CMS system relates to the exposure of system data by unauthorized individuals in the controlled area. Exploiting this vulnerability could allow attackers to disclose protected information through the hashsalt parameter in the...
The vulnerability of the cgi_get_fullscreen_photos() function (/cgi-bin/photocenter_mgr.cgi) in the microprogramming software of D-Link devices such as DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 allows a hacker to execute arbitrary commands.
The vulnerability of the cgigetfullscreenphotos function /cgi-bin/photocentermgr.cgi in the microprogramming software of D-Link devices such as DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345,...
The vulnerability of PDF-XChange Editor’s PDF document viewing and editing software lies in the possibility of an operation going beyond the buffer in memory, allowing an attacker to execute arbitrary code.
The vulnerability of PDF-XChange Editor’s PDF document viewing and editing functionality is related to the execution of operations outside the buffer during file U3D processing. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the Skia graphic library used by Microsoft Edge and Google Chrome browsers allows attackers to execute arbitrary code.
The vulnerability of the Skia graphic library in Microsoft Edge and Google Chrome exists due to a boundary error in processing untrusted HTML content. Exploiting this vulnerability can allow an attacker to execute arbitrary code remotely...
The vulnerability in the Firefox web browser, related to vulnerabilities in the authentication process, allows attackers to compromise data integrity.
The vulnerability in the Firefox web browser is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to compromise data integrity remotely...
The vulnerability of the fastrpc component in the Linux operating system’s kernel allows for attacks that can affect the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the fastrpc component in the Linux operating system’s kernel is related to a race condition that occurs after memory is freed. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of protected information...
The vulnerability of the cgi_del_photo() function (/cgi-bin/photocenter_mgr.cgi) in the microprogramming software of D-Link devices such as DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 allows a hacker to execute arbitrary commands.
The vulnerability of the cgidelphoto function /cgi-bin/photocentermgr.cgi in the microprogramming software of D-Link devices such as DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4,...
The vulnerability of the storvsc component in the Linux operating system’s kernel allows for a malfunction to occur, leading to service failure.
The vulnerability of the storvsc component in the Linux operating system’s kernel is related to a buffer overflow in the swiotlb daemon in the confidential virtual machine. Exploiting this vulnerability could allow an attacker to trigger a system failure...
The vulnerability of the cgi_FMT_R12R5_3rd_DiskMGR() function (/cgi-bin/hd_config.cgi) in the D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 devices allows a hacker to execute arbitrary commands.
The vulnerability of the cgiFMTR12R53rdDiskMGR function /cgi-bin/hdconfig.cgi in the D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04...
The vulnerability of the sof-nau8825 component in the Linux operating system allows for a malfunction to occur, leading to service failure.
The vulnerability of the sof-nau8825 component in the Linux operating system is related to an overflow in the length of a pseudonym. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the buffer.c component of the Vim text editor allows a hacker to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of the buffer.c component of the Vim text editor is related to the use of memory after it is freed. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service interruptions...
The vulnerability of the command-line interface of the Cisco NX-OS operating system in Cisco Nexus switches allows a perpetrator to execute arbitrary commands.
The vulnerability of the command-line interface of the Cisco NX-OS operating system in Cisco Nexus switches exists due to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability can allow an attacker to execute arbitrary commands on the basic operating system...
The vulnerability of the start_decoder component in the C/C++ Libstb library, related to integer overflow, allows an attacker to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the startdecoder component in the C/C++ Libstb library is related to integer overflow. Exploiting this vulnerability can allow an attacker to access confidential data, compromise its integrity, and even cause service failures through a specially created file...
The vulnerability of the “identify -help” command in the console-based image editing tool ImageMagick arises from improper memory release before deleting the last link. This allows a malicious actor to compromise data integrity and cause service failures.
The vulnerability of the “identify -help” command in the console-based image editing tool ImageMagick is related to improper memory release before deleting the last link. Exploiting this vulnerability can allow an attacker to compromise data integrity and cause service failures...