90509 matches found
The vulnerability in the `usb_remote_smb_conf.cgi` script of NETGEAR XR1000 Wi-Fi routers allows a hacker to execute arbitrary commands.
The vulnerability in the usbremotesmbconf.cgi script of NETGEAR XR1000 Wi-Fi routers lies in the lack of measures for sanitizing input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands using the sharename parameter...
The vulnerability of the Quality Manager Specification component in the Oracle Process Manufacturing (OPM) application for process development management system of the Oracle E-Business Suite allows a malicious actor to gain access to read, modify, or delete data.
The vulnerability of the Quality Manager Specification component in the Oracle Process Manufacturing OPM application for process development management system of the Oracle E-Business Suite is related to deficiencies in the authorization procedures. Exploiting this vulnerability could allow an...
The vulnerability of Nomad application orchestrators, related to incorrect resolution of link references before the file name, allows attackers to execute arbitrary code.
The vulnerability of Nomad application orchestrators is related to incorrect resolution of the link before the file is downloaded. Exploiting this vulnerability allows an attacker to execute arbitrary code...
The vulnerability of the Substance 3D Stager software lies in its ability to store arbitrary values anywhere and to overflow the buffer, allowing an attacker to execute arbitrary code.
The vulnerability of the Substance 3D Stager software-related 3D design software lies in the ability to write any arbitrary value anywhere in the memory, thereby overflowing the buffer. Exploiting this vulnerability allows an attacker to execute arbitrary code in the context of the current user,...
The vulnerability of software platforms for developing and managing online stores like Magento Open Source, Adobe Commerce, and Adobe Commerce B2B, arises from lack of access control mechanisms. This allows attackers to bypass security restrictions.
The vulnerabilities of the software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B are related to lack of access control mechanisms. Exploiting these vulnerabilities can allow attackers to bypass security restrictions remote...
The vulnerability of the Zimbra Collaboration Suite’s email management system, which stems from insufficient validation of incoming requests, allows attackers to carry out SRF attacks.
The vulnerability of the Zimbra Collaboration Suite’s email management system is related to insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to carry out a SRF attack remotely...
The vulnerability of the Insights Management component in the SAP CRM ABAP integration module for managing customer relationships allows a attacker to perform an SRF attack.
The vulnerability of the Insights Management component in the SAP CRM ABAP integration module for managing customer relationships is related to insufficient checking of incoming HTTP requests. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...
The vulnerability of Visual Studio Code’s source editor lies in its failure to properly eliminate special elements used in operating system commands, allowing attackers to execute arbitrary code.
The vulnerability of Visual Studio Code’s source editor is related to the lack of measures taken to neutralize special elements used in the operating system command line. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the SAP NetWeaver AS ABAP software integration platform, related to deficiencies in access control, allows a perpetrator to gain read, modify, or delete access to data.
The vulnerability of the SAP NetWeaver AS ABAP software integration platform is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to gain read, modify, or delete access to data by injecting CSS code or loading a specially created malicious page...
The vulnerability of the Windows Mobile Broadband Driver allows a hacker to execute arbitrary code.
The vulnerability of the Windows Mobile Broadband Driver for Windows operating systems is related to the execution of operations beyond the buffer in memory, due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the seqpacket_allow() function in the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the seqpacketallow function in the Linux operating system’s kernel is related to improper initialization. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of the mmio_read() function in the Linux operating system’s kernel allows a hacker to cause a service failure.
The vulnerability of the mmioread function in the Linux operating system’s kernel is related to a memory leak that occurs due to incorrect initialization of the variable val. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the cdrom_ioctl_timed_media_change() function in the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the cdromioctltimedmediachange function in the Linux operating system is related to integer overflow. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of the “-Oallow-remote-pkcs11” configuration in the ssh-agent service of OpenSSH for Windows operating systems allows a hacker to execute arbitrary code.
The vulnerability of the -Oallow-remote-pkcs11 configuration in the ssh-agent service of OpenSSH for Windows is related to improper external management of file names or paths. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by loading a malicious DLL library...
The vulnerability of the Passwork password manager, related to incorrect restrictions on the path to the restricted catalog, allows a intruder to gain unauthorized access to local files and directories on the server.
The vulnerability of the Passwork password manager is related to incorrect restrictions on the path to the restricted catalog. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to local files and directories on the server by manipulating URL...
The vulnerability of the Passwork password manager, related to the lack of protective measures for the website structure, allows attackers to execute arbitrary JavaScript code.
The vulnerability of the Passwork password manager is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code remotely...
The library’s vulnerability in converting files to the base64 format for uploading files to the Angular Base64 Upload web application, allowing a hacker to execute arbitrary code.
The vulnerability of the library for converting files to the base64 format, which is used to upload files to the web application’s server, relates to an incorrect restriction on the path name of the restricted directory. Exploiting this vulnerability could allow a malicious actor to execute...
The vulnerability of the BitLocker data protection function in Microsoft Windows operating systems allows attackers to circumvent security restrictions.
The vulnerability of the BitLocker data protection function in Microsoft Windows operating systems is related to a breach of the data protection mechanism. Exploiting this vulnerability can allow attackers to circumvent existing security restrictions...
The vulnerability of the blkpg_do_ioctl() function (block/ioctl.c) in the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the blkpgdoioctl function block/ioctl.c in the Linux operating system is related to integer overflow. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of the iopoib component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the iopoib component in the Linux operating system’s kernel is related to incorrect resource blocking. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the /core/authorize.php file in the Drupal CMS system allows a hacker to disclose protected information.
The vulnerability of the /core/authorize.php file in the Drupal CMS system relates to the exposure of system data by unauthorized individuals in the controlled area. Exploiting this vulnerability could allow attackers to disclose protected information through the hashsalt parameter in the...
The vulnerability of the OpenCV library, which is used for computer vision, image processing, and general numerical algorithms, relates to the issue of re-liberating memory. This allows attackers to gain access to confidential data, compromise its integrity, and cause service interruptions.
The vulnerability of the OpenCV library, which is used for computer vision, image processing, and general numerical algorithms, relates to repeated memory reclamation. Exploiting this vulnerability can allow remote attackers to gain access to confidential data, compromise its integrity, and cause...
The vulnerability of the libavfilter/af_stereowiden.c file in the FFmpeg multimedia library allows a hacker to execute arbitrary code.
The vulnerability of the libavfilter/afstereowiden.c file in the FFmpeg multimedia library is related to buffer overflow attacks. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the sof-nau8825 component in the Linux operating system allows for a malfunction to occur, leading to service failure.
The vulnerability of the sof-nau8825 component in the Linux operating system is related to an overflow in the length of a pseudonym. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the fastrpc component in the Linux operating system’s kernel allows for attacks that can affect the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the fastrpc component in the Linux operating system’s kernel is related to a race condition that occurs after memory is freed. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of protected information...
The vulnerability in the Firefox web browser, related to vulnerabilities in the authentication process, allows attackers to compromise data integrity.
The vulnerability in the Firefox web browser is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to compromise data integrity remotely...
The vulnerability of the storvsc component in the Linux operating system’s kernel allows for a malfunction to occur, leading to service failure.
The vulnerability of the storvsc component in the Linux operating system’s kernel is related to a buffer overflow in the swiotlb daemon in the confidential virtual machine. Exploiting this vulnerability could allow an attacker to trigger a system failure...
The vulnerability of the cgi_del_photo() function (/cgi-bin/photocenter_mgr.cgi) in the microprogramming software of D-Link devices such as DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 allows a hacker to execute arbitrary commands.
The vulnerability of the cgidelphoto function /cgi-bin/photocentermgr.cgi in the microprogramming software of D-Link devices such as DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4,...
The vulnerability of the cgi_get_fullscreen_photos() function (/cgi-bin/photocenter_mgr.cgi) in the microprogramming software of D-Link devices such as DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 allows a hacker to execute arbitrary commands.
The vulnerability of the cgigetfullscreenphotos function /cgi-bin/photocentermgr.cgi in the microprogramming software of D-Link devices such as DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345,...
The vulnerability of the cgi_FMT_R12R5_3rd_DiskMGR() function (/cgi-bin/hd_config.cgi) in the D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 devices allows a hacker to execute arbitrary commands.
The vulnerability of the cgiFMTR12R53rdDiskMGR function /cgi-bin/hdconfig.cgi in the D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04...
The vulnerability of the Skia graphic library used by Microsoft Edge and Google Chrome browsers allows attackers to execute arbitrary code.
The vulnerability of the Skia graphic library in Microsoft Edge and Google Chrome exists due to a boundary error in processing untrusted HTML content. Exploiting this vulnerability can allow an attacker to execute arbitrary code remotely...
The vulnerability of the buffer.c component of the Vim text editor allows a hacker to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of the buffer.c component of the Vim text editor is related to the use of memory after it is freed. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service interruptions...
The vulnerability of the start_decoder component in the C/C++ Libstb library, related to integer overflow, allows an attacker to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the startdecoder component in the C/C++ Libstb library is related to integer overflow. Exploiting this vulnerability can allow an attacker to access confidential data, compromise its integrity, and even cause service failures through a specially created file...
The vulnerability of the “identify -help” command in the console-based image editing tool ImageMagick arises from improper memory release before deleting the last link. This allows a malicious actor to compromise data integrity and cause service failures.
The vulnerability of the “identify -help” command in the console-based image editing tool ImageMagick is related to improper memory release before deleting the last link. Exploiting this vulnerability can allow an attacker to compromise data integrity and cause service failures...
The vulnerability of the Windows Installer component on Windows operating systems, which allows a hacker to increase their privileges
The vulnerability of the Windows Installer component in Windows operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the Adobe Experience Manager content and media data management system lies in the insufficient protection of website structures, allowing attackers to carry out cross-site scripting attacks.
The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...
Vulnerability of the Layer-2 Bridge Network Driver for Windows operating systems, allowing a hacker to cause service failure.
The vulnerability of the Layer-2 Bridge Network Driver for Windows operating systems is related to pointer dereferencing errors. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...
The vulnerability of the Netcat module in CMS systems allows attackers to gain unauthorized access to protected information.
The vulnerability of the messaging module in the CMS system Netcat is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to the protected information from the database...
The vulnerability of the web interface of the microprogramming software for Cisco Small Business SPA300 and SPA500 allows a perpetrator to execute arbitrary commands in the basic operating system.
The vulnerability of the web interface of Cisco Small Business SPA300 and SPA500 microprogramming software lies in the copying of input data into memory without checking its size. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary commands on the basic...
The vulnerability of the software for detecting vulnerabilities and errors in PT Application Inspector, due to improper checking of query parameters, allows a perpetrator to execute arbitrary code.
The vulnerability of the PT Application Inspector’s software for detecting vulnerabilities and errors is related to improper checking of query parameters. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Demon Routing Protocol Daemon (rpd) in Junos OS and Junos OS Evolved operating systems allows a attacker to cause a service failure.
The vulnerability of the Demon Routing Protocol Daemon rpd in Junos OS and Junos OS Evolved lies in the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to trigger a service failure through a specially crafted SNMP request...
The vulnerability of the raid5d() function in the Linux kernel driver for block devices allows a hacker to cause a service failure.
The vulnerability of the raid5d function in the driver/md/raid5.c file of the Linux kernel’s block device driver is related to an infinite waiting loop for resources. Exploiting this vulnerability could allow a attacker to cause a service failure...
The vulnerability of Moxa EDS-510A switch microprogramming software, related to the use of cryptographic algorithms containing defects, allows attackers to exploit their privileges.
The vulnerability of Moxa EDS-510A microcontroller software is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability can allow a remote attacker to gain increased privileges...
The vulnerability of the Microprogramming Software of Supermicro BMC controllers, related to the execution of operations outside the buffer in memory, allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Microprogrammed Software of Supermicro controllers involves the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerabilities of the CPCI85 and SICORE processor control modules from Siemens SICAM, such as CP-8031, CP-8050, and SICAM EGS, allow attackers to downgrade the firmware version of the devices.
The vulnerability of the CPCI85 and SICORE processor module control systems from Siemens SICAM, such as CP-8031, CP-8050, and SICAM EGS, stems from the lack of authentication for critical functions. Exploiting this vulnerability allows a malicious actor to downgrade the firmware version of the...
The vulnerability of the SCADA system MasterSCADA 4D, related to insufficient restrictions on authentication attempts, allows a perpetrator to carry out an attack using brute-force methods.
The vulnerability of the SCADA system MasterSCADA 4D is related to insufficient restrictions on authentication attempts. Exploiting this vulnerability allows a malicious actor to carry out an attack using brute-force methods...
The vulnerability of the microprogramming software of the ICU device and the iSTAR Pro door controller allows a intruder to carry out a “machine-in-the-midden” attack.
The vulnerability of the ICU tool and the iSTAR Pro door controller is related to the lack of authentication for critical functions. Exploiting this vulnerability could allow a remote attacker to execute a “midair attack”...
The vulnerability of Themes component in Windows operating systems, which allows attackers to carry out spoofing attacks
The vulnerability of Themes Windows themes in Windows operating systems is related to insufficient protection of service data. Exploiting this vulnerability allows a remote attacker to carry out spoofing attacks...
The vulnerability of the Request Submission and Scheduling components of the Oracle Concurrent Processing application in the Oracle E-Business Suite allows attackers to disclose sensitive information.
The vulnerability of the Request Submission and Scheduling components in Oracle Concurrent Processing of the Oracle E-Business Suite exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose sensitive...
The vulnerability of the Web Services Dynamic Discovery (WS-Discovery) protocol in Windows operating systems allows a perpetrator to cause a service failure.
The vulnerability of the Web Services Dynamic Discovery WS-Discovery protocol in Windows operating systems is related to improper handling of the absence of a specific element. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...