90604 matches found
Vulnerability of the hypervisor in VMware ESXi, VMware Workstation, VMware Fusion, the virtualization platform VMware Cloud Foundation, the telecommunications cloud platform VMware Telco Cloud Platform, and VMware Telco Cloud Infrastructure—related to reading beyond the allowed range in memory, allowing an intruder to gain unauthorized access to protected information.
The vulnerability of VMware ESXi, VMware Workstation, VMware Fusion, the virtualization platform VMware Cloud Foundation, the telecommunications cloud platform VMware Telco Cloud Platform, and VMware Telco Cloud Infrastructure is related to reading data beyond the allowed range in memory...
The vulnerability in the VERM_AJAX_functions.php script of the software for managing call centers allows a violator to execute arbitrary code.
The vulnerability of the VERMAJAXfunctions.php software for the Vicidial call processing center is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...
The vulnerability of the TMOS Shell configuration tool’s IControl REST interface allows attackers to execute arbitrary commands. This vulnerability relates to the BIG-IP Access Policy Manager, as well as software programs such as BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibility and Reporting (AVR), BIG-IP Camer-Grade NAT (CGNAT), BIG-IP DDos Hybrid Defender, BIG-IP Domain Name System, BIG-IP Edge Gateway, BIG-IP Fraud Protection Service, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Inforcement Manager, BIG-IP SSL Orchestrator, BIG-IP Webaccelerator, and BIG-IP WebSafe.
The vulnerability of the TMOS Shell configuration tool’s IControl REST interface exists due to the lack of measures to neutralize specific elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...
The vulnerability of Linux operating system’s DRM/AMDGPU cores allows a hacker to trigger a service failure.
The vulnerability of Linux operating system’s DRM/AMDGPU kernel components is related to the assignment of the NULL pointer in the amdgpurasinterruptprocesshandler function. Exploiting this vulnerability can allow an attacker to trigger a service failure...
The vulnerability of the TestEmail command in the Reolink RLC-410W, C1 Pro, Reolink C2 Pro, RLC-422W, and RLC-511W software-based cameras allows a intruder to execute arbitrary commands.
The vulnerability of the TestEmail command in the Reolink RLC-410W, C1 Pro, Reolink C2 Pro, RLC-422W, and RLC-511W software-based cameras is related to the failure to take measures to neutralize special elements during the processing of the addr1 field. Exploiting this vulnerability can allow a...
The vulnerability of the `char` component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the char component in the Linux operating system’s kernel is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures...
The vulnerability of Microprogrammed Software in HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed printers arises from buffer overflow in the stack, allowing attackers to execute arbitrary code and gain elevated privileges.
The vulnerability of Microprogrammed Software in HP LaserJet Pro, EHP LaserJet Enterprise, and HP LaserJet Managed printers is related to buffer overflow in the stack. Exploiting this vulnerability allows an attacker to execute arbitrary code and increase their privileges by sending data in...
The vulnerability of the setL2tpServerCfg() function in the cstecgi.cgi script of the TOTOLINK X5000R router’s software allows a hacker to execute arbitrary commands.
The vulnerability of the setL2tpServerCfg function in the cstecgi.cgi script of the TOTOLINK X5000R router’s microprogramming system is related to the failure to take measures to neutralize special elements used in the operating system’s command processing when dealing with parameters such as mtu...
The vulnerability of the GTP component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the GTP component in the Linux operating system’s kernel is related to the pointer to NULL. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the platform’s management interface for deploying and managing LoadMaster applications allows a perpetrator to execute arbitrary commands.
The vulnerability of the platform’s management interface for deploying and managing LoadMaster applications is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially created HTTP request...
The vulnerability of the platform’s management interface for deploying and managing LoadMaster applications allows a perpetrator to execute arbitrary commands.
The vulnerability of the platform’s management interface for deploying and managing LoadMaster applications is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially created HTTP request...
The vulnerability of the JWT OmniAuth provider configuration on the software platform based on git, which allows a hacker to perform XSS attacks during collaborative code development on GitLab.
The vulnerability of the JWT OmniAuth provider configuration on the software platform based on Git, for collaborative code development on GitLab, is related to the exploitation of cross-site requests. Exploiting this vulnerability allows a malicious actor to carry out a Cross-Site Scripting XSS...
The vulnerabilities of the Generic Data Mapper, Engineering Adapter, and Engineering Interface modules of the software for designing, operating, and maintaining technological installations like COMOS, allow attackers to execute XXE attacks.
The vulnerability of the Generic Data Mapper, Engineering Adapter, and Engineering Interface modules of the COMOS software for designing, operating, and maintaining technological installations is related to a bug that restricts XML references to external objects. Exploiting this vulnerability cou...
The vulnerability of the Internet Connection Sharing (ICS) function in Windows operating systems allows a hacker to cause a service failure.
The vulnerability of the Internet Connection Sharing ICS function in Windows operating systems is related to reading data beyond the allowed range in memory. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
The vulnerability of the Kerberos protocol for Windows operating systems allows a perpetrator to induce a service failure.
The vulnerability of the Kerberos protocol for Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures...
The vulnerability of the Internet Connection Sharing (ICS) function in Windows operating systems allows a hacker to cause a service failure.
The vulnerability of the Internet Connection Sharing ICS function in Windows operating systems is related to uncontrolled resource consumption. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
The vulnerability of software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B lies in the lack of protective measures for website structures, allowing attackers to perform cross-site scripting attacks (XSS).
The vulnerabilities of the software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B are related to the lack of measures taken to protect the website structure. Exploiting these vulnerabilities allows attackers to perform...
The vulnerability of software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B lies in the lack of protective measures for website structures, allowing attackers to perform cross-site scripting attacks (XSS).
The vulnerabilities of the software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B are related to the lack of measures taken to protect the website structure. Exploiting these vulnerabilities allows attackers to perform...
The vulnerability in the web interface for managing micro-program software on Cisco Expressway allows a attacker to perform XSS attacks.
The vulnerability in the web interface for managing microprogramming software in Cisco Expressway is related to the lack of measures taken to protect the web page structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
The vulnerability of the Kernel component in operating systems such as MacOs, iPadOS, iOS, watchOS, and tvOS allows attackers to elevate their privileges to a root level.
The vulnerability of the Kernel component in macOS, iPadOS, iOS, watchOS, and tvOS is related to permission handling errors. Exploiting this vulnerability can allow an attacker to elevate their privileges to a root level...
The vulnerability in the form2WlanBasicSetup.cgi script of the D-Link DIR-816A router’s software allows a hacker to execute arbitrary code.
The vulnerability of the form2WlanBasicSetup.cgi microprogramming system of the D-Link DIR-816A2 router is related to access control deficiencies. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created HTTP POST request...
The vulnerability of the pfn_section_valid() function in the include/linux/mmzone.h module of the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the pfnsectionvalid function in the include/linux/mmzone.h module of the Linux operating system is related to pointer manipulation. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the CassandraNetworkAuthorizer and CassandraCIDRAuthorizer components of the distributed Apache Cassandra database management system allows attackers to enhance their privileges.
The vulnerability of the CassandraNetworkAuthorizer and CassandraCIDRAuthorizer components of the distributed Apache Cassandra database management system is related to deficiencies in the authentication mechanism. Exploiting this vulnerability could allow a malicious actor to enhance their...
The vulnerability of the Identity Manager software component, used for managing and controlling access to corporate resources and IBM Security Verify Governance applications, allows a perpetrator to execute a type of “man-in-the-middle” attack.
The vulnerability of the Identity Manager software component, which is used for managing and controlling access to corporate resources and applications in IBM Security Verify Governance, relates to the storage of sensitive data in an open manner. Exploiting this vulnerability could allow a...
The vulnerability of DRM/LIMA components in Linux operating systems allows a hacker to trigger a service failure.
The vulnerability of DRM/LIMA components in the Linux operating system is related to incorrect calculations. Exploiting this vulnerability can allow a perpetrator to cause service failures...
Vulnerability of the driver/net/wireless/mediatek/mt76/mt7915/mcu.c component in Linux kernel, allowing a hacker to cause a service failure
The vulnerability in the drivers/net/wireless/mediatek/mt76/mt7915/mcu.c component of the Linux operating system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures...
The vulnerability of the nft_ct_expect_obj_eval() function in the net/netfilter/nft_ct.c component of the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the nftctexpectobjeval function in the net/netfilter/nftct.c component of the Linux operating system is related to improper checking of removed users. Exploiting this vulnerability could allow a attacker to cause service failures...
The vulnerability of the microprogramming software of the Rockwell Automation PowerMonitor 1000 device, caused by buffer overflows, allows a hacker to trigger a maintenance failure.
The vulnerability of the microprogramming software of the Rockwell Automation PowerMonitor 1000 monitoring and control device is caused by buffer overflow. Exploiting this vulnerability can allow a malicious actor to cause a service failure remotely...
The vulnerability of the NWS_PF_setMacAddrExceptionIP handler of the NetworkingService service in the Mercedes-Benz User Experience (MBUX) system allows a hacker to execute arbitrary commands.
The vulnerability of the NWSPFsetMacAddrExceptionIP handler of the NetworkingService service in the Mercedes-Benz User Experience MBUX system is related to insufficient validation of input data during MAC address processing. Exploiting this vulnerability can allow an attacker to execute arbitrary...
The vulnerability of the Tooltip module in the Drupal CMS system allows attackers to perform cross-site scripting attacks.
The vulnerability of the Tooltip module in the Drupal CMS system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
The vulnerability of the Core server component of Oracle WebLogic Server, a software platform of Oracle Fusion Middleware, allows attackers to disclose protected information.
The vulnerability of the Core server component of Oracle WebLogic Server, a software platform of Oracle Fusion Middleware, is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to disclose sensitive information using the T3/IIOP protocol...
The vulnerability of the SuiteCRM customer relationship management system is related to deficiencies in authentication procedures, which allow attackers to circumvent security restrictions and gain access to read, modify, or delete data.
The vulnerability of the SuiteCRM customer relationship management system is related to deficiencies in the authentication process. Exploiting this vulnerability allows an attacker to bypass security restrictions and gain access to read, modify, or delete data...
The vulnerability of Websoft HCM’s automation software for HR processes lies in the ability to load arbitrary files, allowing attackers to execute arbitrary code.
The vulnerability of Websoft HCM’s automation software for HR processes lies in the ability to load arbitrary files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by creating a specially crafted file...
The vulnerability of software solutions that support the closing, consolidation, and reporting processes of IBM Cognos Controller and IBM Controller lies in the use of strictly encrypted accounting data. This allows a malicious individual to gain unauthorized access to protected information.
The vulnerability of software solutions that support the closing, consolidation, and reporting processes of IBM Cognos Controller and IBM Controller lies in the use of rigidly encrypted account data. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized acces...
The vulnerability of the Intel QuickAssist (Intel QAT Engine for OpenSSL) driver package, related to improper flow management, allows an attacker to gain unauthorized access to protected information.
The vulnerability of the Intel QuickAssist Driver Package Intel QAT Engine for OpenSSL is related to improper handling of threads. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...
The vulnerability of the unserialize() function in the Eloqua CMS system’s Drupal module allows a hacker to execute arbitrary code.
The vulnerability of the unserialize function in the Eloqua CMS system’s Drupal module is related to the restoration of unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Framework component of the Android operating system, which allows a hacker to increase their privileges
The vulnerability of the Framework component in the Android operating system relates to the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the OpenVPN Connect software lies in the improper deletion of critical data at the boundary; this allows a hacker to increase their privileges.
The vulnerability of the OpenVPN Connect software is related to improper cross-border deletion of critical data. Exploiting this vulnerability can allow a remote attacker to increase their privileges...
The vulnerability in the web interface of the Cisco Crosswork Network Controller (CNC) allows a attacker to execute XSS attacks.
The vulnerability in the web interface of the Cisco Crosswork Network Controller CNC management interface is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
The vulnerability of the System component of the Android operating system, allowing a hacker to execute arbitrary code
The vulnerability of the System component of the Android operating system is related to incorrect code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the kunit_try_catch_run() function in the KUnit framework (lib/kunit/try-catch.c) in the Linux kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the kunittrycatchrun function in the KUnit framework lib/kunit/try-catch.c in the Linux kernel is related to the reallocation of memory after its deallocation due to concurrent access to resources race condition. Exploiting this vulnerability could allow an attacker to...
The vulnerability of the Substance 3D Painter software, used for creating textures and materials for 3D models, relates to reading beyond the buffer boundary. This allows attackers to execute arbitrary code.
The vulnerability of the Substance 3D Painter software for creating textures and materials for 3D models involves reading beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the Advanced Payment Management component of the SAP S/4HANA Finance software allows a perpetrator to enhance their privileges.
The vulnerability of the Advanced Payment Management component of the SAP S/4HANA Finance financial management software is related to authentication breaches. Exploiting this vulnerability can allow attackers who operate remotely to enhance their privileges...
The vulnerability of the Substance 3D Painter software for creating textures and materials for 3D models allows a hacker to execute arbitrary code by writing beyond the buffer boundaries of memory.
The vulnerability of the Substance 3D Painter software for creating textures and materials for 3D models is related to writing beyond the buffer boundaries of memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created file...
The vulnerability of Adobe Connect web conference software lies in the insufficient protection of the website structure, which allows attackers to execute arbitrary code.
The vulnerability of Adobe Connect web conference software is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the Adobe Media Encoder application, related to a pointer swapping error, allows a perpetrator to trigger a service failure.
The vulnerability of the Adobe Media Encoder application relates to a pointer assignment error. Exploiting this vulnerability could allow an attacker to trigger a service failure using a specially created malicious file...
The vulnerabilities of the `runtime_suspend()` and `runtime_resume()` functions of the `cadence-qspi` component in the Linux operating system allow a hacker to trigger a service failure.
The vulnerability of the runtimesuspend and runtimeresume functions of the cadence-qspi component in Linux operating systems is related to a freeze that occurs due to repeated locking of resources. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the qdisc_tree_reduce_backlog() function in the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the qdisctreereducebacklog function in the Linux operating system is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability in the web interface of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition systems allows attackers to perform cross-site scripting attacks and gain unauthorized access to protected information.
The vulnerability of the Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition SME web interfaces is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows an attacker to perform cross-site scripting...
The vulnerability of the Teamcenter Visualization lifecycle management system and the Siemens Tecnomatix Plant Simulation software environment, related to the execution of operations beyond the buffer in memory, allows attackers to execute arbitrary code.
The vulnerability of the Teamcenter Visualization lifecycle management system and the Siemens Tecnomatix Plant Simulation software environment relates to the execution of operations beyond the buffer in memory when processing WRL files. Exploiting this vulnerability can allow an attacker to execu...