90509 matches found
The vulnerability of the aiohttp HTTP client, related to incorrect path name restrictions for restricted access directories, allows attackers to gain unauthorized access to protected information.
The vulnerability of the aiohttp HTTP client is related to incorrect restrictions on the path name to the restricted directory. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of FireEye EX 3500, 5500, 8500 email security systems allows attackers to execute cross-site scripting attacks.
The vulnerability of FireEye EX 3500, 5500, and 8500 email security systems lies in the lack of protective measures for website structures. Exploiting this vulnerability allows a malicious actor to execute cross-site scripting using parameters “type” and “sfname”...
The vulnerability of the pskmad_64.sys driver used by Watchguard Endpoint Protection, Detection and Response (EPDR), Panda Adaptive Defense 360 (Panda AD360), and Panda Dome allows a malicious actor to gain unauthorized access to confidential information.
The vulnerability of the pskmad64.sys driver used by Watchguard Endpoint Protection, Detection and Response EPDR, Panda Adaptive Defense 360 Panda AD360, and Panda Dome involves the disclosure of information. Exploiting this vulnerability can allow an attacker to gain unauthorized access to...
The vulnerability of the Rapid SCADA system, related to the storage of passwords in an unencrypted form, allows a intruder to gain unauthorized access to protected information.
The vulnerability of the SCADA system Rapid SCADA is related to the storage of passwords in an unencrypted form. Exploiting this vulnerability can allow a intruder to gain unauthorized access to protected information...
The vulnerability of the Rapid SCADA system, related to the use of open redirection, allows a hacker to redirect a user to any arbitrary URL address.
The vulnerability of the SCADA system Rapid SCADA is related to the use of open redirection as a result of incorrect data cleaning on the user input page. Exploiting this vulnerability allows an attacker to redirect the user to any desired URL address...
The vulnerability of the Setting Handler component in the software for creating, testing, documenting, publishing, and maintaining the API interface of applications allows a perpetrator to execute arbitrary code.
The vulnerability of the Setting Handler component in software for creating, testing, documenting, publishing, and maintaining the API interface of an application relates to the copying of buffers without checking the size of input data when processing PDF files. Exploiting this vulnerability...
The vulnerability of the DevmemIntMapPMR() function in the PowerVR GPU driver for Android and ChromeOS allows a hacker to execute arbitrary code and gain elevated privileges.
The vulnerability of the DevmemIntMapPMR function in the PowerVR GPU driver for Android and ChromeOS operating systems is related to the use of memory after it has been freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code and gain elevated privileges...
The vulnerability of the protect_dir function (pam_namespace.so) in the Linux-PAM authentication module allows a attacker to cause a service failure.
The vulnerability of the protectdir function in the Linux-PAM authentication module pamnamespace.so is related to improper cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures...
The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers allows attackers to execute arbitrary code or cause service interruptions.
The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers is related to operations that go beyond buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure...
The vulnerability of the Centralized Third-party Jars component (OkHttp) of the Oracle Access Manager control system allows a hacker to disclose protected information.
The vulnerability of the Centralized Third-party Jars component OkHttp in the Oracle Access Manager access control tool is related to the lack of protection for service data. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...
The vulnerability of the PPT-file processor in Hancom Office software allows a hacker to execute arbitrary code.
The vulnerability of the PPT-file processor in Hancom Office software is related to buffer overflow in the stack. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created PPT-file...
The vulnerability of Adobe Experience Manager’s content and media data management system, which stems from the lack of measures taken to protect the website structure, allows attackers to execute arbitrary code.
The vulnerability of Adobe Experience Manager’s content and media data management system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine allows attackers to execute arbitrary code or cause service interruptions.
The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine is related to access to resources through incompatible types. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure by using a specially created malicious web page...
The vulnerability of the urllib3 module in the Python programming language lies in the lack of protection for service data, which allows attackers to exploit the exposed information.
The vulnerability of the urllib3 module in the Python programming language is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information that should be protected...
The vulnerability of the BIOS loading, update, backup, and recovery utility from the Phoenix WinPhlash flash device (previously known as Phoenix SecureCore Tiano WinFlash) is related to deficiencies in access control mechanisms, allowing attackers to escalate their privileges.
The vulnerability of the BIOS loading, backup, and recovery utility for the Phoenix WinPhlash flash device previously known as Phoenix SecureCore Tiano WinFlash is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to enhance their privileges...
The vulnerability in the Web Browser UI interface of Google Chrome and Microsoft Edge allows attackers to perform spoofing attacks.
The vulnerability of the Web Browser UI interface in Google Chrome and Microsoft Edge is related to improperly implemented security checks for standard elements. Exploiting this vulnerability allows a malicious actor to carry out spear-phishing attacks using a specially created HTML page...
The vulnerability of the python-eventlet library used by the OpenStack Platform for building cloud solutions allows a attacker to cause service failures.
The vulnerability of the python-eventlet library used by the OpenStack Platform for building cloud solutions is related to improper cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures...
The vulnerability of the SerializationTypeConverter class in the Microsoft Exchange Server mail server allows attackers to perform spoofing attacks.
The vulnerability of the SerializationTypeConverter class in Microsoft Exchange Server lies in the deserialization mechanism’s deficiencies, resulting from insufficient protection of service data. Exploiting this vulnerability allows attackers to perform spoofing attacks remotely...
The vulnerability of the PowerDNS Recursor DNS server stems from the practice of marking authoritative servers as unavailable, allowing attackers to trigger a service failure.
The vulnerability of the PowerDNS Recursor DNS server is related to the marking of authoritative servers as unavailable. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the Bulkmodifications component in NagiosXI software, related to the lack of measures taken to protect the SQL query structure, allows attackers to execute arbitrary SQL queries.
The vulnerability of the Bulkmodifications component in NagiosXI software is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...
The vulnerability in the cr parser_parse_selector_core function of the cr-parser.c library, used for working with cascade CSS2 Libcroco tables, allows a attacker to cause a service failure.
The vulnerability of the cr parserparseselectorcore function in the cr-parser.c component, a library for working with cascading CSS tables, is related to the execution of a loop with an unavailable exit condition. Exploiting this vulnerability could allow a malicious actor to cause service failur...
The vulnerability of the IBM DB2 database management system, related to deficiencies in access control, allows a perpetrator to execute arbitrary code.
The vulnerability of the IBM DB2 database management system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the Samba networking communication package lies in the overflow of buffers in dynamic memory, allowing an attacker to cause a service failure.
The vulnerability of the Samba networking communication package is related to buffer overflow in dynamic memory. Exploiting this vulnerability can allow a remote attacker to cause a service failure...
The vulnerability of the nginx.ingress.kubernetes.io/permanent-redirect controller in the Kubernetes ingress-nginx cluster allows a attacker to execute arbitrary commands.
The vulnerability of the nginx.ingress.kubernetes.io/permanent-redirect controller in the Kubernetes ingress-nginx cluster is related to errors in processing incoming data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of Siemens Solid Edge, a tool for design and simulation, relates to buffer overflow attacks, allowing an attacker to execute arbitrary code.
The vulnerability of Siemens Solid Edge’s design and simulation tools is related to buffer overflow in dynamic memory. Exploiting this vulnerability can allow attackers to execute arbitrary code using specially created PAR files...
The vulnerability of Siemens Solid Edge’s design and simulation tools relates to reading beyond the memory boundary, allowing attackers to disclose protected information.
The vulnerability of Siemens Solid Edge’s design and modeling tools is related to reading beyond the memory limit. Exploiting this vulnerability can allow attackers to disclose sensitive information using specially created STL files...
The vulnerability of Siemens Solid Edge’s design and simulation tools relates to the use of memory after it is freed, allowing an attacker to execute arbitrary code.
The vulnerability of Siemens Solid Edge’s design and simulation tools relates to the use of memory after it is freed. Exploiting this vulnerability can allow attackers to execute arbitrary code using specially created STL files...
The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2020, Adobe Acrobat Reader 2020, and Adobe Acrobat 2017 involve reading data beyond the buffer in memory, allowing attackers to disclose protected information.
The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2020, Adobe Acrobat Reader 2020, Adobe Acrobat 2017, and Adobe Acrobat Reader 2017 are related to reading data beyond the buffer in memory. Exploiting...
The vulnerability of the ms_lib_process_bootblock() function in the drivers/usb/storage/ene_ub6250.c file of the ene_usb6250 driver for the ENE SD/MS embedded system in the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the mslibprocessbootblock function in the drivers/usb/storage/eneub6250.c file of the eneusb6250 driver for the ENE SD/MS embedded system in the Linux operating system is related to access to memory beyond the allocated buffer. Exploiting this vulnerability could allow a...
The vulnerability of the Navigation component in Google Chrome allows attackers to carry out spoofing attacks.
The vulnerability of the Navigation component in Google Chrome is related to information representation errors in the user interface. Exploiting this vulnerability allows a remote attacker to perform spear-phishing attacks using a specially created HTML page...
The vulnerability of the SetWLanRadioSettings function in D-Link DIR-823G router software allows a hacker to cause a service failure.
The vulnerability of the SetWLanRadioSettings function in D-Link DIR-823G router microprogramming software is related to the output of operations that go beyond the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using the SSID parameter...
The vulnerability of the prog.cgi component in D-Link DIR-3040 wireless router software allows a hacker to execute arbitrary code.
The vulnerability of the prog.cgi component in D-Link DIR-3040 wireless router software lies in the fact that the output of operations goes beyond the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted HNAP requests to T...
The vulnerability of the imgsys component in MediaTek’s microprogramming software allows attackers to enhance their privileges.
The vulnerability of the imgsys microprogramming system component of MediaTek’s chips is related to insufficient testing of input data. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the Threat Intelligence service of the Nozomi Guardian detection and monitoring network activity tool, as well as the Nozomi Central Management Console (CMC) – a centralized security management tool – allows attackers to carry out cross-site scenario attacks.
The vulnerability of the Threat Intelligence service of the Nozomi Guardian detection and monitoring network activity tool, as well as the Nozomi Central Management Console CMC, relates to the lack of protective measures taken for the web page structure during the processing of threat analysis...
The vulnerability of the formSetWanNonLogin function in the D-Link DIR-619L router software allows a hacker to cause a service failure.
The vulnerability of the formSetWanNonLogin function in the D-Link DIR-619L router microprogramming system is related to the writing of data beyond the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service failure...
The vulnerability of the keyinstall component in MediaTek’s microprogramming software allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the keyinstall component in MediaTek’s microprogramming software is related to insufficient protection of sensitive data due to incorrect validation of input data. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...
The vulnerability of the SetAPLanSettings function in the microprogramming software of the D-Link DAP-1325 wireless signal booster allows a intruder to execute arbitrary code.
The vulnerability of the SetAPLanSettings function in the microprogramming software of the D-Link DAP-1325 wireless signal booster is related to the execution of operations outside the buffer in memory when processing XML data. Exploiting this vulnerability allows a remote attacker to execute...
The vulnerability of the Prompts component in the Google Chrome browser allows attackers to perform spoofing attacks.
The vulnerability of the Prompts component in the Google Chrome browser is related to the improper use of standard permissions. Exploiting this vulnerability allows a malicious actor to carry out spam attacks using a specially created HTML page...
The vulnerability of the Ansible Semaphore configuration management interface, related to improper control of code generation, allows a attacker to execute arbitrary code.
The vulnerability of the Ansible Semaphore configuration management interface is related to incorrect code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the bt_quickfix function in the Vim text editor allows a hacker to execute arbitrary code.
The vulnerability of the Vim text editor is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
Vulnerability of the CMS system: 1C-Bitrix – Website management related to authentication procedures’ flaws, allowing attackers to access confidential information and perform operations with privileged access rights of compromised accounts.
Vulnerability of the CMS system: 1C-Bitrix. Website management is associated with deficiencies in authentication procedures. Exploiting this vulnerability can allow a malicious actor to gain access to confidential information and perform operations under the privileges of a compromised account...
The vulnerability of the DDP microprogramming software-based wireless access points from D-Link, model DAP-2622, allows a intruder to execute any arbitrary code.
The vulnerability of the DDP microprogramming software used in D-Link DAP-2622 wireless access points lies in the fact that the execution of commands is carried out outside of the buffer in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code...
The vulnerability of the Apache Airflow Spark Provider, a network-based software tool, allows a hacker to execute arbitrary code.
The vulnerability of the Apache Airflow Spark Provider network software is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerabilities of PDF viewing and editing programs like Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, and Adobe Acrobat 2020/Adobe Acrobat Reader 2020 involve memory-walking attacks, allowing attackers to execute arbitrary code.
The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2020, and Adobe Acrobat Reader 2020 are related to memory-walking attacks. Exploiting these vulnerabilities can allow attackers to execute arbitrary cod...
The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, and Adobe Acrobat 2020/Adobe Acrobat Reader 2020 involve an exploit that allows unauthorized access beyond the buffer in memory. This vulnerability enables attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2020, and Adobe Acrobat Reader 2020 are related to the execution of operations beyond the buffer in memory. Exploiting these vulnerabilities can allow...
The vulnerability of the Fullscreen application interface of Google Chrome’s browser allows a hacker to bypass existing security restrictions.
The vulnerability of the Fullscreen application interface of Google Chrome’s browser is related to improperly implemented security checks for standard elements. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions on the browser page through a specially...
The vulnerability in the Firefox web browser, related to writing beyond the buffer, allows attackers to access confidential data, compromise its integrity, and cause service interruptions.
The vulnerability in the Firefox web browser is related to writing beyond the buffer limit. Exploiting this vulnerability can allow a remote attacker to access confidential data, compromise its integrity, and cause service interruptions...
The vulnerability of Google Chrome’s WebRTC technology allows attackers to circumvent existing security restrictions.
The vulnerability of Google Chrome’s WebRTC technology relates to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions by using a specially crafted HTML page...
The vulnerability of the saveParentControlInfo() function in Tenda AC8 router software allows a hacker to execute arbitrary code or cause a service failure.
The vulnerability of the saveParentControlInfo function in the Tenda AC8 router’s microprogramming software is related to the issue of the operation going beyond the buffer in memory when processing the deviceId parameter. Exploiting this vulnerability allows a malicious actor to execute arbitrar...
The vulnerability of the application programming interface of Google Chrome’s File System allows a hacker to circumvent existing security restrictions.
The vulnerability of the Google Chrome browser’s application programming interface for the File System is related to improper security checks for standard elements. Exploiting this vulnerability can allow a remote attacker to circumvent existing security restrictions...