90509 matches found
The vulnerability of the QPID broker software used in the centralized lifecycle management software for Red Hat Satellite products allows a malicious actor to gain access to the QMF methods and execute arbitrary commands in a privileged mode.
The vulnerability of the QPID broker software used in the Red Hat Satellite product lifecycle management system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to gain access to the QMF methods and execute arbitrary commands in privileged mode...
The vulnerability of the S/MIME signature verification mechanism in Thunderbird’s email processing software arises from incomplete verification of digital signatures. This allows attackers to re-sign emails with a valid digital signature.
The vulnerability of the S/MIME signature verification mechanism in Thunderbird’s email processing lies in the incomplete verification of digital signatures. Exploiting this vulnerability allows an attacker to re-sign emails with a valid digital signature...
The vulnerability of the Connector/J sub-component of the MySQL Connectors component of the Oracle MySQL database management system allows a hacker to gain full control over the application.
The vulnerability of the Connector/J sub-component of the MySQL Connectors component of the Oracle MySQL database management system is related to access control deficiencies. Exploiting this vulnerability can allow an attacker to gain full control over the application using the JDBC protocol...
The vulnerability of the Cover Letter sub-component of the Oracle Content Manager component in the Oracle E-Business Suite allows a malicious actor to gain access to modify, add, or delete data.
The vulnerability of the Cover Letter sub-component of the Oracle Content Manager component in the Oracle E-Business Suite is related to lack of access control. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data using the HTTP protocol...
The vulnerability of the Core component in Oracle VM VirtualBox allows a hacker to gain full control over the application.
The vulnerability of the Core component in Oracle VM VirtualBox is related to access control deficiencies. Exploiting this vulnerability can allow an attacker to gain full control over the application...
The vulnerability in the web interface of the microprogramming software for Cisco Wireless LAN Controllers of the 5500 series allows a intruder to disclose protected information.
The vulnerability of the web interface of microprogramming software for Cisco Wireless LAN Controllers of the 5500 series arises from insufficient checking of entered URI addresses. Exploiting this vulnerability can allow a malicious actor to disclose protected information using a specially craft...
The vulnerability of the JavaScript script handler ChakraCore in Microsoft Edge browsers allows a hacker to execute arbitrary code.
The vulnerability of the JavaScript script handler ChakraCore in Microsoft Edge browsers is caused by an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created web page...
The vulnerability of the JavaScript script handler ChakraCore in Microsoft Edge browsers allows attackers to increase their privileges.
The vulnerability of the JavaScript script handler ChakraCore in Microsoft Edge browsers is caused by an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created web page...
The vulnerability of Microsoft Word’s text editor lies in memory object processing errors, which allow attackers to execute arbitrary code.
The vulnerability of Microsoft Word relates to errors in memory object handling. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary code with user privileges using a specially crafted file...
The vulnerability in the web interface of the microprogramming software for Cisco Wireless LAN Controllers of the 5500 series allows a hacker to inject arbitrary code into the uploaded web page.
The vulnerability of the web interface of microprogramming software for Cisco Wireless LAN Controllers of the 5500 series is related to insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary code into the web page via a...
The vulnerability of Junos Operating System’s Routing Protocol Daemon (RPD) allows a hacker to execute arbitrary code.
The vulnerability of the Junos operating system’s Routing Protocol Daemon RPD arises from errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending numerous specially crafted Draft-Rosen MPLS packets...
The vulnerability of Adobe Acrobat and Adobe Reader PDF viewer/editor programs, related to memory usage after memory release, allows attackers to execute arbitrary code.
The vulnerability of Adobe Acrobat and Adobe Reader PDF viewer/editor programs relates to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created PDF file...
The vulnerability of the Flash Player software platform, related to the use of memory after it is freed, allows a hacker to execute arbitrary code.
The vulnerability of the Flash Player software is related to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted document or a web page containing malicious Flash content...
The vulnerability of the Preferences component of the Oracle CRM Technical Foundation system, which allows a malicious actor to gain unauthorized access to protected data
The vulnerability of the Preferences component of the Oracle CRM Technical Foundation system relates to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected data using the HTTP protocol...
The vulnerability of the Outside In Filters component of the software development kit (SDK) provided by Outside In Technology allows a perpetrator to gain unauthorized access to protected data or cause service failures.
The vulnerability of the Outside In Filters component within the software development kit SDK of Outside In Technology is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected data or cause service failures...
The vulnerability of the `lim_send_sme_probe_req_ind` function in the Qualcomm WLAN operating system’s Android component from the CAF repository allows a hacker to escalate their privileges.
The vulnerability of the limsendsmeprobereqind function in the Qualcomm WLAN operating system’s Android component, as found in the CAF repository, is due to a buffer overflow. Exploiting this vulnerability could allow a malicious actor to gain increased privileges remotely...
The vulnerability of the `csr_update_fils_params_rso` function in the Qualcomm WLAN operating system for Android, found in the CAF file, allows a attacker to increase their privileges.
The vulnerability of the csrupdatefilsparamsrso function in the Qualcomm WLAN operating system’s Android component, found in the CAF file, is caused by a numerical overflow. Exploiting this vulnerability could allow a malicious actor to gain increased privileges remotely...
The vulnerability of Microsoft Hyper-V hardware virtualization system for Windows operating systems allows a hacker to execute arbitrary code.
The vulnerability of Microsoft Hyper-V hardware virtualization technology for Windows operating systems exists due to insufficient verification of input data. Exploiting this vulnerability can allow attackers to execute arbitrary code using specially crafted packet data vSMB...
The vulnerability of the NVBUPolicy Get request handler in NetVault Backup software allows a attacker to execute arbitrary code.
The vulnerability of the NVBUPolicy Get request handler in NetVault Backup software for data archiving and restoration is related to insufficient protection of the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability in the implementation of the WebSockets technology in Mozilla Firefox, Firefox ESR, and the Thunderbird email client allows a attacker to trigger a service failure.
The vulnerability in the implementation of the WebSockets technology in Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to the use of memory after deallocation. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of the MediaServer.exe executable of the ALLPlayer/ALLMediaServer DLNA server allows a hacker to execute arbitrary code or cause a service failure.
The vulnerability of the MediaServer.exe executable of the DLNA server ALLPlayer ALLMediaServer is caused by buffer overflow. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a service failure by sending a specially crafted string to the TCP port 888...
The vulnerability of JavaScript ChakraCore’s kernel, related to incorrect handling of objects in memory, allows attackers to execute arbitrary code.
The vulnerability of the JavaScript ChakraCore kernel is related to incorrect handling of objects in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code with the privileges of the current user...
The vulnerability of the “ping.cgi” script in the embedded software of the NetCommWireless HSPA 3G10WVE router allows a hacker to execute arbitrary commands.
The vulnerability of the “ping.cgi” script in the embedded software of the NetCommWireless HSPA 3G10WVE router is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands using the “DIAIPADDRESS” parameter, by...
The vulnerability of the G-Cam/EFD-2250 IP camera’s microprogramming software lies in the improper elimination of certain elements in the data request logic, allowing a intruder to execute arbitrary code.
The vulnerability of the G-Cam/EFD-2250 IP camera’s microprogramming software is related to improper elimination of certain elements in the data query logic. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to the operating system with root privileges...
The vulnerability in the enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py script of the WebAdmin plugin allows a malicious user to execute arbitrary commands on the operating system.
The vulnerability in the enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py script of the WebAdmin plugin exists due to the failure to eliminate special elements used in the operating system command. Exploiting this vulnerability allows a malicious actor to execute arbitrary operating...
The vulnerability of the OpenSUSE operating system, related to improper code generation management, allows attackers to inject arbitrary code.
The vulnerability of the OpenSUSE operating system is related to improper code generation management. Exploiting this vulnerability allows a malicious actor to inject arbitrary code during the execution of certain services, using the built-in version 2.1 service...
The vulnerability of the Calc and Writer components of the LibreOffice office software suite, which allows a hacker to disclose protected information
The vulnerability of the LibreOffice office software package is related to improper handling of opened files. Exploiting this vulnerability allows an attacker to disclose protected information using a specially crafted file...
The vulnerability of the Android CAF-release operating system, caused by the operation going beyond buffer boundaries in memory, allows a hacker to trigger a memory leak.
The vulnerability of the Android CAF-release operating system arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to trigger a memory leak when a connection is denied for the clientHello message, which is a cryptographi...
The vulnerability of the Cisco IOS operating system, which arises from the lack of initialization for variables, allowing attackers to trigger a service failure.
The vulnerability of the Cisco IOS operating system is related to the absence of initialization for variables. Exploiting this vulnerability allows a malicious actor, operating remotely, to cause service failures such as waste of computing resources, resetting of watchdog timers, and system...
The vulnerability of the ReadPESImage function in the coder/pes.c file of the console image editing tool ImageMagick allows a hacker to cause a service failure.
The vulnerability of the ReadPESImage function in the coder/pes.c file of the console image editing tool ImageMagick arises from the execution of an operation outside the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to cause a service failure related to...
The vulnerability of the ReadOneMNGImage function in the console-based ImageMagick graphics editor allows a hacker to cause a service failure.
The vulnerability of the ReadOneMNGImage function in the console-based ImageMagick graphics editor is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause a service failure resource consumption by the computer. Th...
The vulnerability of the Simple Network Management Protocol (SNMP) subsystem of the Cisco IOS operating system, which allows a hacker to inject code or trigger a system reboot.
Many vulnerabilities in the Simple Network Management Protocol SNMP subsystem of the Cisco IOS operating system are caused by buffer overflows. Exploitation of these vulnerabilities allows a malicious actor to inject code into the system or cause it to restart by sending specially created SNMP...
The vulnerability of the Intel Graphics Driver component in the Mac OS X operating system allows a hacker to trigger a service failure or execute arbitrary code in a privileged context.
The vulnerability of the Intel Graphics Driver for the Mac OS X operating system arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in privileged context or cause a service failure memory...
The vulnerability of the FlexNet Publisher software management tool allows a perpetrator to execute arbitrary code.
The vulnerability of the FlexNet Publisher license management software arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary code with system privileges...
The vulnerability of the grant-table component in the Xen hypervisor allows a perpetrator to obtain confidential information or enhance their privileges.
The vulnerability of the grant-table component in the Xen hypervisor is related to incorrect handling of information regarding certain simultaneous unmap calls. Exploiting this vulnerability can allow a malicious actor, operating remotely, to obtain confidential information or enhance their...
The vulnerability of the MPEG-4 AVC software platform, Flash Player, allows attackers to execute arbitrary code.
The vulnerability of the MPEG-4 AVC software platform, Flash Player, arises from an operation that occurs outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code memory corruption remotely...
The vulnerability of the Android operating system’s Mediaserver service allows a hacker to cause memory corruption during the use of media files or other data.
The vulnerability of the Android operating system’s Mediaserver service arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to inject arbitrary code using a specially created file, which can cause memory corruption duri...
The vulnerability of the libvpx library in the Mediaserver application of the Android operating system allows a hacker to cause a service failure, device freezing, and reloading of the device.
The vulnerability of the libvpx library in the Mediaserver application of the Android operating system is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to cause service failures, device freezes, and reboots by using a specially created file...
The vulnerability of the FFmpeg multimedia library, which allows a hacker to perform recording beyond the memory limit
The vulnerability of the FFmpeg multimedia library arises from an overflow in the buffer in the dynamic memory. Exploiting this vulnerability allows a malicious actor to perform write operations beyond the memory boundaries, related to the function ipvideodecodeblockopcode0xA in...
The vulnerability of the FFmpeg multimedia library, which allows a hacker to perform recording beyond the memory limit
The vulnerability of the FFmpeg multimedia library arises from an overflow in the buffer in the dynamic memory. Exploiting this vulnerability allows a malicious actor to perform write operations beyond the memory boundaries, related to the decodeframecommon function in libavcodec/pngdec.c...
The vulnerability of the Qualcomm Wi-Fi driver for the Android operating system allows a hacker to execute arbitrary code.
The vulnerability of Qualcomm Wi-Fi driver in the Android operating system is related to deficiencies in access control. Exploiting this vulnerability allows a remote attacker to execute arbitrary malicious code within the kernel context. This issue is considered “high” because it requires...
The vulnerability of the Linux operating system’s DRM driver allows a violator to trigger a service failure or exert other effects.
The vulnerability of the vc4getbcl function in the VideoCore DRM driver for the Linux operating system is due to a numerical overflow. Exploiting this vulnerability could allow an attacker, operating locally, to cause a service failure or other adverse effects through a specially crafted call to...
The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code
The vulnerability of the HTC OEM fastboot Android operating system is related to deficiencies in access control for certain functions. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the Sensor Hub special process, using a local malware applicati...
The vulnerability of the iOS operating system and the Safari browser allows attackers to trigger a service failure or execute arbitrary code.
The vulnerability of the WebKit component of the iOS operating system and the Safari browser arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a service failure memory corruption,...
The vulnerability of the iOS operating system and the Safari browser allows a perpetrator to trigger a service failure or execute arbitrary code.
The vulnerability of the WebKit component of the iOS operating system and the Safari browser arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a service failure memory corruption,...
The vulnerability of the OpenBSD operating system, which allows a hacker to trigger a service failure
The vulnerability of the OpenBSD operating system exists due to insufficient checks on input data. Exploiting this vulnerability allows a person with privileged mounting functions, who operates locally, to cause a service failure a kernel crash by mounting a temporary file system with values of 1...
The vulnerability of the Windows operating system, which allows a hacker to increase their privileges
The vulnerability of the Graphical Device Interface GDI in the Windows operating system is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker, operating locally, to enhance their privileges through a specially created application...
The vulnerability of the Internet Explorer browser allows a perpetrator to obtain confidential information from the process’s memory, cause a service failure, or have other effects on the system.
The vulnerability of the Internet Explorer browser is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to obtain confidential information from the process memory, cause service failures, or otherwise affect the syst...
The vulnerability of the console-based graphic editor ImageMagick, which allows a hacker to trigger a service failure or cause other effects.
The vulnerability of the coders/tiff.c component in the console-based graphic editor ImageMagick arises due to buffer overflow. Exploiting this vulnerability can allow an attacker to cause a service failure or other effects such as the termination of the application by using a specially created...
The vulnerability of the Windows operating system allows a perpetrator to obtain confidential information from the process memory.
The vulnerability of the Uniscribe component of the Windows operating system is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor, acting remotely, to obtain confidential information from the process’s memory through a specially crafted web...