90509 matches found
The vulnerability of the cachekey plugin in the Apache Traffic Server web server allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the cachekey plugin in the Apache Traffic Server web server arises from an operation that occurs outside the buffer limits of the stack. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected...
The vulnerability of the writeTileData function in the OpenEXR library, related to writing beyond the buffer boundary, allows a attacker to cause a service failure.
The vulnerability of the writeTileData function in the OpenEXR library lies in the issue of writing beyond the buffer boundaries. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
The vulnerability of the MagickCore/visual-effects.c file, a set of programs for reading and editing ImageMagisk files, arises from the lack of zero-division checking. This allows an attacker to trigger a service failure.
The vulnerability of the MagickCore/visual-effects.c file, a set of programs for reading and editing ImageMagisk files, is related to the lack of checks for division by zero. Exploiting this vulnerability could allow an attacker to cause service interruptions...
The vulnerability of Google Chrome’s V8 engine, related to the execution of operations beyond the buffer in memory, allows attackers to access confidential information or cause service failures.
The vulnerability of Google Chrome’s V8 engine is related to insufficient input validation. Exploiting this vulnerability can allow an attacker to access confidential information or cause service failures...
The vulnerability of the Mozilla Thunderbird email client, related to insufficient validation of input data, allows a hacker to execute arbitrary code.
The vulnerability of Mozilla Thunderbird’s email client is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in an MITM Man-In-The-Middle scenario by sending an arbitrary IMAP command...
The vulnerability of several functions in libscp_v0.c allows an attacker to access confidential information or cause service failures, due to buffer overflows in the stack of the RDP server xrdp.
The vulnerability of several functions in libscpv0.c affects the RDP server xrdp. It involves buffer overflow in the data stack buffer. Exploiting this vulnerability can allow an attacker to access confidential information or cause service failures...
The vulnerability of the Archive_Tar class in the PHP classes library of PEAR allows a attacker to overwrite protected files.
The vulnerability of the ArchiveTar class in the PHP classes library of PEAR is related to insufficient cleaning of special elements in the output data used by the incoming component. Exploiting this vulnerability could allow an attacker to overwrite protected files by using a specially crafted...
The vulnerability of the WriteSGIImage function in the console-based image editing tool ImageMagick, related to writing beyond buffer boundaries, allows attackers to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the WriteSGIImage function in the console-based image editing tool ImageMagick is related to the execution of operations that exceed the allowable buffer data size. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its...
The vulnerability of the ReadBMPImage function in the coders/bmp.c component of the console image editing tool ImageMagick, related to infinite loop execution, allows attackers to cause a service failure.
The vulnerability of the ReadBMPImage function in the coders/bmp.c component of the ImageMagick console graphics editor is related to the infinite execution of a loop. Exploiting this vulnerability allows an attacker to cause a service failure by using a specially created BMP file...
The vulnerability of the MagickCore/resize.c component of the console-based image editing tool ImageMagick, related to division by zero, allows a hacker to cause a service failure.
The vulnerability of the MagickCore/resize.c component in the console-based image editing tool ImageMagick is related to division by zero. Exploiting this vulnerability allows a remote attacker to cause a service failure using a specially created file...
Microsoft Edge’s browser vulnerability, related to security mechanism flaws, allows attackers to escalate their privileges.
The vulnerability of Microsoft Edge is related to security flaws in its mechanisms. Exploiting this vulnerability can allow a malicious actor to gain increased privileges...
The vulnerability of the K2dobj.dl library of the COMPAS-3D 3D modeling system, related to the execution of operations outside the buffer boundaries in memory, allows attackers to cause system failures.
The vulnerability of the K2dobj.dl library in the KOMPAS-3D 3D modeling system is related to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability can allow attackers to cause a service failure using a specially crafted CDW format file...
The vulnerability of the ksys2.dll library in the KOMPAS-3D 3D modeling system, which is related to the execution of operations outside the buffer in memory, allows a hacker to cause a service failure.
The vulnerability of the ksys2.dll library in the KOMPAS-3D three-dimensional modeling system is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker to cause a service failure using a specially crafted CDW format file...
Vulnerability of the Windows Media Foundation Core component in Microsoft Windows operating systems, allowing attackers to execute arbitrary code
The vulnerability of the Windows Media Foundation Core component in Microsoft Windows operating systems is related to improper code generation. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the Bill Issues component of the Oracle Bills of Material application in the Oracle E-Business Suite allows a malicious individual to gain access to modify, add, or delete data, as well as to unauthorizedly access protected information.
The vulnerability of the Bill Issues component of the Oracle Bills of Material application within the Oracle E-Business Suite is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data, as well as gain...
The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to gain unauthorized access to protected information.
The vulnerability of the Core component of the Oracle VM VirtualBox software lies in insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers allows attackers to execute arbitrary code.
The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers is related to buffer overflow attacks. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
The vulnerability of the Shopping Cart component in the Oracle iStore system, which is used for creating, managing, and personalizing online stores, allows a hacker to gain access to modify, add, or delete data, or to gain full control over the application.
The vulnerability of the Shopping Cart component in the Oracle iStore system, which is used for creating, managing, and personalizing online stores, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain access to modify, add, or delete data, o...
The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to gain unauthorized access to protected information.
The vulnerability of the Core component of the Oracle VM VirtualBox software lies in insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of Microprogramming Software for Cisco Adaptive Security Appliance Software (ASA) and Cisco Firepower Threat Defense (FTD) relates to writing beyond the buffer boundaries, allowing attackers to trigger a system reboot or cause service failure.
The vulnerability of Microprogrammed Network Interface Software of Cisco Adaptive Security Appliance Software ASA and Cisco Firepower Threat Defense FTD is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow a malicious actor to trigger a system reboot or caus...
The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers allows attackers to execute arbitrary code.
The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers relates to access to resources through incompatible types. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the dockerd daemon, a deployment and application management automation tool in Docker-enabled environments, relates to a resource consumption control mechanism error. This vulnerability allows attackers to trigger service failures.
The vulnerability of the dockerd daemon, a tool for automating the deployment and management of applications in Docker containerized environments, is related to improper handling of the image manifest file. Exploiting this vulnerability allows an attacker to cause service interruptions...
The vulnerability of the Node.js software platform, related to the presence of localhost6 in the white list, allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the Node.js software platform is related to the presence of localhost6 in the white list. Exploiting this vulnerability allows a remote attacker to access confidential data, compromise its integrity, and cause service failures...
The vulnerability of the IPv6 implementation of the Cisco NX-OS network operating system for Cisco routers allows a attacker to cause a service failure.
The vulnerability of the IPv6 implementation of the Cisco NX-OS network operating system’s Cisco routers is related to a memory release error. Exploiting this vulnerability could allow a malicious actor to cause service failure remotely...
The vulnerability of the installation file FortiClientEMSOnlineInstaller.exe of the Fortinet FortiClient Enterprise Management Server (EMS) allows a perpetrator to execute arbitrary code.
The vulnerability of the installation file FortiClientEMSOnlineInstaller.exe of the Fortinet FortiClient Enterprise Management Server EMS server is related to errors in the path validation mechanism. Exploiting this vulnerability could allow an attacker to execute arbitrary code using specially...
The vulnerability in the web interface of the Cisco Unified Communications Manager IM & Presence Service allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Cisco Unified Communications Manager IM & Presence Service web interface is related to input validation errors. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...
The vulnerability of Microsoft Azure Kubernetes operating system allows a hacker to gain unauthorized access to protected information.
The vulnerability of Microsoft Azure Kubernetes operating system-related to Windows is related to information disclosure. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information through a specially crafted IMDS request...
The vulnerability of the SSL/TLS module of Cisco Adaptive Security Appliance’s network firewall allows a attacker to cause a service failure.
The vulnerability of the SSL/TLS module of the Cisco Adaptive Security Appliance software lies in errors during initialization of pointers. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
The vulnerability of the Microsoft .NET Framework software, related to errors in memory object handling, allows an attacker to gain unauthorized access to protected information.
The vulnerability of the Microsoft .NET Framework software platform is related to errors in object handling in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of the Windows Codecs Library component in Windows operating systems allows a hacker to execute arbitrary code.
The vulnerability of the Windows Codecs Library component in Windows operating systems is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the Helm package manager exists due to an incorrect restriction on the path name to the restricted access catalog. This allows a malicious actor to unpack the files from the diagram archive outside of the target directory.
The vulnerability of the Helm package manager exists due to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability allows a malicious actor to unpack the diagram archive files outside of the target directory using commands like “helm fetch --untar” an...
The vulnerability of the Windows Backup Service allows attackers to exploit their privileges.
The vulnerability of the Windows Backup Service in Microsoft Windows operating systems is related to errors in memory object handling. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the Blink rendering module in Google Chrome browsers allows a hacker to gain access to confidential data, compromise its integrity, and cause service interruptions.
The vulnerability of Google Chrome’s Blink rendering module relates to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and even cause service failures through a specially created HTML page...
The vulnerability of the memcpy function in the glibc library, which allows a hacker to execute arbitrary code in the context of a privileged process
The vulnerability of the memcpy function in the glibc library arises from an operation that occurs outside the buffer boundaries. Exploiting this vulnerability allows a remote attacker to execute arbitrary code within the privileged process context...
The vulnerability of the Core component of the Oracle VM VirtualBox software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Core component of the Oracle VM VirtualBox software relates to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...
The vulnerability of the Segment component in the Oracle Retail Customer Management and Segmentation software application allows a hacker to gain access to modify, add, or delete data, or to unauthorizedly access protected information.
The vulnerability of the Segment component in Oracle Retail Customer Management and Segmentation Foundation software relates to insufficient validation of input data. Exploiting this vulnerability can allow an attacker operating remotely to modify, add, or delete data, or gain unauthorized access...
Vulnerability of the Microsoft Graphics component in the Windows operating system, allowing a hacker to execute arbitrary code
The vulnerability of the Microsoft Graphics component in the Windows operating system relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially crafted file...
The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, and Adobe Acrobat 2015/Reader 2015 involve reading beyond the buffer in memory, allowing attackers to gain unauthorized access to protected information.
The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, and Adobe Acrobat 2015 are related to reading data beyond the buffer in memory. Exploiting these vulnerabilities can...
The vulnerabilities of PDF viewing and editing programs like Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, and Adobe Acrobat Reader 2017 are related to writing data beyond the buffer in memory, allowing attackers to execute arbitrary code in the context of the current user.
The vulnerability of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, and Adobe Acrobat 2015 is related to data writing beyond the buffer boundaries in memory. Exploiting this vulnerability...
The vulnerability of the gf_text_get_utf8_line function in the multimedia platform GPAC, related to writing beyond buffer boundaries, allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the gftextgetutf8line function on the multimedia platform GPAC is related to writing beyond the buffer boundaries. Exploiting this vulnerability could allow attackers to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of Adobe Audition for Windows and macOS, related to recording beyond buffer boundaries in memory, allows a hacker to execute arbitrary code.
The vulnerability of Adobe Audition for Windows and macOS lies in the recording of data beyond the buffer limits in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code in the context of the current user...
The vulnerability of the Windows Update Stack component allows attackers to enhance their privileges.
The vulnerability of the Windows Update Stack component in Windows operating systems is related to errors in memory object handling. Exploiting this vulnerability can allow an attacker to enhance their privileges through a specially created application...
The vulnerability of the Microsoft Windows Graphics component in Windows operating systems allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Microsoft Windows Graphics subsystem in Windows operating systems is related to errors in object handling in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information through a specially created application...
Vulnerabilities of Microsoft Visio graphic editors, Microsoft Excel electronic spreadsheet editors, Microsoft PowerPoint presentation creation software, Microsoft Word text editors, the Microsoft Office and Office 365 software suite, Microsoft Outlook email client, Microsoft Publisher publishing software, Microsoft Project project management software, Microsoft Access database management systems. These vulnerabilities are related to insufficient input validation, allowing attackers to execute arbitrary code.
The vulnerabilities of Microsoft Visio, a graphic editor; Microsoft Excel, an electronic spreadsheet editor; Microsoft PowerPoint, a presentation software; Microsoft Word, a text editor; the Microsoft Office and Office 365 software suite; Microsoft Outlook, a mail client; Microsoft Publisher,...
The vulnerability of the HTMLParser module from django.utils.html.strip_tags in the Django web development framework allows a attacker to cause a denial-of-service attack.
The vulnerability of the HTMLParser module in django.utils.html.striptags of the Django web development framework is related to a slow evaluation of large input data, which contain large sequences of incomplete HTML objects. Exploiting this vulnerability may allow an attacker to cause service...
The vulnerability of the Blink web browser component in Google Chrome, which allows a hacker to compromise data integrity
The vulnerability of the Blink web browser component in Google Chrome is related to the lack of a mechanism for checking input data. Exploiting this vulnerability allows an attacker to affect data integrity through a specially created HTML page...
The vulnerability of the serialization mechanism in Firefox web browsers, Firefox ESR, and the Thunderbird email client arises from the lack of checks on the size of input data when using buffers. This allows attackers to gain unauthorized access to confidential data, cause service failures, and compromise data integrity.
The vulnerability of the serialization mechanism in Firefox web browsers, Firefox ESR, and the Thunderbird email client is related to the lack of checks on the size of input data when using buffers. Exploiting this vulnerability can allow an attacker to gain unauthorized access to confidential...
The vulnerability in HMI/SCADA Equinox Control Expert, related to the failure to protect the SQL query structure, allows a intruder to gain unauthorized access to protected information.
The vulnerability in HMI/SCADA Equinox Control Expert relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information by sending specially crafted SQL queries to the database...
The vulnerability of the cfg80211_mgd_wext_giwessid function (net/wireless/wext-sme.c) in the Linux kernel allows a hacker to execute arbitrary code or cause a service failure.
The vulnerability of the cfg80211mgdwextgiwessid function in the Linux kernel’s net/wireless/wext-sme.c file is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code or cause service...
The vulnerability of Intel Active Management Technology’s microprogramming software, related to insufficient validation of input data, allows attackers to execute cross-site scripting (XSS) attacks.
The vulnerability of Intel Active Management Technology’s microprogramming software is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute cross-site scripting XSS attacks...