90336 matches found
The vulnerability of the “Estimate and Actual Charges” component of the Oracle Depot Repair automation software allows a intruder to gain unauthorized access to protected information.
The vulnerability of the “Estimate and Actual Charges” component of the Oracle Depot Repair automation software is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information through the...
The vulnerability of the wfst_run application, which is part of the speech-tools speech recognition system, allows a violator to cause a service failure.
The vulnerability of the wfstrun application, which is part of the speech-tools speech recognition system, is related to overflow errors in the command line processing. Exploiting this vulnerability can allow an attacker to cause a service failure by submitting commands with specially crafted...
The vulnerability of the LIGO! Soft Comfort software, related to access control errors, allows a intruder to execute arbitrary code.
The vulnerability of the LOGO! Soft Comfort development software is related to access control errors. Exploiting this vulnerability allows a remote attacker to execute arbitrary code upon opening a specially crafted project...
The vulnerability of the Dr.Web Enterprise Security Suite antivirus protection, related to errors in processing the relative path to the directory, allows a hacker to execute arbitrary code.
The vulnerability of the Dr.Web Enterprise Security Suite antivirus protection lies in errors in processing the relative path to the catalog during the export of repository content into an archive. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on the server by...
The vulnerability of the `cscfg_load_config_sets()` function in the Linux operating system’s kernel, which allows a hacker to trigger a service failure
The vulnerability of the cscfgloadconfigsets function in the Linux operating system kernel arises from a race condition. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the Azure OpenAI cloud platform, related to insufficient validation of incoming requests, allows a hacker to escalate their privileges.
The vulnerability of the Azure OpenAI cloud platform is related to insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...
The vulnerability of the gf_ac4parser_bs function in the MP4Box multimedia platform of GPAC allows a hacker to cause a service failure or execute arbitrary code.
The vulnerability of the gfac4parserbs function in the MP4Box utility of the GPAC multimedia platform is related to the assignment of a zero pointer. Exploiting this vulnerability can allow an attacker to cause a service failure or execute arbitrary code...
The vulnerability of the FreeScout support service management system, related to deficiencies in the deserialization mechanism, allows a hacker to gain unauthorized access and execute arbitrary code.
The vulnerability of the FreeScout support service management system is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow a remote attacker to gain unauthorized access and execute arbitrary code on the application server...
The vulnerability in the arch/x86/kernel/apic/io_apic.c module of the Linux operating system allows a hacker to cause a service failure.
The vulnerability in the arch/x86/kernel/apic/ioapic.c module of the Linux operating system is related to resource management errors. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the br_vlan_tunnel_lookup() function in the net/bridge/br_vlan_tunnel.c module, a component of the Linux kernel’s networking functions, allows a hacker to trigger a service failure.
The vulnerability of the brvlantunnellookup function in the net/bridge/brvlantunnel.c module, which is part of the Linux kernel’s networking functions, is related to the use of a NULL pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the “Termide Virtual Desktops Connection Monitor” software agent, which stems from the failure to implement protective measures for the request structure, allows attackers to enhance their privileges.
The vulnerability of the “Termide Virtual Desktops Connection Monitor” software agent is related to the lack of protective measures for the request structure. Exploiting this vulnerability can allow attackers to enhance their privileges by using specially crafted authorized HTTP requests...
The vulnerabilities of MobileHMI and IoTWorX Visualizer SCADA systems from GENESIS64 allow a intruder to gain unauthorized access to protected information.
The vulnerability of MobileHMI and IoTWorX Visualizer SCADA systems from GENESIS64 is related to incorrect restrictions on the path name to the restricted-access catalog. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...
The vulnerability of the Framework component of the Android operating system, which allows a hacker to increase their privileges
The vulnerability of the Framework component in the Android operating system relates to the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the SCADA system Pult.online, related to insufficient restrictions on authentication attempts, allows a perpetrator to carry out an attack using brute-force methods.
The vulnerability of the SCADA system Pult.online is related to insufficient restrictions on authentication attempts. Exploiting this vulnerability allows a malicious actor operating remotely to carry out an attack using brute-force methods...
Vulnerabilities of the hci_cmd_sync_queue(), hci_le_terminate_big(), or hci_le_big_terminate() functions in the Linux operating system, allowing attackers to cause service failures
The vulnerabilities of the hcicmdsyncqueue, hcileterminatebig, or hcilebigterminate functions in the Linux operating system are related to memory leaks. Exploiting these vulnerabilities can allow an attacker to cause a service failure...
The vulnerability of VideoGrace video conference software, related to insufficient validation of input data, allows a perpetrator to cause service failures.
The vulnerability of VideoGrace video conferencing software is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures...
The vulnerability of the web_stp_globalSetting_post() function in the microprogramming software of PLANET Technology allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the webstpglobalSettingpost function in PLANET Technology’s microcontroller software lies in the issue of the operation exceeding the buffer boundaries in memory when processing the stpconfname parameter. Exploiting this vulnerability allows an attacker to compromise the...
The vulnerability of the setOption function in the vConsole software package, which allows a hacker to execute a “prototype contamination” attack.
The vulnerability of the setOption function in the vConsole software package is related to unregulated changes to object prototypes’ attributes. Exploiting this vulnerability could allow a malicious actor to execute a “prototype pollution” attack remotely...
The vulnerability of the E-Staff automated recruitment process system, related to data filtering errors, allows a violator to compromise the integrity of the protected information.
The vulnerability of the E-Staff recruitment process automation system is related to errors in data filtering. Exploiting this vulnerability could allow a malicious actor, operating remotely, to compromise the integrity of the protected information...
The vulnerability of the Ivanti Connect Secure access control tool, related to reading data outside the buffer in memory, allows a intruder to execute arbitrary code.
The vulnerability of the Ivanti Connect Secure access control tool lies in the reading of data outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the i2c component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the i2c component in the Linux operating system’s kernel is related to improper locking mechanisms. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of Microsoft On-Premises Data Gateway local servers, related to incorrect authentication, allows attackers to disclose protected information.
The vulnerability of the Microsoft On-Premises Data Gateway local database is related to incorrect authentication. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose protected information...
The vulnerability of the software for developing and executing applications in the ABAP language on the SAP NetWeaver Application Server ABAP lies in the improper assignment of permissions to critical resources. This allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
Vulnerabilities in the software used for developing and executing applications in the ABAP language of SAP NetWeaver Application Server ABAP are related to the improper assignment of permissions to critical resources. Exploiting these vulnerabilities can allow attackers, operating remotely, to...
The vulnerability of the user console of the Avanpost IDM system, related to the use of dangerous methods or functions, allows a violator to execute arbitrary code.
The vulnerability of the user console of the Avanpost IDM system is related to the use of dangerous methods or functions. Exploiting this vulnerability may allow a malicious actor to execute arbitrary code remotely...
The vulnerability of Flask’s CORS storage library in Python PyPi products allows attackers to circumvent existing security restrictions.
The vulnerability of Flask’s CORS storage library in Python PyPi products is related to incorrect handling of logical operations. Exploiting this vulnerability allows an attacker to bypass existing security restrictions remotely, leading to unexpected implementation of CORS policies...
The vulnerability of the universal monitoring system Zabbix, related to the replacement of an unreliable indicator, allows a intruder to execute arbitrary code.
The vulnerability of the Zabbix universal monitoring system lies in the ability to directly modify memory pointers in the JavaScript engine. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the PHP framework Laravel, related to insufficient protection of operational data, allows attackers to gain unauthorized access to protected information.
The vulnerability of the PHP framework Laravel is related to insufficient protection of sensitive data during the processing of the laravel.log file storage/logs/laravel.log. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of the Substance 3D Sampler software for creating textures and materials for 3D models lies in the ability to write data beyond the buffer boundaries in memory, allowing an attacker to execute arbitrary code.
The vulnerability of the Substance 3D Sampler software for creating textures and materials for 3D models lies in the writing of data beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created file...
The vulnerability of the application programming interface for the declarative delivery tool for GitOps for Kubernetes Argo CD lies in authentication errors, which allow a perpetrator to bypass established access controls.
The vulnerability of the application programming interface for the declarative delivery tool of GitOps for Kubernetes Argo CD is related to authentication errors. Exploiting this vulnerability allows a malicious actor to bypass established access controls...
The vulnerability of the Mat_VarReadNextInfo5 function in the mat5.c library for reading and writing MATLAB MATIO files allows a hacker to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the MatVarReadNextInfo5 function in the mat5.c library for reading and writing MATLAB MATIO files is related to integer overflow. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures...
The vulnerability of the Dallas Lock Linux event registration subsystem, related to memory release errors, allows a intruder to trigger a service failure on the workstation.
The vulnerability of the Dallas Lock Linux event registration subsystem is related to memory release errors. Exploiting this vulnerability can allow an attacker to cause a system failure by injecting a specially created executable script into the operating system...
The vulnerability of the database update module of the WorkFlow system in the Engineering Data Management and Product Lifecycle Management system LOCMAN:PLM lies in the possibility of unlimited loading of dangerous files, allowing attackers to execute arbitrary code.
The vulnerability of the database update module of the LOCsman:PLM engineering data and product lifecycle management system is related to the unlimited loading of dangerous files. Exploiting this vulnerability can allow an attacker to execute arbitrary code by replacing the dll library version.dl...
The vulnerability of the web interface of the microprogramming software for the Advantech BB-ERT351 network router allows a hacker to disclose passwords of network services.
The vulnerability of the web interface of the Advantech BB-ERT351 network router lies in the absence of a mechanism for masking passwords when they are displayed in the web interface. Exploiting this vulnerability can allow an attacker to disclose passwords from network services such as PPTP and...
The vulnerability of the Java VM component of the Oracle Database Server database management system allows attackers to compromise the integrity of the protected information.
The vulnerability of the Java VM component of the Oracle Database Server management system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to compromise the integrity of the protected information...
The vulnerability of Google Chrome relates to improper control of resources throughout their lifecycle. This allows attackers to gain access to confidential data, compromise its integrity, and cause service interruptions.
The vulnerability of Google Chrome relates to improper control over the resource throughout its lifecycle. Exploiting this vulnerability can allow a remote attacker to gain access to confidential data, compromise their integrity, and cause service failures...
The vulnerability of the Cisco Fabric Services component of the Cisco NX-OS operating system, which allows a intruder to trigger a service failure.
The vulnerability of the Cisco Fabric Services component of the Cisco NX-OS operating system is related to errors in processing TCP packets. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of the FortiOS operating system, related to access control errors, allows a perpetrator to read and write data in the memory loading sector.
The vulnerability of the FortiOS operating system is related to access control errors. Exploiting this vulnerability allows a person with administrator privileges to read and write data in the memory load sector...
Multiple vulnerabilities in the configuration function of the administrative graphical interface of Cisco Wireless LAN Controller software allow a malicious individual to cause service failures.
Multiple vulnerabilities exist in the configuration function of the administrative graphical interface of Cisco Wireless LAN Controller microprogramming system. These vulnerabilities arise due to insufficient validation of input data. Exploitation of these vulnerabilities could allow a malicious...
The vulnerability of the FFmpeg multimedia library, which allows a hacker to perform recording beyond the memory limit
The vulnerability of the FFmpeg multimedia library arises from an overflow in the buffer in the dynamic memory. Exploiting this vulnerability allows a malicious actor to perform write operations beyond the memory boundaries, related to the function ffh264SliceContextInit in libavcodec/h264dec.c...
The vulnerability of the Adobe Experience Manager content and media data management system lies in the insufficient protection of the website structure, allowing attackers to execute arbitrary code.
The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the setDiagnosisCfg() function in the cstecgi.cgi script of the mesh-system TOTOLink T6 software allows a intruder to execute arbitrary code.
The vulnerability of the setDiagnosisCfg function in the cstecgi.cgi script of the mesh-system TOTOLink T6 software is related to the issue of the operation exceeding the buffer boundaries in memory when processing the ip parameter. Exploiting this vulnerability allows a remote attacker to execut...
The vulnerability of software for accessing analytics and planning tools in the IBM Analytics Content Hub, related to the disclosure of information through source code, allows a perpetrator to disclose protected information.
The vulnerability of the software for accessing analytics and planning tools in the IBM Analytics Content Hub is related to the disclosure of information through the source code. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...
The vulnerability of the online platform GarminConnect, related to the lack of measures taken to protect the SQL query structure, allows a perpetrator to access protected information.
The vulnerability of the online platform GarminConnect relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability could allow an attacker to access protected information...
The vulnerability of the pageattr.c component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the pageattr.c component in the Linux operating system’s kernel is related to the use of blocking code in a single-threaded, non-blocking context. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the SQL concat_ws() function in the SQLite database management system, allowing a hacker to cause a service failure
The vulnerability of the SQL concatws function in the SQLite database management system is related to integer overflow. Exploiting this vulnerability could allow an attacker to cause a service failure through the malloc parameter...
The vulnerability of the /cgi-bin/ExportIbmsConfig.sh file, a component of the IBMS Configuration File Handler microprogramming system for TOTOLINK A3000RU routers, allows a hacker to trigger a service failure.
The vulnerability of the /cgi-bin/ExportIbmsConfig.sh file, a component of the IBMS Configuration File Handler microprogramming system for TOTOLINK A3000RU routers, is related to access control deficiencies. Exploiting this vulnerability could allow an attacker to cause service interruptions...
The vulnerability of the Solar appScreener platform, which stems from insufficient verification of incoming requests, allows a hacker to execute an SSRF attack.
The vulnerability of the Solar appScreener platform is related to insufficient verification of incoming requests. Exploiting this vulnerability could allow a remote attacker to execute an SSRF attack...
Vulnerability of the Server component: The Optimizer component of the MySQL Server database management system, which allows a hacker to cause a service failure.
The vulnerability of the MySQL Server component of the database management system involves the improper assignment of permissions to a critical resource. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...
The vulnerability of the PHP library TCPDF, related to incorrect pathname restrictions for restricted access directories, allows attackers to gain unauthorized access to protected information.
The vulnerability of the PHP library TCPDF lies in the incorrect path limitation for the access to the restricted directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the E-Staff automation system for recruitment processes is related to errors in data filtering when obtaining information about the target. This allows a violator to gain unauthorized access to protected information.
The vulnerability of the E-Staff recruitment process automation system is related to errors in data filtering when obtaining information about the target. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...