90509 matches found
The vulnerability of the Linux operating system’s Bluetooth kernel component, which allows a hacker to trigger a service failure
The vulnerability of the Linux operating system’s Bluetooth kernel component is related to improper locking of resources. Exploiting this vulnerability can allow a hacker to cause a service failure...
The vulnerability of the Ivanti Connect Secure access control tool, related to reading data outside the buffer in memory, allows a intruder to execute arbitrary code.
The vulnerability of the Ivanti Connect Secure access control tool lies in the reading of data outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Resilient File System (ReFS) Deduplication Service in Windows operating systems allows a hacker to increase their privileges.
The vulnerability of the Resilient File System ReFS Deduplication Service in Windows operating systems is related to a memory reclamation error. Exploiting this vulnerability can allow an attacker to gain increased privileges...
The vulnerability of the software for creating and managing graphical user interfaces for Rockwell Automation FactoryTalk View Machine Edition industrial devices lies in the lack of measures taken to neutralize special elements used in the operating system’s commands. This allows a perpetrator to execute arbitrary code.
The vulnerability of the software for creating and managing graphical user interfaces on Rockwell Automation’s FactoryTalk View Machine Edition devices is related to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability ca...
The vulnerability of the Squid proxy server, related to errors in processing input data, allows a hacker to cause a service failure.
The vulnerability of the Squid proxy server is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to cause service interruptions by sending specially crafted ESI packets...
The vulnerability of the IBM QRadar SIEM system for event collection and analysis, related to the disclosure of protected information, allows attackers to gain unauthorized access to confidential data.
The vulnerability of the IBM QRadar SIEM event collection and analysis system is related to the disclosure of protected information. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the IBM InfoSphere Information Server software platform, related to the manipulation of cross-site requests, allows a perpetrator to carry out a CSRF attack.
The vulnerability of the IBM InfoSphere Information Server software integration platform is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to execute a CSRF attack remotely...
The vulnerabilities of the operating systems of network storage devices My Cloud OS, cloud storage services My Cloud Home, and My Cloud Home Duo, as well as SanDisk iBI, are related to uncontrolled resource consumption. This allows attackers to cause service interruptions.
The vulnerabilities of the My Cloud OS, My Cloud Home, and My Cloud Home Duo network storage systems, as well as the SanDisk iBI device, are related to uncontrolled resource consumption. Exploiting these vulnerabilities can allow an attacker to cause service interruptions...
The vulnerability of software for the development and mass production of printed circuit boards, related to errors in processing uploaded files, allows a perpetrator to gain access to protected information or cause service failures.
The vulnerability of software for the development and mass production of printed circuit boards is related to errors in processing uploaded files. Exploiting this vulnerability can allow a malicious actor to gain access to protected information or cause service failures by sending a specially...
The vulnerability of the operating environment of the information protection software “Blockhost-Net” and “Blockhost-Net K” allows attackers to obtain information about user accounts.
The vulnerability of the operating environments of the information protection software “Blockhost-Net” and “Blockhost-Net K” is related to the use of insecure mechanisms for processing authentication data in the memory of the operating system. Exploiting this vulnerability can allow an attacker...
The vulnerability of Google Chrome’s Skia graphic library allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of Google Chrome’s Skia graphics library is related to the storage of data beyond the buffer in memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of the “Estimate and Actual Charges” component of the Oracle Depot Repair automation software allows a intruder to gain unauthorized access to protected information.
The vulnerability of the “Estimate and Actual Charges” component of the Oracle Depot Repair automation software is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information through the...
The vulnerability of the Cisco Fabric Services component of the Cisco NX-OS operating system, which allows a intruder to trigger a service failure.
The vulnerability of the Cisco Fabric Services component of the Cisco NX-OS operating system is related to errors in processing TCP packets. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of the FortiOS operating system, related to access control errors, allows a perpetrator to read and write data in the memory loading sector.
The vulnerability of the FortiOS operating system is related to access control errors. Exploiting this vulnerability allows a person with administrator privileges to read and write data in the memory load sector...
The vulnerability of the wfst_run application, which is part of the speech-tools speech recognition system, allows a violator to cause a service failure.
The vulnerability of the wfstrun application, which is part of the speech-tools speech recognition system, is related to overflow errors in the command line processing. Exploiting this vulnerability can allow an attacker to cause a service failure by submitting commands with specially crafted...
The vulnerability of the LIGO! Soft Comfort software, related to access control errors, allows a intruder to execute arbitrary code.
The vulnerability of the LOGO! Soft Comfort development software is related to access control errors. Exploiting this vulnerability allows a remote attacker to execute arbitrary code upon opening a specially crafted project...
The vulnerability of the Dr.Web Enterprise Security Suite antivirus protection, related to errors in processing the relative path to the directory, allows a hacker to execute arbitrary code.
The vulnerability of the Dr.Web Enterprise Security Suite antivirus protection lies in errors in processing the relative path to the catalog during the export of repository content into an archive. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on the server by...
The vulnerability of the gf_ac4parser_bs function in the MP4Box multimedia platform of GPAC allows a hacker to cause a service failure or execute arbitrary code.
The vulnerability of the gfac4parserbs function in the MP4Box utility of the GPAC multimedia platform is related to the assignment of a zero pointer. Exploiting this vulnerability can allow an attacker to cause a service failure or execute arbitrary code...
The vulnerability of the FreeScout support service management system, related to deficiencies in the deserialization mechanism, allows a hacker to gain unauthorized access and execute arbitrary code.
The vulnerability of the FreeScout support service management system is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow a remote attacker to gain unauthorized access and execute arbitrary code on the application server...
The vulnerability of the br_vlan_tunnel_lookup() function in the net/bridge/br_vlan_tunnel.c module, a component of the Linux kernel’s networking functions, allows a hacker to trigger a service failure.
The vulnerability of the brvlantunnellookup function in the net/bridge/brvlantunnel.c module, which is part of the Linux kernel’s networking functions, is related to the use of a NULL pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerabilities of MobileHMI and IoTWorX Visualizer SCADA systems from GENESIS64 allow a intruder to gain unauthorized access to protected information.
The vulnerability of MobileHMI and IoTWorX Visualizer SCADA systems from GENESIS64 is related to incorrect restrictions on the path name to the restricted-access catalog. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...
The vulnerability of the “Termide Virtual Desktops Connection Monitor” software agent, which stems from the failure to implement protective measures for the request structure, allows attackers to enhance their privileges.
The vulnerability of the “Termide Virtual Desktops Connection Monitor” software agent is related to the lack of protective measures for the request structure. Exploiting this vulnerability can allow attackers to enhance their privileges by using specially crafted authorized HTTP requests...
The vulnerability of the Framework component of the Android operating system, which allows a hacker to increase their privileges
The vulnerability of the Framework component in the Android operating system relates to the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow an attacker to increase their privileges...
Vulnerabilities of the hci_cmd_sync_queue(), hci_le_terminate_big(), or hci_le_big_terminate() functions in the Linux operating system, allowing attackers to cause service failures
The vulnerabilities of the hcicmdsyncqueue, hcileterminatebig, or hcilebigterminate functions in the Linux operating system are related to memory leaks. Exploiting these vulnerabilities can allow an attacker to cause a service failure...
The vulnerability of the SCADA system Pult.online, related to insufficient restrictions on authentication attempts, allows a perpetrator to carry out an attack using brute-force methods.
The vulnerability of the SCADA system Pult.online is related to insufficient restrictions on authentication attempts. Exploiting this vulnerability allows a malicious actor operating remotely to carry out an attack using brute-force methods...
The vulnerability of VideoGrace video conference software, related to insufficient validation of input data, allows a perpetrator to cause service failures.
The vulnerability of VideoGrace video conferencing software is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures...
The vulnerability of the Solar appScreener platform, which stems from insufficient verification of incoming requests, allows a hacker to execute an SSRF attack.
The vulnerability of the Solar appScreener platform is related to insufficient verification of incoming requests. Exploiting this vulnerability could allow a remote attacker to execute an SSRF attack...
The vulnerability of the setOption function in the vConsole software package, which allows a hacker to execute a “prototype contamination” attack.
The vulnerability of the setOption function in the vConsole software package is related to unregulated changes to object prototypes’ attributes. Exploiting this vulnerability could allow a malicious actor to execute a “prototype pollution” attack remotely...
The vulnerability of the E-Staff automated recruitment process system, related to data filtering errors, allows a violator to compromise the integrity of the protected information.
The vulnerability of the E-Staff recruitment process automation system is related to errors in data filtering. Exploiting this vulnerability could allow a malicious actor, operating remotely, to compromise the integrity of the protected information...
The vulnerability of the E-Staff automation system for recruitment processes is related to errors in data filtering when obtaining information about the target. This allows a violator to gain unauthorized access to protected information.
The vulnerability of the E-Staff recruitment process automation system is related to errors in data filtering when obtaining information about the target. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the ChromeOS operating system’s kernel, which arises due to insufficient validation of input data, allows a hacker to execute arbitrary code.
The vulnerability of the ChromeOS operating system’s kernel exists due to insufficient validation of input data. Exploiting this vulnerability can allow a perpetrator to execute arbitrary code...
The vulnerability of the PAN-OS OpenConfig Plugin in the PAN-OS operating system, related to the failure to eliminate special elements, allows a perpetrator to execute arbitrary commands.
The vulnerability of the PAN-OS OpenConfig Plugin in the PAN-OS operating system is related to the failure to take measures to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
Vulnerability eliminated
...
The vulnerability of the task and project management service WEEEK lies in the improper restriction on recursive references to entities in the DTD. This allows a violator to trigger a service failure.
The vulnerability of the WEEEK task and project management service is related to improper restrictions on recursive references to entities in the DTD. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the i2c component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the i2c component in the Linux operating system’s kernel is related to improper locking mechanisms. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of Microsoft On-Premises Data Gateway local servers, related to incorrect authentication, allows attackers to disclose protected information.
The vulnerability of the Microsoft On-Premises Data Gateway local database is related to incorrect authentication. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose protected information...
The vulnerability of the software for developing and executing applications in the ABAP language on the SAP NetWeaver Application Server ABAP lies in the improper assignment of permissions to critical resources. This allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
Vulnerabilities in the software used for developing and executing applications in the ABAP language of SAP NetWeaver Application Server ABAP are related to the improper assignment of permissions to critical resources. Exploiting these vulnerabilities can allow attackers, operating remotely, to...
The vulnerability of the user console of the Avanpost IDM system, related to the use of dangerous methods or functions, allows a violator to execute arbitrary code.
The vulnerability of the user console of the Avanpost IDM system is related to the use of dangerous methods or functions. Exploiting this vulnerability may allow a malicious actor to execute arbitrary code remotely...
The vulnerability of Flask’s CORS storage library in Python PyPi products allows attackers to circumvent existing security restrictions.
The vulnerability of Flask’s CORS storage library in Python PyPi products is related to incorrect handling of logical operations. Exploiting this vulnerability allows an attacker to bypass existing security restrictions remotely, leading to unexpected implementation of CORS policies...
The vulnerability of the universal monitoring system Zabbix, related to the replacement of an unreliable indicator, allows a intruder to execute arbitrary code.
The vulnerability of the Zabbix universal monitoring system lies in the ability to directly modify memory pointers in the JavaScript engine. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the PHP framework Laravel, related to insufficient protection of operational data, allows attackers to gain unauthorized access to protected information.
The vulnerability of the PHP framework Laravel is related to insufficient protection of sensitive data during the processing of the laravel.log file storage/logs/laravel.log. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of the Substance 3D Sampler software for creating textures and materials for 3D models lies in the ability to write data beyond the buffer boundaries in memory, allowing an attacker to execute arbitrary code.
The vulnerability of the Substance 3D Sampler software for creating textures and materials for 3D models lies in the writing of data beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created file...
The vulnerability of the application programming interface for the declarative delivery tool for GitOps for Kubernetes Argo CD lies in authentication errors, which allow a perpetrator to bypass established access controls.
The vulnerability of the application programming interface for the declarative delivery tool of GitOps for Kubernetes Argo CD is related to authentication errors. Exploiting this vulnerability allows a malicious actor to bypass established access controls...
The vulnerability of the Mat_VarReadNextInfo5 function in the mat5.c library for reading and writing MATLAB MATIO files allows a hacker to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the MatVarReadNextInfo5 function in the mat5.c library for reading and writing MATLAB MATIO files is related to integer overflow. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures...
The vulnerability of the Dallas Lock Linux event registration subsystem, related to memory release errors, allows a intruder to trigger a service failure on the workstation.
The vulnerability of the Dallas Lock Linux event registration subsystem is related to memory release errors. Exploiting this vulnerability can allow an attacker to cause a system failure by injecting a specially created executable script into the operating system...
The vulnerability of the KrServerBDdemoRT.exe module of the SCADA system “KRUG-2000” lies in the lack of authentication for a critical function, which allows a intruder to trigger a service failure.
The vulnerability of the KrServerBDdemoRT.exe module of the “KRUG-2000” SCADA system is related to the absence of authentication for a critical function. Exploiting this vulnerability could allow an intruder, operating remotely, to cause service interruptions...
The vulnerability of the web interface of the microprogramming software for the Advantech BB-ERT351 network router allows a hacker to disclose passwords of network services.
The vulnerability of the web interface of the Advantech BB-ERT351 network router lies in the absence of a mechanism for masking passwords when they are displayed in the web interface. Exploiting this vulnerability can allow an attacker to disclose passwords from network services such as PPTP and...
The vulnerability of the Java VM component of the Oracle Database Server database management system allows attackers to compromise the integrity of the protected information.
The vulnerability of the Java VM component of the Oracle Database Server management system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to compromise the integrity of the protected information...
The vulnerability of Google Chrome relates to improper control of resources throughout their lifecycle. This allows attackers to gain access to confidential data, compromise its integrity, and cause service interruptions.
The vulnerability of Google Chrome relates to improper control over the resource throughout its lifecycle. Exploiting this vulnerability can allow a remote attacker to gain access to confidential data, compromise their integrity, and cause service failures...
The vulnerability of the extract_status_code function in the Keepalived network traffic balancing system, which allows a attacker to cause a service failure
The vulnerability of the extractstatuscode function in the keepalived network traffic balancing system’s lib/html.c file is related to buffer overflow in dynamic memory. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...