90850 matches found
The vulnerability of JavaScript script handlers in Microsoft Edge and Google Chrome browsers allows attackers to disclose protected information.
The vulnerability of JavaScript script handlers in Microsoft Edge and Google Chrome browsers relates to improper security checks for standard elements. Exploiting this vulnerability allows a malicious actor to disclose sensitive information through a specially created HTML page...
The vulnerability of the libavfilter/af_stereowiden.c file in the FFmpeg multimedia library allows a hacker to execute arbitrary code.
The vulnerability of the libavfilter/afstereowiden.c file in the FFmpeg multimedia library is related to buffer overflow attacks. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the cgi_FMT_R12R5_1st_DiskMGR() function (/cgi-bin/hd_config.cgi) in the D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 devices allows a attacker to execute arbitrary commands.
The vulnerability of the cgiFMTR12R51stDiskMGR function /cgi-bin/hdconfig.cgi in the D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04...
The vulnerability of PDF-XChange Editor’s PDF document viewing and editing software lies in the possibility of an operation going beyond the buffer in memory, allowing an attacker to execute arbitrary code.
The vulnerability of PDF-XChange Editor’s PDF document viewing and editing functionality is related to the execution of operations outside the buffer during file U3D processing. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of Google Chrome’s Compositing component allows attackers to replace the user interface.
The vulnerability of the Compositing component in the Google Chrome browser is related to errors in information representation by the user interface. Exploiting this vulnerability could allow an attacker to replace the user interface with a specially created HTML page...
The vulnerability of the PDFium PDF-content processor in Google Chrome browsers allows a hacker to execute arbitrary code, cause a service failure, or disclose protected information.
The vulnerability of the PDFium PDF-content processor in Google Chrome browser involves an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code, cause service failures, or disclose protected information by sending a...
The vulnerability of the Skia graphic library used by Microsoft Edge and Google Chrome browsers allows attackers to expose protected information or compromise data integrity.
The vulnerability of the Skia graphic library in Microsoft Edge and Google Chrome is related to a potential overflow condition. Exploiting this vulnerability could allow an attacker to disclose sensitive information or compromise data integrity through a specially crafted HTML page...
The vulnerability of the iommu/arm-smmu component in the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the iommu/arm-smmu component in the Linux operating system is related to the lack of registration cancellation when the process terminates. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the cgi_set_cover() function (/cgi-bin/photocenter_mgr.cgi) in the microprogramming software of D-Link devices such as DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04 allows a hacker to execute arbitrary commands.
The vulnerability of the cgisetcover function /cgi-bin/photocentermgr.cgi in the microprogramming software of D-Link devices such as DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4,...
The vulnerability of the fastrpc component in the Linux operating system’s kernel allows for attacks that can affect the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the fastrpc component in the Linux operating system’s kernel is related to a race condition that occurs after memory is freed. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of protected information...
The vulnerability of PDF-XChange Editor’s PDF document viewing and editing software lies in the possibility of an operation going beyond the buffer in memory, allowing an attacker to execute arbitrary code.
The vulnerability of PDF-XChange Editor, a program for viewing and editing PDF documents, relates to the execution of operations beyond the buffer in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code using a specially created XPS file...
The vulnerability of the Webmin control panel in hosting systems stems from improper handling of input data during the generation of web pages. This allows attackers to carry out XSS attacks.
The vulnerability of the Webmin control panel involves the elimination of input data during the generation of web pages. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks by injecting specially created malicious content...
The vulnerability of the ColdFusion software platform, related to the restoration of unreliable data in memory, allows a hacker to execute arbitrary code.
The vulnerability of the ColdFusion software platform lies in the recovery of unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially created malicious file...
The vulnerability of the Microsoft Dynamics 365 Business Central software for small and medium-sized businesses stems from deficiencies in the authentication process, which allows attackers to escalate their privileges.
The vulnerability of the Microsoft Dynamics 365 Business Central software for small and medium-sized businesses is related to deficiencies in the authentication process. Exploiting this vulnerability can allow attackers to bypass the authentication process and increase their privileges...
The vulnerability of the H5T__conv_struct_opt() function in the H5Tconv.c file of the HDF5 library allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the H5Tconvstructopt function in the H5Tconv.c file of the HDF5 library is related to buffer overflow in the queue. Exploitation of this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of the Ivanti EPM endpoint management software lies in the lack of authentication for a critical function, allowing a malicious actor to trigger a service failure.
The vulnerability of the Ivanti EPM endpoint management software lies in the lack of authentication for a critical function. Exploiting this vulnerability could allow a remote attacker to cause service failures...
The vulnerability of the command-line interface of the Cisco NX-OS operating system in Cisco Nexus switches allows a perpetrator to execute arbitrary commands.
The vulnerability of the command-line interface of the Cisco NX-OS operating system in Cisco Nexus switches exists due to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability can allow an attacker to execute arbitrary commands on the basic operating system...
The vulnerability in the `arch/s390/boot/decompressor.c` component of the Linux operating system, related to copying buffers without checking the input data, allows an attacker to access confidential data, compromise its integrity, and cause service failures.
The vulnerability in the arch/s390/boot/decompressor.c component of the Linux operating system involves copying buffers without checking the input data. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures...
The vulnerability of the start_decoder component in the C/C++ Libstb library, related to integer overflow, allows an attacker to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the startdecoder component in the C/C++ Libstb library is related to integer overflow. Exploiting this vulnerability can allow an attacker to access confidential data, compromise its integrity, and even cause service failures through a specially created file...
The vulnerability of the Windows operating system’s update center allows a hacker to execute arbitrary code.
The vulnerability of the Windows operating system’s update center is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the software platforms for developing and managing Magento Open Source and Adobe Commerce online stores lies in the lack of authentication procedures, which allow attackers to bypass security restrictions.
The vulnerability of the Magento Open Source and Adobe Commerce software platforms for developing and managing online stores is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow a malicious actor to bypass security restrictions from a remote location...
The vulnerability of the netshop CMS system’s Netcat module allows a hacker to execute arbitrary JavaScript code.
The vulnerability of the netshop CMS system’s Netcat module is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...
The vulnerability of the web interface of the microprogramming software for Cisco Small Business SPA300 and SPA500 allows a perpetrator to execute arbitrary commands in the basic operating system.
The vulnerability of the web interface of Cisco Small Business SPA300 and SPA500 microprogramming software lies in the copying of input data into memory without checking its size. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary commands on the basic...
The vulnerability of the “Host Monitoring” component of the Zabbix monitoring system allows a attacker to execute arbitrary code.
The vulnerability of the “Host Monitoring” component in the Zabbix monitoring system is related to improper code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by injecting it into the ping script...
The vulnerability of the Oracle Solaris operating system’s file system allows a perpetrator to trigger a service failure.
The vulnerability of the Oracle Solaris operating system’s file system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures...
The vulnerability of the TIFFReadEncodedStrip function in the LibTIFF library, which allows a hacker to trigger a service failure.
The vulnerability of the TIFFReadEncodedStrip function in the LibTIFF library is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The software’s vulnerability lies in the detection of vulnerabilities and errors by PT Application Inspector. This vulnerability arises due to an incorrect limitation on the path to the restricted access directory. This allows attackers to escalate their privileges and gain unauthorized access to protected information.
The vulnerability of the PT Application Inspector software arises due to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability allows a malicious actor to enhance their privileges and gain unauthorized access to protected information...
The vulnerability of the graphical user interface of the artificial intelligence-based security threat detection software FortiAIOps allows for CSRF attacks to be carried out.
The vulnerability of the graphical user interface of the artificial intelligence-based security threat detection software FortiAIOps is related to the of cross-site requests. Exploiting this vulnerability allows a remote attacker to execute a CSRF attack by sending specially crafted GET requests...
The vulnerability of the software for detecting vulnerabilities and errors in PT Application Inspector, due to improper checking of query parameters, allows a perpetrator to execute arbitrary code.
The vulnerability of the PT Application Inspector’s software for detecting vulnerabilities and errors is related to improper checking of query parameters. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Demon Routing Protocol Daemon (rpd) in Junos OS and Junos OS Evolved operating systems allows a attacker to cause a service failure.
The vulnerability of the Demon Routing Protocol Daemon rpd in Junos OS and Junos OS Evolved lies in the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to trigger a service failure through a specially crafted SNMP request...
The vulnerability of the Updater component of the Google Chrome browser, which allows a hacker to escalate their privileges.
The vulnerability of the Updater component in Google Chrome browser is related to insufficient verification of data authenticity. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...
The vulnerabilities of the CPCI85 and SICORE processor control modules from Siemens SICAM, such as CP-8031, CP-8050, and SICAM EGS, allow attackers to downgrade the firmware version of the devices.
The vulnerability of the CPCI85 and SICORE processor module control systems from Siemens SICAM, such as CP-8031, CP-8050, and SICAM EGS, stems from the lack of authentication for critical functions. Exploiting this vulnerability allows a malicious actor to downgrade the firmware version of the...
The vulnerability of the microprogramming software of the ICU device and the iSTAR Pro door controller allows a intruder to carry out a “machine-in-the-midden” attack.
The vulnerability of the ICU tool and the iSTAR Pro door controller is related to the lack of authentication for critical functions. Exploiting this vulnerability could allow a remote attacker to execute a “midair attack”...
The vulnerability of the BuildClient function (client_service.go) in the CHAOS remote administration tool allows a hacker to execute arbitrary code.
The vulnerability of the BuildClient function in clientservice.go, a remote administration tool for CHAOS, exists due to the lack of measures taken to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...
The vulnerability of the Azure Network Watcher VM Extension for Windows operating systems allows a perpetrator to escalate their privileges.
The vulnerability of the Azure Network Watcher VM Extension for Windows operating systems stems from an incorrect definition of the link before accessing the file. Exploiting this vulnerability can allow attackers to increase their privileges...
The vulnerability of the SCADA system “ENTEK,” related to the use of cryptographic algorithms containing defects, allows a intruder to gain unauthorized access to protected information.
The vulnerability of the SCADA system “ENTEK” is related to the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...
The vulnerability of the ISO 9660 Image File Handler component in the libcdio library allows a hacker to execute arbitrary code.
The vulnerability of the ISO 9660 Image File Handler component in the libcdio library is related to buffer overflow attacks. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers allows attackers to execute arbitrary code.
The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers is related to the use of memory after deallocation. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...
The vulnerability of JavaScript script handlers in Microsoft Edge and Google Chrome browsers allows a perpetrator to execute arbitrary code on the target system.
The vulnerability of JavaScript script handlers in Microsoft Edge and Google Chrome browsers relates to access to resources through incompatible types. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on the target system using a specially created HTML page...
The vulnerability of JavaScript script handlers in Microsoft Edge and Google Chrome browsers allows a perpetrator to execute arbitrary code on the target system.
The vulnerability of JavaScript script handlers in Microsoft Edge and Google Chrome browsers relates to access to resources through incompatible types. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on the target system using a specially created HTML page...
The vulnerability of Acquia DAM, a platform for organizing and managing digital assets, stems from lack of access control. This allows attackers to trigger service interruptions.
The vulnerability of Acquia DAM, a platform for organizing and managing digital assets, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to cause service interruptions...
The vulnerability of the gpio_chrdev_release() function in the Linux kernel driver for GPIO operations allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the gpiochrdevrelease function in the drivers/gpio/gpiolib-cdev.c file of the Linux kernel’s GPIO driver is related to the reutilization of previously freed memory due to concurrent access to resources. Exploiting this vulnerability could allow an attacker to compromise the...
The vulnerability of TP-Link Omada er605 microcontroller-based software is caused by buffer overflow in the stack, allowing an attacker to execute arbitrary code.
The vulnerability of TP-Link Omada er605 microprogramming software is caused by buffer overflow in the stack. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the HTTP/3 QUIC module (ngx_http_v3_module) in NGINX Plus and NGINX OSS web servers allows a hacker to gain unauthorized access to protected information.
The vulnerability of the HTTP/3 QUIC module ngxhttpv3module in NGINX Plus and NGINX OSS servers is related to the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information through specially crafted HTTP/3 reques...
The vulnerability of the UpLoadServlet component in the Netgear ProSafe NMS300 network device allows a hacker to increase their privileges.
The vulnerability of the UpLoadServlet component in the Netgear ProSafe NMS300 network device management software is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...
The vulnerability of TP-Link Archer C5400X(EU) Wi-Fi routers’ microprogramming software lies in the lack of measures taken to clean data at the control level. This allows attackers to execute arbitrary commands with elevated privileges.
The vulnerability of TP-Link Archer C5400XEU Wi-Fi routers’ microprogramming software is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands with elevated privileges...
The vulnerability of the `__sev_platform_shutdown_locked()` function in the Linux operating system’s cryptographic processor driver by AMD allows a hacker to trigger a shutdown failure.
The vulnerability of the sevplatformshutdownlocked function in the drivers/crypto/ccp/sev-dev.c file of the Linux operating system’s cryptographic processor driver software is related to the assignment of a zero pointer. Exploiting this vulnerability could allow an attacker to trigger a service...
The vulnerability of the mtk_spi_interrupt() function in the drivers/spi/spi-mt65xx.c file of the Mediatek SPI kernel for the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the mtkspiinterrupt function in the drivers/spi/spi-mt65xx.c file of the Mediatek SPI kernel for the Linux operating system is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the web server of the microprogramming software for asynchronous servers Moxa NPort 5100A allows a hacker to increase their privileges.
The vulnerability of the web server of Moxa NPort 5100A microprogramming software exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...
The vulnerability of the JsonErrorReportValve class in the Apache Tomcat application server allows a attacker to influence the integrity of the protected information.
The vulnerability of the JsonErrorReportValve class in the Apache Tomcat application server is related to a lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability allows an attacker to influence the integrity of the protected information...