90604 matches found
The vulnerability of the ath12k_htt_mlo_offset_event_handler() function in Qualcomm Technologies’ Linux-based Wi-Fi 7 driver allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the ath12khttmlooffseteventhandler function in the drivers/net/wireless/ath/ath12k/dprx.c file of the Qualcomm Technologies Wi-Fi 7 kernel for the Linux operating system is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an...
The vulnerability of TP-Link Omada er605 microcontroller-based software is caused by buffer overflow in the stack, allowing an attacker to execute arbitrary code.
The vulnerability of TP-Link Omada er605 microprogramming software is caused by buffer overflow in the stack. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Dawn component in browsers such as Google Chrome and Microsoft Edge allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the Dawn component in Google Chrome and Microsoft Edge relates to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information by loading a specially create...
The vulnerability of the Siemens RUGGEDCOM CROSSBOW access control system allows a intruder to re-record any files in the system.
The vulnerability of the Siemens RUGGEDCOM CROSSBOW access control system lies in the validation of input data during the processing of sequence bypasses for directories. Exploiting this vulnerability allows a malicious actor to re-record any files in the system...
The software for Vinteo Client is vulnerable, allowing attackers to carry out XSS attacks.
The vulnerability of the Vinteo Client video conferencing software is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
The vulnerability of the __sock_xmit() function in the drivers/block/nbd.c module of the Linux kernel’s nbd driver allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the sockxmit function in the drivers/block/nbd.c module of the Linux kernel’s nbd driver is related to the use of uninitialized fields in the struct msghdr structure. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...
The vulnerability of the mtk_spi_interrupt() function in the drivers/spi/spi-mt65xx.c file of the Mediatek SPI kernel for the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the mtkspiinterrupt function in the drivers/spi/spi-mt65xx.c file of the Mediatek SPI kernel for the Linux operating system is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the `btrfs_use_block_rsv()` function in the `fs/btrfs/block-rsv.c` file of the Linux kernel’s file system allows a malicious actor to cause a service failure.
The vulnerability of the btrfsuseblockrsv function in the fs/btrfs/block-rsv.c file of the btrfs file system in the Linux kernel is related to concurrent resource access race condition. Exploiting this vulnerability could allow a attacker to cause service failures...
The vulnerability of the JsonErrorReportValve class in the Apache Tomcat application server allows a attacker to influence the integrity of the protected information.
The vulnerability of the JsonErrorReportValve class in the Apache Tomcat application server is related to a lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability allows an attacker to influence the integrity of the protected information...
The vulnerability of the web server of the microprogramming software for asynchronous servers Moxa NPort 5100A allows a hacker to increase their privileges.
The vulnerability of the web server of Moxa NPort 5100A microprogramming software exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...
Vulnerability of the Server component: The Information Schema of the Oracle MySQL Server database management system, which allows a hacker to cause a service failure.
Vulnerability of the Server component: The information schema of the Oracle MySQL Server database management system is related to improper cleaning or release of resources. Exploiting this vulnerability may allow a malicious actor to cause service interruptions remotely...
Vulnerability of Microsoft .NET Framework, .NET software platforms, and Microsoft Visual Studio development tools, related to memory usage after memory is released, allowing attackers to execute arbitrary code.
The vulnerability of Microsoft’s software platforms, such as the .NET Framework, .NET, and Microsoft Visual Studio, relates to the use of memory after it is released. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the System Recovery Bootloader for Windows operating systems allows attackers to circumvent existing security restrictions and enhance their privileges.
The vulnerability of the System Recovery Bootloader for Windows operating systems is related to errors in processing input data. Exploiting this vulnerability can allow attackers to circumvent existing security restrictions and gain increased privileges...
The vulnerability of the service com.webos.service.connectionmanager/tv/setVlanStaticAddress in the LG WebOS operating system allows a hacker to execute arbitrary commands on behalf of the dbus user.
The vulnerability of the service com.webos.service.connectionmanager/tv/setVlanStaticAddress in the LG WebOS operating system exists because measures to neutralize the special elements used in the operating system commands have not been taken. Exploiting this vulnerability allows a malicious acto...
The vulnerability of the ProcRenderAddGlyphs() function in the X Window System Xorg-server allows a hacker to execute arbitrary code.
The vulnerability of the ProcRenderAddGlyphs function in the X Window System Xorg-server lies in the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to execute arbitrary code using a specially created file...
The vulnerability of embedded Qualcomm microprogramming software, related to the lack of a data type conversion mechanism, allows attackers to execute arbitrary code.
The vulnerability of embedded software developed for Qualcomm chips lies in the lack of a mechanism for data type conversion. Exploiting this vulnerability allows an attacker to execute arbitrary code...
The vulnerability of the DifferenceEngine.php file, a software tool for implementing a hypertext environment like MediaWiki, allows a perpetrator to access confidential information.
The vulnerability of the DifferenceEngine.php file, a software tool used to implement the hypertext environment of MediaWiki, relates to the ignoring of the user’s name. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to confidential information...
The vulnerability of embedded Qualcomm microprogramming software, related to the lack of a data type conversion mechanism, allows attackers to execute arbitrary code.
The vulnerability of embedded software developed for Qualcomm chips lies in the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the /libheif/exif.cc decoder and encoder for libheif files allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the /libheif/exif.cc decoder and file format encoder in the libheif library is related to a segmentation error. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of the write_indexes() function in the GdkPixbuf image loading library allows a attacker to cause a service failure.
The vulnerability of the GdkPixbuf image loading library is related to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the oghttp-codec in the Envoy proxy server allows a hacker to trigger a service failure.
The vulnerability of the oghttp-codec in the implementation of the HTTP/2 protocol in the Envoy proxy is related to an error during request submission when exceeding the header size limit. This occurs due to the absence of the ENDHEADERS flag during the processing of CONTINUATION messages...
The vulnerability of the SSH library wolfSSH, related to deficiencies in authentication procedures, allows attackers to circumvent existing security restrictions.
The vulnerability of the SSH library wolfSSH is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions remotely...
The vulnerability of TLS protocols (HTTPS, FTPS, IMAPS, POPS3, SMTPS, etc.) implemented in the command-line utility cURL, which allows attackers to perform spoofing attacks.
The vulnerability of TLS protocols HTTPS, FTPS, IMAPS, POPS3, SMTPS, etc. implemented by the command-line utility cURL is related to improper authentication of certificates. Exploiting this vulnerability allows a malicious actor to perform spoofing attacks remotely...
The vulnerability of the control interface of the MyQ Print Server allows a hacker to execute arbitrary code.
The vulnerability of the MyQ Print Server’s management interface is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...
The vulnerability of the Downloads component of the Google Chrome web browser allows a hacker to replace the user interface.
The vulnerability of the Downloads component in the Google Chrome web browser is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to replace the user interface through a specially created URL address...
The vulnerability of the net/http and net/http2 libraries in the Go programming language is related to an uncontrolled resource consumption, allowing attackers to cause service failures.
The vulnerability of the net/http and net/http2 libraries in the Go programming language related to the implementation of the HTTP/2 protocol is related to an uncontrolled resource consumption due to incorrect determination of the end of headers during the processing of CONTINUATION frames...
The vulnerability of the FedCM component in browsers such as Google Chrome and Microsoft Edge allows a hacker to execute arbitrary code or cause a service failure.
The vulnerability of the FedCM component relates to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure by using a specially created HTML page...
The vulnerability in the /plugins/playbooks/api/v0/telemetry/run component of the application for instant messaging in Mattermost allows a malicious user to gain unauthorized access to information about AD/LDAP users.
The vulnerability of the /plugins/playbooks/api/v0/telemetry/run/ component in the Mattermost instant messaging application is related to the lack of protection for service data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to user...
The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from deficiencies in the authentication process, which allows a malicious individual to alter the settings of the user interface for project management.
The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to modify the settings of the user interface for project...
The vulnerability in the Apache Kafka cluster management web interface, kafka-ui, allows a attacker to execute arbitrary code.
The vulnerability in the Apache Kafka cluster management web interface, named “kafka-ui”, is related to incorrect code generation. Exploiting this vulnerability allows an attacker to execute arbitrary code by using a specially crafted request to the endpoint...
The vulnerability of the setKey() function in the minimist library, which allows a hacker to execute a “ prototype pollution ” attack.
The vulnerability of the setKey function in the minimist library relates to the uncontrolled modification of object prototype attributes. Exploiting this vulnerability could allow a remote attacker to execute a “prototype pollution” attack...
The vulnerability of the WDAC OLE DB driver for SQL Server on Windows operating systems allows a hacker to execute arbitrary code.
The vulnerability of the WDAC OLE DB driver for SQL Server on Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of PDF-XChange Editor’s document viewing and editing software lies in the handling of an untrusted pointer, which allows a malicious actor to execute arbitrary code.
The vulnerability of PDF document viewing and editing software PDF-XChange Editor is related to the misuse of a trusted pointer. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially crafted EMF file...
The vulnerability of the DNS Client component for Windows operating systems allows a hacker to induce a service failure.
The vulnerability of the DNS Client component for Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
The vulnerability of the SolarWinds Access Rights Manager software relates to the possibility of bypassing the restricted access catalog, allowing a violator to execute arbitrary code.
The vulnerability of the SolarWinds Access Rights Manager ARM software relates to the possibility of bypassing the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the Windows Message Queuing system, which allows a hacker to escalate their privileges
The vulnerability of Windows’ Message Queuing system is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to gain increased privileges...
The vulnerability of the Windows operating system’s kernel, which allows a hacker to bypass security restrictions
The vulnerability of the Windows operating system’s kernel is related to security configuration errors. Exploiting this vulnerability can allow a hacker to bypass security restrictions...
The vulnerability of the SAP Application Interface Framework, a software tool for developing and managing application interfaces, arises from improper code generation. This vulnerability allows attackers to compromise the confidentiality, integrity, and accessibility of data.
The vulnerability of the SAP Application Interface Framework, a software tool for developing and managing application interfaces, is related to improper code generation. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of data...
The vulnerability of the Windows operating system’s kernel allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of Windows operating system kernels is related to the exposure of information. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...
The vulnerability of the application software interface of the Cisco Meeting Server platform allows a perpetrator to cause a service failure.
The vulnerability of the application software interface of the Cisco Meeting Server platform is related to deficiencies in the mechanism for verifying input data. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the XWiki Platform, a platform for creating collaborative web applications, lies in the lack of protective measures for the website structure, allowing attackers to execute arbitrary JavaScript code.
The vulnerability of the XWiki Platform lies in the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code remotely...
The vulnerability of the Neural Engine component of the macOS operating system allows a hacker to execute arbitrary code with root privileges.
The vulnerability of the macOS operating system’s kernel is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code with kernel privileges...
The vulnerability of the web components of Ivanti Connect Secure and Ivanti Policy Secure control tools allows a perpetrator to…
The vulnerability of the Ivanti Connect Secure and Ivanti Policy Secure web components related to access control vulnerabilities. Exploiting this vulnerability could allow a malicious actor to elevate their privileges to the level of an administrator...
The vulnerability of FireEye EX 3500, 5500, 8500 email security systems allows attackers to execute cross-site scripting attacks.
The vulnerability of FireEye EX 3500, 5500, and 8500 email security systems lies in the lack of protective measures for website structures. Exploiting this vulnerability allows a malicious actor to execute cross-site scripting using parameters “type” and “sfname”...
The vulnerability of the Rapid SCADA system, related to the use of open redirection, allows a hacker to redirect a user to any arbitrary URL address.
The vulnerability of the SCADA system Rapid SCADA is related to the use of open redirection as a result of incorrect data cleaning on the user input page. Exploiting this vulnerability allows an attacker to redirect the user to any desired URL address...
The vulnerability of the Rapid SCADA system, related to the storage of passwords in an unencrypted form, allows a intruder to gain unauthorized access to protected information.
The vulnerability of the SCADA system Rapid SCADA is related to the storage of passwords in an unencrypted form. Exploiting this vulnerability can allow a intruder to gain unauthorized access to protected information...
The vulnerability in the web interface of the wireless access point Tenda A15’s microprogramming software allows a perpetrator to execute arbitrary code.
The vulnerability of the web interface for managing microprogramming software in the Tenda A15 wireless access point is related to reading data outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability in the web interface of the wireless access point Tenda A15’s microprogramming software allows a perpetrator to execute arbitrary code.
The vulnerability of the web interface for managing microprogramming software in the Tenda A15 wireless access point is related to reading data outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the digital platform for Miro’s collaborative work with macOS operating systems arises from improper code generation management. This allows a hacker to execute arbitrary code.
The vulnerability of the digital platform for Miro’s collaborative work with macOS operating systems is related to improper code generation management. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the MMU_UnmapPages() function in the PowerVR GPU driver for Android and ChromeOS allows a hacker to execute arbitrary code and gain elevated privileges.
The vulnerability of the MMUUnmapPages function in the PowerVR GPU driver for Android and ChromeOS systems is related to the execution of operations outside of memory buffers. Exploiting this vulnerability can allow attackers to gain increased privileges...