90509 matches found
The vulnerabilities of the functions php_libxml_input_buffer_create_filename() and php_libxml_sniff_charset_from_stream() in the PHP interpreter allow a hacker to redirect users to any desired URL address.
The vulnerabilities of the functions phplibxmlinputbuffercreatefilename and phplibxmlsniffcharsetfromstream in the PHP interpreter are related to the use of open redirection. Exploiting these vulnerabilities could allow a malicious actor to redirect users to any desired URL address...
The vulnerability in the WebTransport component of Mozilla Firefox, Firefox ESR, and the Thunderbird email client allows a hacker to induce a service failure.
The vulnerability of the WebTransport component in Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to the possibility of using memory after it is freed. Exploiting this vulnerability could allow a malicious actor to cause service interruptions remotely...
The vulnerability of the ArcGIS Pro geospatial information system and the ArcGIS AllSource software for analyzing operational data, related to the use of an unreliable search path, allows a perpetrator to execute arbitrary commands.
The vulnerability of the ArcGIS Pro geospatial information system and the ArcGIS AllSource software for analyzing operational data is related to the use of an unreliable search path. Exploiting this vulnerability could allow a attacker to execute arbitrary commands by loading a specially created...
The vulnerability of the parallel programming library for clusters, the Intel MPI Library, and the Intel oneAPI HPC Toolkit software development tools lies in its uncontrolled search path, which allows attackers to exploit their privileges.
The vulnerability of the parallel programming library for clusters, the Intel MPI Library, and the Intel oneAPI HPC Toolkit software development tools, is related to an uncontrollable element in the search process. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the Google Chrome browser’s Extensions API allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Google Chrome browser’s Extensions API is related to errors in information representation by the user interface. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information through a special extension of Chrome...
The vulnerability of the functions 0x8001E000() and 0x8001E004() of the system file IUProcessFilter.sys in the IObit Uninstaller uninstaller software allows a hacker to cause a service failure.
The vulnerability of the functions 0x8001E000 and 0x8001E004 of the system file IUProcessFilter.sys in the IObit Uninstaller uninstaller is related to pointer manipulation. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of Visual Studio Code’s JS Debug editor, related to vulnerabilities in access control, allows attackers to escalate their privileges.
The vulnerability of Visual Studio Code’s JS Debug editor for source code editing is related to deficiencies in access control. Exploiting this vulnerability could allow attackers to enhance their privileges...
The vulnerability of the software products of the LLC “NPO “MIR” is related to the presence of vulnerabilities in the borrowed components. This vulnerability allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the software products developed by LLC “NPO ‘MIR’ is related to the presence of vulnerabilities in the borrowed components. Exploiting these vulnerabilities could allow attackers who operate remotely to compromise the confidentiality, integrity, and accessibility of the...
The vulnerability of the TMOS Shell configuration tool’s IControl REST interface allows attackers to execute arbitrary commands. This vulnerability relates to the BIG-IP Access Policy Manager, as well as software programs such as BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibility and Reporting (AVR), BIG-IP Camer-Grade NAT (CGNAT), BIG-IP DDos Hybrid Defender, BIG-IP Domain Name System, BIG-IP Edge Gateway, BIG-IP Fraud Protection Service, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Inforcement Manager, BIG-IP SSL Orchestrator, BIG-IP Webaccelerator, and BIG-IP WebSafe.
The vulnerability of the TMOS Shell configuration tool’s IControl REST interface exists due to the lack of measures to neutralize specific elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...
Vulnerabilities of components in Linux operating system’s tick/broadcast kernel, allowing attackers to cause service failures
The vulnerability of Linux operating system’s stick/broadcast components is related to resource management errors. Exploiting this vulnerability can allow an attacker to cause service failures...
The vulnerability of the storvsc_on_io_completion() function in the drivers/scsi/storvsc_drv.c module of the Linux operating system’s SCSI device support driver allows a hacker to cause a service failure.
The vulnerability of the storvsconiocompletion function in the drivers/scsi/storvscdrv.c module of the Linux SCSI device support driver leads to uncontrolled resource consumption. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of Microprogrammed Software in HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed printers arises from buffer overflow in the stack, allowing attackers to execute arbitrary code and gain elevated privileges.
The vulnerability of Microprogrammed Software in HP LaserJet Pro, EHP LaserJet Enterprise, and HP LaserJet Managed printers is related to buffer overflow in the stack. Exploiting this vulnerability allows an attacker to execute arbitrary code and increase their privileges by sending data in...
The vulnerability of the Mobile Security Framework (MobSF) for mobile application security research lies in an incorrect pathname limitation, which allows a malicious actor to gain unauthorized access for reading, deleting protected information, and executing arbitrary code.
The vulnerability of the Mobile Security Framework MobSF for mobile application security research is related to an incorrect restriction on the path name to the directory. Exploiting this vulnerability could allow a remote attacker to gain unauthorized access to read, delete protected information...
The vulnerability of the lib/generic-radix-tree.c component in the Linux operating system’s kernel allows a hacker to cause a service failure.
The vulnerability of the lib/generic-radix-tree.c component in the Linux operating system’s kernel is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a system failure...
The vulnerability of the xen-netfront component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the xen-netfront component in the Linux operating system’s kernel is related to resource management errors. Exploiting this vulnerability can allow an attacker to cause service failures...
The vulnerability of the command-line interface (CLI) of the Fortinet FortiManager device management software and the FortiAnalyzer security event monitoring and analysis tool allows a malicious actor to gain access to read, modify, or delete data.
The vulnerability of the command-line interface CLI of the Fortinet FortiManager device management system and the FortiAnalyzer event monitoring and analysis tool is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow an...
The vulnerability of the platform’s management interface for deploying and managing LoadMaster applications allows a perpetrator to execute arbitrary commands.
The vulnerability of the platform’s management interface for deploying and managing LoadMaster applications is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially created HTTP request...
The vulnerability of the platform’s management interface for deploying and managing LoadMaster applications allows a perpetrator to execute arbitrary commands.
The vulnerability of the platform’s management interface for deploying and managing LoadMaster applications is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially created HTTP request...
The vulnerability of the Umbraco CMS system, related to the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks (XSS).
The vulnerability of the Umbraco CMS content management system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...
The vulnerability of the web interface of microprogramming software for programmable logic controllers SIMATIC S7-1200 allows a attacker to perform a CSRF attack.
The vulnerability of the web interface of microprogramming software for programmable logic controllers SIMATIC S7-1200 is related to the of cross-site requests. Exploiting this vulnerability can allow a malicious actor to execute a CSRF attack remotely...
The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from insufficient validation of requests on the server side. This allows a hacker to execute an SSRF attack.
The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to insufficient testing of server-side requests. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...
The vulnerability of the Kernel component in operating systems such as MacOs, iPadOS, iOS, watchOS, and tvOS allows attackers to elevate their privileges to a root level.
The vulnerability of the Kernel component in macOS, iPadOS, iOS, watchOS, and tvOS is related to permission handling errors. Exploiting this vulnerability can allow an attacker to elevate their privileges to a root level...
The vulnerability of software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B lies in the lack of protective measures for website structures, allowing attackers to perform cross-site scripting attacks (XSS).
The vulnerabilities of the software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B are related to the lack of measures taken to protect the website structure. Exploiting these vulnerabilities allows attackers to perform...
The vulnerability in the web interface for managing micro-program software on Cisco Expressway allows a attacker to perform XSS attacks.
The vulnerability in the web interface for managing microprogramming software in Cisco Expressway is related to the lack of measures taken to protect the web page structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
The vulnerability of Microsoft Office, Excel, and 365 Apps for Enterprise packages lies in their ability to exploit memory after it is freed, allowing an attacker to execute arbitrary code.
The vulnerability of Microsoft Office, Excel, and 365 Apps for Enterprise packages relates to the possibility of using memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the Kerberos protocol for Windows operating systems allows a perpetrator to induce a service failure.
The vulnerability of the Kerberos protocol for Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures...
The vulnerability of the Microsoft SharePoint software package, related to improper authorization, allows a hacker to execute arbitrary code.
The vulnerability of the Microsoft SharePoint software package is related to improper authentication. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the formSetSpeedWant function in the microprogramming software for Tenda AC18 allows a hacker to cause a service failure.
The vulnerability of the formSetSpeedWan function in the Tenda AC18 router’s microprogramming software is related to buffer overflow during the processing of the speeddir parameter. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
The vulnerability of the Internet Connection Sharing (ICS) function in Windows operating systems allows a hacker to cause a service failure.
The vulnerability of the Internet Connection Sharing ICS function in Windows operating systems is related to uncontrolled resource consumption. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
The vulnerability of the “as_wazuh_object” function in the Wazuh intrusion detection and prevention system allows a perpetrator to execute arbitrary code.
The vulnerability of the “aswazuhobject” function in the Wazuh intrusion detection and prevention system is related to deficiencies in the deserialization mechanism of parameters from DistributedAPI. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a...
The vulnerability of JavaScript script handlers in Google Chrome browsers allows attackers to partially compromise the accessibility of protected information.
The vulnerability of JavaScript script handlers in Google Chrome browsers relates to reading beyond the buffer boundary. Exploiting this vulnerability allows a malicious actor to partially compromise the accessibility of protected information through a specially crafted HTML page...
The vulnerability of the functions sock_set_flag() and spin_unlock() (net/ipv4/udp.c) in the Linux kernel’s UDP component allows a attacker to cause a service failure.
The vulnerabilities of the functions socksetflag and spinunlock net/ipv4/udp.c in the Linux kernel’s UDP component are related to resource management errors. Exploiting these vulnerabilities could allow an attacker to cause a service failure...
The vulnerability of the Device Settings module in the LibreNMS network monitoring system allows a violator to perform cross-site scripting attacks.
The vulnerability of the Device Settings module in the LibreNMS network monitoring system is related to the lack of protective measures taken for the website structure when processing the Display Name field. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting...
The vulnerability of the Identity Manager software component, used for managing and controlling access to corporate resources and IBM Security Verify Governance applications, allows a perpetrator to execute a type of “man-in-the-middle” attack.
The vulnerability of the Identity Manager software component, which is used for managing and controlling access to corporate resources and applications in IBM Security Verify Governance, relates to the storage of sensitive data in an open manner. Exploiting this vulnerability could allow a...
The vulnerability in the host_templates.php script of the Cacti network monitoring software allows a hacker to execute arbitrary code.
The vulnerability of the hosttemplates.php script of the Cacti network monitoring software is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code...
The vulnerability of the Plasma Workspace graphical environment, related to incorrect session duration, allows a intruder to trigger a service failure.
The vulnerability of the Plasma Workspace graphical environment is related to incorrect session duration settings. Exploiting this vulnerability can allow an attacker to trigger a service failure...
The vulnerability of the Linux operating system’s Bluetooth kernel component, which allows a hacker to trigger a service failure
The vulnerability of the Linux operating system’s Bluetooth kernel component is related to errors that occur after the release of the software. Exploiting this vulnerability can allow an attacker to cause a service failure...
Vulnerability of components fs/ext4/inode.c and fs/ext4/super.c in the Linux operating system’s kernel, which allows a hacker to cause a service failure
The vulnerability in the fs/ext4/inode.c and fs/ext4/super.c components of the Linux operating system’s kernel relates to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
The vulnerability of the Linux operating system’s kernel, related to unvalidated array indexing, allows a hacker to trigger a service failure.
The vulnerability of the Linux operating system’s kernel is related to unvalidated array indexing. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the QuTS operating systems and QTS network devices allows unauthorized access to protected information with root privileges, due to insufficient handling of format lines.
The vulnerability of the QuTS operating systems and QTS network devices involves insufficient handling of the format string. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information with root privileges...
The vulnerability of SimpleHelp’s software for remote support stems from an incorrect limitation on the path to the restricted-access directory, allowing a perpetrator to disclose protected information.
The vulnerability of SimpleHelp’s software for remote support is related to an incorrect limitation on the path to the restricted-access directory. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...
The vulnerability of the Boost library in the Mercedes-Benz MBUX multimedia system allows a intruder to trigger a service failure.
The vulnerability of the Boost library in the Mercedes-Benz MBUX multimedia system is related to integer overflow when processing values of cid. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of Windows operating systems’ message queues allows attackers to induce service failures.
The vulnerability of Message Queuing in Windows operating systems is related to uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...
The vulnerability of Drupal’s REST & JSON API Authentication in the Drupal CMS system, related to incorrect authentication procedures, allows attackers to bypass existing security restrictions.
The vulnerability of Drupal’s REST & JSON API Authentication in the Drupal CMS system is related to improper authentication procedures. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions remotely...
The vulnerability of the CookieSigner class in the Apache Spark framework and the Apache Hive database allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the CookieSigner class in the Apache Spark framework and the Apache Hive database is related to the disclosure of the digital signature of cookies due to an incorrect mechanism for generating error reports. Exploiting this vulnerability can allow a remote attacker to gain...
The vulnerability of the unserialize() function in the Eloqua CMS system’s Drupal module allows a hacker to execute arbitrary code.
The vulnerability of the unserialize function in the Eloqua CMS system’s Drupal module is related to the restoration of unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Vulnerability of web-based interfaces for microprogramming software Wi-Fi routers such as Netis NX10, Netis 11AC Router NC65, Netis 11AC Router NC63, Netis 11AC Router NC21, and Netis Wifi Router MW5360 allow attackers to increase their privileges
The vulnerability of the web-based management interfaces for Netis microprogramming systems, including Netis NX10, Netis 11AC Router NC65, Netis 11AC Router NC63, Netis 11AC Router NC21, and Netis Wifi Router MW5360, lies in the ability to read data beyond the permitted range in memory. Exploitin...
Vulnerability of web-based interfaces for microprogramming systems: Wi-Fi routers such as Netis NX10, Netis 11AC Router NC65, Netis 11AC Router NC63, Netis 11AC Router NC21, and Netis Wifi Router MW5360 allow attackers to disclose protected information.
The vulnerability of the web-based management interfaces for Netis microprogramming systems, including Netis NX10, Netis 11AC Router NC65, Netis 11AC Router NC63, Netis 11AC Router NC21, and Netis Wifi Router MW5360, is related to insufficient protection for sensitive data. Exploiting this...
The vulnerability of the SSH configuration function on SonicOS operating systems allows a hacker to perform an SSRF attack.
The vulnerability of the SSH configuration function in SonicOS operating systems is related to insufficient validation of requests on the server side. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...
The vulnerability in the web interface of the Cisco Crosswork Network Controller (CNC) allows a attacker to execute XSS attacks.
The vulnerability in the web interface of the Cisco Crosswork Network Controller CNC management interface is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...