90509 matches found
The vulnerability of the Override View function in the Apache OFBiz resource planning software allows a hacker to execute arbitrary code.
The vulnerability of the Override View function in the Apache OFBiz enterprise resource planning software is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted requests remotely...
The vulnerability of the Microprogramming Software of Supermicro BMC controllers, related to the execution of operations outside the buffer in memory, allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Microprogrammed Software of Supermicro controllers involves the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of the Custom Actions component in the software support services of Zoho ManageEngine ServiceDesk Plus, Zoho ManageEngine ServiceDesk Plus MSP, and Zoho ManageEngine SupportCenter Plus allows a attacker to execute XSS attacks.
The vulnerability of the Custom Actions component in the software support services of Zoho ManageEngine ServiceDesk Plus, Zoho ManageEngine ServiceDesk Plus MSP, and Zoho ManageEngine SupportCenter Plus exists due to the lack of protective measures for the website structure. Exploiting this...
The vulnerability of the Updater component of the Google Chrome browser, which allows a hacker to escalate their privileges.
The vulnerability of the Updater component in Google Chrome browser is related to insufficient verification of data authenticity. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...
The vulnerabilities of the CPCI85 and SICORE processor control modules from Siemens SICAM, such as CP-8031, CP-8050, and SICAM EGS, allow attackers to downgrade the firmware version of the devices.
The vulnerability of the CPCI85 and SICORE processor module control systems from Siemens SICAM, such as CP-8031, CP-8050, and SICAM EGS, stems from the lack of authentication for critical functions. Exploiting this vulnerability allows a malicious actor to downgrade the firmware version of the...
The vulnerability of the Packet Forwarding Engine (PFE) mechanism in Juniper Networks’ Junos OS operating systems of the QFX5000 Series, EX4100 Series, EX4400 Series, and EX4650 Series devices allows a attacker to cause service interruptions.
The vulnerability of the Packet Forwarding Engine PFE mechanism in Juniper Networks’ Junos OS for devices in the QFX5000 Series, EX4100 Series, EX4400 Series, and EX4650 Series models is related to insufficient spatial partitioning. Exploiting this vulnerability can allow a malicious actor to cau...
The vulnerability of the microprogramming software of the ICU device and the iSTAR Pro door controller allows a intruder to carry out a “machine-in-the-midden” attack.
The vulnerability of the ICU tool and the iSTAR Pro door controller is related to the lack of authentication for critical functions. Exploiting this vulnerability could allow a remote attacker to execute a “midair attack”...
The vulnerability of the software used for creating, monitoring, and orchestrating data processing scripts in Airflow lies in improper code generation, allowing attackers to execute arbitrary code.
The vulnerability of the software used for creating, monitoring, and orchestrating data processing scripts in Airflow is related to improper code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by introducing specially crafted .md files...
The vulnerability of the Web Services Dynamic Discovery (WS-Discovery) protocol in Windows operating systems allows a perpetrator to cause a service failure.
The vulnerability of the Web Services Dynamic Discovery WS-Discovery protocol in Windows operating systems is related to improper handling of the absence of a specific element. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of the Azure DevOps Server software lies in the lack of protective measures for the website structure, allowing attackers to perform spear-phishing attacks.
The vulnerability of the Azure DevOps Server development tool is related to the lack of security measures for the website structure. Exploiting this vulnerability could allow attackers to perform spear-phishing attacks remotely...
The vulnerability of JavaScript script handlers in Microsoft Edge and Google Chrome browsers allows a perpetrator to execute arbitrary code on the target system.
The vulnerability of JavaScript script handlers in Microsoft Edge and Google Chrome browsers relates to access to resources through incompatible types. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on the target system using a specially created HTML page...
The vulnerability of the ath12k_htt_mlo_offset_event_handler() function in Qualcomm Technologies’ Linux-based Wi-Fi 7 driver allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the ath12khttmlooffseteventhandler function in the drivers/net/wireless/ath/ath12k/dprx.c file of the Qualcomm Technologies Wi-Fi 7 kernel for the Linux operating system is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an...
The vulnerability of Acquia DAM, a platform for organizing and managing digital assets, stems from lack of access control. This allows attackers to trigger service interruptions.
The vulnerability of Acquia DAM, a platform for organizing and managing digital assets, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to cause service interruptions...
The vulnerability of the gpio_chrdev_release() function in the Linux kernel driver for GPIO operations allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the gpiochrdevrelease function in the drivers/gpio/gpiolib-cdev.c file of the Linux kernel’s GPIO driver is related to the reutilization of previously freed memory due to concurrent access to resources. Exploiting this vulnerability could allow an attacker to compromise the...
The vulnerability of TP-Link Omada er605 microcontroller-based software is caused by buffer overflow in the stack, allowing an attacker to execute arbitrary code.
The vulnerability of TP-Link Omada er605 microprogramming software is caused by buffer overflow in the stack. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of controllers for hypervisor storage in VMware ESXi, VMware Workstation, and VMware Fusion allows a hacker to execute arbitrary code.
The vulnerability of storage controller devices in VMware ESXi, VMware Workstation, and VMware Fusion lies in the ability to read/write data beyond the allowed range. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the Siemens RUGGEDCOM CROSSBOW access control system allows a intruder to re-record any files in the system.
The vulnerability of the Siemens RUGGEDCOM CROSSBOW access control system lies in the validation of input data during the processing of sequence bypasses for directories. Exploiting this vulnerability allows a malicious actor to re-record any files in the system...
The vulnerability of the SSL-VPN portal for FortiOS operating systems and the proxy server used to protect against internet attacks by FortiProxy allows attackers to send packets from arbitrary IP addresses.
The vulnerability of the SSL-VPN portal for FortiOS operating systems and the FortiProxy proxy server used for protecting against internet attacks is related to insufficient verification of data authenticity. Exploiting this vulnerability allows a malicious actor to send packets from arbitrary IP...
The vulnerability of the mtk_spi_interrupt() function in the drivers/spi/spi-mt65xx.c file of the Mediatek SPI kernel for the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the mtkspiinterrupt function in the drivers/spi/spi-mt65xx.c file of the Mediatek SPI kernel for the Linux operating system is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the web server of the microprogramming software for asynchronous servers Moxa NPort 5100A allows a hacker to increase their privileges.
The vulnerability of the web server of Moxa NPort 5100A microprogramming software exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...
The vulnerability of the Microsoft ODBC Driver for SQL Server’s dynamic layout library, related to integer overflow, allows an attacker to execute arbitrary code.
The vulnerability of the Microsoft ODBC Driver for SQL Server dynamic sorting library is related to a numerical overflow condition. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
Vulnerability of the Server component: The Information Schema of the Oracle MySQL Server database management system, which allows a hacker to cause a service failure.
Vulnerability of the Server component: The information schema of the Oracle MySQL Server database management system is related to improper cleaning or release of resources. Exploiting this vulnerability may allow a malicious actor to cause service interruptions remotely...
The vulnerability of the downloader.php plugin of the WordPress Automatic Plugin system for website content management allows a attacker to perform an SSRF attack.
The vulnerability of the downloader.php plugin in the WordPress Automatic Plugin system for website content management involves insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack remotely...
The vulnerability of the secondscreen.gateway service on the LG WebOS operating system for LG TVs allows a hacker to create a privileged user account.
The vulnerability of the secondscreen.gateway service on the LG WebOS operating system for LG TVs involves exploiting a authentication mechanism by modifying configuration settings. Exploiting this vulnerability allows an attacker to create a privileged user account remotely...
The vulnerability of the service com.webos.service.connectionmanager/tv/setVlanStaticAddress in the LG WebOS operating system allows a hacker to execute arbitrary commands on behalf of the dbus user.
The vulnerability of the service com.webos.service.connectionmanager/tv/setVlanStaticAddress in the LG WebOS operating system exists because measures to neutralize the special elements used in the operating system commands have not been taken. Exploiting this vulnerability allows a malicious acto...
The vulnerability of the expr_delete_term() function in the YASM assembler allows a hacker to trigger a service failure.
The vulnerability of the exprdeleteterm function in the YASM assembler is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a perpetrator to cause a service failure...
The vulnerability of the extension of the Wikibase software for implementing the MediaWiki hypertext environment allows a hacker to cause a service failure.
The vulnerability of the extension of the Wikibase software for implementing the MediaWiki hypertext environment is related to the lack of speed limits on the merging of elements. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the ApiPageSet.php file of the software for implementing the MediaWiki hypertext environment allows a hacker to cause a service failure.
The vulnerability of the ApiPageSet.php file of the software for implementing the MediaWiki hypertext environment is related to an unlimited loop. When requesting this file, a RequestTimeoutException occurs, and the request is redirected to other options with specified redirections and converted...
The vulnerability of embedded Qualcomm microprogramming software, related to the lack of a data type conversion mechanism, allows attackers to execute arbitrary code.
The vulnerability of embedded software developed for Qualcomm chips lies in the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of TP-Link Omada ER605 VPN router’s microprogramming software arises from the lack of measures taken to eliminate special elements used in the operating system’s command set. This vulnerability allows a hacker to execute arbitrary code in the root user context.
The vulnerability of TP-Link Omada ER605 VPN router’s microprogramming software exists due to the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a remote attacker to execute arbitrary code in the root user’s...
The vulnerability of the oghttp-codec in the Envoy proxy server allows a hacker to trigger a service failure.
The vulnerability of the oghttp-codec in the implementation of the HTTP/2 protocol in the Envoy proxy is related to an error during request submission when exceeding the header size limit. This occurs due to the absence of the ENDHEADERS flag during the processing of CONTINUATION messages...
The vulnerability of Hitachi Vantara Pentaho Business Analytics Server lies in its ability to disclose information through a server error message, allowing an intruder to expose the protected information.
The vulnerability of Hitachi Vantara Pentaho Business Analytics Server relates to the disclosure of information through a server error message. Exploiting this vulnerability allows an attacker to remotely disclose the protected information...
The vulnerability of the formQuickIndex function in the /goform/QuickIndex file of the Tenda AC18 router’s microprogramming system allows a hacker to escalate their privileges.
The vulnerability of the formQuickIndex function in the /goform/QuickIndex module of the Tenda AC18 router’s microprogramming system relates to the ability to read data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to enhance their privileges ...
The vulnerability of the QTS, QuTS hero, and QuTScloud operating systems for QNAP network devices stems from the lack of measures to neutralize special elements, allowing attackers to execute arbitrary commands.
The vulnerability of the QTS, QuTS hero, and QuTScloud operating systems for QNAP network devices is related to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the Keycloak identity and access management software lies in its overly restrictive mechanism for blocking user accounts. This allows a malicious user to lock out the user from accessing their account.
The vulnerability of the Keycloak identity and access management software lies in its overly restrictive mechanism for blocking user accounts. Exploiting this vulnerability could allow a malicious actor to remotely block a user’s access to their account...
The vulnerability of the WDAC OLE DB driver for SQL Server on Windows operating systems allows a hacker to execute arbitrary code.
The vulnerability of the WDAC OLE DB driver for SQL Server on Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the Windows operating system’s kernel, which allows a hacker to bypass security restrictions
The vulnerability of the Windows operating system’s kernel is related to security configuration errors. Exploiting this vulnerability can allow a hacker to bypass security restrictions...
The vulnerability of the correctMkdir component in the npm package manager allows a attacker to circumvent existing security restrictions.
The vulnerability of the correctMkdir component in the npm package manager is related to the improper assignment of permissions for the critical resource. Exploiting this vulnerability could allow an attacker to circumvent existing security restrictions...
The vulnerability of the Pragmatic General Multicast protocol implementation in Windows operating systems allows a hacker to execute arbitrary code.
The vulnerability of the Pragmatic General Multicast protocol implementation in Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the XWiki Platform, which exists due to the lack of measures to neutralize special elements, allows a violator to gain unauthorized access to any arbitrary page.
The XWiki platform is vulnerable because special elements are not being eliminated from it. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to any arbitrary page...
The vulnerability of the XWiki Platform, a platform for creating collaborative web applications, lies in the lack of protective measures for the website structure, allowing attackers to execute arbitrary JavaScript code.
The vulnerability of the XWiki Platform lies in the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code remotely...
The vulnerability of the aiohttp HTTP client, related to deficiencies in HTTP request processing, allows attackers to execute the “HTTP request hijacking” attack.
The vulnerability of the aiohttp HTTP client is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to perform an “HTTP request hijacking” attack...
The vulnerability of the microprogrammed software of the MELSEC WS0-GETH00200 programmable logic controllers, related to bypassing the authentication process, allows a intruder to circumvent the authentication mechanism.
The vulnerability of the microprogrammed software of the MELSEC WS0-GETH00200 programmable logic controllers is related to the bypassing of the authentication process. Exploiting this vulnerability allows an attacker to bypass the authentication process remotely...
The vulnerability of the Rapid SCADA system, related to the storage of passwords in an unencrypted form, allows a intruder to gain unauthorized access to protected information.
The vulnerability of the SCADA system Rapid SCADA is related to the storage of passwords in an unencrypted form. Exploiting this vulnerability can allow a intruder to gain unauthorized access to protected information...
The vulnerability of the Rapid SCADA system, related to deficiencies in the error reporting mechanism, allows a intruder to gain unauthorized access to protected information.
The vulnerability of the SCADA system Rapid SCADA is related to deficiencies in the mechanism for generating error reports. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to protected information by sending specially crafted requests...
The vulnerability of the DevmemIntMapPMR() function in the PowerVR GPU driver for Android and ChromeOS allows a hacker to execute arbitrary code and gain elevated privileges.
The vulnerability of the DevmemIntMapPMR function in the PowerVR GPU driver for Android and ChromeOS operating systems is related to the use of memory after it has been freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code and gain elevated privileges...
The vulnerabilities of microprogramming software in FeverWarn ESP32, FeverWarn RaspberryPi systems, and FeverWarn DataHub RaspberryPi, a system for centralized data storage and management, allow attackers to gain unauthorized access to protected information.
The vulnerability of the microprogramming software for thermal scanning systems—FeverWarn ESP32, FeverWarn RaspberryPi, and the centralized data storage and management system—FeverWarn DataHub RaspberryPi—is related to the absence of authentication procedures for critical functions during MQTT...
The vulnerability of the jas_image_decode() function in the JPC library, which allows an attacker to execute arbitrary code.
The vulnerability of the jasimagedecode function in the JPC library for the JasPer set is related to the issue where the operation exits the buffer boundaries during the processing of ICC profiles. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
The vulnerability of the Anti-Malware module of the Trend Micro Deep Security Agent operating system for Windows allows a malicious actor to escalate their privileges and execute arbitrary code.
The vulnerability of the Anti-Malware module of the Trend Micro Deep Security Agent antivirus protection software for Windows operating systems is related to an incorrect definition of symbolic links before accessing a file. Exploiting this vulnerability can allow attackers to increase their...
The vulnerability of the devinfo interface in D-Link’s microprogrammed router software allows a intruder to gain unauthorized access to protected information.
The vulnerability of the devinfo interface in D-Link’s microprogrammed router software is related to insufficient protection of operational data during the processing of the area parameter. Exploiting this vulnerability allows an attacker to gain unauthorized access to protected information by...