90509 matches found
The vulnerability in the isolated environment of the Web Content module of the Web pages displayed by the Safari browser and the visionOS, iOS, iPadOS, macOS operating systems allows a hacker to execute arbitrary code.
The vulnerability of the isolated Web Content module in the WebKit browser of Safari and the operating systems VisionOS, iOS, iPadOS, and macOS lies in the ability to write code outside of the allocated memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by...
The vulnerability of the reshardCollection command in the MongoDB database management system allows a attacker to compromise the integrity and accessibility of the protected information.
The vulnerability of the reshardCollection command in the MongoDB database management system is related to the reinsertion of data due to insufficient checks for unusual or exceptional states. Exploiting this vulnerability allows an attacker operating remotely to compromise the integrity and...
The vulnerability of the ArcGIS Pro geospatial information system and the ArcGIS AllSource software for analyzing operational data, related to the use of an unreliable search path, allows a perpetrator to execute arbitrary commands.
The vulnerability of the ArcGIS Pro geospatial information system and the ArcGIS AllSource software for analyzing operational data is related to the use of an unreliable search path. Exploiting this vulnerability could allow a attacker to execute arbitrary commands by loading a specially created...
The vulnerability of the parallel programming library for clusters, the Intel MPI Library, and the Intel oneAPI HPC Toolkit software development tools lies in its uncontrolled search path, which allows attackers to exploit their privileges.
The vulnerability of the parallel programming library for clusters, the Intel MPI Library, and the Intel oneAPI HPC Toolkit software development tools, is related to an uncontrollable element in the search process. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the Google Chrome browser’s Extensions API allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Google Chrome browser’s Extensions API is related to errors in information representation by the user interface. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information through a special extension of Chrome...
The vulnerability of the functions 0x8001E000() and 0x8001E004() of the system file IUProcessFilter.sys in the IObit Uninstaller uninstaller software allows a hacker to cause a service failure.
The vulnerability of the functions 0x8001E000 and 0x8001E004 of the system file IUProcessFilter.sys in the IObit Uninstaller uninstaller is related to pointer manipulation. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of Visual Studio Code’s JS Debug editor, related to vulnerabilities in access control, allows attackers to escalate their privileges.
The vulnerability of Visual Studio Code’s JS Debug editor for source code editing is related to deficiencies in access control. Exploiting this vulnerability could allow attackers to enhance their privileges...
The vulnerability of the software products of the LLC “NPO “MIR” is related to the presence of vulnerabilities in the borrowed components. This vulnerability allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the software products developed by LLC “NPO ‘MIR’ is related to the presence of vulnerabilities in the borrowed components. Exploiting these vulnerabilities could allow attackers who operate remotely to compromise the confidentiality, integrity, and accessibility of the...
The vulnerability of the adm_mod_pwd() function in the SSI service of the TRENDnet TEW-821DAP wireless access points allows a hacker to execute arbitrary code or cause a service failure.
The vulnerability of the admmodpwd function in the SSI microprogramming system of TRENDnet TEW-821DAP wireless access points is related to the escape operation from memory buffers when processing the username parameter. Exploiting this vulnerability allows an attacker to execute arbitrary code or...
The vulnerability of the TMOS Shell configuration tool’s IControl REST interface allows attackers to execute arbitrary commands. This vulnerability relates to the BIG-IP Access Policy Manager, as well as software programs such as BIG-IP Advanced Firewall Manager, BIG-IP Advanced Web Application Firewall, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Application Visibility and Reporting (AVR), BIG-IP Camer-Grade NAT (CGNAT), BIG-IP DDos Hybrid Defender, BIG-IP Domain Name System, BIG-IP Edge Gateway, BIG-IP Fraud Protection Service, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Inforcement Manager, BIG-IP SSL Orchestrator, BIG-IP Webaccelerator, and BIG-IP WebSafe.
The vulnerability of the TMOS Shell configuration tool’s IControl REST interface exists due to the lack of measures to neutralize specific elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...
Vulnerabilities of components in Linux operating system’s tick/broadcast kernel, allowing attackers to cause service failures
The vulnerability of Linux operating system’s stick/broadcast components is related to resource management errors. Exploiting this vulnerability can allow an attacker to cause service failures...
The vulnerability of the storvsc_on_io_completion() function in the drivers/scsi/storvsc_drv.c module of the Linux operating system’s SCSI device support driver allows a hacker to cause a service failure.
The vulnerability of the storvsconiocompletion function in the drivers/scsi/storvscdrv.c module of the Linux SCSI device support driver leads to uncontrolled resource consumption. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of Microprogrammed Software in HP LaserJet Pro, HP LaserJet Enterprise, and HP LaserJet Managed printers arises from buffer overflow in the stack, allowing attackers to execute arbitrary code and gain elevated privileges.
The vulnerability of Microprogrammed Software in HP LaserJet Pro, EHP LaserJet Enterprise, and HP LaserJet Managed printers is related to buffer overflow in the stack. Exploiting this vulnerability allows an attacker to execute arbitrary code and increase their privileges by sending data in...
The vulnerability of the Mobile Security Framework (MobSF) for mobile application security research lies in an incorrect pathname limitation, which allows a malicious actor to gain unauthorized access for reading, deleting protected information, and executing arbitrary code.
The vulnerability of the Mobile Security Framework MobSF for mobile application security research is related to an incorrect restriction on the path name to the directory. Exploiting this vulnerability could allow a remote attacker to gain unauthorized access to read, delete protected information...
The vulnerability of the udf component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the udf component in the Linux operating system’s kernel is related to integer overflow. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the xen-netfront component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the xen-netfront component in the Linux operating system’s kernel is related to resource management errors. Exploiting this vulnerability can allow an attacker to cause service failures...
The vulnerability of the lib/generic-radix-tree.c component in the Linux operating system’s kernel allows a hacker to cause a service failure.
The vulnerability of the lib/generic-radix-tree.c component in the Linux operating system’s kernel is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a system failure...
The vulnerability of the command-line interface (CLI) of the Fortinet FortiManager device management software and the FortiAnalyzer security event monitoring and analysis tool allows a malicious actor to gain access to read, modify, or delete data.
The vulnerability of the command-line interface CLI of the Fortinet FortiManager device management system and the FortiAnalyzer event monitoring and analysis tool is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow an...
The vulnerability of the platform’s management interface for deploying and managing LoadMaster applications allows a perpetrator to execute arbitrary commands.
The vulnerability of the platform’s management interface for deploying and managing LoadMaster applications is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using a specially created HTTP request...
The vulnerability of the Umbraco CMS system, related to the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks (XSS).
The vulnerability of the Umbraco CMS content management system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...
The vulnerability of the web interface of microprogramming software for programmable logic controllers SIMATIC S7-1200 allows a attacker to perform a CSRF attack.
The vulnerability of the web interface of microprogramming software for programmable logic controllers SIMATIC S7-1200 is related to the of cross-site requests. Exploiting this vulnerability can allow a malicious actor to execute a CSRF attack remotely...
The vulnerability of the SharedFileList component in MacOS operating systems allows a perpetrator to compromise the integrity of protected information.
The vulnerability of the SharedFileList component in MacOS operating systems is related to improper storage of permissions. Exploiting this vulnerability can allow an attacker to compromise the integrity of the protected information...
The vulnerability of the Security component of the MacOS operating system allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Security component of the MacOS operating system is related to the insecure storage of confidential information. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of the formSetSpeedWant function in the microprogramming software for Tenda AC18 allows a hacker to cause a service failure.
The vulnerability of the formSetSpeedWan function in the Tenda AC18 router’s microprogramming software is related to buffer overflow during the processing of the speeddir parameter. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
The vulnerability of the Accounts component in operating systems such as MacOs, iOS, and iPadOS allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Accounts component in MacOS, iOS, and iPadOS is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of Microsoft Office, Excel, and 365 Apps for Enterprise packages lies in their ability to exploit memory after it is freed, allowing an attacker to execute arbitrary code.
The vulnerability of Microsoft Office, Excel, and 365 Apps for Enterprise packages relates to the possibility of using memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the Kernel component in operating systems such as MacOs, iPadOS, iOS, watchOS, and tvOS allows attackers to elevate their privileges to a root level.
The vulnerability of the Kernel component in macOS, iPadOS, iOS, watchOS, and tvOS is related to permission handling errors. Exploiting this vulnerability can allow an attacker to elevate their privileges to a root level...
The vulnerability of software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B lies in the lack of protective measures for website structures, allowing attackers to perform cross-site scripting attacks (XSS).
The vulnerabilities of the software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B are related to the lack of measures taken to protect the website structure. Exploiting these vulnerabilities allows attackers to perform...
The vulnerability of the Microsoft SharePoint software package, related to improper authorization, allows a hacker to execute arbitrary code.
The vulnerability of the Microsoft SharePoint software package is related to improper authentication. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the “as_wazuh_object” function in the Wazuh intrusion detection and prevention system allows a perpetrator to execute arbitrary code.
The vulnerability of the “aswazuhobject” function in the Wazuh intrusion detection and prevention system is related to deficiencies in the deserialization mechanism of parameters from DistributedAPI. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a...
The vulnerability of the cifs component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the cifs component in the Linux operating system’s kernel is related to the pointer to NULL. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the python-multipart streaming multi-component parser lies in the inefficient complexity of regular expressions, allowing attackers to trigger a service failure.
The vulnerability of the python-multipart streaming multi-component parser is related to insufficient input validation when processing the HTTP header “Content-Type” value using regular expressions. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
The vulnerability of JavaScript script handlers in Google Chrome browsers allows attackers to partially compromise the accessibility of protected information.
The vulnerability of JavaScript script handlers in Google Chrome browsers relates to reading beyond the buffer boundary. Exploiting this vulnerability allows a malicious actor to partially compromise the accessibility of protected information through a specially crafted HTML page...
The vulnerability of Zyxel network device software of the CPE series exists due to the lack of measures taken to neutralize special elements used in the operating system commands. This allows attackers to execute arbitrary commands.
The vulnerability of Zyxel network devices of the CPE series exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with privileges as “supervisor” or...
The vulnerability of the functions sock_set_flag() and spin_unlock() (net/ipv4/udp.c) in the Linux kernel’s UDP component allows a attacker to cause a service failure.
The vulnerabilities of the functions socksetflag and spinunlock net/ipv4/udp.c in the Linux kernel’s UDP component are related to resource management errors. Exploiting these vulnerabilities could allow an attacker to cause a service failure...
The vulnerability of the Device Settings module in the LibreNMS network monitoring system allows a violator to perform cross-site scripting attacks.
The vulnerability of the Device Settings module in the LibreNMS network monitoring system is related to the lack of protective measures taken for the website structure when processing the Display Name field. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting...
The vulnerability in the host_templates.php script of the Cacti network monitoring software allows a hacker to execute arbitrary code.
The vulnerability of the hosttemplates.php script of the Cacti network monitoring software is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code...
The vulnerability of the Identity Manager software component, used for managing and controlling access to corporate resources and IBM Security Verify Governance applications, allows a perpetrator to execute a type of “man-in-the-middle” attack.
The vulnerability of the Identity Manager software component, which is used for managing and controlling access to corporate resources and applications in IBM Security Verify Governance, relates to the storage of sensitive data in an open manner. Exploiting this vulnerability could allow a...
The vulnerability of the Linux operating system’s Bluetooth kernel component, which allows a hacker to trigger a service failure
The vulnerability of the Linux operating system’s Bluetooth kernel component is related to errors that occur after the release of the software. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the Plasma Workspace graphical environment, related to incorrect session duration, allows a intruder to trigger a service failure.
The vulnerability of the Plasma Workspace graphical environment is related to incorrect session duration settings. Exploiting this vulnerability can allow an attacker to trigger a service failure...
Vulnerability of components fs/ext4/inode.c and fs/ext4/super.c in the Linux operating system’s kernel, which allows a hacker to cause a service failure
The vulnerability in the fs/ext4/inode.c and fs/ext4/super.c components of the Linux operating system’s kernel relates to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
The vulnerability of the Linux operating system’s kernel, related to unvalidated array indexing, allows a hacker to trigger a service failure.
The vulnerability of the Linux operating system’s kernel is related to unvalidated array indexing. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the Cleo Harmony, VLTrader, and LexiCom software platforms lies in their ability to allow unlimited loading of dangerous files, enabling attackers to execute arbitrary code.
The vulnerability of the software platforms Cleo Harmony, VLTrader, and LexiCom is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of SimpleHelp’s software for remote support stems from an incorrect limitation on the path to the restricted-access directory, allowing a perpetrator to disclose protected information.
The vulnerability of SimpleHelp’s software for remote support is related to an incorrect limitation on the path to the restricted-access directory. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...
The vulnerability of the QuTS operating systems and QTS network devices allows unauthorized access to protected information with root privileges, due to insufficient handling of format lines.
The vulnerability of the QuTS operating systems and QTS network devices involves insufficient handling of the format string. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information with root privileges...
The vulnerability of the Boost library in the Mercedes-Benz MBUX multimedia system allows a intruder to trigger a service failure.
The vulnerability of the Boost library in the Mercedes-Benz MBUX multimedia system is related to integer overflow when processing values of cid. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of Windows operating systems’ message queues allows attackers to induce service failures.
The vulnerability of Message Queuing in Windows operating systems is related to uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...
The vulnerability of Websoft HCM’s automation software for HR processes lies in the ability to load arbitrary files, allowing attackers to execute arbitrary code.
The vulnerability of Websoft HCM’s automation software for HR processes lies in the ability to load arbitrary files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by creating a specially crafted file...
The vulnerability of Drupal’s REST & JSON API Authentication in the Drupal CMS system, related to incorrect authentication procedures, allows attackers to bypass existing security restrictions.
The vulnerability of Drupal’s REST & JSON API Authentication in the Drupal CMS system is related to improper authentication procedures. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions remotely...
The vulnerability of the VSP Elevation function in the hardware virtualization technology of Windows Hyper-V operating systems allows attackers to elevate their privileges to the SYSTEM level.
The vulnerability of the VSP Elevation function in the hardware virtualization layer of Windows Hyper-V operating systems involves the possibility of exploiting memory after it is freed. Exploiting this vulnerability can allow an attacker to elevate their privileges to the SYSTEM level...