90509 matches found
The vulnerability of the monitoring system for critical equipment, StruxureWare Data Center Expert, relates to the possibility of embedding commands that allow a intruder to execute arbitrary code.
The vulnerability of the StruxureWare Data Center Expert monitoring system relates to the possibility of executing commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the software environment of Siemens Tecnomatix Plant Simulation allows a perpetrator to execute arbitrary code.
The vulnerability of the software environment of Siemens Tecnomatix Plant Simulation lies in the writing beyond buffer boundaries. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created SPP file...
The vulnerability in the set of Sysinternals system utilities for Windows operating systems allows a hacker to trigger a service failure.
The vulnerability in the Sysinternals system utilities for Windows operating systems is related to the improper release of resources. Exploiting this vulnerability can allow an attacker to cause service failures...
The vulnerability of the Snowflake NodeJS driver for working with cloud-based data processing platforms and Snowflake’s data processing capabilities on the NodeJS platform allows attackers to execute arbitrary code.
The vulnerability of the Snowflake NodeJS driver for working with cloud-based data processing platforms and Snowflake data on the NodeJS platform is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Windows GDI component in Microsoft Windows operating systems allows attackers to escalate their privileges.
The vulnerability of the Windows GDI component in Microsoft Windows systems is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the SetSysEmailSettings function in the application software interface of D-Link DIR-2150 router software allows a hacker to execute arbitrary code.
The vulnerability of the SetSysEmailSettings function in the application software interface of D-Link DIR-2150 router microprogramming devices is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using specially...
Vulnerability of the Server component: Security: Privileges of the Oracle MySQL Server database management system, which allows a hacker to cause a service failure.
The vulnerability of the Server component, specifically the Security: Privileges section of the Oracle MySQL Server database management system, is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to cause service interruptions using the MySQL...
Vulnerability of the Server component: The Oracle MySQL Server database management system’s DDL functions allow attackers to gain unauthorized access to protected information.
Vulnerability of the Server component: The DDL system for managing databases, Oracle MySQL Server, has vulnerabilities related to insufficient protection of operational data. Exploiting these vulnerabilities can allow unauthorized attackers to gain unauthorized access to protected information usi...
The vulnerability of the D-Link DIR-615 T1 network device’s microprogramming software arises from the lack of protective measures for the website structure. This allows attackers to carry out XSS attacks.
The vulnerability of the D-Link DIR-615 T1 network device’s microprogramming software exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
The vulnerabilities of D-Link DIR-550A and DIR-604M router microprogramming software allow attackers to enhance their privileges.
The vulnerability of D-Link DIR-550A and DIR-604M router microprogramming software is related to insecure resource initialization. Exploiting this vulnerability can allow a malicious actor to gain increased privileges...
The vulnerability of the /userfs/bin/tcapi file of the Diagnostics microprogramming system for the D-Link DSL-3782 router allows a hacker to execute arbitrary code.
The vulnerability of the /userfs/bin/tcapi file of the Diagnostics microprogramming system for the D-Link DSL-3782 router lies in the fact that the output of the operation goes beyond the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the LoginPassword function in the application software interface of D-Link DIR-2150 router software allows a hacker to bypass existing security restrictions.
The vulnerability of the LoginPassword function in the application software interface of D-Link DIR-2150 router software relates to the bypassing of authentication processes. Exploiting this vulnerability allows an attacker to circumvent existing security restrictions by using a specially created...
The vulnerability of the microprogramming software for Rockwell Automation’s ArmorStart ST distributed controllers allows attackers to execute cross-site scripting (XSS) attacks.
The vulnerability of the microprogramming software for Rockwell Automation’s ArmorStart ST distributed controllers is related to deficiencies in the validation of user-input data. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting XSS attacks remotely...
The vulnerability of the /userfs/bin/tcapi file of the Diagnostics microprogramming system for the D-Link DSL-3782 router, related to the issue of writing operations outside the buffer in memory, allows a hacker to execute arbitrary code.
The vulnerability of the /userfs/bin/tcapi file of the Diagnostics microprogramming system for the D-Link DSL-3782 router lies in the fact that the output of the operation goes beyond the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the ABB eSOMS software for managing production processes allows a hacker to execute arbitrary code.
The vulnerability of the ABB eSOMS software for managing production processes is related to the absence of the X-Content-Type-Options Header in the HTTP response. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the GetDeviceSettings function in the application software interface of D-Link DIR-2150 router software allows a hacker to execute arbitrary code.
The vulnerability of the GetDeviceSettings function in the application software interface of D-Link DIR-2150 router microprogramming devices is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using specially...
The vulnerability of HMI/SCADA CONPROSYS HMI, which stems from insufficient verification of incoming requests, allows a hacker to perform an SSRF attack.
The vulnerability of HMI/SCADA CONPROSYS HMI is related to insufficient checking of incoming requests. Exploiting this vulnerability can allow a malicious actor to perform an SSRF attack remotely...
The vulnerability of the drivers zam64.sys and zam32.sys in the MalwareFox AntiMalware antivirus software allows a hacker to gain increased privileges.
The vulnerability of the zam64.sys and zam32.sys drivers in the MalwareFox AntiMalware software is related to deficiencies in access control. Exploiting this vulnerability can allow a hacker to enhance their privileges...
The vulnerability of Juniper Networks’ Junos OS Evolved operating system, related to deficiencies in authentication procedures, allows attackers to execute arbitrary commands.
The vulnerability of Juniper Networks’ Junos OS Evolved operating system is related to deficiencies in the authentication process. Exploiting this vulnerability allows an attacker to execute arbitrary commands using the sysmanctl command...
The vulnerability of the HNAP1 protocol implementation in D-Link DIR-846 router microprogramming software allows a attacker to execute arbitrary commands.
The vulnerability of the HNAP1 protocol implementation in D-Link DIR-846 router microprogramming software is related to the failure to take measures to neutralize special elements used in the operating system’s command processing for handling the tomographypingaddress parameter. Exploiting this...
Vulnerability of the Server component: Security: Roles of the Oracle MySQL Server database management system, which allows a hacker to cause a service failure.
The vulnerability of the Server component: Security: Roles of the Oracle MySQL Server database management system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to cause service interruptions using the MySQL protocol...
The vulnerability of the Schema Handler component in the PostgreSQL database management system allows attackers to circumvent security restrictions.
The vulnerability of the Schema Handler component in the PostgreSQL database management system is related to security configuration errors. Exploiting this vulnerability allows a malicious actor to bypass security restrictions remotely...
Vulnerability of the Server component: Security: Roles of the Oracle MySQL Server database management system, which allows a hacker to cause a service failure.
The vulnerability of the Server component: Security: Roles of the Oracle MySQL Server database management system is related to insufficient validation of input data. Exploiting this vulnerability may allow an attacker to cause service interruptions using the MySQL protocol...
The vulnerability of Emerson Rosemount X-STREAM Enhanced flow analyzers’ microprogramming software lies in the possibility of sending a cookie session file, allowing an intruder to gain unauthorized access to protected information.
The vulnerability of Emerson Rosemount X-STREAM Enhanced flow analyzers’ microprogramming software relates to the ability to send a cookie session file. Exploiting this vulnerability could allow an unauthorized actor to gain unauthorized access to protected information...
The vulnerability of the built-in software of the ARIS controller lies in the insufficient protection of operational data, allowing attackers to obtain user authentication credentials.
The vulnerability of the ARIS controller’s built-in software is related to insufficient protection of authentication data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to obtain user authentication data from the web interface...
The vulnerability of the built-in software of the ARIS controller, related to the disclosure of confidential information, allows a perpetrator to gain access to critical data.
The vulnerability of the built-in software of the ARIS controller relates to the exposure of confidential information. Exploiting this vulnerability could allow a remote attacker to gain access to critical information...
The vulnerability of the Red Hat Enterprise Linux operating system, related to access control deficiencies, allows a intruder to gain unauthorized access to limited functions.
The vulnerability of the Red Hat Enterprise Linux operating system is related to lack of access control. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to limited functions...
The vulnerability of the xt_replace_table() function in the net/netfilter/x_tables.c module of the Linux kernel’s netfilter firewall allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the xtreplacetable function in the net/netfilter/xtables.c module of the Linux kernel’s netfilter firewall is related to the use of previously freed memory due to competitive access to resources. This occurs due to insufficient synchronization between processes. Exploiting th...
The vulnerability in the web interface for managing microprogrammed software in Cisco Small Business Series switches allows a perpetrator to execute arbitrary code.
The vulnerability in the web interface for managing microprogrammed software in Cisco Small Business Series switches is related to buffer overflow in the stack. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted request...
The vulnerability of the adreno_set_param() function in the drivers/gpu/drm/msm/adreno/adreno_gpu.c file of the MSM DRM kernel in the Linux operating system allows a hacker to compromise the confidentiality, integrity, and accessibility of data.
The vulnerability of the adrenosetparam function in the drivers/gpu/drm/msm/adreno/adrenogpu.c file of the MSM DRM kernel in the Linux operating system is related to the use of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...
The vulnerability of the Linux operating system’s kernel InfiniBand driver allows a hacker to trigger a service failure or increase their privileges.
The vulnerability in the Linux operating system’s kernel InfiniBand driver is related to the improper preparation of parameters for the rdmabindaddr function. This leads to reading beyond the allocated memory boundary in the comparenetdevandip function within the drivers/infiniband/core/cma.c...
The vulnerability of the microprogrammed software of NETGEAR’s RAX30, RAX35, RAX38, RAX40, and RAXE300 routers allows a hacker to execute arbitrary code.
The vulnerability of the microprogrammed software of NETGEAR’s RAX30, RAX35, RAX38, RAX40, and RAXE300 routers lies in the lack of protection for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary code using specially crafted SOAP requests...
The vulnerability of the Interoperability SEC component of the JD Edwards EnterpriseOne Tools system for resource management allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Interoperability SEC component of the JD Edwards EnterpriseOne Tools system for resource management involves insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected...
The vulnerability of the start() function in the implementation of the WindowsContainerStartRequest class on the Docker Desktop for Windows development and delivery platform allows a attacker to gain access to read, modify, and delete data, thereby increasing their privileges.
The vulnerability of the start function in the implementation of the WindowsContainerStartRequest class for the Docker Desktop for Windows development and delivery platform is related to a race condition that allows tracking of links in the data-root directory for the DaemonJSON parameter...
The vulnerability in the web interface for managing microprogrammed software routers of Cisco Small Business models RV016, RV042, RV042G, RV082, RV320, and RV325 allows a hacker to execute arbitrary commands.
The vulnerability of the web interface for managing microprogrammed software routers from Cisco, such as Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325, is related to insufficient validation of input data during the processing of HTTP packets. Exploiting this vulnerability...
The vulnerability of the centralized identification and access control solution FortiAuthenticator lies in its failure to address HTML tags, allowing attackers to carry out cross-site scripting attacks.
The vulnerability of the centralized authentication and access management solution FortiAuthenticator is related to the failure to implement measures to neutralize HTML tags. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks using a password reset...
The vulnerability of the Substance 3D Stager software lies in its reliance on memory after it is freed, allowing an attacker to execute arbitrary code.
The vulnerability of the Substance 3D Stager software-related 3D design software is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created file...
The vulnerability of the CAPWAP control protocol implementation in the Cisco IOS XE operating system allows a attacker to trigger a service failure.
The vulnerability of the CAPWAP control protocol implementation in the Cisco IOS XE operating system is related to the use of resources with similar identifiers. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
The vulnerability of Hitachi Vantara Pentaho Business Analytics Server’s server lies in its report-generation mechanism’s deficiencies, which allows attackers to gain unauthorized access to protected information.
The vulnerability of Hitachi Vantara Pentaho Business Analytics Server relates to deficiencies in the mechanism for generating error reports. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the Screen Creator Advance 2 software lies in the execution of operations beyond the buffer boundaries in memory, allowing an attacker to execute arbitrary code.
The vulnerability of the Screen Creator Advance 2 software is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created malicious file...
The vulnerability of the SCADA system ProMIS InSCADA, related to improper protection of error messages sent out, allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the SCADA system ProMIS InSCADA is related to improper protection of error messages sent out. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability in the implementation of the TLS protocol in the Linux operating system allows a attacker to cause a service failure.
The vulnerability in the implementation of the TLS protocol in Linux operating systems is related to the lack of checks on a certain data structure field, which can lead to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine allows attackers to execute arbitrary code.
The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine is related to type conversion errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created HTML page...
The vulnerability of the goform/formWPS component of D-Link’s N300 WI-Fi DIR-605 router software allows a hacker to execute arbitrary code.
The vulnerability of the goform/formWPS component of D-Link’s N300 WI-Fi DIR-605L router software arises due to an overflow in the buffer on the stack. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of NVIDIA GeForce Experience’s software, related to an uncontrolled search path, allows a hacker to execute arbitrary code.
The vulnerability of NVIDIA GeForce Experience software relates to an uncontrolled element in the search process. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of FortiWeb web applications’ network firewalls arises from incorrect restrictions on the path to the restricted access catalog, allowing attackers to gain unauthorized access to protected information.
The vulnerability of FortiWeb web applications’ network firewalls is related to incorrect restrictions on the path name to the restricted access catalog. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information through a special...
The vulnerability of the Micrium real-time operating system’s HTTP server allows attackers to execute arbitrary code.
The vulnerability of a real-time Micrium operating system’s HTTP server relates to buffer overflow attacks. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary code by sending a specially crafted HTTP request...
The vulnerability of Adobe Connect’s instant messaging program, related to deficiencies in access control, allows attackers to circumvent existing security restrictions.
The vulnerability of Adobe Connect’s instant messaging program is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to bypass existing security restrictions remotely...
The vulnerability of the Protected Extensible Authentication Protocol (PEAP) implementation in Windows operating systems allows a perpetrator to induce a service failure.
The vulnerability of the Protected Extensible Authentication Protocol PEAP implementation in Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures...
The vulnerability of the WDAC OLE DB driver for SQL Server on Windows operating systems allows a hacker to execute arbitrary code.
The vulnerability of the WDAC OLE DB driver for SQL Server on Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted malicious packages remotely...