90509 matches found
Multiple vulnerabilities in the configuration function of the administrative graphical interface of Cisco Wireless LAN Controller software allow a malicious individual to cause service failures.
Multiple vulnerabilities exist in the configuration function of the administrative graphical interface of Cisco Wireless LAN Controller microprogramming system. These vulnerabilities arise due to insufficient validation of input data. Exploitation of these vulnerabilities could allow a malicious...
The vulnerability of the libmpeg2 library in the Media Framework of the Android operating system allows a hacker to execute arbitrary code within the context of a privileged process.
The vulnerability of the libmpeg2 library in the Media Framework of the Android operating system is related to lack of access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of a privileged process using a specially crafted file...
The vulnerability of the FFmpeg multimedia library, which allows a hacker to perform recording beyond the memory limit
The vulnerability of the FFmpeg multimedia library arises from an overflow in the buffer in the dynamic memory. Exploiting this vulnerability allows a malicious actor to perform write operations beyond the memory boundaries, related to the function ffh264SliceContextInit in libavcodec/h264dec.c...
Vulnerabilities in the Google Chrome browser that allow a perpetrator to trigger a service failure or cause other effects
The multiple vulnerabilities of the Google Chrome browser are related to code errors. Exploiting these vulnerabilities can allow a malicious actor to cause service interruptions or potentially have other adverse effects...
The vulnerability of the Adobe Experience Manager content and media data management system lies in the insufficient protection of the website structure, allowing attackers to execute arbitrary code.
The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the setDiagnosisCfg() function in the cstecgi.cgi script of the mesh-system TOTOLink T6 software allows a intruder to execute arbitrary code.
The vulnerability of the setDiagnosisCfg function in the cstecgi.cgi script of the mesh-system TOTOLink T6 software is related to the issue of the operation exceeding the buffer boundaries in memory when processing the ip parameter. Exploiting this vulnerability allows a remote attacker to execut...
The vulnerability of software for accessing analytics and planning tools in the IBM Analytics Content Hub, related to the disclosure of information through source code, allows a perpetrator to disclose protected information.
The vulnerability of the software for accessing analytics and planning tools in the IBM Analytics Content Hub is related to the disclosure of information through the source code. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...
The vulnerability of the online platform GarminConnect, related to the lack of measures taken to protect the SQL query structure, allows a perpetrator to access protected information.
The vulnerability of the online platform GarminConnect relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability could allow an attacker to access protected information...
Yandex Music
...
The vulnerability of the pageattr.c component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the pageattr.c component in the Linux operating system’s kernel is related to the use of blocking code in a single-threaded, non-blocking context. Exploiting this vulnerability can allow an attacker to cause a service failure...
Vulnerability of the enetc_clear_bdrs() function in the drivers/net/ethernet/freescale/enetc/enetc.c module – This driver for supporting Ethernet adapter devices in the Freescale Linux operating system allows a malicious actor to compromise the confidentiality and accessibility of protected information.
Vulnerability of the enetcclearbdrs function in the drivers/net/ethernet/freescale/enetc/enetc.c module – The driver for supporting Ethernet adapter devices in the Freescale Linux operating system has a vulnerability that leads to uncontrolled resource consumption. Exploiting this vulnerability...
The vulnerability of the SQL concat_ws() function in the SQLite database management system, allowing a hacker to cause a service failure
The vulnerability of the SQL concatws function in the SQLite database management system is related to integer overflow. Exploiting this vulnerability could allow an attacker to cause a service failure through the malloc parameter...
The vulnerability of the /cgi-bin/ExportIbmsConfig.sh file, a component of the IBMS Configuration File Handler microprogramming system for TOTOLINK A3000RU routers, allows a hacker to trigger a service failure.
The vulnerability of the /cgi-bin/ExportIbmsConfig.sh file, a component of the IBMS Configuration File Handler microprogramming system for TOTOLINK A3000RU routers, is related to access control deficiencies. Exploiting this vulnerability could allow an attacker to cause service interruptions...
Vulnerability of the Server component: The Optimizer component of the MySQL Server database management system, which allows a hacker to cause a service failure.
The vulnerability of the MySQL Server component of the database management system involves the improper assignment of permissions to a critical resource. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...
The vulnerability of the PHP library TCPDF, related to incorrect pathname restrictions for restricted access directories, allows attackers to gain unauthorized access to protected information.
The vulnerability of the PHP library TCPDF lies in the incorrect path limitation for the access to the restricted directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
Vulnerability of the dpll_nl_pin_get_dumpit() function in the drivers/dpll/dpll_netlink.c module – A DPLL driver for the Linux operating system that allows a hacker to cause a service failure.
Vulnerability of the dpllnlpingetdumpit function in the drivers/dpll/dpllnetlink.c module – The DPLL driver support in Linux kernels is vulnerable to synchronization errors when using shared resources. Exploiting this vulnerability can allow attackers to cause service failures...
The vulnerability of BitLocker’s data protection function in the Microsoft Windows operating system allows attackers to circumvent existing security restrictions.
The vulnerability of BitLocker’s data protection function in the Microsoft Windows operating system is related to a breach of the data protection mechanism. Exploiting this vulnerability could allow an attacker to circumvent existing security restrictions...
The vulnerability of the ipsec_net_asp function in the D-Link DI-8100 network device allows a hacker to execute arbitrary code.
The vulnerability of the ipsecnetasp function in the D-Link DI-8100 network device’s microprogramming software is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially...
The vulnerability of the ionic_xdp_xmit() function in the drivers/net/ethernet/pensando/ionic/ionic_txrx.c module of the Linux kernel allows a attacker to cause a service failure.
The vulnerability of the ionicxdpxmit function in the drivers/net/ethernet/pensando/ionic/ionictxrx.c file of the Linux kernel is related to pointer manipulation. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the adjust_ptr_min_max_vals() function in the kernel/bpf/verifier.c module, which is part of the BPF interpreter support in the Linux operating system’s kernel, allows attackers to compromise the confidentiality and accessibility of protected information.
The vulnerability of the adjustptrminmaxvals function in the kernel/bpf/verifier.c module, which is part of the BPF interpreter for Linux operating systems, is related to incorrect validation of input data. Exploiting this vulnerability could allow an attacker to compromise the confidentiality an...
The vulnerability of the Mozilla Firefox browser, related to errors in information representation by the user interface, allows a hacker to replace the address bar.
The vulnerability of the Mozilla Firefox browser is related to errors in information representation by the user interface. Exploiting this vulnerability allows a malicious actor to substitute the address bar with a specially created link...
The vulnerability of the Linux operating system’s kernel Wi-Fi component, which allows a hacker to trigger a service failure
The vulnerability of the Linux operating system’s kernel Wi-Fi component is related to improper validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures...
The vulnerability of the Drupal Security Kit module in the Drupal CMS system allows attackers to trigger a service failure.
The vulnerability of the Drupal Security Kit CMS system’s module is related to access to resources through incompatible types. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures...
The vulnerability of the mgmt_mesh_foreach() function in the net/bluetooth/mgmt_util.c module of operating systems running on Linux allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information, or cause service failures.
The vulnerability of the mgmtmeshforeach function in the net/bluetooth/mgmtutil.c module of Linux operating systems is related to iterating over an inappropriate list called mgmtpending, which contains elements of type struct mgmtpendingCmd instead of struct mgmtmeshtx. Exploiting this...
The vulnerability of the network authentication protocol used by the Firebird software components, “Population Cancer Registry” and “Hospital Cancer Registry,” allows attackers to intercept traffic.
The vulnerability of the network authentication protocol used by the Firebird software’s “Population Cancer Registry” and “Hospital Cancer Registry” components is related to the use of a insecure authentication method called LegacyAuth. Exploiting this vulnerability allows a malicious actor to...
The vulnerability of the formSetCfm() function in the Tenda AC18 router’s microprogramming software allows a hacker to execute arbitrary code or cause a service failure.
The vulnerability of the formSetCfm function in the Tenda AC18 router’s microprogramming software is related to the issue where the write operation goes beyond the buffer boundaries in memory when processing the funcpara1 parameter. Exploiting this vulnerability allows a remote attacker to execut...
The vulnerability of Websoft HCM’s automation software for HR processes stems from improper path handling, allowing attackers to perform arbitrary file operations outside of the directory.
The vulnerability of Websoft HCM’s automation software for HR processes arises from improper handling of paths during the loading of specially crafted files. Exploiting this vulnerability allows an attacker to perform arbitrary file operations outside the directory...
The vulnerability in the SSLapp.cgi web interface of the DrayTek Vigor router software allows a attacker to trigger a Denial-of-Service Attack (DoS).
The vulnerability in the SSLapp.cgi web interface of the DrayTek Vigor router software lies in the buffer overflow that occurs during the processing of the sAppName parameter. Exploiting this vulnerability allows an attacker to trigger a Denial-of-Service Attack DoS from a remote location...
The vulnerability in the getSyslogFile function of the mainfunction.cgi web interface of the DrayTek Vigor router software allows a malicious individual to gain unauthorized access to confidential system files.
The vulnerability of the getSyslogFile function in the mainfunction.cgi web interface of the DrayTek Vigor router software is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain...
The vulnerability of the DefaultServlet server servlet in the Apache Tomcat application server allows a attacker to execute arbitrary code.
The vulnerability of the DefaultServlet server component in the Apache Tomcat application server is related to synchronization errors when using shared resources „Race Conditions“. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerabilities of the 3D viewing tool JTJT2Go, the Product Lifecycle Management system Teamcenter Visualization, and the 3D geometric modeling tool Parasolid allow a perpetrator to execute arbitrary code.
The vulnerability of the 3D viewing tool JT, JT2Go, the product lifecycle management system Teamcenter Visualization, and the 3D geometric modeling tool Parasolid relates to reading data beyond the buffer in memory. Exploiting this vulnerability can allow attackers to execute arbitrary code using...
The vulnerability of the virtio-net component of the QEMU hardware emulation software allows a attacker to induce a service failure.
The vulnerability of the virtio-net device emulation component in QEMU is related to the operation of writing data beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to cause a system failure...
The vulnerability of the frommacFilterModify function in the /goform/operateMacFilter module of the Tenda wireless access point software allows a intruder to execute arbitrary code or cause a service failure.
The vulnerability of the frommacFilterModify function in the /goform/operateMacFilter microprogramming system for the wireless access point Tenda is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrar...
The vulnerability of the Ezviz Internet PT camera’s microprogramming software allows a intruder to gain unauthorized access to the real-time video stream.
The vulnerability of Ezviz Internet PT Camera’s microprogramming software lies in the ability to gain remote access to real-time video streams by creating RTSP packets with specific URL addresses. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to real-time vide...
The vulnerability of the Frames component in Google Chrome and Microsoft Edge browsers allows a hacker to execute arbitrary code.
The vulnerability of the Frames component in Google Chrome and Microsoft Edge is related to synchronization errors when using a shared resource. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
The vulnerabilities of LOV components in terms of technical maintenance, repairs, and major system overhauls of Oracle Complex Maintenance, Repair, and Overhaul systems. These systems are part of the Oracle E-Business Suite, allowing attackers to gain access to read, modify, add, or delete data.
The vulnerability of LOV components in terms of technical maintenance, repairs, and major overhauls of Oracle system equipment exists due to insufficient verification of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or...
The vulnerability of the CRI-O Container Engine’s application programming interface, a software platform for managing clusters of virtual machines in Kubernetes, relates to the distribution of resources without any restrictions or controls. This allows a malicious actor to trigger service failures.
The vulnerability of the CRI-O Container Engine’s application programming interface, a software platform for managing clusters of virtual machines in Kubernetes, is related to an experimental exploit that allows containers to become unlimited in size. Exploiting this vulnerability could enable a...
The vulnerability of the microprogrammed software of Emerson Rosemount X-STREAM flow analyzers allows a intruder to disclose protected information.
The vulnerability of Microprogrammed Software in Emerson Rosemount X-STREAM flow analyzers is related to insufficient encryption reliability. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...
The vulnerability of NVIDIA’s SBIOS system, specifically the DGX A100 server, allows a hacker to trigger a service failure.
The vulnerability of NVIDIA’s SBIOS system, specifically the DGX A100 server, is related to incorrect dynamic analysis of variables. Exploiting this vulnerability can allow attackers to cause service failures...
The vulnerability of the H5Dchunk.c component in the HDF5 file processing library allows a attacker to cause a service failure.
The vulnerability of the H5Dchunk.c component in the HDF5 file processing library is related to the lack of checks for division by zero. Exploiting this vulnerability can allow a remote attacker to cause a service failure using a specially created HDF file...
The vulnerability of iMind video conferencing software lies in its ability to allow the insertion of code or data, enabling a hacker to execute arbitrary code with administrative privileges.
The vulnerability of the iMind video conference software relates to the possibility of code or data being injected into the system. Exploiting this vulnerability allows a malicious actor to execute arbitrary code with administrative privileges...
The web interface of Netgear’s SRX5308 router software has vulnerabilities that allow attackers to carry out cross-site scripting attacks.
The vulnerability in the web interface of Netgear’s SRX5308 router software exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to carry out a cross-site scripting attack by sending a specially crafted HTTP request...
The vulnerability of the gf_odf_vvc_cfg_read_bs() function on the GPAC multimedia platform allows a hacker to execute arbitrary code or cause service failures.
The vulnerability of the gfodfvvccfgreadbs function on the GPAC multimedia platform is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code or cause service failures...
Vulnerability of the `getUsersOfRoom` method in the server-based corporate messaging system that supports file sharing and video conferencing in Rocket. This chat feature allows attackers to expose sensitive information.
The vulnerability of the getUsersOfRoom method in the server-based corporate messaging system that supports file sharing and video conferences in Rocket. Chat involves insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to disclose sensitive informatio...
The vulnerability of the Mozilla Firefox browser for Android, related to deficiencies in access control, allows attackers to circumvent existing security restrictions.
The vulnerability of the Mozilla Firefox browser for Android is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions remotely...
Microsoft Edge browser’s vulnerability, related to improper code generation management, allows attackers to escalate their privileges.
The vulnerability of Microsoft Edge is related to incorrect code generation management. Exploiting this vulnerability can allow a remote attacker to gain increased privileges...
The vulnerability of the XNU kernel in Apple iOS and Mac OS systems allows attackers to escalate their privileges or execute arbitrary code.
The vulnerability of the XNU kernel in Apple’s iOS and Mac OS systems is related to type conversion errors. Exploiting this vulnerability can allow attackers to enhance their privileges or execute arbitrary code by running a specially created application...
The vulnerability of Google Chrome web browser’s Safe Browsing service allows a hacker to execute arbitrary code on the target system.
The vulnerability of Google Chrome’s Safe Browsing service is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to execute arbitrary code on the target system...
The vulnerability of the `png_convert_from_time_t` function in the libpng library, related to the pointer manipulation involving NULL, allows an attacker to cause a service failure.
The vulnerability of the pngconvertfromtimet function in the libpng library is related to the assignment of a NULL pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the production automation system’s System Platform, related to the storage of confidential information in unencrypted form, may allow a hacker to gain access to user account data.
The vulnerability of the production automation system’s platform lies in the storage of confidential information in an unencrypted form. Exploiting this vulnerability could allow attackers to gain access to user account information...