90509 matches found
The vulnerability of the /cgi-bin/ExportIbmsConfig.sh file, a component of the IBMS Configuration File Handler microprogramming system for TOTOLINK A3000RU routers, allows a hacker to trigger a service failure.
The vulnerability of the /cgi-bin/ExportIbmsConfig.sh file, a component of the IBMS Configuration File Handler microprogramming system for TOTOLINK A3000RU routers, is related to access control deficiencies. Exploiting this vulnerability could allow an attacker to cause service interruptions...
Vulnerability of the Server component: The Optimizer component of the MySQL Server database management system, which allows a hacker to cause a service failure.
The vulnerability of the MySQL Server component of the database management system involves the improper assignment of permissions to a critical resource. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...
The vulnerability of the PHP library TCPDF, related to incorrect pathname restrictions for restricted access directories, allows attackers to gain unauthorized access to protected information.
The vulnerability of the PHP library TCPDF lies in the incorrect path limitation for the access to the restricted directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the E-Staff automation system for recruitment processes is related to errors in data filtering when obtaining information about the target. This allows a violator to gain unauthorized access to protected information.
The vulnerability of the E-Staff recruitment process automation system is related to errors in data filtering when obtaining information about the target. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
Vulnerability of the dpll_nl_pin_get_dumpit() function in the drivers/dpll/dpll_netlink.c module – A DPLL driver for the Linux operating system that allows a hacker to cause a service failure.
Vulnerability of the dpllnlpingetdumpit function in the drivers/dpll/dpllnetlink.c module – The DPLL driver support in Linux kernels is vulnerable to synchronization errors when using shared resources. Exploiting this vulnerability can allow attackers to cause service failures...
The vulnerability of BitLocker’s data protection function in the Microsoft Windows operating system allows attackers to circumvent existing security restrictions.
The vulnerability of BitLocker’s data protection function in the Microsoft Windows operating system is related to a breach of the data protection mechanism. Exploiting this vulnerability could allow an attacker to circumvent existing security restrictions...
The vulnerability of the ipsec_net_asp function in the D-Link DI-8100 network device allows a hacker to execute arbitrary code.
The vulnerability of the ipsecnetasp function in the D-Link DI-8100 network device’s microprogramming software is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially...
The vulnerability of the adjust_ptr_min_max_vals() function in the kernel/bpf/verifier.c module, which is part of the BPF interpreter support in the Linux operating system’s kernel, allows attackers to compromise the confidentiality and accessibility of protected information.
The vulnerability of the adjustptrminmaxvals function in the kernel/bpf/verifier.c module, which is part of the BPF interpreter for Linux operating systems, is related to incorrect validation of input data. Exploiting this vulnerability could allow an attacker to compromise the confidentiality an...
The vulnerability of the PAN-OS OpenConfig Plugin in the PAN-OS operating system, related to the failure to eliminate special elements, allows a perpetrator to execute arbitrary commands.
The vulnerability of the PAN-OS OpenConfig Plugin in the PAN-OS operating system is related to the failure to take measures to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
Vulnerability eliminated
...
The vulnerability of the task and project management service WEEEK lies in the improper restriction on recursive references to entities in the DTD. This allows a violator to trigger a service failure.
The vulnerability of the WEEEK task and project management service is related to improper restrictions on recursive references to entities in the DTD. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the Linux operating system’s kernel Wi-Fi component, which allows a hacker to trigger a service failure
The vulnerability of the Linux operating system’s kernel Wi-Fi component is related to improper validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures...
The vulnerability of the Drupal Security Kit module in the Drupal CMS system allows attackers to trigger a service failure.
The vulnerability of the Drupal Security Kit CMS system’s module is related to access to resources through incompatible types. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures...
The vulnerability of the mgmt_mesh_foreach() function in the net/bluetooth/mgmt_util.c module of operating systems running on Linux allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information, or cause service failures.
The vulnerability of the mgmtmeshforeach function in the net/bluetooth/mgmtutil.c module of Linux operating systems is related to iterating over an inappropriate list called mgmtpending, which contains elements of type struct mgmtpendingCmd instead of struct mgmtmeshtx. Exploiting this...
The vulnerability of the network authentication protocol used by the Firebird software components, “Population Cancer Registry” and “Hospital Cancer Registry,” allows attackers to intercept traffic.
The vulnerability of the network authentication protocol used by the Firebird software’s “Population Cancer Registry” and “Hospital Cancer Registry” components is related to the use of a insecure authentication method called LegacyAuth. Exploiting this vulnerability allows a malicious actor to...
The vulnerability of the formSetCfm() function in the Tenda AC18 router’s microprogramming software allows a hacker to execute arbitrary code or cause a service failure.
The vulnerability of the formSetCfm function in the Tenda AC18 router’s microprogramming software is related to the issue where the write operation goes beyond the buffer boundaries in memory when processing the funcpara1 parameter. Exploiting this vulnerability allows a remote attacker to execut...
The vulnerability of Websoft HCM’s automation software for HR processes stems from improper path handling, allowing attackers to perform arbitrary file operations outside of the directory.
The vulnerability of Websoft HCM’s automation software for HR processes arises from improper handling of paths during the loading of specially crafted files. Exploiting this vulnerability allows an attacker to perform arbitrary file operations outside the directory...
The vulnerability in the getSyslogFile function of the mainfunction.cgi web interface of the DrayTek Vigor router software allows a malicious individual to gain unauthorized access to confidential system files.
The vulnerability of the getSyslogFile function in the mainfunction.cgi web interface of the DrayTek Vigor router software is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain...
The vulnerability in the SSLapp.cgi web interface of the DrayTek Vigor router software allows a attacker to trigger a Denial-of-Service Attack (DoS).
The vulnerability in the SSLapp.cgi web interface of the DrayTek Vigor router software lies in the buffer overflow that occurs during the processing of the sAppName parameter. Exploiting this vulnerability allows an attacker to trigger a Denial-of-Service Attack DoS from a remote location...
The vulnerabilities of the 3D viewing tool JTJT2Go, the Product Lifecycle Management system Teamcenter Visualization, and the 3D geometric modeling tool Parasolid allow a perpetrator to execute arbitrary code.
The vulnerability of the 3D viewing tool JT, JT2Go, the product lifecycle management system Teamcenter Visualization, and the 3D geometric modeling tool Parasolid relates to reading data beyond the buffer in memory. Exploiting this vulnerability can allow attackers to execute arbitrary code using...
The vulnerability of the virtio-net component of the QEMU hardware emulation software allows a attacker to induce a service failure.
The vulnerability of the virtio-net device emulation component in QEMU is related to the operation of writing data beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to cause a system failure...
The vulnerability of the frommacFilterModify function in the /goform/operateMacFilter module of the Tenda wireless access point software allows a intruder to execute arbitrary code or cause a service failure.
The vulnerability of the frommacFilterModify function in the /goform/operateMacFilter microprogramming system for the wireless access point Tenda is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrar...
The vulnerability of the Frames component in Google Chrome and Microsoft Edge browsers allows a hacker to execute arbitrary code.
The vulnerability of the Frames component in Google Chrome and Microsoft Edge is related to synchronization errors when using a shared resource. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
The vulnerability of the IBM InfoSphere Information Server software platform, related to the manipulation of cross-site requests, allows a perpetrator to carry out a CSRF attack.
The vulnerability of the IBM InfoSphere Information Server software integration platform is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to execute a CSRF attack remotely...
The vulnerabilities of LOV components in terms of technical maintenance, repairs, and major system overhauls of Oracle Complex Maintenance, Repair, and Overhaul systems. These systems are part of the Oracle E-Business Suite, allowing attackers to gain access to read, modify, add, or delete data.
The vulnerability of LOV components in terms of technical maintenance, repairs, and major overhauls of Oracle system equipment exists due to insufficient verification of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or...
The vulnerability of the CRI-O Container Engine’s application programming interface, a software platform for managing clusters of virtual machines in Kubernetes, relates to the distribution of resources without any restrictions or controls. This allows a malicious actor to trigger service failures.
The vulnerability of the CRI-O Container Engine’s application programming interface, a software platform for managing clusters of virtual machines in Kubernetes, is related to an experimental exploit that allows containers to become unlimited in size. Exploiting this vulnerability could enable a...
The vulnerability of the microprogrammed software of Emerson Rosemount X-STREAM flow analyzers allows a intruder to disclose protected information.
The vulnerability of Microprogrammed Software in Emerson Rosemount X-STREAM flow analyzers is related to insufficient encryption reliability. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...
The vulnerability of NVIDIA’s SBIOS system, specifically the DGX A100 server, allows a hacker to trigger a service failure.
The vulnerability of NVIDIA’s SBIOS system, specifically the DGX A100 server, is related to incorrect dynamic analysis of variables. Exploiting this vulnerability can allow attackers to cause service failures...
The vulnerability of the H5Dchunk.c component in the HDF5 file processing library allows a attacker to cause a service failure.
The vulnerability of the H5Dchunk.c component in the HDF5 file processing library is related to the lack of checks for division by zero. Exploiting this vulnerability can allow a remote attacker to cause a service failure using a specially created HDF file...
The vulnerability of iMind video conferencing software lies in its ability to allow the insertion of code or data, enabling a hacker to execute arbitrary code with administrative privileges.
The vulnerability of the iMind video conference software relates to the possibility of code or data being injected into the system. Exploiting this vulnerability allows a malicious actor to execute arbitrary code with administrative privileges...
The web interface of Netgear’s SRX5308 router software has vulnerabilities that allow attackers to carry out cross-site scripting attacks.
The vulnerability in the web interface of Netgear’s SRX5308 router software exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to carry out a cross-site scripting attack by sending a specially crafted HTTP request...
The vulnerability of the gf_odf_vvc_cfg_read_bs() function on the GPAC multimedia platform allows a hacker to execute arbitrary code or cause service failures.
The vulnerability of the gfodfvvccfgreadbs function on the GPAC multimedia platform is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code or cause service failures...
The vulnerability of the Mozilla Firefox browser for Android, related to deficiencies in access control, allows attackers to circumvent existing security restrictions.
The vulnerability of the Mozilla Firefox browser for Android is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions remotely...
Microsoft Edge browser’s vulnerability, related to improper code generation management, allows attackers to escalate their privileges.
The vulnerability of Microsoft Edge is related to incorrect code generation management. Exploiting this vulnerability can allow a remote attacker to gain increased privileges...
The vulnerability of the XNU kernel in Apple iOS and Mac OS systems allows attackers to escalate their privileges or execute arbitrary code.
The vulnerability of the XNU kernel in Apple’s iOS and Mac OS systems is related to type conversion errors. Exploiting this vulnerability can allow attackers to enhance their privileges or execute arbitrary code by running a specially created application...
The vulnerability of Google Chrome web browser’s Safe Browsing service allows a hacker to execute arbitrary code on the target system.
The vulnerability of Google Chrome’s Safe Browsing service is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to execute arbitrary code on the target system...
The vulnerability of the production automation system’s System Platform, related to the storage of confidential information in unencrypted form, may allow a hacker to gain access to user account data.
The vulnerability of the production automation system’s platform lies in the storage of confidential information in an unencrypted form. Exploiting this vulnerability could allow attackers to gain access to user account information...
The vulnerability of the tcpdump tool for capturing and analyzing network traffic arises from buffer overflows, which allow attackers to disclose sensitive information that is protected by security measures.
The vulnerability of the tcpdump tool for capturing and analyzing network traffic arises due to buffer overflow. Exploiting this vulnerability can allow a hacker to disclose sensitive information using a specially created pcap file...
The vulnerability of the Sample apps component of the Oracle WebLogic Server application server allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Sample apps component of the Oracle WebLogic Server application server is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the message filtering function of Cisco AsyncOS software for Cisco Email Security Appliances and Cisco Content Security Management Appliances allows a attacker to cause a service failure.
The vulnerability of the message filtering function in Cisco AsyncOS software for Cisco Email Security Appliances and Cisco Content Security Management Appliances exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruption...
The vulnerability of the CGI processor (wlg_adv.cgi) in Netgear Nighthawk’s embedded software allows a hacker to execute arbitrary commands.
The vulnerability of the CGI processor wlgadv.cgi in Netgear Nighthawk router’s embedded software is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the GDB debugger’s module allows a hacker to execute arbitrary code or cause a service failure.
The vulnerability of the GDB debugger’s gdb module relates to the execution of an operation outside the buffer in memory. Exploiting this vulnerability allows a perpetrator to execute arbitrary code or trigger a service failure using a specially created ELF file...
The vulnerability of the Windows Jet Database Engine database management system allows a hacker to execute arbitrary code.
The vulnerability of the Windows Jet Database Engine database management system in Windows operating systems is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created file...
The vulnerability of the eDocLib platform for storing and processing corporate data arises from the lack of measures taken to protect the website structure. This vulnerability allows attackers to carry out cross-site scripting attacks.
The vulnerability of the eDocLib platform for storing and processing corporate data exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the user’s browser by placing it in a speciall...
The vulnerability of the information protection system against unauthorized access is caused by an operation that goes beyond the buffer boundaries in memory, allowing a intruder to trigger a service failure.
The vulnerability of the information protection system against unauthorized access is due to an operation going beyond the buffer in memory file handling is not performed; the full path length exceeds 260 characters. Exploiting this vulnerability can allow a local attacker to cause a service...
The vulnerability of the extract_status_code function in the Keepalived network traffic balancing system, which allows a attacker to cause a service failure
The vulnerability of the extractstatuscode function in the keepalived network traffic balancing system’s lib/html.c file is related to buffer overflow in dynamic memory. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
The vulnerability of Microsoft SharePoint Foundation and the Microsoft SharePoint Server software suite relates to deficiencies in access control. This allows attackers to carry out cross-site scripting attacks and increase their privileges.
The vulnerability of Microsoft SharePoint Foundation and the Microsoft SharePoint Server software suite is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks and increase their privileges by using a specially...
The vulnerability of the Dr.Web Enterprise Security Suite antivirus protection, related to errors in the proprietary protocol’s operation, allows a hacker to replace the installation file.
The vulnerability of the Dr.Web Enterprise Security Suite antivirus protection lies in errors in the proprietary protocol used to connect the antivirus components to the server. Exploiting this vulnerability allows a malicious actor to create a fake “Dr.Web Enterprise Security Suite” server withi...
The vulnerability of the get_rgba_default function in the libcaca graphics library allows a hacker to gain unauthorized access to protected information.
The vulnerability of the getrgbadefault function in the libcaca graphics library is related to integer overflow. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the libmpeg2 library in the Media Framework of the Android operating system allows a hacker to execute arbitrary code within the context of a privileged process.
The vulnerability of the libmpeg2 library in the Media Framework of the Android operating system is related to lack of access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of a privileged process using a specially crafted file...