90509 matches found
The vulnerability of the ReadGifHeader() function in the HDF5 library libhdf5 allows a hacker to execute arbitrary code on the target system.
The vulnerability of the ReadGifHeader function in the HDF5 library libhdf5 is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code on the target system by having the user open a specially created maliciou...
The vulnerability of PDFTron software components, used by Autodesk for modeling, design, and drafting, allows a hacker to execute arbitrary code.
The vulnerability of PDFTron software components, used by Autodesk for modeling, design, and drawing tasks, involves unlimited distribution of resources. Exploiting this vulnerability allows a malicious actor to execute arbitrary code during PDF file analysis...
The vulnerability of the Windows Bluetooth Driver of the Windows operating system allows a hacker to gain increased privileges.
The vulnerability of the Windows Bluetooth Driver in the Windows operating system is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the File Server Cache service in the Teamcenter product lifecycle management system allows a hacker to trigger a service failure.
The vulnerability of the File Server Cache service in the Teamcenter product lifecycle management system is related to the execution of a cycle with an unavailable exit condition. Exploiting this vulnerability could allow a malicious actor to cause service failures...
Vulnerability of microprogramming software for Siemens STEP 7 programmable logic controllers, systems for manufacturing process control such as Opcenter Execution Discrete, Opcenter Execution Process, Opcenter Execution Foundation, Opcenter Intelligence, Opcenter Quality, SIMATIC IT Production Suite, the system diagnostic tool SIMOCODE ES, the software for parameterizing, diagnosing, and documenting the startup status of SIRIUS Soft Starter ES, technological process management systems like SIMATIC PCS neo, the Opcenter RD&L software platform, and the software for analyzing equipment efficiency and key indicators like SIMATIC IT LMS. These vulnerabilities allow attackers to trigger malfunctions during maintenance operations due to insufficient input data verification.
The vulnerabilities of the microprogramming software for Siemens STEP 7 programmable logic controllers, the systems for managing production processes such as Opcenter Execution Discrete, Opcenter Execution Process, Opcenter Execution Foundation, Opcenter Intelligence, Opcenter Quality, SIMATIC IT...
The vulnerability of Siemens SIMATIC process control system’s API interface allows a hacker to obtain the password hash.
The vulnerability of Siemens SIMATIC process control system APIs is related to the disclosure of information. Exploiting this vulnerability can allow a remote attacker to obtain the password hash...
The vulnerability of the PAN-OS operating system, related to errors in configuring URL filtering policies, allows a perpetrator to trigger a Denial-of-Service Attack (RDoS).
The vulnerability of the PAN-OS operating system is related to errors in configuring URL filtering policies. Exploiting this vulnerability can allow a malicious actor to perform a Denial-of-Service Attack RDoS...
The vulnerability of the Infrastructure sub-component of the Oracle FLEXCUBE Universal Banking banking analytics system, an imitation modeling solution for Oracle Financial Services Applications, relates to code errors that allow attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the Infrastructure sub-component of the Oracle FLEXCUBE Universal Banking banking analytics system’s simulation model application relates to code errors. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of...
The vulnerability of the user interface of the WebUI on Google Chrome and Microsoft Edge browsers allows a hacker to disclose protected information.
The vulnerability of the WebUI user interface of Google Chrome and Microsoft Edge is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...
The vulnerability in the web interface for managing microprogrammed wireless router software from Cisco’s Small Business series—RV110W, RV130, RV130W, and RV215W—allows a attacker to execute arbitrary code or cause a service failure.
The vulnerability in the web interface for managing microprogramming software on Cisco Small Business RV110W, RV130, RV130W, and RV215W routers stems from the copying of buffers without checking the size of the input data during the processing of user fields in incoming HTTP packets. Exploiting...
The vulnerability of the RESTful Services Programmable Interface (ERS) implementation of the Cisco Identity Services Engine platform allows a perpetrator to disclose protected information.
The vulnerability of the RESTful Services Programmable Interface ERS implementation of the Cisco Identity Services Engine platform is related to deficiencies in password masking during user login. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information...
The vulnerability of the implementation of the web-server configuration in the microprogramming software for programmable logic controllers from Siemens SIMATIC STEP 7 (TIA Portal) allows a perpetrator to increase their privileges.
The vulnerability of the implementation of the web-server configuration in the microprogramming software for programmable logic controllers from Siemens SIMATIC STEP 7 TIA Portal is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their...
The vulnerability in the function of stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java of the Jenkins Automation Server component allows a hacker to execute arbitrary code.
The vulnerability in the stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java file of the Jenkins Automation Server’s Stapler component relates to the restoration of unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the user interface of the VMware Workspace One Access application management platform, the administration consoles of VMware Identity Manager (vIDM), and the virtual infrastructure management tools of VMware vRealize Automation relates to the possibility of bypassing authentication processes, allowing attackers to increase their privileges.
The vulnerability of the user interface of the VMware Workspace One Access application management platform, as well as the administration consoles of VMware Identity Manager vIDM, and the virtual infrastructure management tool VMware vRealize Automation, is related to the possibility of bypassing...
The vulnerability of the implementation of the finfo_buffer() function in the PHP programming language allows a hacker to execute arbitrary code.
The vulnerability of the finfobuffer function implementation in the PHP programming language is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the BIOS microprogramming system of Intel processors allows attackers to enhance their privileges and execute arbitrary code.
The vulnerability of the BIOS microprogramming system of Intel processors is related to deficiencies in handling exceptional states. Exploiting this vulnerability can allow attackers to enhance their privileges and execute arbitrary code...
The vulnerability of the Rest Phone Apps web interface for controlling IP telephony systems, FreePBX, allows a intruder to execute arbitrary code.
The vulnerability of the Rest Phone Apps web interface for controlling IP telephony systems like FreePBX lies in the ability to inject code into the URL addresses. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerabilities of PDF viewer programs such as Adobe Reader and Document Cloud, as well as PDF editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat, are related to memory usage after it is freed. This allows attackers to execute arbitrary code.
The vulnerabilities of PDF viewer programs such as Adobe Reader and Document Cloud, as well as PDF editing programs like Adobe Acrobat and Document Cloud, are related to the use of memory after it is freed. Exploiting these vulnerabilities can allow an attacker to execute arbitrary code...
The vulnerability of the SEPCOS Single Package control and protection relay software allows a intruder to modify user credentials and permissions without authentication.
The vulnerability of the SEPCOS Single Package control and protection relay software is related to the improper implementation of the sequence of actions to be performed. Exploiting this vulnerability allows a malicious actor to modify user credentials and permissions without authentication...
The vulnerability of ASUS RT-AX88U Wi-Fi router’s microprogramming software, related to the use of uncontrolled format strings, allows a hacker to execute arbitrary code.
The vulnerability of ASUS RT-AX88U Wi-Fi router’s microprogramming software is related to the use of uncontrolled format strings. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the `WebCore::TextureMapperLayer::setContentsLayer` function in WebKitGTK and WPE WebKit rendering modules allows a attacker to execute arbitrary code or cause a service denial.
The vulnerability of the WebCore::TextureMapperLayer::setContentsLayer function WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in the rendering modules of WebKitGTK and WPE WebKit is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a...
The vulnerability of the `ecdsa_verify_[prepare_]legacy()` command-line tool for ECDSA elliptic curve cryptography, provided by `ecdsautils`, allows a perpetrator to compromise data integrity.
The vulnerability of the ecdsaverifypreparelegacy command-line tool for ECDSA elliptic curve cryptography, provided by ecdsautils, is related to incorrect verification of the cryptographic signature. Exploiting this vulnerability could allow a remote attacker to compromise the integrity of data...
The vulnerability of the custom-content-type-manager plugin in the WordPress content management system allows a hacker to execute arbitrary code.
The vulnerability of the custom-content-type-manager plugin in the WordPress content management system is related to improper handling of code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the software platform for industrial automation and IoT solutions, Elcomplus SmartICS, is related to errors in processing the relative path to the catalog. This vulnerability allows a perpetrator to disclose protected information and replace arbitrary files.
The vulnerability of the software platform for industrial automation and IoT solutions, Elcomplus SmartICS, is related to errors in processing the relative path to the catalog. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information and replace arbitrary files...
The vulnerability of the web interfaces of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition systems allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition SME web interfaces is related to errors in processing the relative path to the directory. Exploiting this vulnerability can allow an attacker operating remotely to gai...
The vulnerability in the web interfaces of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME), as well as Cisco Unified Communications Manager IM & Presence Service, allows a attacker to execute XSS attacks.
The vulnerability of the Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition SME web interfaces is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability can allow a malicious actor to carry out XSS attacks...
The vulnerability of the Elementor Website Builder plugin of the WordPress content management system allows attackers to execute cross-site scripting attacks.
The vulnerability of the Elementor Website Builder plugin of the WordPress content management system is related to insufficient protection of the website’s structure. Exploiting this vulnerability allows a malicious actor to execute cross-site scripting attacks...
The vulnerability of the Dovecot mail server’s passdb account database allows a hacker to escalate their privileges.
The vulnerability of the Dovecot mail server’s passdb database account database is related to configuration errors. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...
The vulnerability of the statussupport_diagnostic_tracing.json component of the SerComm h500s router software allows a hacker to execute arbitrary commands.
The vulnerability of the statussupportdiagnostictracing.json component of the SerComm h500s router software exists due to the lack of measures taken to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a remote attacker to execute arbitrary...
The vulnerability of InHand Networks InRouter302’s microprogramming software, related to the use of pre-installed credentials, allows a hacker to perform arbitrary actions.
The vulnerability of InHand Networks InRouter302 microprogramming software lies in the use of pre-set credentials. Exploiting this vulnerability allows a remote attacker to perform arbitrary actions...
The vulnerability of the skipwhite() function in the Vim text editor allows a hacker to execute arbitrary code.
The vulnerability of the skipwhite function rc/spell.c in the Vim text editor is related to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the “TabStrip” control implementation in the MSCOMCTL.OCX component of the Microsoft Office software suite, Microsoft SQL Server relational database management system, Microsoft Commerce Server e-commerce software, and Microsoft Visual FoxPro database development environment allows a perpetrator to execute arbitrary code.
The vulnerability of the “TabStrip” control implementation in the MSCOMCTL.OCX component of the Microsoft Office software, the Microsoft SQL Server relational database management system, the Microsoft Commerce Server e-commerce software, and the Microsoft Visual FoxPro database development...
Vulnerability of the `bn_reduce_once_in_place` function in the OpenSSL library, allowing a hacker to execute arbitrary code
The vulnerability of the bnreduceonceinplace function in the OpenSSL library is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Core component in Oracle VM VirtualBox allows a hacker to modify data or gain privileged access to the infrastructure.
The vulnerability of the Core component in Oracle VM VirtualBox exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to modify, add, or delete data, or gain privileged access to the infrastructure...
The vulnerability of the xbstream_open function in the MariaDB database management system allows a hacker to cause a service failure.
The vulnerability of the xbstreamopen function extra/mariabackup/dsxbstream.cc in the MariaDB database management system is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to cause service failures...
The vulnerability of the communication modules of H0-ECOM and H0-ECOM100 Ethernet-controllers from DirectLOGIC, related to the transmission of data in an open manner, allows a intruder to gain unauthorized access to the device.
The vulnerability of the communication modules of H0-ECOM and H0-ECOM100 Ethernet controllers from DirectLOGIC lies in the transmission of data in an open manner. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to the device by receiving a password packet in ...
The vulnerability of Microsoft’s Windows Remote Credential Guard system allows attackers to circumvent security restrictions and enhance their privileges.
The vulnerability of Microsoft’s Windows Remote Credential Guard security feature is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain increased privileges...
The vulnerability of the Tools and Frameworks component of the Oracle Commerce Guided Search system allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Tools and Frameworks component of the Oracle Commerce Guided Search system exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information through HTTP...
The vulnerability of the NCIE Scanner module in Trend Micro Security’s antivirus protection allows a hacker to exploit it to disclose protected information.
The vulnerability of the NCIE Scanner module in Trend Micro Security antivirus tools is related to reading data beyond the buffer in memory. Exploiting this vulnerability can allow attackers to disclose protected information...
The vulnerability of the Microsoft .NET Framework software platform, related to improper cleaning or release of resources, allows a perpetrator to cause a service failure.
The vulnerability of the Microsoft .NET Framework software platform is related to improper cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of the print spooler daemon on Windows operating systems allows attackers to escalate their privileges.
The vulnerability of the Windows Print Spooler in operating systems related to Windows printing is related to insecure management of privileges. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the Win32 Stream Enumeration component in Windows operating systems allows a hacker to execute arbitrary code.
The vulnerability of the Win32 Stream Enumeration component in Windows operating systems is related to improper code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the StreamingCoordinatorController.java component of the Kylin data processing platform allows attackers to perform SSRF attacks.
The vulnerability of the StreamingCoordinatorController.java component /kylin/api/streamingcoordinator/ in the Kylin data processing platform is related to insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor to perform SSRF attacks using a speciall...
The vulnerability of D-Link DIR-878 wireless routers’ microprogramming software lies in the lack of measures to neutralize specific elements within it. This allows attackers to execute arbitrary commands or trigger service failures.
The vulnerability of D-Link DIR-878 wireless routers’ microprogramming software exists due to the lack of measures taken to neutralize the special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands or cause...
Vulnerability of the Cluster component: The general database management system of Oracle MySQL Cluster allows a hacker to gain full control over the application.
Vulnerability of the Cluster component: The general system for managing databases in Oracle MySQL Cluster is related to insufficient validation of input data. Exploiting this vulnerability can allow attackers to gain full control over the application through various network protocols...
The vulnerability of the executable file wpsupdater.exe of the WPS Office office software allows a hacker to execute arbitrary code.
The vulnerability of the WPS Office office software’s executable file, wpsupdater.exe, is related to improper input validation in wpsupdater.exe. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the implementations of the QuerySet.annotate(), aggregate(), and extra() methods in the Django web application framework allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the implementation of the QuerySet.annotate, aggregate, and extra methods in the Django software platform is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality,...
The vulnerability of the NETCONF protocol implementation in Cisco SD-WAN vEdge software allows a attacker to cause service failure or trigger an emergency shutdown of the application.
The vulnerability of the NETCONF protocol implementation in Cisco SD-WAN vEdge software lies in the uncontrolled memory consumption. Exploiting this vulnerability could allow an attacker to cause service failures or trigger an emergency shutdown of the application...
The vulnerability in the web interface of the Cisco Common Services Platform Collector, a tool for collecting information about devices in the network, allows attackers to perform cross-site scripting (XSS) attacks.
The vulnerability in the web interface of the Cisco Common Services Platform Collector device for collecting information about devices in the network is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow attackers to perform cross-sit...
The vulnerability in the web interface of the Cisco Prime Service Catalog management tool allows a hacker to disclose protected information.
The vulnerability of the Cisco Prime Service Catalog management web interface is related to the lack of protection for operational data. Exploiting this vulnerability could allow a malicious actor to disclose the protected information remotely...