90509 matches found
The vulnerability of the `inotify_update_existing_watch()` function in the Linux kernel’s `fs/notify/inotify/inotify_user.c` file, related to a lack of memory release mechanism, allows a malicious actor to trigger a service failure.
The vulnerability of the inotifyupdateexistingwatch function in the fs/notify/inotify/inotifyuser.c file of the Linux operating system’s kernel is related to a lack of memory release mechanism. Exploiting this vulnerability allows an attacker to trigger a service failure...
The vulnerability of the Lodash application library of Aurora Center lies in the failure to take measures to neutralize special elements used in the operating system’s command set, allowing attackers to execute arbitrary commands.
The vulnerability of the Lodash application library in Aurora Software Solutions relates to the failure to take measures to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the yargs-parser library in application software of Aurora Center involves uncontrolled changes to object prototypes’ attributes, allowing attackers to execute “prototype pollution” attacks.
The vulnerability of the yargs-parser library in application software developed by Avora Center relates to uncontrolled changes to object prototypes’ attributes. Exploiting this vulnerability could allow a malicious actor to execute a “prototype compromise” attack...
The vulnerability of the application development module for HMI Window Maker in Wonderware InTouch systems arises from copying buffers without checking the size of the input data. This allows a malicious actor to trigger an emergency shutdown of the system.
The vulnerability of the application development module for HMI Window Maker in Wonderware InTouch SCADA systems relates to the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow an attacker to cause damage to multiple stack frames and re-write...
The vulnerability of the Exim message transfer agent, related to privilege management errors, allows a hacker to elevate their privileges within the system.
The vulnerability of the Exim message transfer agent is related to privilege management errors. Exploiting this vulnerability can allow an attacker to elevate privileges within the system by sending the file’s PID...
The vulnerability of Linux operating system’s kernel-based PI futex components, which allows a hacker to execute arbitrary code at the kernel level
The vulnerability of Linux operating system’s kernel PI futexes relates to the use of memory after it is freed. Exploiting this vulnerability allows an attacker to execute arbitrary code at the kernel level...
The vulnerability of the Apache OFBiz resource planning software lies in its ability to restore unreliable data in memory, allowing an attacker to execute arbitrary code.
The vulnerability of Apache OFBiz’s resource planning software lies in its ability to restore unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially crafted request...
The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to gain unauthorized access to protected information.
The vulnerability of the Core component of the Oracle VM VirtualBox software is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to gain unauthorized access to protected information.
The vulnerability of the Core component of the Oracle VM VirtualBox software lies in insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of Microprogramming Software for Cisco Adaptive Security Appliance Software (ASA) and Cisco Firepower Threat Defense (FTD) relates to writing beyond the buffer boundaries, allowing attackers to trigger a system reboot or cause service failure.
The vulnerability of Microprogrammed Network Interface Software of Cisco Adaptive Security Appliance Software ASA and Cisco Firepower Threat Defense FTD is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow a malicious actor to trigger a system reboot or caus...
The vulnerability of Containerd’s execution environment, related to the lack of a mechanism for storing registration data, allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of Containerd’s execution environment is related to improper processing of the image manifest file. Exploiting this vulnerability allows a remote attacker to gain unauthorized access to protected information...
The vulnerability of the Node.js software platform, related to a bug in the resource consumption monitoring mechanism, allows a hacker to trigger a service failure.
The vulnerability of the Node.js software platform is related to the improper handling of a large number of requests sent to the unknownProtocol. Exploiting this vulnerability allows an attacker who operates remotely to cause service failures...
The vulnerability of the Node.js software platform, related to the presence of localhost6 in the white list, allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the Node.js software platform is related to the presence of localhost6 in the white list. Exploiting this vulnerability allows a remote attacker to access confidential data, compromise its integrity, and cause service failures...
The vulnerability of the Google Chrome browser’s presentation API involves the use of a memory area after it is freed. This allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of the Google Chrome browser’s presentation API relates to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause service interruptions...
The vulnerability of the Magento Commerce software development and management platform lies in its lack of measures to neutralize special elements used in the operating system, allowing attackers to execute arbitrary code.
The vulnerability of the Magento Commerce software development and management platform is related to the lack of measures taken to neutralize special elements used in the operating system. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Windows Console Driver component of the Windows operating system, which allows a hacker to trigger a service failure
The vulnerability of the Windows Console Driver component of the operating system is related to insufficient validation of input data. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
The vulnerability of the CheckList component of the Joomla! content management system allows a hacker to execute arbitrary SQL commands.
The vulnerability of the CheckList component in the Joomla! content management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands remotely...
The vulnerability of the executable file FortiClientOnlineInstaller.exe, a security tool from Fortinet’s FortiClient for Windows, allows a perpetrator to execute arbitrary code.
The vulnerability of the installation file FortiClientOnlineInstaller.exe, a security tool from Fortinet’s FortiClient for Windows, is related to errors in the path validation mechanism. Exploiting this vulnerability could allow an attacker to execute arbitrary code using specially uploaded DLL...
The vulnerabilities of the 3D model rendering software programs Luxion KeyShot, Luxion KeyShot Viewer, Luxion KeyShot Network Rendering, and Luxion KeyVR allow attackers to execute arbitrary code.
The vulnerabilities of the 3D model rendering software programs Luxion KeyShot, Luxion KeyShot Viewer, Luxion KeyShot Network Rendering, and Luxion KeyVR are related to pointer assignment errors. Exploiting these vulnerabilities can allow attackers to execute arbitrary code...
The vulnerability of the Windows operating system’s kernel, related to insecure management of privileges, allows attackers to elevate their own privileges.
The vulnerability of the Windows operating system’s kernel is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges...
The vulnerability in the vManage web interface of the software-defined Cisco SD-WAN network allows a malicious individual to gain unauthorized access to protected information.
The vulnerability of the vManage web interface of the Cisco SD-WAN program-defined network is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...
The vulnerability of the components of the Cisco Email Security Appliance, a system for email security management, and the Cisco Content Security Management Appliance, a system for content security management, as well as the Cisco Web Security Appliance, an internet gateway, allows attackers to gain unauthorized access to protected information.
The vulnerability of the components of the Cisco Email Security Appliance, the Cisco Content Security Management Appliance, and the Cisco Web Security Appliance involves a lack of authentication token requirements. Exploiting this vulnerability can allow an attacker to gain unauthorized access to...
The vulnerability of the Windows file system filter driver allows a hacker to gain unauthorized access to protected information.
The vulnerability of the Windows file system filter driver is related to the disclosure of information. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...
The vulnerability of the expand_downwards and expand_upwards functions (mm/mmap.c) in Linux operating systems allows a hacker to trigger a service failure.
The vulnerability of the expanddownwards and expandupwards functions in Linux kernel systems is related to errors during multi-threaded tasks race conditions. Exploiting this vulnerability can allow an attacker to cause service failures...
The vulnerability of the show_numa_stats() function in the NUMA-enabled kernel of Linux operating systems allows a hacker to trigger a service failure.
The vulnerability of the shownumastats function in Linux NUMA cores relates to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the SSL/TLS module of Cisco Adaptive Security Appliance’s network firewall allows a attacker to cause a service failure.
The vulnerability of the SSL/TLS module of the Cisco Adaptive Security Appliance software lies in errors during initialization of pointers. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
The vulnerability of Intel Quartus Prime’s automated design system for Intel(R) 50GbE IP Core lies in an unprocessed exception that allows a hacker to trigger a service failure.
The vulnerability of Intel Quartus Prime’s automated design system for IntelR 50GbE IP Core relates to an unprocessed exception. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
The vulnerability of the Samba file system arises from an incorrect limitation on the path to the restricted access directory. This allows a malicious user to gain access to files and directories beyond the SMB network paths.
The vulnerability of the Samba file system exists due to an incorrect limitation on the path name for the restricted access directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to files and directories beyond the boundaries of the SMB network...
The vulnerability of the Windows Codecs Library component in Windows operating systems allows a hacker to execute arbitrary code.
The vulnerability of the Windows Codecs Library component in Windows operating systems is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the Camera Codec Pack component of the Windows operating system allows a hacker to execute arbitrary code.
The vulnerability of the Camera Codec Pack component of the Windows operating system is related to errors in object handling in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created file...
The vulnerabilities of PDF viewer programs such as Adobe Reader and Document Cloud, as well as PDF editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat, are related to memory usage after it is freed. This allows attackers to execute arbitrary code.
The vulnerabilities of PDF viewer programs such as Adobe Reader and Document Cloud, as well as PDF editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat, are related to the use of memory after it is freed. Exploiting these vulnerabilities can allow an attacker to execute arbitrary...
The vulnerability of the Windows Media Foundation component in Windows operating systems allows attackers to gain privileges to install programs, view, modify, or delete data, as well as create new user accounts with full user rights.
The vulnerability of the Windows Media Foundation component in Windows operating systems arises from operations that occur outside the buffer in memory. Exploiting this vulnerability can allow attackers to gain control over programs, access data, modify or delete data, and create new user account...
The vulnerability of the Linux operating system’s kernel, related to the use of memory after it is freed, allows a hacker to cause a service failure.
The vulnerability in the drivers/net/slip/slip.c and drivers/net/can/slcan.c files of the Linux operating system relates to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the br.com.anteros.dbcp.AnterosDBCPConfig Java library for JSON file parsing with Jackson-Databind, which allows attackers to cause a service failure.
The vulnerability of the br.com.anteros.dbcp.AnterosDBCPConfig Java library for JSON file parsing involving Jackson-Databind is related to the restoration of unreliable data in memory. Exploiting this vulnerability can allow an attacker to cause service failures remotely...
The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, and Adobe Acrobat 2015/Reader 2015 involve reading beyond the buffer in memory, allowing attackers to gain unauthorized access to protected information.
The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, and Adobe Acrobat 2015 are related to reading data beyond the buffer in memory. Exploiting these vulnerabilities can...
The vulnerability of the Segment component in the Oracle Retail Customer Management and Segmentation software application allows a hacker to gain access to modify, add, or delete data, or to unauthorizedly access protected information.
The vulnerability of the Segment component in Oracle Retail Customer Management and Segmentation Foundation software relates to insufficient validation of input data. Exploiting this vulnerability can allow an attacker operating remotely to modify, add, or delete data, or gain unauthorized access...
The vulnerability of the Discovery and collection script component of the Oracle Configuration Manager software, which is used for collecting configuration information about client configurations. This vulnerability allows an attacker to gain access to modify, add, or delete data, or to unauthorizedly access protected information.
The vulnerability of the Discovery and collection script component of the Oracle Configuration Manager software lies in insufficient validation of input data. Exploiting this vulnerability allows an attacker, operating remotely, to modify, add, or delete data, or gain unauthorized access to...
The vulnerability of the Investor Module component of the Primavera Portfolio Management software, a software solution for automating management processes in production operations, allows a perpetrator to gain access to modify, add, or delete data, or to unauthorizedly access protected information.
The vulnerability of the Investor Module component of Primavera Portfolio Management software exists due to insufficient verification of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data, or gain unauthorized access to protected...
The vulnerability of the JVMCI Interpreter component in the Oracle GraalVM Enterprise Edition virtual machine allows a perpetrator to compromise the confidentiality, integrity, or accessibility of protected information.
The vulnerability of the JVMCI Interpreter component in the Oracle GraalVM Enterprise Edition virtual machine is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, or accessibility of protected...
The vulnerability of the Oracle Application Express component of the Oracle Database Server database management system allows attackers to gain access to modify, add, or delete data, or to unauthorizedly access protected information.
The vulnerability of the Oracle Application Express component of the Oracle Database Server management system exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to modify, add, or delete data, or gain unauthorized access t...
The vulnerability of the Oracle Application Express component of the Oracle Database Server database management system allows attackers to gain access to modify, add, or delete data, or to unauthorizedly access protected information.
The vulnerability of the Oracle Application Express component of the Oracle Database Server management system exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to modify, add, or delete data, or to gain unauthorized acces...
The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, and Adobe Acrobat 2015/Reader 2015 involve reading beyond the buffer in memory, allowing attackers to gain unauthorized access to protected information.
The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, and Adobe Acrobat 2015 are related to reading data beyond the buffer in memory. Exploiting these vulnerabilities can...
The vulnerability of AppX Deployment Extensions in Windows operating systems allows attackers to enhance their privileges.
The vulnerability of AppX Deployment Extensions in Windows operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges through a specially created application...
The vulnerability of the Cisco Webex Meetings Server and Cisco Webex Meetings software lies in the lack of proper validation of input data, allowing attackers to alter the content of web pages.
The vulnerability of Cisco Webex Meetings Server and Cisco Webex Meetings software exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor to alter the content of web pages from a remote location...
The vulnerability in the Microsoft Edge browser extension allows a hacker to enhance their privileges.
The vulnerability of the Microsoft Edge browser’s “Feedback” extension is related to insecure handling of privileges. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...
The vulnerability of the Agent Activation Runtime service in the Windows operating system allows a perpetrator to disclose protected information.
The vulnerability of the Agent Activation Runtime service in the Windows operating system exists due to object handling errors in memory. Exploiting this vulnerability can allow an attacker to disclose sensitive information through a specially created application...
The vulnerability of the gf_text_get_utf8_line function in the multimedia platform GPAC, related to writing beyond buffer boundaries, allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the gftextgetutf8line function on the multimedia platform GPAC is related to writing beyond the buffer boundaries. Exploiting this vulnerability could allow attackers to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of the software update service for Cisco Webex Meetings Desktop App allows a perpetrator to execute arbitrary code.
The vulnerability of the software update service for the Cisco Webex Meetings Desktop App is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the PDF Reader component of the Microsoft Edge browser, which allows a hacker to execute arbitrary code.
The vulnerability of the Windows operating system’s PDF library, specifically Microsoft Edge browsers, arises due to an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created Microsoft...
The vulnerability of the ntp_sync.cgi component of the D-Link DIR-825 router’s microprogramming system allows a hacker to execute arbitrary commands.
The vulnerability of the ntpsync.cgi component of the D-Link DIR-825 router’s microprogramming system is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary commands...