90509 matches found
The vulnerability of HMI/SCADA systems like xArrow arises from the possibility of running them with unverified registry keys with application-level privileges. This allows attackers to bypass existing security restrictions and enhance their privileges.
The vulnerability of HMI/SCADA systems like xArrow stems from the ability to execute commands through unverified registry keys with application-level privileges. Exploiting this vulnerability allows attackers to bypass existing security restrictions and enhance their privileges...
The vulnerability of the File Transfer Protocol (FTP) implementation and the NAT functions of the Application Layer Gateway (ALG) in microprogrammable network devices such as Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) allows attackers to circumvent security restrictions and establish unauthorized connections.
The vulnerability of the File Transfer Protocol FTP implementation and the Network Address Translation NAT function of the Application Layer Gateway ALG in microprogrammable network devices such as Cisco Adaptive Security Appliances ASA and Cisco Firepower Threat Defense FTD is related to...
The vulnerability of the Address Book component of the Microsoft Outlook client, which allows attackers to perform spoofing attacks
The vulnerability of the Address Book component in the Microsoft Outlook email client is related to insufficient validation of addresses in headers. Exploiting this vulnerability could allow attackers, operating remotely, to carry out spam attacks using externally similar IDN domains...
The vulnerability of the Media Foundation Dolby Digital Atmos Decoders in the Windows operating system allows a hacker to execute arbitrary code.
The vulnerability of the Media Foundation Dolby Digital Atmos Decoders in the Windows operating system is related to improper code generation. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the Bluetooth Classic platform for software development, developed by Zhuhai Jieli AC6366C BT SDK, stems from insufficient validation of input data. This allows attackers to trigger service failures.
The vulnerability of the Bluetooth Classic platform used for software development by Zhuhai Jieli AC6366C BT SDK exists due to insufficient verification of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to cause a service failure through the created LMP packe...
Vulnerability of operating systems macOS, watchOS, iOS, and iPadOS, related to initialization errors, allowing attackers to disclose sensitive information
The vulnerabilities of operating systems macOS, watchOS, iOS, and iPadOS are related to initialization errors. Exploiting these vulnerabilities can allow attackers to disclose sensitive information that is protected by security measures...
The vulnerability of the Visual Composer browser-based modeling tool of the SAP NetWeaver software integration platform allows a perpetrator to escalate their privileges, execute arbitrary commands, or cause service interruptions.
The vulnerability of the Visual Composer browser-based modeling tool of the SAP NetWeaver software integration platform is related to the unlimited loading of dangerous files. Exploiting this vulnerability can allow a remote attacker to enhance their privileges, execute arbitrary commands, or cau...
The vulnerability in the VMI web interface of vCenter Server Appliance, a management tool for VMware vCenter Server virtual infrastructure, allows an attacker to gain unauthorized access to protected information.
The vulnerability in the VCenter Server Management Interface of the VMware vCenter Server web interface relates to deficiencies in system security restrictions. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information by sending a specially crafte...
The vulnerability of the configuration parameters `proto-max-bulk-len` and `client-query-buffer-limit` of the Redis database management system allows a hacker to execute arbitrary code.
The vulnerability of the Redis database management system’s configuration parameters, proto-max-bulk-len and client-query-buffer-limit, is related to the possibility of integer overflow in the buffer. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the isotp_setsockopt function in the net/can/isotp.c component of the Linux kernel, which relates to the use of memory after it is freed, allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of the isotpsetsockopt function in the net/can/isotp.c component of the Linux kernel is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to access confidential data, compromise its integrity, and cause service failures...
The vulnerability of the ssh_form.php script, a monitoring tool for the functions and status of Advantech R-SeeNet routers, allows a hacker to execute arbitrary code.
The vulnerability of the sshform.php script, a monitoring tool for the functions and status of Advantech R-SeeNet routers, exists due to the lack of security measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the Cisco Intersight Virtual Appliance, a software tool for managing cloud systems, related to access control deficiencies, allows an attacker to gain access to confidential internal services through an external interface.
The vulnerability of the Cisco Intersight Virtual Appliance, a software tool for managing cloud systems, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to confidential internal services through an external...
The vulnerability of the PopojiCMS content management system arises from the lack of measures taken to protect the website structure. This allows attackers to execute arbitrary web or HTML scripts.
The vulnerability in the /admin.php?mod=user&act=addnew function of the PopojiCMS content management system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary web or HTML scripts by using a special...
The vulnerability of the Microsoft Dynamics 365 Business Central and integrated enterprise management system for small and medium-sized businesses lies in the lack of security measures for the website structure. This allows attackers to perform cross-site scripting attacks.
The vulnerability of the Microsoft Dynamics 365 Business Central and integrated enterprise management system relates to the lack of security measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially created...
The vulnerability of the mailboxd component (Autodiscover/Autodiscover.xml) in the Zimbra Collaboration Suite enterprise email management system allows a hacker to execute an XXE attack.
The vulnerability of the mailboxd component Autodiscover/Autodiscover.xml in the Zimbra Collaboration Suite enterprise email management system is related to an incorrect limitation on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to execute an XXE atta...
The vulnerability of the graphical interface (GDM/GNOME3) of the ROSA KOBALT operating system, which allows a perpetrator to increase their privileges
The vulnerability of the graphical interface GDM/GNOME3 of the ROSA KOBALT operating system is related to deficiencies in the authentication process. Exploiting this vulnerability can allow attackers to gain increased privileges...
The vulnerability of the Adobe Framemaker desktop publishing system, related to writing beyond the buffer boundaries in memory, allows a hacker to execute arbitrary code.
The vulnerability of the Adobe Framemaker desktop publishing system lies in the writing of code beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user...
The vulnerabilities of PDF viewing and editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat Reader Document Cloud, as well as Adobe Acrobat 2017 and Adobe Acrobat Reader 2017, are related to memory usage after it is released. These vulnerabilities allow attackers to gain unauthorized access to protected information.
The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, and Adobe Acrobat Reader 2017 are related to the use of memory after it is freed. Exploiting these vulnerabilities can allow an attacker to gain...
The vulnerability of the Mozilla Thunderbird email client, related to insufficient validation of input data, allows a hacker to execute arbitrary code.
The vulnerability of Mozilla Thunderbird’s email client is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in an MITM Man-In-The-Middle scenario by sending an arbitrary IMAP command...
The vulnerability of the __cil_verify_classperms() function in the SELinux access control system allows a perpetrator to trigger a service failure.
The vulnerability of the cilverifyclassperms function in the SELinux access control system is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to trigger a service failure...
The vulnerability of the MagickCore/visual-effects.c file, a set of programs for reading and editing ImageMagisk files, arises from the lack of zero-division checking. This allows an attacker to trigger a service failure.
The vulnerability of the MagickCore/visual-effects.c file, a set of programs for reading and editing ImageMagisk files, is related to the lack of checks for division by zero. Exploiting this vulnerability could allow an attacker to cause service interruptions...
The vulnerability of the _maliciousfilename function in the Archive_Tar class of the PHP classes in the PEAR library allows a malicious actor to execute arbitrary PHP code.
The vulnerability of the maliciousfilename function in the ArchiveTar class of the PHP classes in the PEAR library is related to the restoration of a unreliable data structure in memory. Exploiting this vulnerability allows an attacker to execute arbitrary PHP code using a specially crafted .tar...
The vulnerability of several functions in libscp_v0.c allows an attacker to access confidential information or cause service failures, due to buffer overflows in the stack of the RDP server xrdp.
The vulnerability of several functions in libscpv0.c affects the RDP server xrdp. It involves buffer overflow in the data stack buffer. Exploiting this vulnerability can allow an attacker to access confidential information or cause service failures...
The vulnerability of the client-side SCP mechanism in OpenSSH, which arises due to insufficient validation of input data, allows attackers to overwrite arbitrary files in the client’s download directory.
The vulnerability of the client-side SCP component in OpenSSH exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to rewrite any files in the client’s download directory by creating a sub-directory anywhere on the remote server...
The vulnerability of the `inotify_update_existing_watch()` function in the Linux kernel’s `fs/notify/inotify/inotify_user.c` file, related to a lack of memory release mechanism, allows a malicious actor to trigger a service failure.
The vulnerability of the inotifyupdateexistingwatch function in the fs/notify/inotify/inotifyuser.c file of the Linux operating system’s kernel is related to a lack of memory release mechanism. Exploiting this vulnerability allows an attacker to trigger a service failure...
The vulnerability of the Lodash application library of Aurora Center lies in the failure to take measures to neutralize special elements used in the operating system’s command set, allowing attackers to execute arbitrary commands.
The vulnerability of the Lodash application library in Aurora Software Solutions relates to the failure to take measures to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the yargs-parser library in application software of Aurora Center involves uncontrolled changes to object prototypes’ attributes, allowing attackers to execute “prototype pollution” attacks.
The vulnerability of the yargs-parser library in application software developed by Avora Center relates to uncontrolled changes to object prototypes’ attributes. Exploiting this vulnerability could allow a malicious actor to execute a “prototype compromise” attack...
The vulnerability of the application development module for HMI Window Maker in Wonderware InTouch systems arises from copying buffers without checking the size of the input data. This allows a malicious actor to trigger an emergency shutdown of the system.
The vulnerability of the application development module for HMI Window Maker in Wonderware InTouch SCADA systems relates to the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow an attacker to cause damage to multiple stack frames and re-write...
The vulnerability of the Exim message transfer agent, related to privilege management errors, allows a hacker to elevate their privileges within the system.
The vulnerability of the Exim message transfer agent is related to privilege management errors. Exploiting this vulnerability can allow an attacker to elevate privileges within the system by sending the file’s PID...
The vulnerability of Linux operating system’s kernel-based PI futex components, which allows a hacker to execute arbitrary code at the kernel level
The vulnerability of Linux operating system’s kernel PI futexes relates to the use of memory after it is freed. Exploiting this vulnerability allows an attacker to execute arbitrary code at the kernel level...
The vulnerability of the Apache OFBiz resource planning software lies in its ability to restore unreliable data in memory, allowing an attacker to execute arbitrary code.
The vulnerability of Apache OFBiz’s resource planning software lies in its ability to restore unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially crafted request...
The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to gain unauthorized access to protected information.
The vulnerability of the Core component of the Oracle VM VirtualBox software is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of Qualcomm’s software, related to deficiencies in access control, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of Qualcomm’s software is related to deficiencies in access control. Exploiting this vulnerability can allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to gain unauthorized access to protected information.
The vulnerability of the Core component of the Oracle VM VirtualBox software lies in insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to gain unauthorized access to protected information.
The vulnerability of the Core component of the Oracle VM VirtualBox software lies in insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of Microprogramming Software for Cisco Adaptive Security Appliance Software (ASA) and Cisco Firepower Threat Defense (FTD) relates to writing beyond the buffer boundaries, allowing attackers to trigger a system reboot or cause service failure.
The vulnerability of Microprogrammed Network Interface Software of Cisco Adaptive Security Appliance Software ASA and Cisco Firepower Threat Defense FTD is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow a malicious actor to trigger a system reboot or caus...
The vulnerability of Containerd’s execution environment, related to the lack of a mechanism for storing registration data, allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of Containerd’s execution environment is related to improper processing of the image manifest file. Exploiting this vulnerability allows a remote attacker to gain unauthorized access to protected information...
The vulnerability of the Node.js software platform, related to a bug in the resource consumption monitoring mechanism, allows a hacker to trigger a service failure.
The vulnerability of the Node.js software platform is related to the improper handling of a large number of requests sent to the unknownProtocol. Exploiting this vulnerability allows an attacker who operates remotely to cause service failures...
The vulnerability of the Node.js software platform, related to the presence of localhost6 in the white list, allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the Node.js software platform is related to the presence of localhost6 in the white list. Exploiting this vulnerability allows a remote attacker to access confidential data, compromise its integrity, and cause service failures...
The vulnerability of the Google Chrome browser’s presentation API involves the use of a memory area after it is freed. This allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of the Google Chrome browser’s presentation API relates to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause service interruptions...
The vulnerability of the Magento Commerce software development and management platform lies in its lack of measures to neutralize special elements used in the operating system, allowing attackers to execute arbitrary code.
The vulnerability of the Magento Commerce software development and management platform is related to the lack of measures taken to neutralize special elements used in the operating system. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Windows Console Driver component of the Windows operating system, which allows a hacker to trigger a service failure
The vulnerability of the Windows Console Driver component of the operating system is related to insufficient validation of input data. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
The vulnerability of the CheckList component of the Joomla! content management system allows a hacker to execute arbitrary SQL commands.
The vulnerability of the CheckList component in the Joomla! content management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands remotely...
The vulnerability of the executable file FortiClientOnlineInstaller.exe, a security tool from Fortinet’s FortiClient for Windows, allows a perpetrator to execute arbitrary code.
The vulnerability of the installation file FortiClientOnlineInstaller.exe, a security tool from Fortinet’s FortiClient for Windows, is related to errors in the path validation mechanism. Exploiting this vulnerability could allow an attacker to execute arbitrary code using specially uploaded DLL...
The vulnerabilities of the 3D model rendering software programs Luxion KeyShot, Luxion KeyShot Viewer, Luxion KeyShot Network Rendering, and Luxion KeyVR allow attackers to execute arbitrary code.
The vulnerabilities of the 3D model rendering software programs Luxion KeyShot, Luxion KeyShot Viewer, Luxion KeyShot Network Rendering, and Luxion KeyVR are related to pointer assignment errors. Exploiting these vulnerabilities can allow attackers to execute arbitrary code...
The vulnerability of Adobe Illustrator 2021, related to writing beyond the buffer in memory, allows a hacker to execute arbitrary code.
The vulnerability of Adobe Illustrator 2021 graphic editor is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...
The vulnerability of Cisco Webex Meetings’ software web interface allows attackers to carry out cross-site scripting attacks.
The vulnerability of Cisco Webex Meetings’ software web interface is related to deficiencies in neutralizing special characters. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
The vulnerability of the Windows operating system’s kernel, related to insecure management of privileges, allows attackers to elevate their own privileges.
The vulnerability of the Windows operating system’s kernel is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges...
The vulnerability in the vManage web interface of the software-defined Cisco SD-WAN network allows a malicious individual to gain unauthorized access to protected information.
The vulnerability of the vManage web interface of the Cisco SD-WAN program-defined network is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...
The vulnerability of the components of the Cisco Email Security Appliance, a system for email security management, and the Cisco Content Security Management Appliance, a system for content security management, as well as the Cisco Web Security Appliance, an internet gateway, allows attackers to gain unauthorized access to protected information.
The vulnerability of the components of the Cisco Email Security Appliance, the Cisco Content Security Management Appliance, and the Cisco Web Security Appliance involves a lack of authentication token requirements. Exploiting this vulnerability can allow an attacker to gain unauthorized access to...