90604 matches found
The vulnerability of the microprogrammed software of the programmable logic controller LS ELECTRIC XBC-DN32U lies in the lack of authentication for a critical function. This allows attackers to escalate their privileges and gain control over the device.
The vulnerability of the microprogrammed logic controller LS ELECTRIC XBC-DN32U lies in the absence of authentication for a critical function. Exploiting this vulnerability allows an attacker to enhance their privileges and gain control over the device...
The vulnerability of Siemens Solid Edge, a design and modeling tool, relates to the use of an uninitialized pointer, allowing an attacker to execute arbitrary code.
The vulnerability of Siemens Solid Edge’s design and simulation tools is related to the use of an uninitialized pointer. Exploiting this vulnerability could allow attackers to execute arbitrary code using specially created PAR files...
The vulnerability of the Ninja Forms Contact Form plugin of the WordPress content management system allows attackers to perform cross-site scripting attacks.
The vulnerability of the Ninja Forms Contact Form plugin of the WordPress content management system is related to the lack of protective measures for the website’s structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...
The vulnerability of the Bluetooth component of the Android operating system, which allows a intruder to disclose protected information
The vulnerability of the Bluetooth component in the Android operating system is related to deficiencies in access control. Exploiting this vulnerability could allow a perpetrator to disclose protected information...
The vulnerability of the prog.cgi component in D-Link DIR-3040 wireless router software allows a hacker to execute arbitrary code.
The vulnerability of the prog.cgi component in D-Link DIR-3040 wireless router software lies in the fact that the operation’s output escapes the buffer and is stored in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending specially crafted HNAP...
The vulnerability of the mstlsapi.dll library in the Remote Desktop Services (RDS) operating system allows a hacker to execute a type of attack known as “man-in-the-middle” attack.
The vulnerability of the mstlsapi.dll library in the Remote Desktop Services RDS operating system of Windows involves unencrypted storage of critical information. Exploiting this vulnerability could allow an attacker to carry out a “man-in-the-middle” attack...
The vulnerability of the 3D model texturing program Adobe Substance 3D Designer, related to reading data outside the buffer in memory, allows a hacker to execute arbitrary code.
The vulnerability of the 3D model texturing program Adobe Substance 3D Designer lies in the reading of data beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created USD file...
The vulnerability of the Substance 3D Stager software lies in the possibility of an operation going beyond the buffer boundaries in memory, allowing a hacker to execute arbitrary code.
The vulnerability of the Substance 3D Stager software relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created file...
The vulnerability of the WireGuard VPN service, related to errors in handling links, allows a malicious actor to block IP traffic on selected IP addresses.
The vulnerability of the VPN service WireGuard is related to errors in handling links. Exploiting this vulnerability allows a remote attacker to block IP traffic on selected IP addresses...
The vulnerability of the Royal Elementor Addons and Templates plugin of the WordPress content management system allows a hacker to execute arbitrary code by loading a specially created file.
The vulnerability of the Royal Elementor Addons and Templates plugin of the WordPress content management system is related to the ability to download files of a dangerous type without limitation. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by downloading ...
The vulnerability of the module of the virtual trusted platform for Windows operating systems, which allows a perpetrator to trigger a service failure
The vulnerability of the virtual trusted platform module for Windows operating systems is related to improper resource cleaning. Exploiting this vulnerability can allow an attacker to cause service failures...
The vulnerability of the full-screen mode implementation in Google Chrome allows a perpetrator to influence the integrity of the protected information.
The vulnerability of the full-screen browser mode implementation in Google Chrome is related to improperly implemented security checks for standard elements. Exploiting this vulnerability allows a malicious actor to influence the integrity of protected information by installing a malicious...
The vulnerability of the FortiMail email protection system lies in the lack of measures taken to protect the structure of the web page, allowing attackers to execute arbitrary codes.
The vulnerability of the FortiMail email protection system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary codes remotely...
The vulnerability of Google Chrome’s Autofill function allows attackers to influence the integrity of the protected information.
The vulnerability of Google Chrome’s Autofill function is related to improperly implemented security checks for standard elements. Exploiting this vulnerability allows an attacker to influence the integrity of protected information by loading a specially created HTML page...
The vulnerability of the Cast component in the Google Chrome browser allows a hacker to compromise the rendering process.
The vulnerability of the Cast component in Google Chrome browser relates to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to compromise the rendering process through a specially created HTML page...
The vulnerability of backup and data recovery software on computers and servers with Acronis Agent lies in errors during link processing, which allows attackers to exploit their privileges.
The vulnerability of backup and data recovery software on computers and servers with Acronis Agent is related to errors in handling links. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the TightVNC remote desktop access system, related to errors in privilege management, allows a intruder to escalate their privileges.
The vulnerability of the TightVNC remote desktop access system is related to errors in privilege management. Exploiting this vulnerability allows a malicious actor to increase their privileges by replacing files…...
The vulnerability of MediaTek’s microprogramming software, related to writing beyond the buffer in memory, allows a hacker to trigger a service failure.
The vulnerability of MediaTek’s microprogramming software relates to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a hacker to cause a system failure...
The vulnerability of the formSetWanDhcpplus function in the D-Link DIR-619L router’s microprogramming software allows a hacker to induce a service failure.
The vulnerability of the formSetWanDhcpplus function in the microprogramming software for D-Link DIR-619L routers is related to the writing of data beyond the buffer in memory. Exploiting this vulnerability could allow a remote attacker to cause a service failure...
The vulnerability of the SonicWall Secure Mobile Access (SMA 1000) software lies in its ability to bypass authentication procedures. This allows attackers to gain access to arbitrary files and directories stored outside of the root web directory.
The vulnerability of the SonicWall Secure Mobile Access SMA 1000 security access device lies in its ability to bypass authentication procedures. Exploiting this vulnerability allows a malicious actor to gain access to arbitrary files and directories stored outside of the root web directory...
The vulnerability of the formWifiBasicSet function in the microprogramming software for Tenda A18 allows a hacker to cause a service failure.
The vulnerability of the formWifiBasicSet function in the Tenda A18 router microprogramming system is related to the ability to write data beyond the buffer in memory. Exploiting this vulnerability could allow a remote attacker to cause a service failure...
The vulnerability of the Maxon Cinema 4D 3D modeling and animation tool lies in its memory management after the memory is released, allowing a hacker to execute arbitrary code.
The vulnerability of the Maxon Cinema 4D 3D modeling and animation tool is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to execute arbitrary code using a specially created SKP file...
The vulnerability of microprogrammed software in Advantech EKI-1524, EKI-1522, and EKI-1521 industrial switches stems from the lack of protective measures for website structures. This allows attackers to perform cross-site scripting attacks.
The vulnerability of the microprogrammed software in Advantech EKI-1524, EKI-1522, and EKI-1521 industrial switches exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using the...
The vulnerability of the library for handling Bitcoin transactions and blocks in Libbitcoin Explorer (BX) allows a hacker to expose the protected information.
The vulnerability of the Libbitcoin Explorer BX for processing Bitcoin transactions and blocks is related to the use of a insecure random number generator program. Exploiting this vulnerability could allow an attacker, operating remotely, to disclose sensitive information...
The vulnerability of the exportAsText function in the PDF-XChange PDF document viewing and editing software allows a perpetrator to execute arbitrary code.
The vulnerability of the exportAsText function in the PDF document viewing and editing software PDF-XChange is related to the use of dangerous methods or functions. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
The vulnerability of the D-View 8 network device management platform, which stems from the use of rigidly encrypted user credentials, allows a malicious actor to circumvent security restrictions and gain unauthorized access to protected information.
The vulnerability of the D-View 8 network device management platform lies in the use of a static key during the processing of JWT tokens. Exploiting this vulnerability allows an attacker to bypass security restrictions and gain unauthorized access to protected information...
The vulnerability of the DoT protocol’s implementation in BIND DNS servers allows a attacker to induce a service failure.
The vulnerability of the DoT protocol DNS over TLS implementation in BIND DNS servers lies in the insufficient use of the assert function or similar operators when processing requests. Exploiting this vulnerability allows a malicious actor to cause service failures...
The vulnerability of the `addApplicationFont{FromData}` function in the QFontDatabase class, a cross-platform framework for Qt software development, allows a attacker to cause a service failure.
The vulnerability of the addApplicationFontFromData function in the QFontDatabase class, a cross-platform framework for Qt software development, is related to improper cleaning or release of resources during font processing. Exploiting this vulnerability can allow an attacker to cause service...
The vulnerability of cloud-based software for creating and using Nextcloud storage solutions is related to improper access control, which allows attackers to gain unauthorized access to protected information.
The vulnerability of cloud-based software for creating and using Nextcloud storage solutions is related to improper access control. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the read_samples() function in the Sound eXchange (SoX) audio processing software allows a hacker to cause a service failure.
The vulnerability of the readsamples function in the Sound eXchange SoX sound processing software is related to incorrect numerical calculations when processing values with a comma. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the set_qos function in the Milesight UR32L router software allows a hacker to execute arbitrary code.
The vulnerability of the setqos function in the Milesight UR32L router microprogramming system arises due to a stack-based buffer overflow. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...
The vulnerability of the DDP microprogramming software-based wireless access points from D-Link, model DAP-2622, allows a intruder to execute any arbitrary code.
The vulnerability of the DDP microprogramming software used in D-Link DAP-2622 wireless access points lies in the fact that the execution of commands is carried out outside of the buffer in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code...
The vulnerability of the partition_search.h component in the library, which implements the AV1 codec of the Debian GNU/Linux operating system, allows a hacker to execute arbitrary code.
The vulnerability of the partitionsearch.h component in the library that implements the AV1 codec in the Debian GNU/Linux operating system is due to buffer overflow in the stack. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
The vulnerability of the MDPR component in the Gstreamer multimedia framework allows a hacker to execute arbitrary code.
The vulnerability of the MDPR component in the Gstreamer multimedia framework is related to a numerical overflow condition. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...
The vulnerability of Google Chrome’s Skia graphic library allows a hacker to execute arbitrary code.
The vulnerability of Google Chrome’s Skia graphics library is related to buffer overflow attacks. Exploiting this vulnerability allows an attacker to execute arbitrary code through a specially created HTML page...
The vulnerability of the CMD_W_REG command processor in the CEAR_MWDI_DFLT_PASSWORD register of the CE805M data collection and transmission device allows a attacker to compromise the integrity of the database or cause service failures.
The vulnerability of the CMDWREG command processor in the CEARMWDIDFLTPASSWORD registry of the CE805M data collection and transmission device is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability could allow an attacker to compromise the...
The vulnerability of the setaccount() function in Tenda’s microprogramming software allows a hacker to execute arbitrary code or cause a service failure.
The vulnerability of the setaccount function in Tenda router microprogramming software lies in the fact that the operation’s output goes beyond the buffer in memory when processing the list parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause servic...
The vulnerability of the ANGLE library in Google Chrome browsers allows a hacker to execute arbitrary code or trigger a denial-of-service attack.
The vulnerability of the ANGLE library in Google Chrome browsers is related to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service denial-of-service by loading a specially created...
The vulnerability of the Data Transfer Security function in software for creating and managing graphical interfaces for control panels in GT Designer3, GOT2000 Series, GOT SIMPLE Series, GT SoftGOT2000, allows a perpetrator to gain unauthorized access to protected information and enhance their privileges.
The vulnerability of the Data Transfer Security function in software for creating and managing graphical interfaces for control panels in GT Designer3, GOT2000 Series, GOT SIMPLE Series, and GT SoftGOT2000 is related to weak cryptography for passwords. Exploiting this vulnerability can allow...
The vulnerability of CODESYS software products, related to insufficient validation of input data, allows a perpetrator to trigger a service failure.
The vulnerability of CODESYS software products is related to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures...
The vulnerability of the DevTools set of tools for web development in the Google Chrome browser allows a hacker to execute arbitrary code.
The vulnerability of the DevTools set of tools for web development in Google Chrome relates to the use of memory after it is released. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...
The vulnerability of the web interface of the microprogramming software for routing and switching platforms RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, and RUGGEDCOM ROX RX1400 allows attackers to enhance their privileges and execute arbitrary commands.
The vulnerability of the web interface of microprogramming software for routing and switching platforms RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, and RUGGEDCOM ROX RX1400 stems from the lack of measures to neutralize special elements used in the operating system’s processing of the...
The vulnerability of the PHP platform pimcore, related to the lack of measures taken to protect the structure of web pages, allows attackers to perform cross-site scripting attacks.
The vulnerability of the PHP platform pimcore is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
The vulnerability of the Citrix Workspace App for Linux operating system, related to access control deficiencies, allows a intruder to gain access to user sessions.
The vulnerability of the Citrix Workspace App for Linux operating system is related to lack of access control mechanisms. Exploiting this vulnerability could allow an attacker to gain access to user sessions...
The vulnerability of Client programs in the MySQL database management system allows a perpetrator to gain unauthorized access to protected information or cause service failures.
The vulnerability of the Server: Optimizer component of the MySQL database management system is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information or cause service failures...
The vulnerability of the DigiExam online test control software lies in the lack of verification data for integrity checks. This allows a perpetrator to gain access to personal data and account information on shared computers.
The vulnerability of the DigiExam online test control software lies in the lack of control data for verifying integrity. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to personal data and account information on shared computers...
The vulnerability of the web server of the microprogramming software for SIMATIC MV540, MV550, and MV560 barcode readers allows a perpetrator to cause a service failure.
The vulnerability of the web server of the microprogramming software for SIMATIC MV540, MV550, and MV560 barcode readers is related to the unlimited distribution of resources. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
The vulnerability of the web interface of microprogramming software in VMware SD-WAN Edge devices allows a hacker to bypass security restrictions and gain access to read, modify, or delete data.
The vulnerability of the web interface of microprogramming software in VMware SD-WAN Edge devices is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain read, modify, or delete access to data by downloading the...
The vulnerability of the microprogrammed software of SIMATIC MV540, MV550, and MV560 barcode readers, related to uncontrolled resource consumption, allows a intruder to trigger a service failure.
The vulnerability of the microprogrammed software of SIMATIC MV540, MV550, and MV560 barcode readers is related to an uncontrolled resource consumption during Ethernet frame processing. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
The vulnerability of the web interface of the microprogramming software for routing and switching platforms RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, and RUGGEDCOM ROX RX1400 allows attackers to perform cross-site scripting attacks.
The vulnerability of the web interface of microprogramming software for routing and switching platforms such as RUGGEDCOM ROX MX5000, RUGGEDCOM ROX MX5000RE, and RUGGEDCOM ROX RX1400 arises from the lack of protection for the web page structure during the processing of the getelements parameter...