90336 matches found
The vulnerability of the SimpleOne ITSM automation system lies in its ability to use strictly encrypted user data, which allows a malicious actor to compromise the domain name.
The vulnerability of the SimpleOne ITSM automation system relates to the possibility of using strictly encrypted user data. Exploiting this vulnerability could allow a malicious actor to compromise the domain name...
The vulnerability in the Zabbix UI of the IT infrastructure monitoring system allows a perpetrator to increase their privileges within the system and execute arbitrary code.
The vulnerability in the Zabbix UI of the IT infrastructure monitoring system is related to insufficient protection of registration data. Exploiting this vulnerability can allow attackers to enhance their privileges within the system and execute arbitrary code...
The vulnerability of the AngularJS JavaScript framework for developing single-page applications relates to incomplete filtering of special elements, allowing attackers to perform cross-site scripting attacks.
The vulnerability of the AngularJS JavaScript framework for developing single-page applications is related to incomplete filtering of special elements. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...
Vulnerability of the Server component: The Optimizer component of the MySQL Server database management system, which allows a hacker to cause a service failure.
The vulnerability of the MySQL Server component of the database management system involves the improper assignment of permissions to a critical resource. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...
The vulnerability of the formOneSidCfgSet function in the microprogramming software for Tenda AC500 allows a hacker to cause a service failure.
The vulnerability of the formOneSidCfgSet function in the Tenda AC500 router’s microprogramming software relates to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of the SSH protocol implementation on Windows operating systems allows attackers to escalate their privileges.
The vulnerability of the SSH protocol implementation in OpenSSH servers for Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow attackers to increase their privileges...
The vulnerability of the PHP library TCPDF, related to incorrect pathname restrictions for restricted access directories, allows attackers to gain unauthorized access to protected information.
The vulnerability of the PHP library TCPDF lies in the incorrect path limitation for the access to the restricted directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the soup_message_headers_get_content_disposition() function in the libsoup library for GNOME’s graphical interface allows a attacker to execute arbitrary code.
The vulnerability of the soupmessageheadersgetcontentdisposition function in the GNOME graphical interface library libsoup is related to the release of previously unallocated memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code by sending a specially craft...
The vulnerability of the ChromeOS operating system’s kernel, which arises due to insufficient validation of input data, allows a hacker to execute arbitrary code.
The vulnerability of the ChromeOS operating system’s kernel exists due to insufficient validation of input data. Exploiting this vulnerability can allow a perpetrator to execute arbitrary code...
The vulnerability of the Kerberos protocol for Windows operating systems allows attackers to circumvent existing security restrictions and expose sensitive information.
The vulnerability of the Kerberos protocol for Windows operating systems is related to the insecure storage of confidential information. Exploiting this vulnerability can allow attackers to circumvent existing security restrictions and expose the protected information...
The vulnerability of the `gf_opus_parse_packet_header` function in the `media_tools/av_parsers.c` file, implemented by the MP4Box packaging tool for the GPAC multimedia platform, allows a hacker to trigger a service failure.
The vulnerability of the gfopusparsepacketheader function in the mediatools/avparsers.c file, belonging to the MP4Box packaging tool of the GPAC multimedia platform, is related to buffer overflow in dynamic memory. Exploiting this vulnerability could allow a remote attacker to cause a service...
The vulnerability of the SIEM system testing tool Kraken Stress Testing Toolkit lies in the incorrect restriction on the path name to the catalog, which allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the SIEM systems’ load testing tools, such as the Kraken Stress Testing Toolkit, is related to incorrect restrictions on the path name to the catalog. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected...
The vulnerability of Microsoft Edge browser on the iOS operating system, related to information representation errors in the user interface, allows attackers to perform spear-phishing attacks.
The vulnerability of Microsoft Edge browser on the iOS operating system is related to information representation errors in the user interface. Exploiting this vulnerability can allow a remote attacker to perform spear-phishing attacks...
The vulnerability of the ImageInput::read_image() function in the src/libOpenImageIO/imageinput.cpp module of the OpenImageIO library allows a hacker to cause a service failure.
The vulnerability of the ImageInput::readimage function in the src/libOpenImageIO/imageinput.cpp module of the OpenImageIO library is related to the lack of checks for division by zero. Exploiting this vulnerability could allow a remote attacker to cause a service failure...
The vulnerability of the Windows Hyper-V hardware virtualization system allows attackers to escalate their privileges.
The vulnerability of the Windows Hyper-V hardware virtualization system is related to buffer overflows in dynamic memory. Exploiting this vulnerability can allow an attacker to gain increased privileges...
The vulnerability of the ionic_xdp_xmit() function in the drivers/net/ethernet/pensando/ionic/ionic_txrx.c module of the Linux kernel allows a attacker to cause a service failure.
The vulnerability of the ionicxdpxmit function in the drivers/net/ethernet/pensando/ionic/ionictxrx.c file of the Linux kernel is related to pointer manipulation. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the Mozilla Firefox browser, related to errors in information representation by the user interface, allows a hacker to replace the address bar.
The vulnerability of the Mozilla Firefox browser is related to errors in information representation by the user interface. Exploiting this vulnerability allows a malicious actor to substitute the address bar with a specially created link...
The vulnerability of the Intel QuickAssist Technology (QAT) driver package arises from insufficient validation of input data, allowing a hacker to trigger a service failure.
The vulnerability of the Intel QuickAssist Technology QAT driver package is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the Resilient File System (ReFS) Deduplication Service in Windows operating systems allows a hacker to increase their privileges.
The vulnerability of the Resilient File System ReFS Deduplication Service in Windows operating systems is related to a memory reclamation error. Exploiting this vulnerability can allow an attacker to gain increased privileges...
The vulnerability of the mgmt_mesh_foreach() function in the net/bluetooth/mgmt_util.c module of operating systems running on Linux allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information, or cause service failures.
The vulnerability of the mgmtmeshforeach function in the net/bluetooth/mgmtutil.c module of Linux operating systems is related to iterating over an inappropriate list called mgmtpending, which contains elements of type struct mgmtpendingCmd instead of struct mgmtmeshtx. Exploiting this...
The vulnerability of the network authentication protocol used by the Firebird software components, “Population Cancer Registry” and “Hospital Cancer Registry,” allows attackers to intercept traffic.
The vulnerability of the network authentication protocol used by the Firebird software’s “Population Cancer Registry” and “Hospital Cancer Registry” components is related to the use of a insecure authentication method called LegacyAuth. Exploiting this vulnerability allows a malicious actor to...
The vulnerability of the Ivanti EPM endpoint management software, related to reading data beyond the buffer in memory, allows a hacker to trigger a service failure.
The vulnerability of the Ivanti EPM endpoint management software is related to reading data beyond the buffer in memory. Exploiting this vulnerability can allow a remote attacker to cause service failures...
The vulnerability of the microprogrammed software of the SCALANCE M-800 industrial routers lies in the inability to clean file names before loading, allowing attackers to compromise the integrity of the system.
The vulnerability of the microprogrammed software in industrial routers SCALANCE M-800 relates to the inability to clean file names before loading. Exploiting this vulnerability can allow an intruder to compromise the integrity of the system...
The vulnerability of the lis3lv02d_i2c component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the lis3lv02di2c component in the Linux operating system is related to resource management errors. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the frommacFilterModify function in the /goform/operateMacFilter module of the Tenda wireless access point software allows a intruder to execute arbitrary code or cause a service failure.
The vulnerability of the frommacFilterModify function in the /goform/operateMacFilter microprogramming system for the wireless access point Tenda is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrar...
The vulnerability of the libavfilter/vfcodecview.c component of the FFmpeg multimedia library involves an operation that occurs outside the buffer boundaries in memory. This allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of the libavfilter/vfcodecview.c component in the FFmpeg multimedia library relates to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to access confidential data, compromise its integrity, and even cause...
The vulnerability of the Tinode Chat messaging platform, which allows a hacker to perform a CSRF attack
The vulnerability of the Tinode Chat messaging platform is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to perform a CSRF attack using a specially created web page...
The vulnerability of the IBM QRadar SIEM system for event collection and analysis, related to the disclosure of protected information, allows attackers to gain unauthorized access to confidential data.
The vulnerability of the IBM QRadar SIEM event collection and analysis system is related to the disclosure of protected information. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the Cargo package manager in the Rust programming language allows a hacker to execute arbitrary code.
The vulnerability of the Cargo package manager in the Rust programming language is related to the ignoring of umask when extracting archives created on UNIX-like systems. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the addons/structure/plugins/content/pages/modulesmodules.php component of the REDAXO content management system allows a hacker to execute arbitrary code.
The vulnerability of the addons/structure/plugins/content/pages/modulesmodules.php component of the REDAXO content management system is related to improper handling of code generation. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the Windows Hyper-V hardware virtualization system allows a perpetrator to execute arbitrary code.
The vulnerability of the Windows Hyper-V hardware virtualization system is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the CRI-O Container Engine’s application programming interface, a software platform for managing clusters of virtual machines in Kubernetes, relates to the distribution of resources without any restrictions or controls. This allows a malicious actor to trigger service failures.
The vulnerability of the CRI-O Container Engine’s application programming interface, a software platform for managing clusters of virtual machines in Kubernetes, is related to an experimental exploit that allows containers to become unlimited in size. Exploiting this vulnerability could enable a...
The vulnerability of the CLI interface of ArubaOS operating systems allows a hacker to gain access to delete any files they desire and to cause service interruptions.
The vulnerability of the CLI interface of ArubaOS operating systems is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access and delete any files they desire, as well as cause service failures...
The vulnerability of VMware ESXi, Workstation, Fusion, and Cloud Foundation software lies in the ability to write beyond the buffer boundaries, allowing attackers to increase their privileges.
The vulnerabilities of VMware ESXi, Workstation, Fusion, and Cloud Foundation software are related to writing beyond the buffer boundaries. Exploiting these vulnerabilities can allow attackers to gain increased privileges...
The vulnerability of the software used for creating, monitoring, and orchestrating data processing scripts in Airflow relates to the disclosure of protected information, allowing attackers to obtain confidential data.
The vulnerability of the software allows for the creation, monitoring, and orchestration of data processing scenarios in Airflow. This vulnerability involves the exposure of protected information. Exploiting this vulnerability can enable a remote attacker to obtain confidential information...
The vulnerability of the `show_zysync_server_contents` function in the network storage software Zyxel NAS326 and NAS542 allows a hacker to execute arbitrary code.
The vulnerability of the showzysyncservercontents function in Zyxel NAS326 and NAS542 software exists because measures to neutralize special elements used in operating system commands have not been taken. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending...
The vulnerability of the TIFFClose() function in the LibTIFF library, which allows a hacker to cause a service failure
The vulnerability of the TIFFClose function in the LibTIFF library is related to pointer dereferencing errors. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of iMind video conferencing software lies in its ability to allow the insertion of code or data, enabling a hacker to execute arbitrary code with administrative privileges.
The vulnerability of the iMind video conference software relates to the possibility of code or data being injected into the system. Exploiting this vulnerability allows a malicious actor to execute arbitrary code with administrative privileges...
The vulnerability of the Softing edgeAggregator data integration tool lies in its lack of protection for website structures, allowing attackers to execute arbitrary code with root privileges.
The vulnerability of the Softing edgeAggregator data integration tool is related to the lack of security measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code with root privileges...
The vulnerability of the GRand Unified Bootloader (GRUB) of the Cisco IOS XR router operating system from Network Convergence System’s 540 Series and Cisco 9000 Series routers allows a hacker to execute arbitrary code.
The vulnerability of the GRand Unified Bootloader GRUB in Cisco IOS XR routers from the Network Convergence System 540 Series and Cisco 9000 Series is related to deficiencies in the authentication process. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerabilities of the software products for developing HMI/SCADA systems such as EcoStruxure Machine SCADA Expert and Pro-face BLUE Open Studio allow attackers to execute arbitrary code.
The vulnerability of the software products for developing HMI/SCADA systems such as EcoStruxure Machine SCADA Expert and Pro-face BLUE Open Studio is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
The vulnerability of the WordPress Metaslider plugin stems from the lack of measures taken to protect the structure of the web page. This allows attackers to gain unauthorized access to the protected information.
The vulnerability of the WordPress Metaslider plugin exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...
The vulnerability of the microprogrammed software of Moxa routers series TN-5916, TN-4900, EDR-G903, EDR-G902, and EDR-810 is related to errors in processing input data, which can allow a perpetrator to cause service failures.
The vulnerability of the microprogrammed routing software from Moxa, models TN-5916, TN-4900, EDR-G903, EDR-G902, and EDR-810, is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to cause service failures by sending specially crafted HTTP/HTTPS...
The vulnerability of the executable file IGSSdataServer.exe of the Data Server module in the Interactive Graphical SCADA System (IGSS) allows a perpetrator to execute arbitrary code.
The vulnerability of the IGSSdataServer.exe executable file of the Data Server module in the Interactive Graphical SCADA System IGSS is related to a numerical overflow vulnerability. Exploiting this vulnerability could allow an attacker to execute arbitrary code by sending a specially crafted...
The vulnerability of the microprogramming software used in Diebold-Nixdorf RM3/CRS cash dispensers allows a perpetrator to install an outdated or modified version of the microprogramming software in order to bypass encryption and dispense cash.
The vulnerability of the microprogramming software of Diebold-Nixdorf RM3/CRS dispensers relates to the possibility of bypassing security mechanisms. Exploiting this vulnerability could allow an intruder to install a outdated or modified version of the microprogramming software, thereby...
The vulnerability of the microprogramming software used in Diebold-Nixdorf CMDv5 dispensers allows a perpetrator to install an outdated or modified version of the microprogramming software in order to bypass encryption and dispense cash.
The vulnerability of the microprogramming software used in Diebold-Nixdorf CMDv5 dispensers relates to the possibility of bypassing security mechanisms. Exploiting this vulnerability allows an intruder to install an outdated or modified version of the microprogramming software, thereby...
The vulnerability of Google Chrome web browser’s Safe Browsing service allows a hacker to execute arbitrary code on the target system.
The vulnerability of Google Chrome’s Safe Browsing service is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to execute arbitrary code on the target system...
The vulnerability of the SAP NetWeaver integration platform, related to the lack of measures taken to protect the structure of web pages, allows attackers to intercept administrator or user sessions of web resources.
The vulnerability of the Pmitest server of the SAP NetWeaver software integration platform is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor, operating remotely, to intercept the session of administrators or...
The vulnerability of the programmatically defined Cisco SD-WAN network component allows a attacker to trigger a service failure.
The vulnerability of the programmatically defined Cisco SD-WAN API component is related to resource management errors. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
The vulnerability of the tcpdump tool for capturing and analyzing network traffic arises from buffer overflows, which allow attackers to disclose sensitive information that is protected by security measures.
The vulnerability of the tcpdump tool for capturing and analyzing network traffic arises due to buffer overflow. Exploiting this vulnerability can allow a hacker to disclose sensitive information using a specially created pcap file...