90509 matches found
The vulnerability of the Control Data Access component of the Honeywell OneWireless Wireless Device Manager (WDM) and the microprogramming software for programmable logic controllers from Honeywell, the Experion PKS, allows a hacker to execute arbitrary code.
The vulnerability of the Control Data Access component of the Honeywell OneWireless Wireless Device Manager and the microprogrammed software for programmable logic controllers like Honeywell Experion PKS is related to the implementation by an inappropriate developer. Exploiting this vulnerability...
The vulnerability of D-Link DCS-960L IP camera’s microprogramming software allows a intruder to execute arbitrary code by bypassing the authentication process using an alternative path or channel.
The vulnerability of D-Link DCS-960L IP camera software relates to bypassing the authentication process by using an alternative path or channel. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability in the driver module comedi/drivers/das16m1.c of the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the driver module comedi/drivers/das16m1.c in the Linux operating system is related to a violation of the buffer’s initial boundary. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the resize() and text() methods of the ImageMagick framework, which are used for developing web systems and CodeIgniter applications, allows attackers to load arbitrary files.
The vulnerability of the resize and text methods of the ImageMagick framework used for developing web systems and CodeIgniter applications relates to the lack of measures taken to neutralize special elements used in the operating system command line. Exploiting this vulnerability allows a remote...
The vulnerability of the PAN-OS operating system, related to incorrect external management of file names or file paths, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the PAN-OS operating system is related to incorrect external management of file names or file paths. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
Vulnerability of software for modeling, designing, and drawing in AutoCAD, related to the execution of operations beyond buffer boundaries in memory, allowing attackers to execute arbitrary code or cause system failures.
The vulnerability of the software for modeling, designing, and drawing in AutoCAD is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code or cause a service failure using a specially created PR...
The vulnerability of the amd_pmf_remove() function in the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the amdpmfremove function in the Linux operating system is related to a memory reclamation error. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the btrfs_endTransaction.transaction() function in Linux operating system kernels, which allows a hacker to trigger a service failure
The vulnerability of the btrfsendTransactionTransaction function in Linux operating system kernels is related to incorrect handling of elements of the free space tree during reconstitution. Exploiting this vulnerability can allow an attacker to cause service failures...
The vulnerability of the sftphandle() function in the LibSSH library allows a hacker to gain unauthorized access to protected information.
The vulnerability of the sftphandle function in the LibSSH library relates to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...
The vulnerability of the framework for creating applications based on the combination of language models (LLMs) like LangChain arises from insufficient validation of requests at the server-side level. This allows attackers to execute an SSRF attack.
The vulnerability of the framework for creating applications based on the combination of language models LLMs like LangChain is related to insufficient validation of requests at the server-side. Exploiting this vulnerability could allow a malicious actor to perform an SSRF attack...
The vulnerability of the TLS protocol implementation in the Crowdstrike Falcon endpoint protection software allows a attacker to execute a “man-in-the-middle” attack.
The vulnerability of the TLS protocol implementation in the Crowdstrike Falcon endpoint protection software is related to the lack of trust chain tracking during certificate verification. Exploiting this vulnerability allows a remote attacker to execute a “man-in-the-middle” attack...
The vulnerability of the MongoDB database management system server allows a hacker to cause a service failure.
The vulnerability of the MongoDB database management system server is related to errors in data type mixing. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
Vulnerabilities of functions ring_buffer_subbuf_order_set() and atomic_dec() in the Linux operating system’s kernel, allowing a hacker to trigger a service failure
The vulnerability of the ringbuffersubbuforderset and atomicdec functions in the Linux operating system is related to improper locking of resources. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the built-in BOA server (/boafrm/formMultiAPVLAN) of the TOTOLINK X15 router’s microprogramming software allows a hacker to cause a service failure.
The vulnerability of the built-in server boa /boafrm/formMultiAPVLAN of the TOTOLINK X15 microprogrammed router software is related to the issue where the operation’s output goes beyond the buffer in memory when processing the submit-url parameter. Exploiting this vulnerability allows a remote...
The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to incorrect authentication, allows a hacker to bypass existing security restrictions.
The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to incorrect authentication. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions remotely...
The vulnerability of MediaTek’s Bluetooth driver microprogramming software allows a hacker to trigger a service failure.
The vulnerability of the Bluetooth driver for Microprogramming Software MediaTek lies in reading data beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the UMIP function in AMD’s microprogramming software allows attackers to disclose protected information.
The vulnerability of the UMIP function in AMD’s microprogramming software is related to insufficient protection of operational data. Exploiting this vulnerability can allow attackers to disclose protected information...
The vulnerability of the Condeon CMS system, related to the storage of confidential information in open text, allows a hacker to intercept sessions and gain access to the user’s account.
The vulnerability of the Condeon CMS system relates to the storage of confidential information in open text within the memory dump file. Exploiting this vulnerability could allow a malicious actor to intercept sessions and gain access to the user account...
The vulnerability of the centralized control system for network devices and ports of Advantech iView, related to the lack of measures taken to protect the website structure, allows attackers to carry out XSS attacks.
The vulnerability of the centralized control system for network devices and ports of Advantech iView is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to carry out XSS attacks remotely...
The vulnerability of the config.xml file in TP-Link Archer C50 Wi-Fi routers allows a hacker to gain unauthorized access to protected information.
The vulnerability of the config.xml file in TP-Link Archer C50 Wi-Fi routers lies in the use of strictly encrypted credentials. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to protected information from a remote location...
The vulnerability of the Import a Theme function in the MyBB forum creation software allows a hacker to gain unauthorized access to protected information.
The vulnerability of the “Import a Theme” function in the MyBB forum creation software is related to insufficient validation of requests on the server side. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of Trend Micro Apex One and Apex One as a Service anti-virus software lies in its uncontrolled search path. This allows attackers to escalate their privileges and execute arbitrary code within the SYSTEM context.
The vulnerability of the Data Loss Prevention module in Trend Micro’s anti-virus software programs Apex One and Apex One as a Service is related to an uncontrolled element in the search process. Exploiting this vulnerability can allow attackers to enhance their privileges and execute arbitrary co...
The vulnerability of the Mail function in the MyBB forum creation software allows a hacker to gain unauthorized access to protected information.
The vulnerability of the Mail function in the MyBB forum creation software is related to insufficient testing of requests on the server side. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of Adobe Illustrator’s graphic editor, related to pointer naming errors, allows a hacker to trigger a service failure.
The vulnerability of Adobe Illustrator’s graphic editor is related to pointer assignment errors. Exploiting this vulnerability can allow attackers to trigger a service failure using a specially created malicious file...
The vulnerability of the Behavioral DoS (BADoS) function of the BIG-IP Application Security Manager allows a attacker to cause a service failure.
The vulnerability of the Behavioral DoS BADoS function of the BIG-IP Application Security Manager protection tool is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
The vulnerability of the Booco business automation platform lies in the improper limitation of the path name to the restricted access catalog. This allows attackers to create or overwrite files in the file system’s directories and execute arbitrary code.
The vulnerability of the Booco business automation platform is related to an incorrect restriction on the path name for restricted access catalogs. Exploiting this vulnerability allows a malicious actor to create or re-record files in file system catalogs and execute arbitrary code...
The vulnerability of the Vnet/IP SCADA system’s interface of Yokogawa CENTUM VP allows a intruder to trigger a service failure.
The vulnerability of the Vnet/IP SCADA system of Yokogawa CENTUM VP is related to an uncontrolled and unauthorized access. Exploiting this vulnerability could allow a malicious actor to cause service interruptions by sending specially crafted packets...
The vulnerability of the RemotePC software for providing remote access lies in its insecure management of privileges, allowing attackers to escalate their privileges.
The vulnerability of the RemotePC remote access software is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to elevate their privileges to the root level...
The vulnerability of the software for organizing and managing knowledge bases and documentation, KBPublisher, related to the manipulation of cross-site requests, allows a perpetrator to carry out CSRF attacks.
The vulnerability of the software for organizing and managing knowledge bases and documentation, KBPublisher, is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to perform a CSRF attack remotely...
The vulnerability of the graphical interface of the Fortinet FortiSOAR software for coordinating the operation of cybersecurity systems and for managing real-time incident responses allows attackers to gain unauthorized access to protected information.
The vulnerability of the graphical interface of the software platform for coordinating the operation of cybersecurity systems and for managing real-time incident responses in Fortinet FortiSOAR is related to inconsistencies in the responses to incoming requests. Exploiting this vulnerability can...
The vulnerability of the Flash Cache component in single-Core Microcontrollers ESP32-S2, ESP32-S2F, allows a hacker to read the cached data again.
The vulnerability of the Flash Cache component in single-Core Microcontrollers ESP32-S2 and ESP32-S2F is related to improper protection against voltage spikes and clock speeds. Exploiting this vulnerability allows an attacker to reread cached data by triggering a reset pulse directly before...
The vulnerability of the GetScreen agent, a remote access platform, relates to insecure privilege management. This allows attackers to elevate their privileges to the root level.
The vulnerability of the remote access platform GetScreen Agent is related to insecure management of privileges. Exploiting this vulnerability can allow a hacker to elevate their privileges to the root level...
The vulnerability of the Endpoint Manager Mobile app for managing the lifecycle of mobile devices and applications (formerly known as MobileIron Core) arises from the lack of measures taken to neutralize specific elements. This allows a perpetrator to execute arbitrary code.
The vulnerability of the Ivanti Endpoint Manager Mobile EPMM application for managing the lifecycle of mobile devices and mobile applications formerly known as MobileIron Core is related to the lack of measures taken to neutralize special elements used in the operating system. Exploiting this...
The vulnerability of the Demon Routing Protocol Daemon (RPD) in Juniper Networks’ Junos OS and Junos OS Evolved operating systems allows a attacker to cause a service failure.
The vulnerability of the Daemon Routing Protocol rpd in Junos OS and Junos OS Evolved operating systems is related to improper handling of parameter length discrepancies. Exploiting this vulnerability can allow a malicious actor to cause service failures...
The vulnerability of the application-level SIP ALG operating system Juniper Networks Junos OS allows a attacker to trigger a service failure.
The vulnerability of the SIP ALG layer application-level firewall on Juniper Networks Junos OS is related to improper cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures...
The vulnerability of the Universal Plug and Play (UPnP) service in Windows operating systems allows attackers to enhance their privileges.
The vulnerability of the Universal Plug and Play UPnP service in Windows operating systems is related to the use of insecure mechanisms for processing authentication data in the operating system’s memory. Exploiting this vulnerability can allow a remote attacker to increase their privileges...
The vulnerability of the PIA Core Technology component of the Oracle PeopleSoft Enterprise PeopleTools business application suite allows a hacker to gain unauthorized access to protected information.
The vulnerability of the PIA Core Technology component in the Oracle PeopleSoft Enterprise PeopleTools business application suite is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...
The vulnerability of the IP Access Restriction function of the Cisco Identity Services Engine (ISE) management interface and the Cisco ISE Passive Identity Connector (ISE-PIC) virtual authentication data collection device allows a perpetrator to circumvent existing IP access restrictions.
The vulnerability of the IP Access Restriction function of the Cisco Identity Services Engine ISE and the Cisco ISE Passive Identity Connector ISE-PIC, a virtual device for collecting user authentication data, relates to bypassing authentication using data that is assumed to be unchangeable...
The vulnerability of Adobe InCopy, a text creation and editing software, relates to a countable loss of significance, allowing an attacker to execute arbitrary code.
The vulnerability of the Adobe InCopy text creation and editing software is related to a countable amount of data loss. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially created malicious file...
The vulnerability of the KVM switch display microprogramming system ATEN CL5708IM lies in the fact that the output operation goes beyond the buffer in memory, allowing a malicious actor to cause malfunctions in the service.
The vulnerability of the KVM switch display microprogramming system of ATEN CL5708IM is related to the output of operations beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to cause a service failure remotely...
Vulnerability of the iblock module in the 1C-Bitrix website management system: Website management that allows attackers to gain unauthorized access to protected information
Vulnerability of the iblock module in the Content Management System CMS of 1C-Bitrix: Website management is associated with errors in processing the relative path to the catalog. Exploiting this vulnerability can allow unauthorized users to gain unauthorized access to protected information...
The vulnerability of the Windows Microsoft PC Manager software for maintenance, cleaning, and security operations is related to access control errors, which allow attackers to escalate their privileges.
The vulnerability of the Windows Microsoft PC Manager software for maintenance, cleaning, and security operations is related to access control errors. Exploiting this vulnerability can allow attackers to increase their privileges...
The vulnerability of the em_compute_costs() function in the kernel/power/energy_model.c module of the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the emcomputecosts function in the kernel/power/energymodel.c module of the Linux operating system is related to the lack of checks for division by zero. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of HashiCorp’s Vault Community Edition and Vault Enterprise storage platforms, related to resource management errors, allows attackers to trigger service interruptions.
The vulnerability of the HashiCorp Vault Community Edition and Vault Enterprise storage platforms relates to resource management errors. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...
The vulnerability of the gf_ac4parser_bs function in the MP4Box multimedia platform of GPAC allows a hacker to cause a service failure or disclose protected information.
The vulnerability of the gfac4parserbs function in the MP4Box utility of the GPAC multimedia platform is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause system failures or disclose protected information...
The vulnerability in the drivers/acpi/platform_profile.c module of the Linux kernel allows a hacker to trigger a service failure.
The vulnerability in the drivers/acpi/platformprofile.c module of the Linux kernel is related to the use of an uninitialized resource. Exploiting this vulnerability can allow an attacker to cause a system failure...
The vulnerability of the Preferences component of the Oracle CRM system’s customer relationship management module. The Oracle E-Business Suite technical foundation for automating business processes, allowing attackers to gain access to read, modify, and delete information.
The vulnerability of the Preferences component of the Oracle CRM system’s customer relationship management module is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain read, modify, and delete access to information...
The vulnerability of the Linux operating system’s kernel, related to errors in resource release, allows a hacker to cause a service failure.
The vulnerability of the Linux operating system’s kernel is related to errors during resource release. Exploiting this vulnerability can allow an attacker to cause service failures...
The vulnerability of the django.utils.html.strip_tags() function in the Django web application framework allows a attacker to cause a denial-of-service attack.
The vulnerability of the django.utils.html.striptags function in the Django web application framework is related to memory leaks caused by the improper use of this function for releasing resources. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the IBM Storage Scale cluster file system, related to the lack of data cleaning measures at the management level, allows attackers to escalate their privileges and execute arbitrary commands.
The vulnerability of the IBM Storage Scale cluster file system is related to the lack of measures taken at the management level to clean up data. Exploiting this vulnerability can allow a malicious actor to enhance their privileges and execute arbitrary commands remotely...