90509 matches found
The vulnerability of the Drupal CMS system’s kernel lies in the insufficient control over the modification of dynamically defined object properties. This allows attackers to delete any file they desire.
The vulnerability of the Drupal CMS system’s kernel is related to insufficient control over the modification of dynamically defined object properties. Exploiting this vulnerability could allow a malicious actor to delete any file at will...
The vulnerability of the ABB VPNI function in the S+ Control API of the software for management and monitoring of ABB Symphony Plus S+ Operations, S+ Engineering, and S+ Analyst allows a perpetrator to trigger a service failure.
The vulnerability of the ABB VPNI function in the S+ Control API of the ABB Symphony Plus S+ Operations, S+ Engineering, and S+ Analyst software for management and monitoring systems is related to errors in processing relative paths. Exploiting this vulnerability can allow attackers to cause...
The vulnerability of the microprogrammed software of the SCALANCE M-800 industrial routers lies in the inability to clean file names before loading, allowing attackers to compromise the integrity of the system.
The vulnerability of the microprogrammed software in industrial routers SCALANCE M-800 relates to the inability to clean file names before loading. Exploiting this vulnerability can allow an intruder to compromise the integrity of the system...
The vulnerability of the lis3lv02d_i2c component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the lis3lv02di2c component in the Linux operating system is related to resource management errors. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the Portal for ArcGIS web portal, related to the lack of measures taken to protect the structure of the web page, allows attackers to carry out cross-site scripting attacks.
The vulnerability of the Portal for ArcGIS is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially created web page...
The vulnerability of the Linux operating system’s kernel Wi-Fi component, related to the allocation of unlimited memory, allows a hacker to trigger a service failure.
The vulnerability of the Linux operating system’s kernel Wi-Fi component is related to the allocation of unlimited memory. Exploiting this vulnerability can allow a hacker to cause a service failure...
The vulnerability of the Lucene.Net.Replicator replication utility for the .NET platform’s full-text search library allows a perpetrator to execute arbitrary code and gain unauthorized access to protected information.
The vulnerability of the Lucene.Net.Replicator replication utility for.NET platform’s full-text search library is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker to execute arbitrary code and gain unauthorized access to protected...
The vulnerability of the sctp_sf_do_unexpected_init() function in the Linux kernel of the SCTP protocol allows a attacker to cause a service failure.
The vulnerability of the sctpsfdounexpectedinit function in the SCTP protocol’s kernel implementation in Linux is related to a memory leak that occurs when processing invalid INIT packets. Exploiting this vulnerability can allow an attacker to cause a service failure remotely...
The vulnerability of the libavfilter/vfcodecview.c component of the FFmpeg multimedia library involves an operation that occurs outside the buffer boundaries in memory. This allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of the libavfilter/vfcodecview.c component in the FFmpeg multimedia library relates to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to access confidential data, compromise its integrity, and even cause...
The vulnerability of the Tinode Chat messaging platform, which allows a hacker to perform a CSRF attack
The vulnerability of the Tinode Chat messaging platform is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to perform a CSRF attack using a specially created web page...
The vulnerability of the Cargo package manager in the Rust programming language allows a hacker to execute arbitrary code.
The vulnerability of the Cargo package manager in the Rust programming language is related to the ignoring of umask when extracting archives created on UNIX-like systems. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the environment loader for IoT application development, esp-idf, allows a attacker to bypass anti-rollback protection.
The vulnerability of the IoT application development environment loader espressif esp-idf is related to state management errors. Exploiting this vulnerability could allow an attacker to bypass anti-rollback protection mechanisms...
The vulnerability of the addons/structure/plugins/content/pages/modulesmodules.php component of the REDAXO content management system allows a hacker to execute arbitrary code.
The vulnerability of the addons/structure/plugins/content/pages/modulesmodules.php component of the REDAXO content management system is related to improper handling of code generation. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the Windows Hyper-V hardware virtualization system allows a perpetrator to execute arbitrary code.
The vulnerability of the Windows Hyper-V hardware virtualization system is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the CLI interface of ArubaOS operating systems allows a hacker to gain access to delete any files they desire and to cause service interruptions.
The vulnerability of the CLI interface of ArubaOS operating systems is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access and delete any files they desire, as well as cause service failures...
The vulnerability of VMware ESXi, Workstation, Fusion, and Cloud Foundation software lies in the ability to write beyond the buffer boundaries, allowing attackers to increase their privileges.
The vulnerabilities of VMware ESXi, Workstation, Fusion, and Cloud Foundation software are related to writing beyond the buffer boundaries. Exploiting these vulnerabilities can allow attackers to gain increased privileges...
The vulnerability of the package processor on the MailSherlock audit platform, which allows a hacker to execute arbitrary SQL queries.
The vulnerability of the packet handler on the MailSherlock email audit platform relates to the lack of security measures for handling SQL query structures. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary SQL queries...
The vulnerability of the software used for creating, monitoring, and orchestrating data processing scripts in Airflow relates to the disclosure of protected information, allowing attackers to obtain confidential data.
The vulnerability of the software allows for the creation, monitoring, and orchestration of data processing scenarios in Airflow. This vulnerability involves the exposure of protected information. Exploiting this vulnerability can enable a remote attacker to obtain confidential information...
The vulnerability of the `show_zysync_server_contents` function in the network storage software Zyxel NAS326 and NAS542 allows a hacker to execute arbitrary code.
The vulnerability of the showzysyncservercontents function in Zyxel NAS326 and NAS542 software exists because measures to neutralize special elements used in operating system commands have not been taken. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending...
The vulnerability of the TIFFClose() function in the LibTIFF library, which allows a hacker to cause a service failure
The vulnerability of the TIFFClose function in the LibTIFF library is related to pointer dereferencing errors. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the ProFTPD FTP server, related to a memory release error, allows attackers to gain unauthorized access to protected information.
The vulnerability of the ProFTPD FTP server is related to a memory release error. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the Softing edgeAggregator data integration tool lies in its lack of protection for website structures, allowing attackers to execute arbitrary code with root privileges.
The vulnerability of the Softing edgeAggregator data integration tool is related to the lack of security measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code with root privileges...
The vulnerability of the GRand Unified Bootloader (GRUB) of the Cisco IOS XR router operating system from Network Convergence System’s 540 Series and Cisco 9000 Series routers allows a hacker to execute arbitrary code.
The vulnerability of the GRand Unified Bootloader GRUB in Cisco IOS XR routers from the Network Convergence System 540 Series and Cisco 9000 Series is related to deficiencies in the authentication process. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerabilities of the software products for developing HMI/SCADA systems such as EcoStruxure Machine SCADA Expert and Pro-face BLUE Open Studio allow attackers to execute arbitrary code.
The vulnerability of the software products for developing HMI/SCADA systems such as EcoStruxure Machine SCADA Expert and Pro-face BLUE Open Studio is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
The vulnerability of the WordPress Metaslider plugin stems from the lack of measures taken to protect the structure of the web page. This allows attackers to gain unauthorized access to the protected information.
The vulnerability of the WordPress Metaslider plugin exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...
The vulnerability of the microprogrammed software of Moxa routers series TN-5916, TN-4900, EDR-G903, EDR-G902, and EDR-810 is related to errors in processing input data, which can allow a perpetrator to cause service failures.
The vulnerability of the microprogrammed routing software from Moxa, models TN-5916, TN-4900, EDR-G903, EDR-G902, and EDR-810, is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to cause service failures by sending specially crafted HTTP/HTTPS...
The vulnerability of the executable file IGSSdataServer.exe of the Data Server module in the Interactive Graphical SCADA System (IGSS) allows a perpetrator to execute arbitrary code.
The vulnerability of the IGSSdataServer.exe executable file of the Data Server module in the Interactive Graphical SCADA System IGSS is related to a numerical overflow vulnerability. Exploiting this vulnerability could allow an attacker to execute arbitrary code by sending a specially crafted...
The vulnerability of the SCADA system “SKADA-NEV”, related to uncontrolled resource consumption, allows a intruder to trigger a service failure.
The vulnerability of the SCADA system “SKADA-NEV” is related to uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...
The vulnerability of the microprogramming software used in Diebold-Nixdorf CMDv5 dispensers allows a perpetrator to install an outdated or modified version of the microprogramming software in order to bypass encryption and dispense cash.
The vulnerability of the microprogramming software used in Diebold-Nixdorf CMDv5 dispensers relates to the possibility of bypassing security mechanisms. Exploiting this vulnerability allows an intruder to install an outdated or modified version of the microprogramming software, thereby...
The vulnerability of the microprogramming software used in Diebold-Nixdorf RM3/CRS cash dispensers allows a perpetrator to install an outdated or modified version of the microprogramming software in order to bypass encryption and dispense cash.
The vulnerability of the microprogramming software of Diebold-Nixdorf RM3/CRS dispensers relates to the possibility of bypassing security mechanisms. Exploiting this vulnerability could allow an intruder to install a outdated or modified version of the microprogramming software, thereby...
The vulnerability of the SAP NetWeaver integration platform, related to the lack of measures taken to protect the structure of the web page, allows a hacker to intercept the session of administrators or users of web resources.
The vulnerability of the MDT software integration platform for SAP NetWeaver is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor, operating remotely, to intercept the session of an administrator or user of the w...
The vulnerability of the SAP NetWeaver integration platform, related to the lack of measures taken to protect the structure of web pages, allows attackers to intercept administrator or user sessions of web resources.
The vulnerability of the Pmitest server of the SAP NetWeaver software integration platform is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor, operating remotely, to intercept the session of administrators or...
The vulnerability of the k2ddoc.dll library in the KOMPAS-3D three-dimensional modeling system, related to the execution of operations outside the buffer in memory, allows a hacker to cause a service failure.
The vulnerability of the k2ddoc.dll library in the KOMPAS-3D three-dimensional modeling system is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker to cause a service failure using a specially crafted CDW format file...
The vulnerability of the programmatically defined Cisco SD-WAN network component allows a attacker to trigger a service failure.
The vulnerability of the programmatically defined Cisco SD-WAN API component is related to resource management errors. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
The vulnerability of the Win32k.sys component of the Windows operating system, which allows a hacker to increase their privileges
The vulnerability of the Win32k.sys component of the Windows operating system is related to errors in call handling. Exploiting this vulnerability can allow an attacker to enhance their privileges by running a specially created application...
The vulnerability of the Apache OpenOffice office software component relates to the occurrence of operations beyond buffer boundaries in memory. This allows attackers to gain unauthorized access to confidential data, cause service failures, or compromise data integrity.
The vulnerability of the Apache OpenOffice office software component relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to confidential data, cause service failures, or compromise data...
The vulnerability of the Information Manager Console component of the Oracle Knowledge business application, which allows a perpetrator to compromise the integrity, confidentiality, and accessibility of protected information.
The vulnerability of the Information Manager Console component of the Oracle Knowledge business application relates to insufficient validation of input data. Exploiting this vulnerability allows an attacker to compromise the integrity, confidentiality, and accessibility of protected information...
The vulnerability of the SiTex distributed application development platform, related to insufficient verification of access rights, allows a perpetrator to disclose protected information.
The vulnerability of the SiTex distributed application development platform is related to insufficient verification of user access rights to data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose protected information...
The vulnerability of the Apache Tika content detection and analysis environment, due to uncontrolled resource consumption, allows attackers to cause service failures.
The vulnerability of the Apache Tika content detection and analysis engine is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
Vulnerability of the zgfx_decompress() function in the RDP client FreeRDP, allowing a hacker to execute arbitrary code
The vulnerability of the zgfxdecompress function in the RDP client of FreeRDP arises from the execution of an operation outside the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Connector Framework component of the Enterprise Manager Base Platform allows a perpetrator to gain access to modify, add, or delete data, to gain unauthorized access to protected information, or to cause service failures.
The vulnerability of the Connector Framework component of the Enterprise Manager Base Platform is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data, gain unauthorized access to protected information...
The vulnerability of the Advantech WebAccess remote monitoring software lies in the insecure management of privileges. This allows a perpetrator to elevate their privileges and gain access to files.
The vulnerability of Advantech WebAccess remote monitoring software relates to insecure management of privileges. Exploiting this vulnerability can allow attackers to enhance their privileges and gain access to files...
The vulnerability of the libssh2 library, related to writing beyond the buffer boundaries in memory, allows a attacker to cause a service failure, execute arbitrary code, or disclose sensitive information.
The vulnerability of the libssh2 library lies in the writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a remote attacker to cause service failures, execute arbitrary code, or disclose sensitive information...
The vulnerability in the IOx application environment for the Cisco IOS operating system allows a hacker to elevate their privileges to the root level.
The vulnerability in the IOx application environment for the Cisco IOS operating system is related to errors during role-based access control checks. Exploiting this vulnerability allows a malicious actor to elevate their privileges to the root level...
Vulnerability of the software complex: Regional electronic budget. An integration platform related to insufficient protection of web page structures, allowing attackers to execute arbitrary JavaScript code in the user’s browser.
Vulnerability of the software complex: Regional electronic budget. The integration platform is associated with insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...
The vulnerability of the nettle-hash cryptographic hash function’s implementation, caused by segmentation errors, allows a hacker to trigger a service failure.
The vulnerability of the nettle-hash cryptographic hash function lies in segmentation errors. Exploiting this vulnerability could allow an attacker to cause a service failure in an application by entering a specially crafted sequence of data into the command line...
The vulnerability of the `ppdcSource::find_variable` function in the workmanir utility from the libirman-dev package allows a hacker to cause a service failure.
The vulnerability of the ppdcSource::findvariable function /usr/lib/x8664-linux-gnu/libcupsppdc.so.1 in the workmanir utility from the libirman-dev package is related to buffer overflow vulnerabilities 0x00007ffff7bca37a. Exploiting this vulnerability may allow an attacker to cause a service...
The vulnerability of the Windows AppX Deployment Service (AppXSVC) in the Windows operating system allows a perpetrator to escalate their privileges.
The vulnerability of the Windows AppX Deployment Service AppXSVC operating system is related to errors in handling hard links. Exploiting this vulnerability can allow an attacker to enhance their privileges through a specially created application...
The vulnerability of the gpg data encryption tool from the gnupg package, related to errors in pointer arithmetic, allows a perpetrator to trigger a service failure.
The vulnerability of the gpg data encryption tool from the gnupg package is related to errors in pointer arithmetic. Exploiting this vulnerability could allow an attacker to trigger a service failure, by passing a specially crafted file as an argument to the command line...
The vulnerability of the Windows GDI component in Windows operating systems allows attackers to gain unauthorized access to protected information.
The vulnerability of the Windows GDI component in Windows operating systems is related to errors in memory object handling. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...