90509 matches found
The vulnerability of the Drupal File Entity CMS system, related to the lack of measures taken to protect the website structure, allows attackers to bypass security restrictions and perform cross-site scripting attacks.
The vulnerability of the Drupal File Entity CMS system is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and perform cross-site scripting attacks...
The vulnerability of software solutions that support the closing, consolidation, and reporting processes of IBM Cognos Controller and IBM Controller lies in the lack of a mechanism for generating error reports. This allows attackers to gain unauthorized access to protected information.
The vulnerabilities of the software solutions that support the closing, consolidation, and reporting processes of IBM Cognos Controller and IBM Controller are related to deficiencies in the mechanism for generating error reports. Exploiting these vulnerabilities can allow unauthorized actors to...
The vulnerability in the web interface for managing Zyxel network devices allows a perpetrator to escalate their privileges.
The vulnerability of the web interface for managing Zyxel network devices involves insecure management of privileges. Exploiting this vulnerability allows a malicious actor to elevate their privileges to the level of an administrator and upload configuration files...
The vulnerability of Typogrify, a Drupal CMS system, relates to the lack of measures taken to protect the website structure. This allows attackers to carry out XSS attacks.
The vulnerability of Typogrify, a module within the Drupal CMS system, is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows an attacker to carry out XSS attacks remotely...
The vulnerability of the SSL VPN remote access technology implemented on SonicOS operating systems allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the SSL VPN remote access technology implemented on SonicOS systems is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to improper code generation management, allowing an attacker to execute arbitrary code.
The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird are related to improper code generation. Exploiting these vulnerabilities allows a remote attacker to execute arbitrary code...
The vulnerability of the SSL VPN remote access technology for SonicOS operating systems allows a hacker to increase their privileges.
The vulnerability of the SSL VPN remote access technology implemented on SonicOS is related to the bypassing of authentication due to a fundamental error in the implementation. Exploiting this vulnerability allows a malicious actor to enhance their privileges remotely...
The vulnerability of the --hidden-recipient mode in Mutt and NeoMutt email clients, which allows a hacker to disclose protected information.
The vulnerability of the “--hidden-recipient” mode in Mutt and NeoMutt clients is related to incorrect processing of header fields during PGP encryption. Exploiting this vulnerability can allow a remote attacker to disclose the protected information...
The vulnerability of Mutt and NeoMutt email clients, related to errors in verifying the cryptographic signature, allows a hacker to alter the list of trusted recipients and expose the encrypted information.
The vulnerability of Mutt and NeoMutt email clients stems from errors in verifying the cryptographic signature when processing header fields. Exploiting this vulnerability could allow a malicious actor to alter the list of trusted recipients and expose the sensitive information being protected...
The vulnerability of the switch network firewall for HPE CX 10000 corporate networks allows a intruder to disclose protected information.
The vulnerability of the switch network firewalls for HPE CX 10000 corporate networks is related to insufficient protection of operational data. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...
The vulnerability of the System component of the Android operating system, allowing a hacker to execute arbitrary code
The vulnerability of the System component of the Android operating system is related to incorrect code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the DWFX software file used for viewing 3D models and project documents in Autodesk Navisworks Freedom; the software for modeling and analyzing 3D models in Autodesk Navisworks Simulate; and the software for analyzing, coordinating, and verifying 3D models and project data in Autodesk Navisworks Manage. This allows a malicious individual to cause service interruptions or execute arbitrary code.
The vulnerability of the DWFX software for viewing 3D models and project documents, as well as the software for modeling and analysis of 3D models Autodesk Navisworks Freedom, the software for analyzing, coordinating, and verifying 3D models and project data Autodesk Navisworks Manage, is related...
The vulnerability of the Kubernetes cluster management system for running cloud applications across multiple Karmada clusters, related to incorrect privilege assignment, allows a hacker to elevate their privileges.
The vulnerability of the Kubernetes cluster management system for running cloud applications across multiple Karmada clusters is related to the improper assignment of privileges. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...
The vulnerability of the sec_pkcs7_decoder_start_decrypt() function in Mozilla Firefox and Thunderbird email client allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the secpkcs7decoderstartdecrypt function in Mozilla Firefox and Thunderbird’s email client is related to the reallocation of memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected...
The vulnerability of the Adobe Experience Manager content and media data management system is related to errors in processing input data, allowing attackers to execute arbitrary code.
The vulnerability of the Adobe Experience Manager content and media data management system is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the Nix packet manager in Unix operating systems arises from improper restrictions on the path name of the restricted access directory. This allows a malicious user to re-record any files in the system.
The vulnerability of the Nix packet manager in Unix operating systems is related to an improper limitation on the path name of the restricted access directory. Exploiting this vulnerability allows a remote attacker to re-record any files in the system...
The vulnerability of the Microsoft Dynamics 365 Business Central software for small and medium-sized businesses stems from deficiencies in the authentication process, which allows unauthorized users to elevate their privileges.
The vulnerability of the Microsoft Dynamics 365 Business Central software for small and medium-sized businesses is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to gain increased privileges remotely...
The vulnerability of the mechanism for detecting network traffic analysis tools, network detection, and response by the Cortex XDR Agent on Windows operating systems allows attackers to trigger service failures or execute arbitrary code.
The vulnerability of the mechanism for detecting network traffic analysis tools, network detection, and response by the Cortex XDR Agent on Windows operating systems is related to discrepancies in functionality according to the specifications. Exploiting this vulnerability can allow attackers to...
The vulnerability of the Webmin CGI request handler allows a hacker to execute arbitrary code with root privileges.
The vulnerability of the Webmin CGI request handler relates to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code with root privileges remotely...
The vulnerability of software for discrete event simulation and automation in Rockwell Automation Arena lies in the possibility of writing beyond buffer boundaries during the processing of DOE files. This allows a hacker to execute arbitrary code.
The vulnerability of software for discrete event simulation and automation in Rockwell Automation Arena lies in the issue of writing beyond buffer boundaries during the processing of DOE files. Exploiting this vulnerability allows attackers to execute arbitrary code by loading a specially crafted...
The vulnerability of the `__lpass_get_dmactl_handle` function in the qcom component of the Linux operating system allows a hacker to induce a service failure.
The vulnerability of the lpassgetdmactlhandle function in the qcom component of the Linux operating system is related to the use of an uninitialized pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the iommufd_access_change_ioas() function in the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the iommufdaccesschangeioas function in the Linux operating system is related to the copying of buffers without checking the input data. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the CI/CD application integration and delivery system provided by JetBrains TeamCity, due to the lack of measures taken to protect the website structure, allows attackers to carry out XSS attacks.
The vulnerability of the CI/CD application integration and delivery system provided by JetBrains TeamCity exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to carry out XSS attacks remotely...
The vulnerability of Adobe InDesign’s computer layout automation tool, related to memory-walking attacks, allows attackers to bypass ASLR protection and disclose the protected information.
The vulnerability of Adobe InDesign’s computer layout automation tool is related to memory-walking attacks. Exploiting this vulnerability can allow attackers to bypass ASLR protection and disclose the protected information...
The vulnerability of the Substance 3D Painter software for creating textures and materials for 3D models allows a hacker to trigger a service failure. This vulnerability is related to errors in pointer assignment.
The vulnerability of the Substance 3D Painter software for creating textures and materials for 3D models is related to pointer assignment errors. Exploiting this vulnerability can allow attackers to cause service failures...
The vulnerability of Adobe InDesign’s computer layout automation tool, related to memory-walking attacks, allows attackers to bypass ASLR protection and disclose the protected information.
The vulnerability of Adobe InDesign’s computer layout automation tool is related to memory-walking attacks. Exploiting this vulnerability can allow an attacker to bypass ASLR protection and disclose the protected information...
The vulnerability of the Fortinet FortiClient Enterprise Management Server (EMS) and the FortiClient EMS Cloud cloud storage service lies in the lack of data cleaning measures at the management level. This allows attackers to execute arbitrary code.
The vulnerability of the Fortinet FortiClient Enterprise Management Server EMS and the FortiClient EMS Cloud cloud storage service is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerabilities of the components of Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK, and the Oracle Java SE software platform allow attackers to gain unauthorized access to protected information.
The vulnerability of the components of Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK, and the Oracle Java SE software platform lies in the insecure storage of confidential information. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access...
The vulnerability of the PDF document viewing program Foxit PDF Reader (formerly Foxit Reader) and the PDF file editing program Foxit PDF Editor (formerly Foxit PhantomPDF) is related to a bug in pointer handling after memory release, allowing an attacker to execute arbitrary code.
The vulnerability of the PDF document viewing program Foxit PDF Reader formerly Foxit Reader and the PDF file editing program Foxit PDF Editor formerly Foxit PhantomPDF is related to a bug in the handling of pointers after memory release during the processing of AcroForm objects. Exploiting this...
The vulnerability in the Profile Name field of the software for monitoring, managing, and configuring VigorAP access points and VigorSwitches in the DrayTek VigorConnect local network allows a attacker to perform XSS attacks.
The vulnerability of the Profile Name field in software for monitoring, managing, and configuring VigorAP access points and VigorSwitches in the DrayTek VigorConnect local network is related to the lack of security measures taken to protect the website structure. Exploiting this vulnerability cou...
The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure, allowing attackers to execute arbitrary code.
The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the Linux operating system’s kernel’s ipv6 component, which allows a hacker to trigger a service failure
The vulnerability of the ipv6 component in the Linux operating system’s kernel is related to the assignment of the NULL pointer. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the operating system for managing Synology Router Manager allows for cross-site scripting attacks, as a lack of security measures has been taken to protect the website structure. This vulnerability enables attackers to carry out cross-site scripting attacks.
The vulnerability of the Synology Router Manager operating system for managing network devices is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
The vulnerability of the formSetPortMapping function in the Tenda G3 wireless access point’s microprogramming software allows a hacker to execute arbitrary code or cause a service failure.
The vulnerability of the formSetPortMapping function in the Tenda G3 wireless access point’s microprogramming software lies in the fact that the operation exceeds the buffer boundaries in memory when processing parameters such as pPortMapIndex, pLanIP, pProtocl, and pWanid. Exploiting this...
The vulnerability of the Comment module in the Drupal CMS system allows a hacker to trigger a service failure.
The vulnerability of the Comment module in the Drupal CMS system relates to the execution of a loop with an unavailable exit condition. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
The vulnerability of the application development environment and the Angular single-page application platform, related to improper code generation management, allows attackers to execute arbitrary code.
The vulnerability of the application development environment and the Angular single-page application platform is related to improper code generation management. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Adobe Animate software for creating multimedia and computer animations lies in insufficient validation of input data, allowing attackers to execute arbitrary code.
The vulnerability of the Adobe Animate program for creating multimedia and computer animations is related to insufficient testing of input data. Exploiting this vulnerability can allow attackers to execute arbitrary code...
The vulnerability of the Wireless Wide Area Network Service (WwanSvc) in Microsoft Windows operating systems allows a hacker to increase their privileges.
The vulnerability of the Wireless Wide Area Network Service WwanSvc in Microsoft Windows operating systems is related to operations that go beyond the buffer limits in memory. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the IPerf3 network bandwidth measurement tool lies in the improper handling of test parameters sent to the server in JSON format. This allows a hacker to cause a service failure.
The vulnerability of the IPerf3 network bandwidth measurement tool is related to the improper processing of testing parameters sent to the server in JSON format. Exploiting this vulnerability can allow a remote attacker to cause service failures...
The vulnerability of the WhatsUp Gold network infrastructure monitoring system, related to errors when using privileged application programming interfaces (APIs), allows a hacker to execute arbitrary code.
The vulnerability of the WhatsUp Gold network infrastructure monitoring system is related to errors when privileged application programming interfaces APIs are used. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of Remote Desktop Services (RDS) for Windows operating systems allows a hacker to trigger a service failure.
The vulnerability of Remote Desktop Services RDS for Windows operating systems is related to an uncontrolled consumption of resources. Exploiting this vulnerability can allow a malicious actor to cause service interruptions from a remote location...
The vulnerability of the Naumen Service Management Platform’s portal for automating business processes is related to the lack of measures taken to protect the website structure, allowing attackers to carry out XSS attacks.
The vulnerability of the Naumen Service Management Platform Naumen SMP Portal lies in the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks...
The vulnerability of the Wireless Wide Area Network Service (WwanSvc) in Microsoft Windows operating systems allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Wireless Wide Area Network Service WwanSvc in Microsoft Windows operating systems is related to operations that go beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of the Remote Desktop Client for Windows operating systems, related to access control deficiencies, allows a perpetrator to execute arbitrary code.
The vulnerability of the Remote Desktop Client on Windows operating systems is related to lack of access control mechanisms. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the atob method in the universal monitoring system Zabbix allows attackers to compromise the integrity of the protected information.
The vulnerability of the atob method in the Zabbix universal monitoring system is related to access to a critical private variable through a publicly accessible method. Exploiting this vulnerability allows an attacker to compromise the integrity of the protected information...
The vulnerability of the Puppet infrastructure automation tool and its startup application, Puppet Agent, relates to the insecure transfer of credentials. This allows a malicious individual to access confidential information.
The vulnerability of the Puppet infrastructure automation tool and its startup application, Puppet Agent, is related to the insecure transfer of credentials. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to confidential information...
The vulnerability of the authentication mechanism of the XRDP remote access tool, which allows a intruder to gain unauthorized access
The vulnerability of the XRDP remote access authentication mechanism is related to deficiencies in the retry limit for authentication attempts, which is controlled by the MaxLoginRetry parameter set in the configuration file /etc/xrdp/sesman.ini. Exploiting this vulnerability allows a malicious...
The vulnerability of the management software for Keycloak’s identification and access controls is related to the use of pre-set user accounts. This allows a malicious individual to gain unauthorized access to protected information.
The vulnerability of the Keycloak identity and access management software relates to the use of pre-set user credentials. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of SketchUp Viewer, a 3D design and architectural drafting software, arises from the possibility of an operation exceeding the buffer in memory. This allows attackers to execute arbitrary code.
The vulnerability of SketchUp Viewer, a 3D design and architectural drafting software, lies in the escape from buffer boundaries during the processing of SKP files. Exploiting this vulnerability allows an attacker to execute arbitrary code...
The vulnerability of the microprogrammed software of industrial routers Billion M100, Billion M150, Billion M120N, and Billion M500 lies in the absence of authentication for a critical function. This allows attackers to circumvent security restrictions, gain unauthorized access to protected information, or cause service failures.
The vulnerability of the microprogrammed software in industrial routers such as Billion M100, Billion M150, Billion M120N, and Billion M500 is related to the absence of authentication for a critical function. Exploiting this vulnerability can allow an attacker, operating remotely, to circumvent...