90509 matches found
The vulnerability of Acronis Cyber Protect 15’s data protection software lies in its insufficient verification of the authenticity of executed requests. This allows attackers to compromise the integrity of the protected information.
The vulnerability of Acronis Cyber Protect 15 software-related data protection software lies in the insufficient verification of the authenticity of executed requests. Exploiting this vulnerability can allow an attacker, operating remotely, to compromise the integrity of the protected information...
The vulnerability of the wloggui interface of the Control Web Panel (CWP) application (formerly CentOS Web Panel) allows a malicious user to escalate their privileges and execute arbitrary commands.
The vulnerability of the wloggui interface of the Control Web Panel CWP application formerly CentOS Web Panel is related to the lack of measures taken to neutralize special elements. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary commands...
The vulnerability of the SetAPLanSettings function in the microprogramming software of the D-Link DAP-1325 wireless signal booster allows a intruder to execute arbitrary code.
The vulnerability of the SetAPLanSettings function in the microprogramming software of the D-Link DAP-1325 wireless signal booster relates to reading data outside the buffer in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the addWifiMacFilter function in the microprogramming software for Tenda AC10U allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the addWifiMacFilter function in the Tenda AC10U router software lies in the fact that the operation’s output goes beyond the buffer in memory. Exploiting this vulnerability could allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the...
The vulnerability of the SonicWall Secure Mobile Access (SMA 1000) software lies in its ability to bypass authentication procedures. This allows attackers to gain access to arbitrary files and directories stored outside of the root web directory.
The vulnerability of the SonicWall Secure Mobile Access SMA 1000 security access device lies in its ability to bypass authentication procedures. Exploiting this vulnerability allows a malicious actor to gain access to arbitrary files and directories stored outside of the root web directory...
The vulnerability of the application software interface of the Cisco DNA Center allows a hacker to read and modify data in its internal repository.
The vulnerability of the Cisco DNA Center’s application programming interface is related to errors in access management. Exploiting this vulnerability allows a malicious actor to remotely read and modify data in the internal repository by sending specially crafted API requests...
The vulnerability of the formSetWanPPPoE function in the D-Link DIR-619L router’s software allows a hacker to cause a service failure.
The vulnerability of the formSetWanPPPoE function in the D-Link DIR-619L router software is related to the writing of data beyond the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...
The vulnerability of the Kostac PLC Programming Software (formerly Koyo PLC Programming Software) relates to the re-release of memory, allowing a perpetrator to execute arbitrary code.
The vulnerability of the Kostac PLC Programming Software formerly Koyo PLC Programming Software relates to the repeated release of memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created project file...
The vulnerability of the PDF-XChange PDF document viewing and editing program, related to out-of-memory reading, allows attackers to disclose protected information.
The vulnerability of the PDF document viewing and editing software PDF-XChange is related to reading beyond the memory limit. Exploiting this vulnerability can allow an attacker to disclose protected information using a specially created TIF file...
The vulnerability of the formWifiBasicSet function in the microprogramming software for Tenda A18 allows a hacker to cause a service failure.
The vulnerability of the formWifiBasicSet function in the Tenda A18 router microprogramming system is related to the ability to write data beyond the buffer in memory. Exploiting this vulnerability could allow a remote attacker to cause a service failure...
The vulnerability of the keyinstall component in MediaTek’s microprogramming software allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the keyinstall component in MediaTek’s microprogramming software is related to insufficient protection of sensitive data due to incorrect validation of input data. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...
The vulnerability of the SetAPLanSettings function in the microprogramming software of the D-Link DAP-1325 wireless signal booster allows a intruder to execute arbitrary code.
The vulnerability of the SetAPLanSettings function in the microprogramming software of the D-Link DAP-1325 wireless signal booster is related to the execution of operations outside the buffer in memory when processing XML data. Exploiting this vulnerability allows a remote attacker to execute...
The vulnerability of the exportAsText function in the PDF-XChange PDF document viewing and editing software allows a perpetrator to execute arbitrary code.
The vulnerability of the exportAsText function in the PDF document viewing and editing software PDF-XChange is related to the use of dangerous methods or functions. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
The vulnerability of the Editor Annotation component of the PDF-XChange PDF document viewing and editing software allows a perpetrator to execute arbitrary code.
The vulnerability of the Editor Annotation component in the PDF-XChange PDF document viewing and editing software relates to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
The vulnerability of the dumpHeap method in the Avalanche mobile device management system allows a hacker to escalate their privileges.
The vulnerability of the dumpHeap method in the Avalanche mobile device management system is related to errors during the authentication process. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...
The vulnerability of the SetAPLanSettings() function in the microprogramming software of the D-Link DAP-1325 wireless signal booster allows a hacker to execute arbitrary code.
The vulnerability of the SetAPLanSettings function in the microprogramming software of the D-Link DAP-1325 wireless signal booster relates to the lack of measures to neutralize specific elements. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the Prompts component in the Google Chrome browser allows a hacker to bypass existing security restrictions.
The vulnerability of the Prompts component in the Google Chrome browser is related to the improper use of standard permissions. Exploiting this vulnerability allows a malicious actor to bypass security restrictions through a specially created HTML page...
The vulnerability of the neighmgrd and nlmanager components of the NVIDIA Cumulus Linux network operating system allows a hacker to trigger a service failure.
The vulnerability of the neighmgrd and nlmanager components of the NVIDIA Cumulus Linux network operating system is related to an exception handling error. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...
The software for managing medical organizations like OpenEMR is vulnerable due to insufficient verification of input data, allowing attackers to compromise data privacy and integrity.
The software for managing medical organizations called OpenEMR is vulnerable due to insufficient verification of input data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to compromise the confidentiality and integrity of data...
The vulnerability of the DoT protocol’s implementation in BIND DNS servers allows a attacker to induce a service failure.
The vulnerability of the DoT protocol DNS over TLS implementation in BIND DNS servers lies in the insufficient use of the assert function or similar operators when processing requests. Exploiting this vulnerability allows a malicious actor to cause service failures...
The vulnerability of the D-View 8 network device management platform, which stems from the use of rigidly encrypted user credentials, allows a malicious actor to circumvent security restrictions and gain unauthorized access to protected information.
The vulnerability of the D-View 8 network device management platform lies in the use of a static key during the processing of JWT tokens. Exploiting this vulnerability allows an attacker to bypass security restrictions and gain unauthorized access to protected information...
The vulnerability of the dir_setWanWifi function in D-Link DIR-816 A2 router software allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the dirsetWanWifi function in D-Link DIR-816 A2 router microprogramming software is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the...
The vulnerability of the WebExtension component in the Firefox web browser, related to the disclosure of information in the erroneous data area, allows attackers to gain access to confidential data.
The vulnerability of the WebExtension component in the Firefox web browser is related to the disclosure of information in the erroneous data area. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to confidential data...
The vulnerability of the software for creating and managing graphical user interfaces for Rockwell Automation FactoryTalk View Machine Edition (ME) devices stems from insufficient validation of input data. This vulnerability allows a perpetrator to execute arbitrary code.
The software used for creating and managing graphical user interfaces for Rockwell Automation FactoryTalk View Machine Edition industrial devices is vulnerable due to insufficient validation of input data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the graphical interface of FortiOS operating systems and the proxy server used for protecting against Internet attacks, FortiProxy, arises from the lack of measures taken to protect the structure of web pages. This allows attackers to execute arbitrary JavaScript code.
The vulnerability of the graphical interface of FortiOS operating systems and the proxy server used for protecting against Internet attacks FortiProxy exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute...
The vulnerability of the free_stream utility for converting files with the .fig and .fig2dev extensions involves a memory reclamation error, which allows an attacker to cause a service failure.
The vulnerability of the freestream function in the file conversion utility for files with the .fig and .fig2dev extensions is related to a memory reclamation error. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the declarative delivery tool for GitOps on Kubernetes Argo CD, related to deficiencies in pathname restrictions for directories, allows attackers to gain unauthorized access to protected information.
The vulnerability of GitOps’ continuous delivery tool for Kubernetes Argo CD is related to shortcomings in pathname restrictions for directories. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...
The vulnerability of the Item_field::used_tables/update_depend_map_for_order component of the MariaDB database management system, which allows a hacker to trigger a service failure.
The vulnerability of the Itemfield::usedtables/updatedependmapfororder component of the MariaDB database management system is related to the use of the assert function or similar operators. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
The vulnerabilities of the functions HttpServletRequest.getParameter() and HttpServletRequest.getParts() in the Eclipse Jetty server container allow a attacker to cause a service failure.
The vulnerability of the HttpServletRequest.getParameter and HttpServletRequest.getParts methods in the Eclipse Jetty server container is related to the allocation of unlimited memory. Exploiting this vulnerability could allow a remote attacker to cause a service failure...
The vulnerability of the ds_compress.cc component in the MariaDB database management system allows a hacker to cause a service failure.
The vulnerability of the dscompress.cc component in the MariaDB database management system arises due to blocking resource errors. Exploiting this vulnerability can allow an attacker to cause service failures...
The vulnerability of the library for serializing and deserializing YAML documents in SnakeYAML, related to buffer overflow in the stack, allows attackers to cause a service failure.
The vulnerability of the YAML serialization and deserialization library SnakeYAML lies in buffer overflows in the stack. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the read_samples() function in the Sound eXchange (SoX) audio processing software allows a hacker to cause a service failure.
The vulnerability of the readsamples function in the Sound eXchange SoX sound processing software is related to incorrect numerical calculations when processing values with a comma. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the set_qos function in the Milesight UR32L router software allows a hacker to execute arbitrary code.
The vulnerability of the setqos function in the Milesight UR32L router microprogramming system arises due to a stack-based buffer overflow. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...
The vulnerability of the Microsoft Visual Studio software development tool lies in its lack of access control mechanisms, which allows attackers to escalate their privileges.
The vulnerability of Microsoft Visual Studio, a software development tool, is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges through a specially created file...
The vulnerability of the Fast DDS library, related to exception handling errors, allows attackers to trigger a service failure.
The vulnerability of the Fast DDS library is related to an exception handling error. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause service failures...
The vulnerability of the PostPolicyBucket component of the MinIO storage server allows a perpetrator to execute arbitrary code.
The vulnerability of the PostPolicyBucket component of the MinIO storage server is related to errors in privilege management. Exploiting this vulnerability could allow an attacker to execute arbitrary code by sending specially crafted HTTP requests...
Vulnerability of the RleDecompress() function in the RDP client FreeRDP, allowing a hacker to trigger a service failure
The vulnerability of the RleDecompress function in the RDP client FreeRDP is related to the occurrence of operations outside the buffer boundaries in memory when processing the variable pbSrcBuffer. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of the Zoom video conferencing service, which stems from insufficient validation of input data, allows attackers to access protected information.
The vulnerability of the Zoom video conferencing service exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to protected information...
The vulnerability of the coord_file function in the software for converting chemical substance format files, Open Babel, allows a hacker to execute arbitrary code.
The vulnerability of the pFormat function in the software for converting chemical substance formats in Open Babel is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...
The vulnerability of the AbstractGatewayFunction class in industrial automation software, Inductive Automation Ignition, allows a perpetrator to execute arbitrary code.
The vulnerability of the AbstractGatewayFunction class in Inductive Automation Ignition software relates to the restoration of unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code within the SYSTEM context...
The vulnerability of the do_journal_end() function in the fs/reiserfs/journal.c file of the reiserfs file system in the RED OS kernel allows a attacker to cause a service failure.
The vulnerability of the dojournalend function in the fs/reiserfs/journal.c file of the reiserfs file system in the RED OS kernel is related to the failure to manage the allocated buffer after it is released. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of Intel microprogramming software, related to the leakage of information from vector registers, allows attackers to gain access to protected information.
The vulnerability of Intel microprogramming software is related to the leakage of information from vector registers. Exploiting this vulnerability can allow an attacker to gain access to protected information...
The vulnerability of the Java client of the Aerospike Database management system allows a hacker to execute arbitrary code.
The vulnerability of the Java client of the Aerospike Database management system is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...
The vulnerability of the VMware Horizon Server virtualization server, related to improper checking of HTTP requests, allows an attacker to compromise the integrity of protected information.
The vulnerability of the VMware Horizon Server virtualization server lies in improper handling of HTTP requests. Exploiting this vulnerability allows a malicious actor to compromise the integrity of the protected information from a remote location...
The vulnerability of the Microsoft .NET Framework software, related to insufficient validation of input data, allows attackers to escalate their privileges.
The vulnerability of the Microsoft .NET Framework software platform is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...
The vulnerability of Siemens Solid Edge’s design and simulation tools relates to the execution of operations beyond the buffer boundaries in memory. This allows attackers to execute arbitrary code.
The vulnerability of Siemens Solid Edge’s design and simulation tools relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code using specially crafted DFT files...
The vulnerability of the ANGLE library in Google Chrome browsers allows a hacker to execute arbitrary code or trigger a denial-of-service attack.
The vulnerability of the ANGLE library in Google Chrome browsers is related to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service denial-of-service by loading a specially created...
The vulnerability of the CODESYS Development System, a programming platform for applications, stems from insufficient verification of data authenticity. This allows attackers to modify the content of notifications received via HTTP from the CODESYS notification server.
The vulnerability of the CODESYS Development System, a programming platform for applications, is related to insufficient verification of data authenticity. Exploiting this vulnerability could allow an attacker to modify the content of notifications received through HTTP from the CODESYS...
The vulnerability of the application programming interface of the TapHome smart home control system allows a perpetrator to bypass the authentication process and gain full access to the device.
The vulnerability of the application programming interface of the TapHome smart home control system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to bypass the authentication process and gain full access to the device...
The vulnerability of the BioTime time-logging management web platform, related to deficiencies in access control, allows a violator to gain unauthorized access to protected information.
The vulnerability of the BioTime time-logging management web platform is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information by sending a specially crafted HTTP request...