90509 matches found
The vulnerability of D-Link DSL-G256DG router’s microprogramming software, related to deficiencies in authentication procedures, allows attackers to execute arbitrary commands.
The vulnerability of D-Link DSL-G256DG router’s microprogramming software is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...
The vulnerability of the Jenkins server plugin “Dimensions” involves access control deficiencies, allowing attackers to gain access to confidential information.
The vulnerability of the Jenkins server plugin “Dimensions” is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain access to confidential information...
The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine allows attackers to execute arbitrary code.
The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine is related to access to resources through incompatible types. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the ROS2 operating system, related to errors in resource release, allows a intruder to trigger a service failure.
The vulnerability of the ROS2 operating system is related to errors during resource release. Exploiting this vulnerability can allow a remote attacker to cause service failures...
The vulnerability of Google Chrome browser-based PDF processing components allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of Google Chrome browser-based PDF processors relates to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information through a specially crafted HTML page...
The vulnerability of the backtrack_insn() function in the kernel/bpf/verifier.c module of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the backtrackinsn function in the kernel/bpf/verifier.c module of the Linux operating system is related to calls outside of the allocated buffer. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the...
The vulnerability of the OLE Automation technology in Windows operating systems allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the OLE Automation technology in Windows operating systems is related to insufficient protection of operational data. Exploiting this vulnerability can allow an attacker, working remotely, to gain unauthorized access to protected information...
The vulnerability of the Good plugin (gst-plugins-good) in the Gstreamer multimedia framework allows a perpetrator to gain unauthorized access to protected information, execute arbitrary code, or cause a service failure.
The vulnerability of the Good gst-plugins-good plugin of the Gstreamer multimedia framework is related to insufficient protection of sensitive data due to the absence of security updates on the remote host. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protect...
The vulnerability of the Remote Procedure Call (RPC) technology in Windows operating systems allows a perpetrator to trigger a service failure.
The vulnerability of the Remote Procedure Call RPC technology in Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures remotely...
The vulnerability of the WanDynamicIpV6CfgRpm component (/userRpm/WanDynamicIpV6CfgRpm.htm) in the TP-Link TL-WR940N router software allows a attacker to cause a service failure.
The vulnerability of the WanDynamicIpV6CfgRpm component /userRpm/WanDynamicIpV6CfgRpm.htm of the TP-Link TL-WR940N router software is related to the issue where an operation outside the buffer is performed when processing the ipStart parameter. Exploiting this vulnerability allows a remote attack...
The vulnerability of the VirtualServerRpm component (/userRpm/VirtualServerRpm.htm) of TP-Link routers such as TL-WR940N, TL-WR841N, TL-WR941N, and TL-WR740N allows a hacker to cause service interruptions.
The vulnerability of the VirtualServerRpm component /userRpm/VirtualServerRpm.htm of TP-Link routers such as TL-WR940N, TL-WR841N, TL-WR941N, and TL-WR740N lies in the fact that the operation outside the buffer in memory occurs when processing the Changed key parameter. Exploiting this...
The vulnerability in the FortiADC Manager web management tool, a controller for FortiADC applications, allows a attacker to execute arbitrary commands with root privileges.
The vulnerability of the FortiADC Manager web management tool, a controller for FortiADC application delivery, is related to the failure to remove special elements used in the operating system’s command set. Exploiting this vulnerability can allow an attacker to execute arbitrary commands with ro...
The vulnerability of the fl_set_geneve_opt() function in the net/sched/cls_flower.c module, part of the network scheduling subsystem in the Linux operating system’s kernel, allows a malicious actor to cause service failures or increase their privileges.
The vulnerability of the flsetgeneveopt function in the net/sched/clsflower.c module, within the net/sched scheduling subsystem of the Linux operating system’s kernel, is related to incorrect calculations of buffer boundaries during writing operations. Exploiting this vulnerability may allow a...
The vulnerability of the GLPI system’s request and incident handling process, related to improper input cancellation during the generation of web pages, allows attackers to carry out attacks using cross-site scripts.
The vulnerability of the GLPI system for handling requests and incidents is related to insufficient cleaning of user data in the administration panel. Users can inject and execute arbitrary HTML and scripts in the user’s browser within the context of the vulnerable website. Exploiting this...
The vulnerability of the software environment of Siemens Tecnomatix Plant Simulation allows a perpetrator to execute arbitrary code.
The vulnerability of the software environment of Siemens Tecnomatix Plant Simulation lies in the writing beyond buffer boundaries. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created SPP file...
The vulnerability of Hirschmann Network Management Industrial HiVision software, related to privilege management errors, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of Hirschmann Network Management Industrial HiVision software is related to privilege management errors. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of protected information...
The vulnerability of the Go programming language lies in its insecure external control over critical data states. This allows attackers to escalate their privileges and gain access to read, modify, or delete data.
The vulnerability of the Go programming language is related to the insecure external control over critical state data during the processing of setuid and setgid attributes. Exploiting this vulnerability allows a malicious actor to enhance their privileges and gain access to read, modify, or delet...
The vulnerability of the B.A.T.M.A.N. network interface in the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the B.A.T.M.A.N. network interface in the Linux operating system is related to incorrect synchronization between the processes of removing network devices and executing delayed tasks in the batadvdatstarttimer function within the distributedarptable.c module. Exploiting this...
Vulnerability of the Server component: The Oracle MySQL Server database management system’s DDL functions allow attackers to cause service interruptions.
Vulnerability of the Server component: The DDL system for managing databases in Oracle MySQL Server has vulnerabilities related to access control. Exploiting this vulnerability can allow an attacker to cause service interruptions using the MySQL protocol...
The vulnerability of the erase-write function in Cisco NX-OS and Cisco FXOS operating systems of Cisco devices allows attackers to increase their privileges.
The vulnerability of the erase-write function in Cisco NX-OS and Cisco FXOS operating systems in Cisco devices is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the sub_48AC20 function in D-Link DIR-882 A1 wireless router’s microprogramming software allows for the execution of arbitrary code.
The vulnerability of the sub48AC20 function in D-Link DIR-882 A1 wireless router’s microprogramming software is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the /userfs/bin/tcapi file of the Diagnostics microprogramming system for the D-Link DSL-3782 router allows a hacker to execute arbitrary code.
The vulnerability of the /userfs/bin/tcapi file of the Diagnostics microprogramming system for the D-Link DSL-3782 router lies in the fact that the output of the operation goes beyond the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Vulnerability of the Server component: Security: Privileges of the Oracle MySQL Server database management system, which allows a hacker to cause a service failure.
The vulnerability of the Server component, specifically the Security: Privileges section of the Oracle MySQL Server database management system, is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to cause service interruptions using the MySQL...
The vulnerability of D-Link DIR-601 router’s microprogramming software allows a hacker to circumvent existing security restrictions.
The vulnerability of D-Link DIR-601 router’s microprogramming software is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to circumvent existing security restrictions remotely...
The vulnerability of the /userfs/bin/tcapi file of the Diagnostics microprogramming system for the D-Link DSL-3782 router, related to the issue of writing operations outside the buffer in memory, allows a hacker to execute arbitrary code.
The vulnerability of the /userfs/bin/tcapi file of the Diagnostics microprogramming system for the D-Link DSL-3782 router lies in the fact that the output of the operation goes beyond the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Vulnerability of the Server component: Security: Roles of the Oracle MySQL Server database management system, which allows a hacker to cause a service failure.
The vulnerability of the Server component: Security: Roles of the Oracle MySQL Server database management system is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to cause service interruptions using the MySQL protocol...
The vulnerability of Emerson Rosemount X-STREAM Enhanced flow analyzers’ microprogramming software lies in the possibility of sending a cookie session file, allowing an intruder to gain unauthorized access to protected information.
The vulnerability of Emerson Rosemount X-STREAM Enhanced flow analyzers’ microprogramming software relates to the ability to send a cookie session file. Exploiting this vulnerability could allow an unauthorized actor to gain unauthorized access to protected information...
The vulnerability of the monitoring tool for VMware Aria Operations, related to deficiencies in access control, allows a perpetrator to execute arbitrary code and increase their privileges.
The vulnerability of the monitoring tool for VMware Aria Operations is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code and increase their privileges...
The vulnerability of the anonymous web browser Tor, related to improper cleaning or release of resources, allows a violator to trigger a service failure.
The vulnerability of the anonymous web browser Tor is related to improper cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures...
The vulnerability of the built-in software of the ARIS controller lies in the insufficient protection of operational data, allowing attackers to obtain user authentication credentials.
The vulnerability of the ARIS controller’s built-in software is related to insufficient protection of authentication data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to obtain user authentication data from the web interface...
The vulnerability of the PDF-XChange document viewing and editing program relates to the execution of operations beyond the buffer in memory, allowing an attacker to execute arbitrary code.
The vulnerability of the PDF-XChange viewer and editor program relates to the issue of operations going beyond the buffer in memory when processing PDF files. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created malicious link or a specially...
The vulnerability of the Horner Automation Cscape EnvisionRV remote control access software and the Cscape software arises from reading beyond the buffer in memory, allowing an attacker to execute arbitrary code.
The vulnerability of the Horner Automation Cscape EnvisionRV remote control access software and the Cscape software arises from reading beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code by having the user open a specially created CS...
The vulnerability of the microprogramming software of the Parks Fiberlink 210 exists due to the lack of measures taken to neutralize the special elements used in the operating system’s commands, allowing attackers to execute arbitrary commands on the server.
The vulnerability of the Parks Fiberlink 210 router’s microprogramming software exists due to the lack of measures taken to neutralize the special elements used in the operating system’s commands. Exploiting this vulnerability allows an attacker to execute arbitrary commands on the server using t...
The vulnerability of the graphical driver of operating systems iPadOS and iOS allows a hacker to execute arbitrary code with root privileges.
The vulnerability of the graphics driver of operating systems iPadOS and iOS stems from the issue of operations going beyond the buffer in memory during incorrect software rendering of H.264 video. Exploiting this vulnerability allows an attacker to execute arbitrary code with root privileges...
The vulnerability of the ksmbd module in Linux operating systems allows a hacker to intercept an active session.
The vulnerability of the ksmbd module in Linux operating systems is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow a malicious actor to intercept an ongoing session...
The vulnerability of the application programming interface of the Cisco DNA Center allows a attacker to execute arbitrary commands with root privileges.
The vulnerability of the application programming interface of the Cisco DNA Center relates to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary commands with root privileges using a specially created API...
The vulnerability of Fortinet’s FortiNAC and FortiNAC-F access control devices, which stems from the use of strictly encrypted login credentials, allows attackers to gain unauthorized access to protected information.
The vulnerability of the access control devices in Fortinet’s FortiNAC and FortiNAC-F systems lies in the use of strictly encrypted user credentials. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information by executing certain commands...
The vulnerability of the HNAP1 protocol implementation in D-Link DIR-2640-US router microsoftware allows a attacker to execute arbitrary code.
The vulnerability of the HNAP1 protocol implementation in D-Link DIR-2640-US router microprogramming software is related to the lack of measures to sanitize input data during the processing of the LocalIPAddress parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrar...
The vulnerability of the HNAP1 protocol implementation in D-Link DIR-2640-US router microsoftware allows a attacker to execute arbitrary code.
The vulnerability of the HNAP1 protocol implementation in D-Link DIR-2640-US router microprogramming software is related to the lack of measures to sanitize input data during the processing of the PrefixLen parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary cod...
The vulnerability of the Azure Service Connector allows attackers to circumvent existing security restrictions and enhance their privileges.
The vulnerability of the Azure Service Connector relates to security configuration errors. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and gain increased privileges...
The vulnerability of microprogrammed software in Nexx Garage Door Controllers (NXG-100B, NXG-200), Nexx Smart Plugs (NXPG-100W), and Nexx Smart Alarms (NXAL-100) arises from the use of pre-set credentials. This allows a intruder to gain unauthorized access to the MQ Telemetry Server (MQTT) server.
The vulnerability of microprogrammed software in Nexx Garage Door Controllers NXG-100B, NXG-200, Nexx Smart Plugs NXPG-100W, and Nexx Smart Alarms NXAL-100 lies in the use of pre-set credentials. Exploiting this vulnerability could allow an attacker to gain unauthorized access to the MQ Telemetry...
The vulnerability in the implementation of the Secure Boot protocol for operating systems with Windows, which allows attackers to circumvent existing security restrictions.
The vulnerability of the Secure Boot protocol for loading operating systems on Windows is related to errors in accessing debugging functions during the loading process. Exploiting this vulnerability could allow an attacker to circumvent existing security restrictions...
The vulnerability of the udmabuf_vm_fault() function in the drivers/dma-buf/udmabuf.c module of Linux kernel allows a attacker to escalate their privileges and execute arbitrary code.
The vulnerability of the udmabufvmfault function in the drivers/dma-buf/udmabuf.c module of Linux operating systems is related to unvalidated array indexing due to incorrect validation of input data. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute...
The vulnerability of the Prompts component in the Google Chrome browser allows a hacker to bypass security restrictions.
The vulnerability of the Prompts component in the Google Chrome browser is related to improperly implemented security checks for standard elements. Exploiting this vulnerability allows a malicious actor to bypass security restrictions through a specially created HTML page...
The vulnerability of the jfif_decode() function in the library for encoding and decoding JPEG files, ffjpeg, allows a attacker to cause a service failure.
The vulnerability of the jfifdecode function ffjpeg/src/jfif.c in the library for encoding and decoding JPEG files allows an attacker to cause a service failure...
The vulnerability of the phpcgi component in D-Link DIR-879 A1 microprogramming router software allows a hacker to bypass security restrictions and restore login credentials for accessing the system.
The vulnerability of the phpcgi component in D-Link DIR-879 A1 router microprogramming software is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and restore access credentials for entering the system by...
The vulnerability of the virt_to_bus()/bus_to_virt() function in the dpt_i2o driver of Linux operating systems allows attackers to exploit their privileges.
The vulnerability of the virttobus/bustovirt function in the dpti2o driver of Linux operating systems is related to improper locking during object operations. Exploiting this vulnerability can allow an attacker to gain increased privileges...
The web interface of Netgear’s SRX5308 router software has vulnerabilities that allow attackers to carry out cross-site scripting attacks.
The vulnerability in the web interface for managing Netgear SRX5308 integrated software routers exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to carry out a cross-site scripting attack by sending a specially crafted HTTP request using...
The vulnerability of the Secure Channel component in Windows operating systems, which allows a hacker to cause a service failure
The vulnerability of the Secure Channel component in Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions...
The vulnerability of the Substance 3D Stager software lies in its reliance on memory after it is freed, allowing an attacker to execute arbitrary code.
The vulnerability of the Substance 3D Stager software-related 3D design software is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created file...