90509 matches found
The vulnerability of the software platform for container deployment in the SUSE Rancher Wrangler production environment, related to unencrypted storage of user data, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the software platform for container deployment in the SUSE Rancher wrangler production environment is related to unencrypted storage of user credentials. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected...
The vulnerability of the PostScript Printer Driver (Pscript) in Windows operating systems allows a hacker to gain unauthorized access to protected information.
The vulnerability of the PostScript Printer Driver Pscript on Windows operating systems is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of Microsoft’s .NET Framework and .NET software platforms lies in the insufficient protection of operational data during code debugging, allowing attackers to execute arbitrary code.
The vulnerability of Microsoft .NET Framework and .NET software platforms is related to insufficient protection of sensitive data during code debugging. Exploiting this vulnerability can allow attackers to execute arbitrary code...
The vulnerability of the WDAC OLE DB driver for SQL Server on Windows operating systems allows a hacker to execute arbitrary code.
The vulnerability of the WDAC OLE DB driver for SQL Server on Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted malicious packages remotely...
The vulnerability of the server administration interface for managing VMware Carbon Black App Control allows for the injection of arbitrary code, enabling a hacker to execute arbitrary commands.
The vulnerability of the server administration interface for managing VMware Carbon Black App Control relates to the possibility of executing code. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the Symantec Endpoint Protection antivirus software lies in its lack of access control mechanisms, which allows attackers to escalate their privileges.
The vulnerability of the Symantec Endpoint Protection antivirus software is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the software for programming Mitsubishi Electric GX Works3 lies in the ability to use strictly encrypted user data, which allows a intruder to obtain information about the project files for security modules on the CPU.
The vulnerability of the software for programming Mitsubishi Electric GX Works3 relates to the possibility of using strictly encrypted user data. Exploiting this vulnerability can allow a malicious actor to obtain information about project files for security modules via the MELSEC protocol...
The vulnerability in the web interface for managing FatPipe’s software allows a hacker to execute arbitrary code.
The vulnerability of the FatPipe software management web interface is related to the unlimited download of dangerous files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially created malware file...
The vulnerability of the IBM Sterling Secure Proxy proxy server and the IBM Sterling External Authentication Server (SEAS) authentication and authorization server, which stems from the use of cryptographic algorithms containing defects, allows attackers to gain unauthorized access to protected information.
The vulnerability of the IBM Sterling Secure Proxy proxy server and the IBM Sterling External Authentication Server SEAS authentication and authorization server lies in the use of cryptographic algorithms that have vulnerabilities during installation. Exploiting this vulnerability can allow a...
The vulnerability of the monitoring system for critical equipment, StruxureWare Data Center Expert, related to errors during maintenance by one user on devices owned by another user, allows a violator to execute arbitrary code.
The vulnerability of the StruxureWare Data Center Expert monitoring system is related to errors that occur when one user maintains devices owned by another user. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the ExploreIT website content management system, related to the lack of measures to protect the SQL query structure, allows attackers to perform cross-site scripting attacks.
The vulnerability of the ExploreIT website content management system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
The vulnerability of the command-line interface (CLI) implementation of Zyxel networking devices allows a perpetrator to execute arbitrary commands.
The vulnerability of CLI implementations for Zyxel network devices involves a lack of measures to neutralize special elements used in OS commands. Exploiting this vulnerability allows an attacker to execute arbitrary commands remotely...
The vulnerability of Dell Container Storage Modules lies in their uncontrolled DLL search path, which allows an attacker to execute arbitrary code.
The vulnerability of the Dell Container Storage Modules relates to an uncontrolled DLL search process. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the AMD Secure Encrypted Virtualization (SEV) implementation, a micro-software solution for AMD processors, allows attackers to disclose protected information.
The vulnerability of the AMD Secure Encrypted Virtualization SEV technology, a micro-software solution for AMD processors, arises from the execution of operations beyond the buffer in memory due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to...
The vulnerability of Cisco TelePresence CE and RoomOS software for Cisco Touch 10 devices is related to the absence of a mandatory cryptographic step.
The vulnerability of Cisco TelePresence CE and RoomOS software for Cisco Touch 10 devices is related to the absence of mandatory cryptographic steps. It exists due to insufficient identity verification during the pairing process. Exploiting this vulnerability can allow an attacker operating...
The vulnerability in the implementation of the GOT Mobile function in the software for graphic control panels from Mitsubishi Electric’s GOT2000 series, models GT27 and GT25, as well as the HMI platform GT SoftGOT2000, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the GOT Mobile function implementation in Mitsubishi Electric’s GOT2000 series graphic control panels, models GT27 and GT25, as well as the HMI platform GT SoftGOT2000, involves bypassing authentication through spoofing. Exploiting this vulnerability can allow unauthorized...
The vulnerability of QTS network storage operating systems from QNAP, related to insufficient validation of input data, allows attackers to execute arbitrary code.
The vulnerability of QTS network storage operating systems from QNAP is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the sl_tx_timeout() function in the drivers/net/slip.c module of the SLIP driver for the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the sltxtimeout function in the drivers/net/slip.c module of the SLIP driver for the Linux operating system is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the Ragic Cloud DB network storage solution provided by QNAP NAS allows attackers to execute XSS attacks.
The vulnerability of the Ragic Cloud DB network storage solution provided by QNAP NAS exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks using a specially created link...
The vulnerability of the configuration of web applications using microprogramming software for Moxa SDS-3008 Ethernet switches allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the configuration of web applications developed with Microprogramming Software for Moxa SDS-3008 Ethernet switches lies in the transmission of data in an open manner. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected informatio...
The vulnerability of InHand Networks InRouter 302 and InRouter 615 microprogrammed software lies in the use of one-way hashing with predictable random data. This allows attackers to gain unauthorized access to protected information.
The vulnerability of InHand Networks InRouter 302 and InRouter 615 microprogrammed software lies in the use of one-way hashing with predictable random data. Exploiting this vulnerability allows an attacker, operating remotely, to gain unauthorized access to protected information by sending...
The vulnerability of the i740 video driver in the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the i740 video driver in the Linux operating system is related to the lack of checks on user data. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the Core server component of Oracle Communications Converged Application Server allows a hacker to gain full control over the application.
The vulnerability of the Core server component of Oracle Communications Converged Application Server is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain full control over the application using the UDP network protocol...
The vulnerability of the MSO protocol implementation in the GE Proficy Historian industrial data management platform allows a perpetrator to gain access to read, modify, or delete files.
The vulnerability of the MSO protocol implementation in the GE Proficy Historian industrial data management platform is related to the unlimited loading of dangerous files. Exploiting this vulnerability could allow a malicious actor to gain read, modify, or delete access to files by executing the...
The vulnerability of the network traffic analysis, network detection, and response mechanism of the Cortex XDR Agent, related to code errors, allows attackers to trigger a service failure for Windows system services.
The vulnerability of the Cortex XDR Agent, which is responsible for network traffic analysis, network detection, and response, is related to code errors. Exploiting this vulnerability can allow attackers to cause system services under Windows to fail...
The vulnerability of the login/index.php implementation of the application for managing servers with CentOS Web Panel allows a hacker to execute arbitrary commands.
The vulnerability of the login/index.php implementation of the server management application for CentOS Web Panel is related to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute...
The vulnerability of the software for coordinating the operation of security systems and for managing real-time incident responses in Fortinet FortiSOAR is related to improper access control. This allows attackers to gain access to the API gateway.
The vulnerability of the software for coordinating the operation of security systems and for managing incident responses in real-time with Fortinet FortiSOAR is related to improper access control. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to the...
The vulnerability of the Windows operating system’s kernel allows attackers to enhance their privileges.
The vulnerability of Windows operating system kernels is related to insufficient validation of input data during object processing. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the smb2_tree_disconnect function (fs/ksmbd/smb2pdu.c) in the ksmbd module of the Linux operating system allows a hacker to execute arbitrary code.
The vulnerability of the smb2treedisconnect function fs/ksmbd/smb2pdu.c in the ksmbd module of the Linux operating system is related to the use of memory after deallocation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of Adobe Illustrator’s graphic editor, related to reading data beyond the buffer in memory, allows attackers to exploit this to disclose protected information.
The vulnerability of Adobe Illustrator graphic editor is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to disclose protected information using a specially created file...
The vulnerability of Adobe Experience Manager’s content and media data management system, which stems from the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks.
The vulnerability of Adobe Experience Manager’s content and media data management system exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially created link...
The vulnerability of the APC Easy UPS Online Monitoring Software lies in its ability to allow the loading of arbitrary files, which enables a intruder to execute arbitrary code.
The vulnerability of the APC Easy UPS Online Monitoring Software relates to the ability to load any arbitrary file. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by loading any JSP file remotely...
The vulnerability of the Connman connection dispatcher’s WISPR support implementation lies in the use of memory after it is freed. This allows a hacker to cause a service failure or execute arbitrary code.
The vulnerability of the Connman connection dispatcher’s WISPR support implementation lies in the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor to cause service failures or execute arbitrary code...
The vulnerability of the queue insertion function sch_sfb in Linux operating system kernels allows a hacker to cause a service failure.
The vulnerability of the queue insertion function schsfb in Linux operating systems is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the gweb component of the Connection dispatcher, related to writing outside of the allocated memory range, allows a hacker to execute arbitrary code.
The vulnerability of the gweb component of the Connman connection controller is related to writing beyond the boundaries of a reserved memory range. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the EndType parameter in the web interface of the POWER METER SICAM Q100 microprogramming system allows a hacker to disable the device (with subsequent automatic reboot) or execute arbitrary code.
The vulnerability of the EndType parameter in the web interface of the POWER METER SICAM Q100 measurement software is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to disable the device remotely, causing it to shut down automatically, or execute...
The vulnerability of the `ef100_update_stats` function in the `drivers/net/ethernet/sfc/ef100_nic.c` file of the Linux kernel allows a hacker to cause a service failure.
The vulnerability of the ef100updatestats function in the drivers/net/ethernet/sfc/ef100nic.c file of the Linux kernel is related to a pointer dereferencing error. Exploiting this vulnerability could allow an attacker to cause system failures or gain increased privileges...
The vulnerability of the application software interface of the VMware vRealize Network Insight (vRNI) system, related to the possibility of bypassing the directory protection mechanism, allows attackers to access protected information.
The vulnerability of the application software interface of the VMware vRealize Network Insight vRNI development and optimization software infrastructure is related to the possibility of bypassing the catalog. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain...
The vulnerability of the _rtw_init_xmit_priv function in the drivers/staging/r8188eu/core/rtw_xmit.c file of the Linux kernel allows a hacker to cause a service failure or enhance their privileges.
The vulnerability of the rtwinitxmitpriv function in the drivers/staging/r8188eu/core/rtwxmit.c file of the Linux kernel is related to a pointer dereferencing error. Exploiting this vulnerability could allow an attacker to cause a service failure or gain increased privileges...
The vulnerability of the `kfd_parse_subtype_iolink` function in the `drivers/gpu/drm/amd/amdkfd/kfd_crat.c` file of the Linux operating system’s kernel allows a hacker to trigger a service failure or increase their privileges.
The vulnerability of the kfdparsesubtypeiolink function in the drivers/gpu/drm/amd/amdkfd/kfdcrat.c file of the Linux operating system’s kernel is related to incorrect checking of the returned value from a method or function. Exploiting this vulnerability could allow an attacker to cause service...
The vulnerability of the lkdtm_ARRAY_BOUNDS function in the drivers/misc/lkdtm/bugs.c module of the Linux kernel allows a attacker to cause a system failure or gain increased privileges.
The vulnerability of the lkdtmARRAYBOUNDS function in the drivers/misc/lkdtm/bugs.c module of the Linux kernel is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause system failures or gain increased privileges...
The vulnerability of the Windows Terminal emulator for operating systems, which allows a hacker to execute arbitrary code.
The vulnerability of the Windows Terminal emulator for operating systems is related to insufficient checking of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created file...
The vulnerability of the xrdp_mm_chan_data_in() function on the XRDP server allows a hacker to execute arbitrary code.
The vulnerability of the xrdpmmchandatain function on the XRDP server is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Blink Frames component in the Google Chrome browser allows a hacker to execute arbitrary code.
The vulnerability of the Blink Frames component in Google Chrome browser relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the xrdp_caps_process_confirm_active() function on the XRDP server allows a perpetrator to gain unauthorized access to protected information or cause service failures.
The vulnerability of the xrdpcapsprocessconfirm-active function on the XRDP server is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information or cause servic...
The vulnerability of the RecordType parameter in the web interface of the POWER METER SICAM Q100 software allows a hacker to disable the device (with subsequent automatic reboot) or execute arbitrary code.
The vulnerability of the RecordType parameter in the web interface of the POWER METER SICAM Q100 measurement software is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to disable the device remotely, causing it to shut down automatically, or execut...
The vulnerability of the compatibility subsystem’s kernel allows for the execution of Linux applications on Windows operating systems through the Windows Subsystem for Linux (WSL2). This enables attackers to gain increased privileges.
The vulnerability of the compatibility subsystem’s kernel for running Linux applications, as provided by Windows Subsystem for Linux WSL2 on Windows operating systems, is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the Citrix ADC application delivery controller (formerly Citrix NetScaler Application Delivery Controller) and the Citrix Gateway access control system (formerly Citrix NetScaler Gateway) allows a perpetrator to execute arbitrary code.
The vulnerability of the Citrix ADC application delivery controller formerly Citrix NetScaler Application Delivery Controller and the Citrix Gateway access control system formerly Citrix NetScaler Gateway is related to insufficient resource control during its existence. Exploiting this...
The vulnerability of the xrdp_mm_trans_process_drdynvc_channel_open function on the XRDP server allows a hacker to gain access to a remote machine.
The vulnerability of the xrdpmmtransprocessdrdynvcchannelopen function in the XRDP server is related to the ability to write data beyond the buffer in memory. Exploiting this vulnerability can allow a malicious actor to gain access to the remote machine...
The vulnerability of the control panel interface of the FortiADC application allows attackers to execute cross-site scripting attacks.
The vulnerability of the FortiADC application delivery controller interface exists because measures are not taken to protect the structure of the web page during its creation. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially created ...