90509 matches found
The vulnerability of the Routing Protocol Demon (RPD) in Juniper Networks’ Junos OS and Junper Networks’ Junos OS Evolved operating systems allows a attacker to cause a service failure.
The vulnerability of the Routing Protocol Demon RPD in Juniper Networks’ Junos OS and Junper Networks’ Junos OS Evolved operating systems is related to syntax validation errors in input verification. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...
The vulnerability of the PDFium component in the Google Chrome browser allows a hacker to execute arbitrary code.
The vulnerability of the PDFium component in the Google Chrome browser is related to buffer overflow. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created PDF file...
The vulnerability of the Windows Common Log File System (CLFS) driver in Windows operating systems allows a hacker to disclose protected information.
The vulnerability of the Windows Common Log File System CLFS driver in Windows operating systems is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker to disclose protected information...
The vulnerability of Fortinet FortiWLM, a centralized management system for WLAN access points and LAN switches, stems from insufficient validation of arguments passed in commands. This allows attackers to execute arbitrary code.
The vulnerability of Fortinet FortiWLM, a centralized management system for WLAN access points and LAN switches, is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code...
The vulnerability of the Microsoft Office software package, related to deficiencies in access control, allows attackers to escalate their privileges.
The vulnerability of the Microsoft Office package is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to enhance their privileges...
The vulnerability of the curl_easy_duphandle function in the libcurl library allows a hacker to create or re-record cookies.
The vulnerability of the curleasyduphandle function in the libcurl library is related to external control via a filename or file path. Exploiting this vulnerability allows a malicious actor to create or rewrite cookie files remotely...
The vulnerability of Acronis Cyber Protect 15’s data protection software lies in its insufficient verification of the authenticity of executed requests. This allows attackers to compromise the integrity of the protected information.
The vulnerability of Acronis Cyber Protect 15 software-related data protection software lies in the insufficient verification of the authenticity of executed requests. Exploiting this vulnerability can allow an attacker, operating remotely, to compromise the integrity of the protected information...
The vulnerability of the SetWLanRadioSecurity() function in D-Link DIR-3040 wireless router software allows a hacker to execute arbitrary code.
The vulnerability of the SetWLanRadioSecurity function in D-Link DIR-3040 wireless router software lies in the fact that the operation’s output escapes the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted HNAP requests...
The vulnerability of the wloggui interface of the Control Web Panel (CWP) application (formerly CentOS Web Panel) allows a malicious user to escalate their privileges and execute arbitrary commands.
The vulnerability of the wloggui interface of the Control Web Panel CWP application formerly CentOS Web Panel is related to the lack of measures taken to neutralize special elements. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary commands...
The vulnerability of the SetAPLanSettings function in the microprogramming software of the D-Link DAP-1325 wireless signal booster allows a intruder to execute arbitrary code.
The vulnerability of the SetAPLanSettings function in the microprogramming software of the D-Link DAP-1325 wireless signal booster relates to reading data outside the buffer in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the addWifiMacFilter function in the microprogramming software for Tenda AC10U allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the addWifiMacFilter function in the Tenda AC10U router software lies in the fact that the operation’s output goes beyond the buffer in memory. Exploiting this vulnerability could allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the...
The vulnerability of the formSetWanPPPoE function in the D-Link DIR-619L router’s software allows a hacker to cause a service failure.
The vulnerability of the formSetWanPPPoE function in the D-Link DIR-619L router software is related to the writing of data beyond the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...
The vulnerability of the application software interface of the Cisco DNA Center allows a hacker to read and modify data in its internal repository.
The vulnerability of the Cisco DNA Center’s application programming interface is related to errors in access management. Exploiting this vulnerability allows a malicious actor to remotely read and modify data in the internal repository by sending specially crafted API requests...
The vulnerability of the SonicWall Secure Mobile Access (SMA 1000) software lies in its ability to bypass authentication procedures. This allows attackers to gain access to arbitrary files and directories stored outside of the root web directory.
The vulnerability of the SonicWall Secure Mobile Access SMA 1000 security access device lies in its ability to bypass authentication procedures. Exploiting this vulnerability allows a malicious actor to gain access to arbitrary files and directories stored outside of the root web directory...
The vulnerability of the Maxon Cinema 4D 3D modeling and animation tool lies in its memory management after the memory is released, allowing a hacker to execute arbitrary code.
The vulnerability of the Maxon Cinema 4D 3D modeling and animation tool is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to execute arbitrary code using a specially created SKP file...
The vulnerability of the Kostac PLC Programming Software (formerly Koyo PLC Programming Software) relates to the re-release of memory, allowing a perpetrator to execute arbitrary code.
The vulnerability of the Kostac PLC Programming Software formerly Koyo PLC Programming Software relates to the repeated release of memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created project file...
The vulnerability of the formWifiBasicSet function in the microprogramming software for Tenda A18 allows a hacker to cause a service failure.
The vulnerability of the formWifiBasicSet function in the Tenda A18 router microprogramming system is related to the ability to write data beyond the buffer in memory. Exploiting this vulnerability could allow a remote attacker to cause a service failure...
The vulnerability of the PDF-XChange PDF document viewing and editing program, related to out-of-memory reading, allows attackers to disclose protected information.
The vulnerability of the PDF document viewing and editing software PDF-XChange is related to reading beyond the memory limit. Exploiting this vulnerability can allow an attacker to disclose protected information using a specially created TIF file...
The vulnerability of the SetAPLanSettings() function in the microprogramming software of the D-Link DAP-1325 wireless signal booster allows a hacker to execute arbitrary code.
The vulnerability of the SetAPLanSettings function in the microprogramming software of the D-Link DAP-1325 wireless signal booster relates to the lack of measures to neutralize specific elements. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the dumpHeap method in the Avalanche mobile device management system allows a hacker to escalate their privileges.
The vulnerability of the dumpHeap method in the Avalanche mobile device management system is related to errors during the authentication process. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...
The vulnerability of the neighmgrd and nlmanager components of the NVIDIA Cumulus Linux network operating system allows a hacker to trigger a service failure.
The vulnerability of the neighmgrd and nlmanager components of the NVIDIA Cumulus Linux network operating system is related to an exception handling error. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...
The vulnerability of the Prompts component in the Google Chrome browser allows a hacker to bypass existing security restrictions.
The vulnerability of the Prompts component in the Google Chrome browser is related to the improper use of standard permissions. Exploiting this vulnerability allows a malicious actor to bypass security restrictions through a specially created HTML page...
The vulnerability of the Editor Annotation component of the PDF-XChange PDF document viewing and editing software allows a perpetrator to execute arbitrary code.
The vulnerability of the Editor Annotation component in the PDF-XChange PDF document viewing and editing software relates to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
The software for managing medical organizations like OpenEMR is vulnerable due to insufficient verification of input data, allowing attackers to compromise data privacy and integrity.
The software for managing medical organizations called OpenEMR is vulnerable due to insufficient verification of input data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to compromise the confidentiality and integrity of data...
The vulnerability of the dir_setWanWifi function in D-Link DIR-816 A2 router software allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the dirsetWanWifi function in D-Link DIR-816 A2 router microprogramming software is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the...
The vulnerability of the WebExtension component in the Firefox web browser, related to the disclosure of information in the erroneous data area, allows attackers to gain access to confidential data.
The vulnerability of the WebExtension component in the Firefox web browser is related to the disclosure of information in the erroneous data area. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to confidential data...
The vulnerability of the software for creating and managing graphical user interfaces for Rockwell Automation FactoryTalk View Machine Edition (ME) devices stems from insufficient validation of input data. This vulnerability allows a perpetrator to execute arbitrary code.
The software used for creating and managing graphical user interfaces for Rockwell Automation FactoryTalk View Machine Edition industrial devices is vulnerable due to insufficient validation of input data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the graphical interface of FortiOS operating systems and the proxy server used for protecting against Internet attacks, FortiProxy, arises from the lack of measures taken to protect the structure of web pages. This allows attackers to execute arbitrary JavaScript code.
The vulnerability of the graphical interface of FortiOS operating systems and the proxy server used for protecting against Internet attacks FortiProxy exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute...
The vulnerability of the free_stream utility for converting files with the .fig and .fig2dev extensions involves a memory reclamation error, which allows an attacker to cause a service failure.
The vulnerability of the freestream function in the file conversion utility for files with the .fig and .fig2dev extensions is related to a memory reclamation error. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the declarative delivery tool for GitOps on Kubernetes Argo CD, related to deficiencies in pathname restrictions for directories, allows attackers to gain unauthorized access to protected information.
The vulnerability of GitOps’ continuous delivery tool for Kubernetes Argo CD is related to shortcomings in pathname restrictions for directories. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...
The vulnerability of the Item_field::used_tables/update_depend_map_for_order component of the MariaDB database management system, which allows a hacker to trigger a service failure.
The vulnerability of the Itemfield::usedtables/updatedependmapfororder component of the MariaDB database management system is related to the use of the assert function or similar operators. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
The vulnerabilities of the functions HttpServletRequest.getParameter() and HttpServletRequest.getParts() in the Eclipse Jetty server container allow a attacker to cause a service failure.
The vulnerability of the HttpServletRequest.getParameter and HttpServletRequest.getParts methods in the Eclipse Jetty server container is related to the allocation of unlimited memory. Exploiting this vulnerability could allow a remote attacker to cause a service failure...
The vulnerability of the ds_compress.cc component in the MariaDB database management system allows a hacker to cause a service failure.
The vulnerability of the dscompress.cc component in the MariaDB database management system arises due to blocking resource errors. Exploiting this vulnerability can allow an attacker to cause service failures...
The vulnerability of the library for serializing and deserializing YAML documents in SnakeYAML, related to buffer overflow in the stack, allows attackers to cause a service failure.
The vulnerability of the YAML serialization and deserialization library SnakeYAML lies in buffer overflows in the stack. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the Microsoft Visual Studio software development tool lies in its lack of access control mechanisms, which allows attackers to escalate their privileges.
The vulnerability of Microsoft Visual Studio, a software development tool, is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges through a specially created file...
The vulnerability of the set_qos function in the Milesight UR32L router software allows a hacker to execute arbitrary code.
The vulnerability of the setqos function in the Milesight UR32L router microprogramming system arises due to a stack-based buffer overflow. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...
The vulnerability of the TCP/IP protocol implementation in Windows operating systems allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the TCP/IP protocol implementation in Windows operating systems is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of the Fast DDS library, related to exception handling errors, allows attackers to trigger a service failure.
The vulnerability of the Fast DDS library is related to an exception handling error. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause service failures...
The vulnerability of the PostPolicyBucket component of the MinIO storage server allows a perpetrator to execute arbitrary code.
The vulnerability of the PostPolicyBucket component of the MinIO storage server is related to errors in privilege management. Exploiting this vulnerability could allow an attacker to execute arbitrary code by sending specially crafted HTTP requests...
Vulnerability of the RleDecompress() function in the RDP client FreeRDP, allowing a hacker to trigger a service failure
The vulnerability of the RleDecompress function in the RDP client FreeRDP is related to the occurrence of operations outside the buffer boundaries in memory when processing the variable pbSrcBuffer. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of the Zoom video conferencing service, which stems from insufficient validation of input data, allows attackers to access protected information.
The vulnerability of the Zoom video conferencing service exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to protected information...
The vulnerability of the CMD_W_REG command processor in the CE_A protocol implementation of the CE805M data collection and transmission device allows a perpetrator to modify parameters so that commands of the operating system are executed during automatic updates of the application software.
The vulnerability of the CMDWREG command processor in the CEA protocol implementation of the CE805M device for data collection and transmission is related to incorrect code generation. Exploiting this vulnerability allows a remote attacker to modify parameters so that system commands are executed...
The vulnerability of Google Chrome’s Skia graphic library allows a hacker to execute arbitrary code.
The vulnerability of Google Chrome’s Skia graphics library is related to buffer overflow attacks. Exploiting this vulnerability allows an attacker to execute arbitrary code through a specially created HTML page...
The vulnerability of the Google Chrome browser’s DNS service allows a hacker to execute arbitrary code.
The vulnerability of the Google Chrome browser’s DNS service is related to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code through a specially created HTML page...
The vulnerability of the coord_file function in the software for converting chemical substance format files, Open Babel, allows a hacker to execute arbitrary code.
The vulnerability of the pFormat function in the software for converting chemical substance formats in Open Babel is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...
The vulnerability of the AbstractGatewayFunction class in industrial automation software, Inductive Automation Ignition, allows a perpetrator to execute arbitrary code.
The vulnerability of the AbstractGatewayFunction class in Inductive Automation Ignition software relates to the restoration of unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code within the SYSTEM context...
The vulnerability of the do_journal_end() function in the fs/reiserfs/journal.c file of the reiserfs file system in the RED OS kernel allows a attacker to cause a service failure.
The vulnerability of the dojournalend function in the fs/reiserfs/journal.c file of the reiserfs file system in the RED OS kernel is related to the failure to manage the allocated buffer after it is released. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of Intel microprogramming software, related to the leakage of information from vector registers, allows attackers to gain access to protected information.
The vulnerability of Intel microprogramming software is related to the leakage of information from vector registers. Exploiting this vulnerability can allow an attacker to gain access to protected information...
The vulnerability of the Java client of the Aerospike Database management system allows a hacker to execute arbitrary code.
The vulnerability of the Java client of the Aerospike Database management system is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...
The vulnerability of the VMware Horizon Server virtualization server, related to improper checking of HTTP requests, allows an attacker to compromise the integrity of protected information.
The vulnerability of the VMware Horizon Server virtualization server lies in improper handling of HTTP requests. Exploiting this vulnerability allows a malicious actor to compromise the integrity of the protected information from a remote location...