90509 matches found
The vulnerability of Cisco TelePresence CE and RoomOS software for Cisco Touch 10 devices is related to the absence of a mandatory cryptographic step.
The vulnerability of Cisco TelePresence CE and RoomOS software for Cisco Touch 10 devices is related to the absence of mandatory cryptographic steps. It exists due to insufficient identity verification during the pairing process. Exploiting this vulnerability can allow an attacker operating...
The vulnerability in the implementation of the GOT Mobile function in the software for graphic control panels from Mitsubishi Electric’s GOT2000 series, models GT27 and GT25, as well as the HMI platform GT SoftGOT2000, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the GOT Mobile function implementation in Mitsubishi Electric’s GOT2000 series graphic control panels, models GT27 and GT25, as well as the HMI platform GT SoftGOT2000, involves bypassing authentication through spoofing. Exploiting this vulnerability can allow unauthorized...
The vulnerability of the AMD Secure Encrypted Virtualization (SEV) implementation, a micro-software solution for AMD processors, allows attackers to disclose protected information.
The vulnerability of the AMD Secure Encrypted Virtualization SEV technology, a micro-software solution for AMD processors, arises from the execution of operations beyond the buffer in memory due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to...
The vulnerability of QTS network storage operating systems from QNAP, related to insufficient validation of input data, allows attackers to execute arbitrary code.
The vulnerability of QTS network storage operating systems from QNAP is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Ragic Cloud DB network storage solution provided by QNAP NAS allows attackers to execute XSS attacks.
The vulnerability of the Ragic Cloud DB network storage solution provided by QNAP NAS exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks using a specially created link...
The vulnerability of the sl_tx_timeout() function in the drivers/net/slip.c module of the SLIP driver for the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the sltxtimeout function in the drivers/net/slip.c module of the SLIP driver for the Linux operating system is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the configuration of web applications using microprogramming software for Moxa SDS-3008 Ethernet switches allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the configuration of web applications developed with Microprogramming Software for Moxa SDS-3008 Ethernet switches lies in the transmission of data in an open manner. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected informatio...
The vulnerability of InHand Networks InRouter 302 and InRouter 615 microprogrammed software lies in the use of one-way hashing with predictable random data. This allows attackers to gain unauthorized access to protected information.
The vulnerability of InHand Networks InRouter 302 and InRouter 615 microprogrammed software lies in the use of one-way hashing with predictable random data. Exploiting this vulnerability allows an attacker, operating remotely, to gain unauthorized access to protected information by sending...
The vulnerability of the i740 video driver in the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the i740 video driver in the Linux operating system is related to the lack of checks on user data. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the Core server component of Oracle Communications Converged Application Server allows a hacker to gain full control over the application.
The vulnerability of the Core server component of Oracle Communications Converged Application Server is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain full control over the application using the UDP network protocol...
The vulnerability of the MSO protocol implementation in the GE Proficy Historian industrial data management platform allows a perpetrator to gain access to read, modify, or delete files.
The vulnerability of the MSO protocol implementation in the GE Proficy Historian industrial data management platform is related to the unlimited loading of dangerous files. Exploiting this vulnerability could allow a malicious actor to gain read, modify, or delete access to files by executing the...
The vulnerability of the network traffic analysis, network detection, and response mechanism of the Cortex XDR Agent, related to code errors, allows attackers to trigger a service failure for Windows system services.
The vulnerability of the Cortex XDR Agent, which is responsible for network traffic analysis, network detection, and response, is related to code errors. Exploiting this vulnerability can allow attackers to cause system services under Windows to fail...
The vulnerability of the login/index.php implementation of the application for managing servers with CentOS Web Panel allows a hacker to execute arbitrary commands.
The vulnerability of the login/index.php implementation of the server management application for CentOS Web Panel is related to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute...
The vulnerability of the software for coordinating the operation of security systems and for managing real-time incident responses in Fortinet FortiSOAR is related to improper access control. This allows attackers to gain access to the API gateway.
The vulnerability of the software for coordinating the operation of security systems and for managing incident responses in real-time with Fortinet FortiSOAR is related to improper access control. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to the...
The vulnerability of the Windows operating system’s kernel allows attackers to enhance their privileges.
The vulnerability of Windows operating system kernels is related to insufficient validation of input data during object processing. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of Adobe Experience Manager’s content and media data management system, which stems from the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks.
The vulnerability of Adobe Experience Manager’s content and media data management system exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially created link...
The vulnerability of the smb2_tree_disconnect function (fs/ksmbd/smb2pdu.c) in the ksmbd module of the Linux operating system allows a hacker to execute arbitrary code.
The vulnerability of the smb2treedisconnect function fs/ksmbd/smb2pdu.c in the ksmbd module of the Linux operating system is related to the use of memory after deallocation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of Adobe Illustrator’s graphic editor, related to reading data beyond the buffer in memory, allows attackers to exploit this to disclose protected information.
The vulnerability of Adobe Illustrator graphic editor is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to disclose protected information using a specially created file...
The vulnerability of the decon_set_win_config() function in the Display and Enhancement Controller (DECON) driver of the Display Processing Unit (DPU) for Android mobile devices from Samsung allows a malicious actor to gain access to read, modify, or delete files, or to cause a service failure.
The vulnerability of the deconsetwinconfig function in the Display and Enhancement Controller DECON driver of the Display Processing Unit DPU for Android mobile devices from Samsung relates to the use of memory after it is freed during the processing of file descriptors. Exploiting this...
The vulnerability of the gweb component of the Connection dispatcher, related to writing outside of the allocated memory range, allows a hacker to execute arbitrary code.
The vulnerability of the gweb component of the Connman connection controller is related to writing beyond the boundaries of a reserved memory range. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the EndType parameter in the web interface of the POWER METER SICAM Q100 microprogramming system allows a hacker to disable the device (with subsequent automatic reboot) or execute arbitrary code.
The vulnerability of the EndType parameter in the web interface of the POWER METER SICAM Q100 measurement software is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to disable the device remotely, causing it to shut down automatically, or execute...
The vulnerability of the APC Easy UPS Online Monitoring Software lies in its ability to allow the loading of arbitrary files, which enables a intruder to execute arbitrary code.
The vulnerability of the APC Easy UPS Online Monitoring Software relates to the ability to load any arbitrary file. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by loading any JSP file remotely...
The vulnerability of the _rtw_init_xmit_priv function in the drivers/staging/r8188eu/core/rtw_xmit.c file of the Linux kernel allows a hacker to cause a service failure or enhance their privileges.
The vulnerability of the rtwinitxmitpriv function in the drivers/staging/r8188eu/core/rtwxmit.c file of the Linux kernel is related to a pointer dereferencing error. Exploiting this vulnerability could allow an attacker to cause a service failure or gain increased privileges...
The vulnerability of the `ef100_update_stats` function in the `drivers/net/ethernet/sfc/ef100_nic.c` file of the Linux kernel allows a hacker to cause a service failure.
The vulnerability of the ef100updatestats function in the drivers/net/ethernet/sfc/ef100nic.c file of the Linux kernel is related to a pointer dereferencing error. Exploiting this vulnerability could allow an attacker to cause system failures or gain increased privileges...
The vulnerability of the Connman connection dispatcher’s WISPR support implementation lies in the use of memory after it is freed. This allows a hacker to cause a service failure or execute arbitrary code.
The vulnerability of the Connman connection dispatcher’s WISPR support implementation lies in the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor to cause service failures or execute arbitrary code...
The vulnerability of the lkdtm_ARRAY_BOUNDS function in the drivers/misc/lkdtm/bugs.c module of the Linux kernel allows a attacker to cause a system failure or gain increased privileges.
The vulnerability of the lkdtmARRAYBOUNDS function in the drivers/misc/lkdtm/bugs.c module of the Linux kernel is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause system failures or gain increased privileges...
The vulnerability of the compatibility subsystem’s kernel allows for the execution of Linux applications on Windows operating systems through the Windows Subsystem for Linux (WSL2). This enables attackers to gain increased privileges.
The vulnerability of the compatibility subsystem’s kernel for running Linux applications, as provided by Windows Subsystem for Linux WSL2 on Windows operating systems, is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the xrdp_mm_chan_data_in() function on the XRDP server allows a hacker to execute arbitrary code.
The vulnerability of the xrdpmmchandatain function on the XRDP server is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the xrdp_caps_process_confirm_active() function on the XRDP server allows a perpetrator to gain unauthorized access to protected information or cause service failures.
The vulnerability of the xrdpcapsprocessconfirm-active function on the XRDP server is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information or cause servic...
The vulnerability of the Windows Terminal emulator for operating systems, which allows a hacker to execute arbitrary code.
The vulnerability of the Windows Terminal emulator for operating systems is related to insufficient checking of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created file...
The vulnerability of the RecordType parameter in the web interface of the POWER METER SICAM Q100 software allows a hacker to disable the device (with subsequent automatic reboot) or execute arbitrary code.
The vulnerability of the RecordType parameter in the web interface of the POWER METER SICAM Q100 measurement software is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to disable the device remotely, causing it to shut down automatically, or execut...
The vulnerability of the Blink Frames component in the Google Chrome browser allows a hacker to execute arbitrary code.
The vulnerability of the Blink Frames component in Google Chrome browser relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the Citrix ADC application delivery controller (formerly Citrix NetScaler Application Delivery Controller) and the Citrix Gateway access control system (formerly Citrix NetScaler Gateway) allows a perpetrator to execute arbitrary code.
The vulnerability of the Citrix ADC application delivery controller formerly Citrix NetScaler Application Delivery Controller and the Citrix Gateway access control system formerly Citrix NetScaler Gateway is related to insufficient resource control during its existence. Exploiting this...
The vulnerability of the xrdp_mm_trans_process_drdynvc_channel_open function on the XRDP server allows a hacker to gain access to a remote machine.
The vulnerability of the xrdpmmtransprocessdrdynvcchannelopen function in the XRDP server is related to the ability to write data beyond the buffer in memory. Exploiting this vulnerability can allow a malicious actor to gain access to the remote machine...
The vulnerability of the control panel interface of the FortiADC application allows attackers to execute cross-site scripting attacks.
The vulnerability of the FortiADC application delivery controller interface exists because measures are not taken to protect the structure of the web page during its creation. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially created ...
The vulnerability of the Windows operating system’s Web Account Manager allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Windows operating system’s Web Account Manager is related to insufficient protection of operational data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the Windows Server operating system allows attackers to increase their privileges.
The vulnerability of the Windows Server operating system is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...
The vulnerability of the embedded software of the NETGEAR R7000P router, related to buffer overflow vulnerabilities, allows a hacker to execute arbitrary code.
The vulnerability of the embedded software of the NETGEAR R7000P router is related to buffer overflow errors. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code through the openvpnserverip parameter...
The vulnerability of the command interpreter in Moxa EDR-810, EDR-G902, EDR-G903, TN-4900, and TN-5916 router microprogramming devices allows attackers to execute arbitrary code.
The vulnerability of the command interpreter in Moxa EDR-810, EDR-G902, EDR-G903, TN-4900, and TN-5916 microprogrammed service routers stems from errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted HTTP/HTT...
The vulnerability of the file system driver of Windows operating systems allows a hacker to execute arbitrary code with system privileges.
The vulnerability of the file system driver of Windows operating systems is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code with system privileges...
The vulnerability of the iControl SOAP interface for access control and remote authentication in BIG-IP and server software, BIG-IQ Centralized Management, allows a perpetrator to execute arbitrary commands with elevated privileges.
The vulnerability of the iControl SOAP interface for access control and remote authentication in BIG-IP and server software, BIG-IQ Centralized Management, is related to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands...
The vulnerability of the svg_parse_preserveaspectratio() function in the SVG Parser component of the GPAC multimedia platform allows a attacker to trigger a service failure.
The vulnerability of the svgparsepreserveaspectratio function in the SVG Parser component of the GPAC multimedia platform is related to improper cleaning or release of resources. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of Websoft HCM’s automation software for HR processes lies in the redirection of URLs to unreliable websites, allowing attackers to redirect users to arbitrary URL addresses.
The vulnerability of Websoft HCM’s automation software for HR processes involves the redirection of URLs to an unreliable website. Exploiting this vulnerability allows a malicious actor to remotely redirect users to any given URL address...
The vulnerability of Websoft HCM’s automation software for HR processes lies in its ability to download files of a dangerous type without limitation, allowing an attacker to execute arbitrary code.
The vulnerability of Websoft HCM’s automation software for HR processes is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the cross-platform software development framework Qt, related to resource management errors, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of the cross-platform software development framework Qt is related to resource management errors. Exploiting this vulnerability allows a remote attacker to gain access to confidential data, compromise its integrity, and cause service failures through a specially created web page...
The vulnerability of the Grub configuration file allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of the Grub configuration file is related to writing beyond the buffer boundaries. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and cause service failures...
The vulnerability of the server software HAProxy, related to insufficient input data validation, allows attackers to gain access to confidential data.
The vulnerability of the server software HAProxy is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to gain access to confidential data...
The vulnerability of the SetSysEmailSettings() function in the web interface for managing D-Link DIR-1935 router microprogramming software allows a hacker to execute arbitrary code.
The vulnerability of the SetSysEmailSettings function in the web interface for managing D-Link DIR-1935 router microprogramming software is related to the lack of measures taken to sanitize the input data entered by the user in the input field. Exploiting this vulnerability can allow a remote...
The vulnerabilities of Microsoft Office packages, Microsoft 365 Apps for Enterprise, Microsoft SharePoint, Microsoft Excel, and Microsoft Office Web Apps Server are due to insufficient validation of input data. This allows attackers to execute arbitrary code.
The vulnerability of Microsoft Office packages, Microsoft 365 Apps for Enterprise, Microsoft SharePoint, Microsoft Excel, and Microsoft Office Web Apps Server exists due to insufficient validation of input data. Exploiting this vulnerability can allow attackers to execute arbitrary code...
The vulnerability of the SetIPv6FirewallSettings() function in the web interface for managing D-Link DIR-1935 router microprogramming software allows a hacker to execute arbitrary code.
The vulnerability of the SetIPv6FirewallSettings function in the web interface for managing D-Link DIR-1935 router microprogramming software is related to the failure to sanitize input data in the string entered by the user when processing the IPv6FirewallRule element. Exploiting this vulnerabili...