90509 matches found
The vulnerability of the smsc75xx_bind processor in Linux kernel allows a hacker to trigger a service failure.
The vulnerability of the smsc75xxbind implementation in Linux kernel drivers drivers/net/usb/smsc75xx.ko is related to a memory allocation error. Exploiting this vulnerability can allow an attacker to cause a service failure when connecting a SMSC75XX USB 2.0 Gigabit Ethernet device. This creates...
The vulnerability of the Cisco Webex Network Recording Player and Cisco Webex Player for Windows operating systems arises from incorrect validation of input data, allowing an attacker to execute arbitrary code.
The vulnerability of the Cisco Webex Network Recording Player and Cisco Webex Player for Windows operating systems is related to improper validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code using specially crafted files in the Advanced Recording...
The vulnerability of the REST API interface of the Junos operating system allows a perpetrator to gain access to information about user account passwords.
The vulnerability of the REST API interface of the Junos operating system is related to errors in managing registration data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to information about user account passwords...
The vulnerability of the “Security Management Center” component of the Dr.Web Enterprise Security Suite allows a hacker to execute HTML code.
The vulnerability of the “Security Management Center” component of the Dr.Web Enterprise Security Suite exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary HTML code into the user’s browser by placin...
The vulnerability of the HTTP/2 server implementation in nginx allows a attacker to trigger a service failure.
The vulnerability of the HTTP/2 server implementation based on nginx is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...
The vulnerability of the access control service for remote catalogs and the authentication mechanism of the Astra Linux operating system allow a intruder to trigger a service failure.
The vulnerability of the access control service for remote catalogs and the authentication mechanism of the Astra Linux operating system is related to a flaw that causes domain users to be unable to obtain token credentials during authentication when they lose connection to the domain server...
The vulnerability of the User Monitoring component in the Application Management Pack of the Oracle E-Business Suite allows a malicious individual to gain unauthorized access to protected data.
The vulnerability of the User Monitoring component in the Application Management Pack of the Oracle E-Business Suite is related to access control errors. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected data using the HTTP...
The vulnerability of the NormaCS automation tool for working with regulatory documents allows a violator to execute any code they desire.
The vulnerability of the NormaCS tool for automating the processing of regulatory documents is related to the use of the MFC library set. It arises due to deficiencies in the restriction on the searchable range of dynamically loaded libraries. Exploiting this vulnerability could allow a malicious...
Vulnerability in the MPEG-2 decoder of the Android operating system, allowing a hacker to execute arbitrary code
The vulnerability in the MPEG-2 decoder of the Android operating system is related to deficiencies in access control. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Simple Network Management Protocol (SNMP) subsystem of the Cisco IOS operating system, which allows a hacker to inject code or trigger a system reboot.
Many vulnerabilities in the Simple Network Management Protocol SNMP subsystem of the Cisco IOS operating system are caused by buffer overflows. Exploitation of these vulnerabilities allows a malicious actor to inject code into the system or cause it to restart by sending specially created SNMP...
The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code
The vulnerability of the Android operating system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the Android operating system’s Mediaserver service allows a hacker to cause memory corruption during the use of media files or other data.
The vulnerability of the Android operating system’s Mediaserver service arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to inject arbitrary code using a specially created file, which can cause memory corruption duri...
The vulnerability in the Chakra JavaScript engine of the Microsoft Edge browser allows a hacker to execute arbitrary code or trigger memory corruption.
The vulnerability in the Chakra JavaScript engine of Microsoft Edge occurs due to an operation going beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause memory corruption...
The vulnerability of the Linux operating system’s kernel, which allows a hacker to obtain confidential information
The vulnerability of the serialmultiportstruct structure in the Linux operating system is related to access control deficiencies. Exploiting this vulnerability could allow a local attacker to obtain confidential information...
The vulnerability of the information protection system against unauthorized access—Dallas Lock—allows a intruder to gain unauthorized access to information by circumventing the access control rules.
The vulnerability in the “Dallas Lock 8.0” information protection system driver lies in its lack of implementation of access control for attributes of file system objects. An attacker can access a file system object that is restricted according to access control rules, by using a special attribut...
The vulnerability of the FFmpeg multimedia library, which allows a intruder to trigger a service failure or cause other effects
The vulnerability in the libavcodec/tiff.c function of the FFmpeg multimedia library arises from buffer overflow. Exploiting this vulnerability can allow an attacker to cause a service failure such as inability to read data outside the array bounds or have other effects by using a specially creat...
The vulnerabilities of Adobe Integrated Runtime and Flash Player software allow a perpetrator to execute arbitrary code.
The vulnerability of the instanceof function in Adobe Integrated Runtime and Flash Player is related to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by taking advantage of the processing of link handling...
The vulnerability of the NetworkServlet.getNextTrapPage() function in the system for centrally managing network devices and ports of Advantech iView allows a hacker to execute arbitrary code.
The vulnerability of the NetworkServlet.getNextTrapPage function in the system for centrally managing network devices and ports of Advantech iView is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Alerts & IRM platform’s notification service for monitoring and surveillance allows a perpetrator to disclose protected information.
The vulnerability of the Alerts & IRM platform’s notification service for monitoring and surveillance in Grafana relates to insufficient protection of operational data when connected to the DingDing contact point. Exploiting this vulnerability can allow a malicious actor to disclose protected...
The vulnerability of the Renesas Electronics RH850/F1L microcontroller, related to improper protection against voltage spikes and clock frequency fluctuations, allows a hacker to gain access to the protected information.
The vulnerability of the Renesas Electronics RH850/F1L microcontroller is related to improper protection against voltage spikes and clock frequency fluctuations. Exploiting this vulnerability can allow an attacker to gain access to the protected information...
The vulnerability of the Microsoft Visual Studio Code Python Extension, related to breach of confidentiality boundaries, allows the attacker to execute arbitrary code.
The vulnerability of the Microsoft Visual Studio Code Python Extension is related to a breach of trust boundaries. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
The vulnerability of Adobe Illustrator, related to writing beyond the buffer boundaries, allows a hacker to execute arbitrary code.
The vulnerability of Adobe Illustrator graphic editor is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created file...
Vulnerability eliminated
...
The vulnerability of the nfs3svc_encode_getaclres() function in the fs/nfsd/nfs3acl.c module, which is part of the Linux kernel’s Network File System support, allows a hacker to cause a service failure.
The vulnerability of the nfs3svcencodegetaclres function in the fs/nfsd/nfs3acl.c module, which is part of the Linux kernel’s Network File System support, relates to the use of a NULL pointer dereferencing. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the Adobe Experience Manager (AEM) content and media data management system lies in the insufficient protection of website structures, allowing attackers to execute arbitrary code.
The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the Local Security Authority Subsystem Service (LSASS) in Windows operating systems allows a perpetrator to trigger a service failure.
The vulnerability of the Local Security Authority Subsystem Service LSASS in Windows operating systems is related to an uncontrolled consumption of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of the SAP NetWeaver Application ABAP software integration platform’s server, related to improper code generation management, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the SAP NetWeaver Application ABAP software integration platform is related to incorrect code generation management. Exploiting this vulnerability allows an attacker to influence the confidentiality, integrity, and accessibility of protected information...
The vulnerability of the IBM Guardium Data Protection platform regarding data security protection, related to deficiencies in the authentication mechanism, allows attackers to disclose the protected information.
The vulnerability of the IBM Guardium Data Protection platform relates to deficiencies in its authentication mechanism. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose the protected information...
The vulnerability of the multi-media library Ffmpeg, related to reading data beyond the buffer boundary in memory, allows a intruder to gain unauthorized access to protected information.
The vulnerability of the FFmpeg multimedia library relates to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the Windows Media component in Windows operating systems allows a hacker to execute arbitrary code.
The vulnerability of the Windows Media component in Windows operating systems is related to overflowing buffers in dynamic memory. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...
Vulnerability of the hid_ctrl() function in the drivers/hid/usbhid/hid-core.c module – The driver for the user interface devices of the Linux kernel allows a hacker to compromise the confidentiality and accessibility of protected information.
Vulnerability of the hidctrl function in the drivers/hid/usbhid/hid-core.c module – The driver for the user interface devices in the Linux kernel is vulnerable to a memory leak before the last reference is freed. Exploiting this vulnerability could allow an attacker to compromise the...
The vulnerability of the E-Staff automated recruitment process system, related to data filtering errors, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the E-Staff recruitment process automation system is related to data filtering errors. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
Vulnerability fixed on May 13, 2025
...
The vulnerability in the Windows 10 22H2 operating system, related to the swapping of the zero pointer, allows a malicious actor to trigger a service failure in the operating system’s kernel.
The vulnerability of the Windows 10 22H2 operating system is related to the assignment of the null pointer. Exploiting this vulnerability can allow an attacker to cause a kernel failure in the operating system...
The vulnerability of the SIEM systems’ load testing tool, Kraken Stress Testing Toolkit, arises from the improper use of Content Security Policy (CSP) protection mechanisms. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the SIEM systems’ load testing tools, such as the Kraken Stress Testing Toolkit, is related to the improper use of Content Security Policy CSP protection mechanisms. Exploiting this vulnerability can allow attackers to compromise the confidentiality, integrity, and...
The vulnerability of SimpleOne Platform’s software lies in the lack of measures taken to eliminate scipt-related HTML tags on web pages. This allows attackers to inject HTML tags into the website.
The vulnerability of SimpleOne Platform’s software lies in the lack of measures taken to eliminate scipt-related HTML tags on web pages. Exploiting this vulnerability allows a remote attacker to inject an HTML tag that includes a link to an external resource...
The vulnerability of the pdf.js library on the MFlash secure data exchange platform, related to the lack of protective measures for website structures, allows attackers to execute arbitrary JavaScript code.
The vulnerability of the pdf.js library on the MFlash secure data exchange platform is related to the lack of protective measures for the web page structure. Exploiting this vulnerability could allow an attacker to execute arbitrary JavaScript code remotely...
The vulnerability of PDF-XChange Editor’s PDF document viewing and editing software lies in the possibility of an operation going beyond the buffer in memory, allowing an attacker to execute arbitrary code.
The vulnerability of PDF-XChange Editor, a program for viewing and editing PDF documents, relates to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code using a specially created U3D file...
The vulnerability of the software products of the LLC “NPO ‘MIR’, related to the use of cryptographic algorithms containing defects, allows attackers to execute an attack using brute-force methods.
The vulnerability of the software products developed by LLC “NPO ‘MIR’ lies in the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability allows a remote attacker to execute an attack using brute-force methods...
The vulnerability of the phpgacl/acl_admin.tpl template in the PHP library for managing access in web applications. This is part of the phpGACL system used for managing medical documentation in OpenEMR. It allows attackers to perform cross-site scripting attacks.
The vulnerability of the phpgacl/acladmin.tpl template in the PHP library for managing access in web applications is related to the lack of protective measures taken when processing the action template parameters. Exploiting this vulnerability allows a remote attacker to perform cross-site...
The vulnerability of the Elastic Defend software’s detection, monitoring, and response mechanisms is related to insufficient handling of exceptional states, allowing attackers to trigger a service failure.
The vulnerability of the software for detecting, monitoring, and responding to Elastic Defend threats is related to insufficient handling of exceptional states. Exploiting this vulnerability can allow attackers to cause service failures...
The vulnerability of software solutions that support the closing, consolidation, and reporting processes of IBM Cognos Controller and IBM Controller lies in the lack of a mechanism for generating error reports. This allows attackers to gain unauthorized access to protected information.
The vulnerabilities of the software solutions that support the closing, consolidation, and reporting processes of IBM Cognos Controller and IBM Controller are related to deficiencies in the mechanism for generating error reports. Exploiting these vulnerabilities can allow unauthorized actors to...
The vulnerability of the CoreMedia component in operating systems such as MacOs, iPadOS, VisionOS, iOS, WatchOS, and tvOS allows a hacker to trigger a service failure.
The vulnerability of the CoreMedia component in operating systems such as MacOs, iPadOS, VisionOS, iOS, WatchOS, and tvOS is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...
The vulnerability in the form2WlAc.cgi script of the D-Link DIR-816A router’s software allows a hacker to execute arbitrary code.
The vulnerability of the form2WlAc.cgi script of the D-Link DIR-816A2 router’s microprogramming software is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created HTTP POST request...
The vulnerability of macOS operating systems, related to the insecure storage of confidential information, allows attackers to gain unauthorized access to protected data.
The vulnerability of macOS operating systems lies in the insecure storage of confidential information. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to protected information...
The vulnerability of the Launch Services interface for macOS operating systems allows attackers to circumvent security restrictions.
The vulnerability of the Launch Services interface for macOS operating systems is related to deficiencies in access control. Exploiting this vulnerability could allow a perpetrator to circumvent security restrictions...
The vulnerability in the implementation of the cc_SendCcImsInfoIndMsg function in the cc_MmConManagement.c file of the Android operating system of Pixel phones allows a hacker to execute arbitrary code.
The vulnerability in the implementation of the ccSendCcImsInfoIndMsg function in the ccMmConManagement.c file of the Android operating system for Pixel phones is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to execute...
The vulnerability of the Palo Alto Networks Expedition configuration migration tool, related to incorrect external management of file names or file paths, allows a perpetrator to delete any files they desire.
The vulnerability of the Palo Alto Networks Expedition configuration migration tool is related to incorrect external management of file names or file paths. Exploiting this vulnerability allows a malicious actor to delete arbitrary files remotely...
Vulnerability of JetBrains YouTrack’s data merging functions, which allows attackers to execute a “ prototype contamination ” attack.
The vulnerability of the data merging functions in the JetBrains YouTrack project and task management software is related to the uncontrolled modification of prototype object attributes. Exploiting this vulnerability could allow a malicious actor to execute an “infection of the prototype” attack...
The vulnerability of the xdp component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the xdp component in the Linux operating system’s kernel is related to the pointer to NULL. Exploiting this vulnerability can allow an attacker to cause a service failure...