90509 matches found
The vulnerability of the custom-content-type-manager plugin in the WordPress content management system allows a hacker to execute arbitrary code.
The vulnerability of the custom-content-type-manager plugin in the WordPress content management system is related to improper handling of code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the QNAP QVR surveillance system, related to the failure to take measures to neutralize special elements used in the operating system’s command, allows intruders to compromise the confidentiality, integrity, and accessibility of information.
The vulnerability of the QNAP QVR video surveillance system is related to the lack of measures taken to neutralize special elements used in the operating system’s command line. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and...
The vulnerability of the statussupport_diagnostic_tracing.json component of the SerComm h500s router software allows a hacker to execute arbitrary commands.
The vulnerability of the statussupportdiagnostictracing.json component of the SerComm h500s router software exists due to the lack of measures taken to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a remote attacker to execute arbitrary...
The vulnerability of Cisco Expressway Series and Cisco Telepresence VCS conference control devices is related to errors in the authentication process, allowing attackers to execute a “man-in-the-middle” attack.
The vulnerability of Cisco Expressway Series and Cisco Telepresence VCS conference control devices is related to errors in the authentication process for certificates. Exploiting this vulnerability could allow a malicious actor to carry out a “man-in-the-middle” attack...
The vulnerability of Adobe Reader and Adobe Acrobat PDF viewer/editor programs, related to the execution of operations beyond the buffer in memory, allows attackers to execute arbitrary code or cause service interruptions.
The vulnerability of PDF viewing and editing programs like Adobe Reader and Adobe Acrobat lies in the execution of operations beyond the buffer limits in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a service failure by using a specially create...
The vulnerability of the Microsoft Office suite, related to pointer offsets, allows a perpetrator to execute arbitrary code or gain full control over the application.
The vulnerability of the Microsoft Office package is related to a pointer offset issue during the processing of the cbHdrData element in the FEATHEADER field of BIFF format files. Exploiting this vulnerability allows an attacker to execute arbitrary code or gain full control over the application...
The vulnerability of the kernel-level driver nvlddmkm.sys of the NVIDIA GPU Display Driver allows a attacker to cause a service failure.
The vulnerability of the kernel-level driver nvlddmkm.sys of the NVIDIA GPU Display Driver is related to the lack of resource release after the expiration of its useful life. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of embedded images of PACsystems programmable logic controllers allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of embedded images of PACsystems programmable logic controllers is related to insufficient verification of data authenticity. Exploiting this vulnerability can allow an attacker operating remotely to gain access to confidential data, compromise its integrity, and even cause...
The vulnerability of the Apache Kafka message dispatcher, related to deficiencies in access control, allows attackers to bypass security restrictions.
The vulnerability of the Apache Kafka message dispatcher is related to deficiencies in access control when using an Access Control List. Exploiting this vulnerability allows a malicious actor to bypass security restrictions through a specially created request...
The vulnerability of the Navigation Pages, Portal, and Query components of the Oracle PeopleSoft Enterprise PeopleTools business application allows a perpetrator to gain access to read data or modify data.
The vulnerability of the Navigation Pages, Portal, and Query components in Oracle PeopleSoft Enterprise PeopleTools exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to data or modify data using HTTP reques...
The vulnerability of the Web Services Security component of the Oracle Web Services Manager allows a perpetrator to gain read access to data or modify data.
The vulnerability of the Web Services Security component of the Oracle Web Services Manager exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain read access to data or modify data using specially crafted HTTP...
The vulnerability of the User Interface component of the Oracle Transportation Management software allows a perpetrator to gain access to read data or modify data.
The vulnerability of the User Interface component of the Oracle Transportation Management software is related to errors in the code. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to data or modify data using HTTP requests...
The vulnerability of the Process Scheduler component in the PeopleSoft Enterprise PeopleTools business application package allows a hacker to gain read access to data or modify data.
The vulnerability of the Process Scheduler component in the PeopleSoft Enterprise PeopleTools business application exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain read access to data or modify data using special...
The vulnerabilities of microprogrammed software in programmable logic controllers such as ILC 1x0, ILC 1x1, ILC 1x1 GSM/GPRS, ILC 3xx, AXC 1050, AXC 1050 XC, AXC 3050, RFC 480S PN 4TX, RFC 470 PN 3TX, RFC 470S PN 3TX, RFC 460R PN 3TX, RFC 460R PN 3TX-S, RFC 430 ETH-IB, RFC 450 ETH-IB, PC WORX SRT, PC WORX RT BASIC, and FC 350 PCI ETH are related to authentication process flaws. These flaws allow attackers to gain unauthorized access to protected information or compromise the integrity of that information.
The vulnerabilities of the microprogrammed logic controllers ILC 1x0, ILC 1x1, ILC 1x1 GSM/GPRS, ILC 3xx, AXC 1050, AXC 1050 XC, AXC 3050, RFC 480S PN 4TX, RFC 470 PN 3TX, RFC 470S PN 3TX, RFC 460R PN 3TX, RFC 460R PN 3TX-S, RFC 430 ETH-IB, RFC 450 ETH-IB, PC WORX SRT, PC WORX RT BASIC, and FC 35...
The vulnerability of iCare subcomponents, within the Oracle Hospitality Reporting and Analytics software suite of Oracle Food and Beverage Applications, allows a perpetrator to gain access to read data or modify data.
The vulnerability of iCare subcomponents, as well as the Configuration component of the Oracle Hospitality Reporting and Analytics package from the Oracle Food and Beverage Applications, exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to ga...
The vulnerability of Adobe Illustrator’s graphic editor, related to reading data beyond the buffer in memory, allows attackers to exploit this to disclose protected information.
The vulnerability of Adobe Illustrator graphic editor is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to disclose protected information using a specially created file...
The vulnerability of the NCIE Scanner module in Trend Micro Security’s antivirus protection allows a hacker to exploit it to disclose protected information.
The vulnerability of the NCIE Scanner module in Trend Micro Security antivirus tools is related to reading data beyond the buffer in memory. Exploiting this vulnerability can allow attackers to disclose protected information...
The vulnerability of the Windows Print Spooler daemon in the Windows operating system allows a hacker to escalate their privileges.
The vulnerability of the Windows Print Spooler service in the Windows operating system is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges...
The vulnerability of Visual Studio Code’s source editor, related to deficiencies in access control, allows attackers to escalate their privileges.
The vulnerability of Visual Studio Code’s source editor is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to enhance their privileges...
The vulnerability of the Azure Site Recovery disaster recovery tool, related to insufficient validation of input data, allows a perpetrator to execute arbitrary code.
The vulnerability of the Azure Site Recovery recovery tool is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code...
The vulnerability of Microsoft Exchange Server servers, related to deficiencies in access control, allows attackers to increase their privileges.
The vulnerability of Microsoft Exchange Server is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to increase their privileges...
The vulnerability of the ClamAV antivirus software, related to the repeated release of memory, allows a hacker to execute arbitrary code.
The vulnerability of the ClamAV antivirus software is related to repeated memory release. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially created file...
The vulnerability of the DNS server of the Microsoft Windows operating system, allowing a hacker to execute arbitrary code.
The vulnerability of the DNS server of the Microsoft Windows operating system is related to incorrect code generation management. Exploitation of this vulnerability can allow a remote attacker to execute arbitrary code...
The vulnerability of the Ajax.NET Professional framework exists due to the lack of measures taken to protect the structure of web pages. This vulnerability allows attackers to compromise the confidentiality and integrity of the protected information.
The vulnerability of the Ajax.NET Professional framework exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality and integrity of the protected information...
The vulnerability of the PJSIP multimedia communication library, related to executing a loop with an unavailable exit condition, allows attackers to cause service failures.
The vulnerability of the PJSIP multimedia communication library lies in the execution of a loop with an unavailable exit condition during the processing of WAV/AVI files. Exploiting this vulnerability can allow a malicious actor to cause service failures...
The vulnerability lies in the implementation of the --no-clobber and --remove-on-error options in the cURL command-line utility, which allow a malicious user to delete any files they desire.
The vulnerability of the --no-clobber and --remove-on-error command-line utilities of cURL is related to the use of incorrect path names. Exploiting this vulnerability could allow a remote attacker to delete any files they desire...
The vulnerability of the llcp_sock_connect() function in the NFC protocol of the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the llcpsockconnect function in the NFC protocol of the Linux operating system’s kernel is related to improper memory release before deleting the last references. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
The vulnerability of the CMS system Pixelimity lies in the lack of measures to cleanse input data, allowing attackers to execute arbitrary code.
The vulnerability of the CMS system Pixelimity is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through admin/admin-ajax.php?action=installtheme remotely...
The vulnerability of the executable file wpsupdater.exe of the WPS Office office software allows a hacker to execute arbitrary code.
The vulnerability of the WPS Office office software’s executable file, wpsupdater.exe, is related to improper input validation in wpsupdater.exe. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the sapi/cgi/cgi_main.c component of the PHP programming language interpreter allows a hacker to execute arbitrary code.
The vulnerability of the sapi/cgi/cgimain.c component of the PHP programming language interpreter is related to the lack of validation for the sequences of XML objects. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Alac decoder in Microprogramming Software Microchip MediaTek MT6570, MT6580, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6883, MT6885, MT6889, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8176, MT8183, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797—allows a hacker to disclose protected information.
The vulnerability of the Alac decoder in microprogramming software for MediaTek’s MT6570, MT6580, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6797, MT6799, MT6833,...
The vulnerability of the `php_raw_url_encode` function in the PHP programming language allows attackers to trigger a denial-of-service attack.
The vulnerability of the phprawurlencode function in the PHP programming language is related to errors in number processing. Exploiting this vulnerability can allow an attacker to cause service failures...
The vulnerability of the Jira Seraph authentication platform, along with the Jira and Jira Service Management systems for tracking errors and incidents, allows attackers to increase their privileges.
The vulnerability of the Jira Seraph web authentication platform is related to deficiencies in the authentication process of Jira and Jira Service Management. Exploiting this vulnerability could allow attackers, operating remotely, to increase their privileges through specially crafted HTTP...
The vulnerability of the Cisco IOx software platform arises from an incorrect limitation on the path name to the restricted access directory, allowing a perpetrator to execute arbitrary code.
The vulnerability of the Cisco IOx software platform exists due to an incorrect limitation on the path name to the restricted access catalog. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the AppNav-XE function in the Cisco IOS XE operating system allows a hacker to trigger a device reboot or cause a service failure.
The vulnerability of the AppNav-XE function in the Cisco IOS XE operating system is related to improper locking of resources. Exploiting this vulnerability can allow a malicious actor to trigger a device reboot or cause a service failure by sending a TCP traffic...
The vulnerability of the web interface of Cisco Small Business routers such as RV160, RV160W, RV260, RV260P, RV260W, RV340, RV340W, RV345, and RV345P allows attackers to elevate their privileges to the root level.
The vulnerability of the web interface of Cisco Small Business RV160, RV160W, RV260, RV260P, RV260W, RV340, RV340W, RV345, and RV345P routers is related to authentication deficiencies. Exploiting this vulnerability can allow an attacker to elevate their privileges to the root level remotely...
The vulnerability of the OpenSSL library, related to reading beyond the buffer in memory, allows a hacker to cause a service failure.
The vulnerability of the OpenSSL library is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a remote attacker to cause a service failure...
The vulnerability of the exif_process_ifd_in_makernote function (ext/exif/exif.c) in the PHP programming language allows a attacker to cause a service failure, disclose protected information, or potentially have other adverse effects.
The vulnerability of the exifprocessifdinmakernote function ext/exif/exif.c in the PHP programming language is caused by buffer overflow. Exploiting this vulnerability could allow a remote attacker to cause service failures, disclose sensitive information, or potentially have other adverse effect...
The vulnerability of the SSL VPN microprogramming software for Cisco Small Business RV340, RV340W, RV345, and RV345P routers allows a hacker to execute arbitrary code.
The vulnerability of the SSL VPN microprogramming software for Cisco Small Business RV340, RV340W, RV345, and RV345P routers stems from an operation that occurs outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code with root privileges usin...
The vulnerabilities of the software for designing and configuring controllers from the CCW platform, the SISW workstation for automated safety systems, and the ISaGRAF Workbench development environment for programmable logic controllers from Rockwell Automation allow attackers to execute arbitrary code by restoring unreliable data into memory.
The vulnerabilities of the software for designing and configuring controllers in the Connected Components Workbench, the workstations for automated safety systems called Safety Instrumented Systems Workstations, and the application development environment for programmable logic controllers in the...
The vulnerability of GUI temperature control software relates to errors in processing configuration files *.gd1. This allows an intruder to access protected information or cause service failures.
The vulnerability of GUI temperature control software is related to errors in processing configuration files .gd1. Exploiting this vulnerability can allow an attacker to gain access to protected information or cause service failures...
The vulnerability of the zend_ini_do_op() function in the PHP interpreter allows a hacker to execute arbitrary PHP code.
The vulnerability of the zendinidoop function Zend/zendini parser.c in the PHP interpreter is caused by buffer overflow. Exploiting this vulnerability could allow a remote attacker to execute arbitrary PHP code...
The vulnerability of the interactive graphical SCADA system, Interactive Graphical SCADA System (IGSS), related to reading data beyond the specified buffer, allows a intruder to trigger a service failure.
The vulnerability of the interactive graphical SCADA system, Interactive Graphical SCADA System IGSS, relates to the reading of data beyond the specified buffer. Exploiting this vulnerability can allow a malicious actor to cause a service failure by sending a specially crafted message...
The vulnerability of the interactive graphical SCADA system, Interactive Graphical SCADA System (IGSS), arises from buffer overflows in the stack, allowing an intruder to execute arbitrary code.
The vulnerability of the interactive graphical SCADA system, Interactive Graphical SCADA System IGSS, arises due to overflow of the buffer on the stack. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created message...
The vulnerability of FTP servers for microprogrammed software controllers such as CAPITAL VSTAR, APOGEE MBC, APOGEE MEC, APOGEE PXC, TALON TC, and the operating system Nucleus allows a hacker to cause a service failure or execute arbitrary code.
The vulnerability of FTP servers for microprogrammed control devices such as CAPITAL VSTAR, APOGEE MBC, APOGEE MEC, APOGEE PXC, TALON TC, and the operating system Nucleus is related to errors during the verification of the MKD/XMKD command length. Exploiting this vulnerability can allow an attack...
The vulnerability of the Display Key Combination Switches in the Wayland server display protocol implementation allows a hacker to compromise data integrity or cause service failures.
The vulnerability of the Display Key Combination Demon in the Wayland display protocol implementation relates to the ability to save the PID of a process in the /tmp/swhks.pid file and incorporate the PID of an existing process into it. Exploiting this vulnerability allows a remote attacker to...
The vulnerability of the software for managing virtual infrastructure, such as VMware vCenter Server and VMware Cloud Foundation, is related to deficiencies in access control. This allows attackers to gain unauthorized access to protected information.
The vulnerability of the software for managing virtual infrastructure, such as VMware vCenter Server and VMware Cloud Foundation, is related to deficiencies in access control to the /etc/vmware-vpx/vcdb.properties file, which contains plaintext credentials. Exploiting this vulnerability could all...
The vulnerability of the IBM DataPower Gateway’s network firewall, related to insufficient validation of requests on the server side, allows a hacker to execute arbitrary code.
The vulnerability of the IBM DataPower Gateway network firewall is related to insufficient validation of requests at the server side. Exploiting this vulnerability allows an attacker to execute arbitrary code...
The vulnerability in the `read_objects` function of the `read.c` component of the .fig Fig2dev file conversion utility allows a attacker to cause a service failure.
The vulnerability of the readobjects function in the read.c component of the .fig conversion utility Fig2dev involves reading data beyond the allowable buffer size. Exploiting this vulnerability allows an attacker to cause service interruptions remotely...
The vulnerability of the gif_process_raster function in the fromgif.c component of the SIXEL Libsixel encoder/decoder implementation allows a attacker to cause a service failure.
The vulnerability of the gifprocessraster function in the fromgif.c component of the SIXEL Libsixel encoder/decoder implementation is related to the output of the operation beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to cause a service failure...