90509 matches found
The vulnerability of the Microsoft Defender for IoT’s threat detection mechanism, related to the lack of protection measures for the SQL query structure, allows attackers to execute arbitrary code.
The vulnerability of the Microsoft Defender for IoT’s threat detection mechanism is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a attacker to execute arbitrary code...
The vulnerability of the Internet Storage Name Service (iSNS) on the Microsoft Windows operating system allows a perpetrator to execute arbitrary code.
The vulnerability of the Internet Storage Name Service iSNS on Microsoft Windows operating systems is related to improper code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Magento Commerce software development and management platform lies in the incorrect limitation of the path to the restricted catalog. This allows attackers to execute arbitrary code.
The vulnerability of the Magento Commerce development and management software platform relates to incorrect restrictions on the path to the restricted catalog. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user...
The vulnerability of software for the development and mass production of printed circuit boards, related to the ability to read data beyond the buffer in memory, allows attackers to gain access to protected information or cause system failures.
The vulnerability of software for the development and mass production of printed circuit boards relates to the ability to read data beyond the buffer in memory. Exploiting this vulnerability can allow a remote attacker to gain access to protected information or cause service failures by sending a...
The vulnerability of the QNX Neutrino operating system’s kernel allows a perpetrator to escalate their privileges.
The vulnerability of the QNX Neutrino operating system’s kernel is related to privilege management errors. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of NETGEAR Wi-Fi router microprogramming software, including models D6220, D7000, D7000v2, R6400v2, R6700v3, R7000, R7100LG, and XR300, arises from buffer overflow attacks, allowing attackers to execute arbitrary code.
The vulnerability of NETGEAR Wi-Fi router software models D6220, D7000, D7000v2, R6400v2, R6700v3, R7000, R7100LG, and XR300 lies in buffer overflow attacks on the network interface layer. Exploiting this vulnerability can allow attackers to execute arbitrary code...
The vulnerability of Windows Mobile Device Management for Windows operating systems allows attackers to escalate their privileges.
The vulnerability of Windows Mobile Device Management for Windows operating systems is related to insecure management of privileges. Exploiting this vulnerability can allow attackers to enhance their privileges...
Vulnerabilities of Microsoft 365, Microsoft Excel, Microsoft Office, Microsoft SharePoint, and Microsoft Office Web Apps are related to improper code generation, allowing attackers to execute arbitrary code.
Vulnerabilities of Microsoft 365, Microsoft Excel, Microsoft Office, Microsoft SharePoint, and Microsoft Office Web Apps are related to improper code generation management. Exploitation of these vulnerabilities can allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the Windows DWM Core Library on Windows operating systems, which allows attackers to enhance their privileges
The vulnerability of the Windows DWM Core Library in operating systems is related to security configuration errors. Exploiting this vulnerability can allow attackers to gain increased privileges...
The vulnerability of the Apex One antivirus software lies in its improper handling of links before accessing a file, allowing attackers to escalate their privileges.
The vulnerability of the anti-virus software Apex One is related to an incorrect definition of the link before accessing the file. Exploiting this vulnerability can allow a hacker to increase their privileges...
The vulnerability of the setup.php configuration file of the universal monitoring system Zabbix, related to authentication errors, allows a intruder to modify the configuration parameters.
The vulnerability of the setup.php configuration file of the Zabbix monitoring system is related to authentication errors. Exploiting this vulnerability allows a malicious actor to modify the configuration parameters remotely...
The vulnerability of the FUDforum internet forum, related to the lack of measures taken to protect the website structure, allows a perpetrator to execute arbitrary code.
The vulnerability of the FUDforum internet forum is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor, operating remotely, to inject arbitrary code during the administrator’s email reading process. This code can then...
The vulnerability of the ip6_xmit function in the (6_output.c) kernel of the Android operating system allows a hacker to increase their privileges.
The vulnerability of the ip6xmit function in the 6output.c kernel of the Android operating system is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the rendering mode in Vulkan browsers Google Chrome and Microsoft Edge allows a hacker to execute arbitrary code.
The vulnerability in the rendering mode of Google Chrome and Microsoft Edge browsers relates to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the implementation of the SetWLanACLSettings() function in D-Link DIR-823-Pro wireless router software allows a hacker to execute arbitrary commands.
The vulnerability of the implementation of the SetWLanACLSettings function in D-Link DIR-823-Pro wireless router microprogramming software is related to insufficient cleaning of input data during the processing of the parameter wl0.0maclist. Exploiting this vulnerability allows a remote attacker ...
The vulnerability of the implementation of the SetNetworkTomographySettings() function in the microprogrammed software for D-Link DIR-823-Pro wireless routers allows a hacker to execute arbitrary commands.
The vulnerability of the implementation of the SetNetworkTomographySettings function in the microprogrammed wireless router software from D-Link DIR-823-Pro relates to insufficient cleaning of input data during the processing of parameters tomographypingaddress, tomographypingnumber,...
The vulnerability of the Google Chrome browser’s Extensions Platform component, which allows a perpetrator to access confidential information
The vulnerability of the Google Chrome browser’s Extensions Platform component is related to improperly implemented security checks for standard elements. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to confidential information through a specially create...
The vulnerability of the client library’s HTTP httplib2 module, related to uncontrolled resource consumption, allows attackers to cause service interruptions.
The vulnerability of the client library’s HTTP httplib2 module is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the Pointer Lock component in Google Chrome browser allows a hacker to gain access to confidential information.
The vulnerability of the Pointer Lock component in Google Chrome browser is related to improperly implemented security checks for standard elements. Exploiting this vulnerability can allow a remote attacker to gain access to confidential information through a specially created web page...
The vulnerability of the basic Windows DWM library in the Windows operating system allows attackers to escalate their privileges.
The vulnerability of the Windows DWM base library in the Windows operating system is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges...
The vulnerability of the Class.forName(...) method in the Kylin data processing platform allows attackers to compromise the confidentiality, integrity, and accessibility of information.
The vulnerability of the Class.forName... method in the Kylin data processing platform is related to the use of externally controlled input parameters for class selection. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of...
The vulnerability of the Windows Event Tracing service, related to the discretionary list of access control (DACL) in the Windows operating system, allows a perpetrator to trigger a service failure.
The vulnerability of the Windows Event Tracing service related to the discretionary access control list DACL of the Windows operating system involves an uncontrolled consumption of resources. Exploiting this vulnerability could allow a perpetrator to cause a service failure...
The vulnerability of AppX Deployment Extensions for Windows operating systems stems from deficiencies in access control, allowing attackers to escalate their privileges.
The vulnerability of AppX Deployment Extensions in Windows operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges through a specially created application...
The vulnerability of the Win32k.sys component in Windows operating systems, which allows a hacker to increase their privileges
The vulnerability of the Win32k.sys component in Windows operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to enhance their privileges...
The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, and Adobe Acrobat 2020 are related to memory usage after it is freed. This allows attackers to execute arbitrary code.
The vulnerability of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, Adobe Acrobat 2020, and Adobe Acrobat Reader 2020 is related to the use of memory after it is freed. Exploiting this...
The vulnerability in the web interface for managing Cisco Enterprise Chat and Email allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Web interface for managing Cisco Enterprise Chat and Email involves inconsistencies in the responses to incoming requests. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information by sending...
The vulnerability of the Chart component in the SolarWinds Patch Manager software allows a hacker to execute arbitrary code by restoring unreliable data in memory.
The vulnerability of the Chart component in the SolarWinds Patch Manager software involves the restoration of unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Adobe Media Encoder application, related to reading beyond the buffer in memory, allows attackers to escalate their privileges and gain unauthorized access to protected information.
The vulnerability of the Adobe Media Encoder application relates to reading data beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to enhance their privileges and gain unauthorized access to protected information through a specially created MP4 file...
The vulnerability of NETGEAR’s Wi-Fi routers, namely RBK40, RBR40, and RBS40, stems from improper handling of the cryptographic generation process. This allows attackers to execute a Server Side Include Injection (SSI) attack.
The vulnerability of the built-in Wi-Fi router software from NETGEAR, namely RBK40, RBR40, and RBS40, is related to incorrect code generation. Exploiting this vulnerability could allow an attacker to perform a Server Side Include Injection attack...
The vulnerability of the online enrollment management system for students and learners lies in errors when processing the “Name” parameter on the “Add-Users” page. This allows a perpetrator to carry out cross-site scripting attacks.
The vulnerability of the Online Enrollment Management System for students and learners is related to errors in processing the “Name” parameter on the “Add-Users” page. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
The vulnerability of the built-in Wi-Fi router software from NETGEAR, including models RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850, stems from insufficient measures taken to protect the website structure. This allows attackers to execute cross-site scripting attacks.
The vulnerability of NETGEAR Wi-Fi router software models such as RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850 is related to the lack of security measures for website structures. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...
The vulnerability of the UserAttributeSimilarityValidator component in the Django web development framework allows a attacker to perform a denial-of-service attack.
The vulnerability of the UserAttributeSimilarityValidator component in the Django web development framework is related to a resource management error. Exploiting this vulnerability could allow an attacker to perform a denial-of-service attack by sending a specially created password to the...
The vulnerability of the HttpObjectDecoder.java component of the Netty network programming framework, related to a deficiency in HTTP request interpretation, allows attackers to access confidential data and compromise its integrity.
The vulnerability of the HttpObjectDecoder.java component of the Netty network programming framework is related to a deficiency in HTTP request interpretation. Exploiting this vulnerability can allow an attacker to gain access to confidential data and compromise its integrity...
The vulnerability of the comparison library with regular expressions containing ANSI escape codes (Ansi-regex) leads to uncontrolled resource consumption, allowing attackers to cause service failures.
The vulnerability of the comparison library with regular expressions containing ANSI escape codes Ansi-regex is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the Media Foundation component in Microsoft Windows operating systems allows a hacker to execute arbitrary code.
The vulnerability of the Media Foundation component in Microsoft Windows operating systems is related to improper code generation. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted request...
The vulnerability of the Apache DolphinScheduler scheduler platform, related to privilege management errors, allows a malicious actor to execute arbitrary SQL queries.
The vulnerability of the Apache DolphinScheduler scheduler platform is related to privilege management errors. Exploiting this vulnerability allows a remote attacker to execute arbitrary SQL queries...
The vulnerability of the J-Web interface in Junos OS operating systems allows attackers to circumvent security restrictions.
The vulnerability of the J-Web interface in Junos OS operating systems is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to bypass security restrictions from a remote location...
Microsoft Edge browser vulnerability, related to improper code generation management, allows attackers to execute arbitrary code.
The vulnerability of Microsoft Edge is related to incorrect code generation management. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Telegram Desktop messaging app, related to the execution of operations outside the buffer boundaries, allows a hacker to cause a service failure.
The vulnerability of the Telegram Desktop messaging app is related to the execution of operations outside the buffer boundaries. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability arises from the implementation of the automatic update method for server names in the Dynamic DNS system for domain names in systems using Amcrest IP cameras. This allows a perpetrator to execute arbitrary code or cause a service failure.
The vulnerability of the implementation of the automatic update method for domain names in Dynamic DNS systems of Amcrest IP cameras relates to the writing of data beyond the buffer boundaries in memory when using the 0x62 command with the 0x04 subcommand. Exploiting this vulnerability allows a...
The vulnerability of the Windows Installer component of the Windows operating system, which allows a hacker to increase their privileges
The vulnerability of the Windows Installer component of the Windows operating system is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges...
The vulnerability of the PAN-OS operating system, related to deficiencies in access control, allows a perpetrator to perform actions permitted by the EC2 role in AW.
The vulnerability of the PAN-OS operating system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor, operating remotely, to perform arbitrary actions permitted by the EC2 role in AW...
The vulnerability of the application programming interface for data exchange via Google Chrome’s Web Share browser allows a perpetrator to influence the confidentiality, integrity, and accessibility of data.
The vulnerability of the application programming interface for data exchange via Google Chrome’s Web Share browser lies in the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to compromise privacy, integrity, and accessibility of data...
The vulnerability of the BKBCopyD.exe component in Yokogawa’s software products allows a hacker to execute arbitrary code with user privileges of the CENTUM system.
The vulnerability of the “BKBCopyD.exe” service in Yokogawa’s software products is caused by buffer overflow based on a stack. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary code with user privileges of CENTUM, by sending a specially created package to...
The vulnerability of the software for creating metadata, processing, and exchanging sets of Adobe XMP-Toolkit-SDK standards lies in buffer overflows in dynamic memory. This allows attackers to gain access to protected information or cause service failures.
The vulnerability of the software for creating metadata, processing, and exchanging standard sets within the Adobe XMP-Toolkit-SDK is related to buffer overflows in dynamic memory. Exploiting this vulnerability can allow an attacker to access protected information or cause service failures...
The vulnerability of the enterprise management server through the Internet-based Open Management Infrastructure (OMI) for virtual machine management in Azure allows a attacker to execute arbitrary code, resulting in management code generation errors.
The vulnerability of the enterprise management server through the Internet-based Open Management Infrastructure OMI for managing virtual machines in Azure is related to errors in code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the macOS operating system, related to the ability to read data beyond the buffer in memory, allows a hacker to execute arbitrary code.
The vulnerability of the macOS operating system is related to the ability to read data beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the software for creating metadata, processing, and exchanging standard sets within the Adobe XMP-Toolkit-SDK lies in the insufficient validation of input data. This allows a perpetrator to execute arbitrary code.
The vulnerability of the software for creating metadata, processing, and exchanging standard sets within the Adobe XMP-Toolkit-SDK is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code in the context of the current user,...
The vulnerability of the Link Layer Discovery Protocol (LLDP) implementation in Cisco IOS and Cisco IOS XE operating systems allows a attacker to cause a service failure.
The vulnerability of the Link Layer Discovery Protocol LLDP implementation in Cisco IOS and Cisco IOS XE operating systems is related to initialization errors. Exploiting this vulnerability allows a malicious actor to cause service failures through the command line interface or by sending special...
The vulnerability of the Web page rendering module in WebKit operating systems of the Mac OS family allows attackers to access protected information.
The vulnerability of the Web page rendering module in WebKit operating systems of the Mac OS family relates to the ability to execute tasks in parallel using a shared resource. Exploiting this vulnerability can allow an attacker to gain access to protected information...