90509 matches found
The vulnerability of the Samba networking communication package, related to errors in processing symbolic links, allows a hacker to gain access to the server’s file system.
The vulnerability of the Samba networking communication package is related to errors in processing symbolic links. Exploiting this vulnerability can allow a remote attacker to gain access to the server’s file system...
Vulnerability of the Shell component: The Core Client for command-line and code editor, Oracle MySQL Shell, allows an attacker to gain access to read, modify, add, or delete data.
The vulnerability of the Shell component: The Core Client for command-line input and the Oracle MySQL Shell code editor have vulnerabilities due to insufficient validation of input data. Exploiting these vulnerabilities can allow attackers to gain read, modify, add, or delete data permissions...
Vulnerability of the Server component: The Optimizer component of the MySQL Server database management system, which allows a hacker to cause a service failure.
The vulnerability of the MySQL Server component of the database management system exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of the Wi-Fi Aruba Instant deployment application, related to the lack of data cleaning at the management level, allows a perpetrator to execute arbitrary commands.
The vulnerability of the Wi-Fi Aruba Instant deployment application is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by sending specially crafted data...
The vulnerability of the Moxa MXView network control software lies in its lack of functionality for checking the path name of the restricted access directory. This allows attackers to read arbitrary files.
The vulnerability of the Moxa MXView network control software is related to deficiencies in checking the path name to the restricted access catalog. Exploiting this vulnerability allows a malicious actor to read arbitrary files remotely...
The vulnerability of the application for automatic capture, processing, management, and distribution of Opencast videos, related to the use of files and directories accessible to external parties, allows a violator to gain unauthorized access to protected information.
The vulnerability of the application for automatic capture, processing, management, and distribution of Opencast videos involves the use of files and directories accessible to external parties. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized...
The vulnerability affects the implementation of WASM technology in browsers like Firefox, Firefox ESR, and the email client Thunderbird. This allows attackers to trigger a service failure.
The vulnerability of the WASM technology implementation in Firefox browsers, Firefox ESR, and the Thunderbird email client is related to inconsistencies in data instructions and cache data. Exploiting this vulnerability can allow an attacker to cause service failures...
The vulnerability of the implementation of the Diffie-Hellman algorithm in the DNS BIND server allows a attacker to cause a service failure.
The vulnerability of the DNS BIND server’s Diffie-Hellman algorithm implementation is related to improper memory release before deleting last links during TKEY record processing. Exploiting this vulnerability allows an attacker to cause service failures remotely...
The vulnerability of the Synx driver for Multimedia Frameworks microprogramming software in Qualcomm embedded chips allows a hacker to trigger a service failure or execute arbitrary code.
The vulnerability of the Synx driver for Multimedia Frameworks microprogramming software in embedded chips from Qualcomm relates to the use of memory after it is freed during file descriptor processing. Exploiting this vulnerability can allow an attacker to cause system failures or execute...
The vulnerability of the Audio component in Qualcomm’s embedded software allows a hacker to trigger a service failure or execute arbitrary code.
The vulnerability of the Audio component in embedded Qualcomm software lies in the lack of checks for buffer length and reading beyond the memory boundary. Exploiting this vulnerability can allow an attacker to cause a service failure or execute arbitrary code...
The vulnerability of the ION subsystem in Qualcomm’s embedded software architecture allows a hacker to trigger a service failure or execute arbitrary code.
The vulnerability of the ION subsystem in embedded Qualcomm chips relates to insufficient validation of input data during command processing. Exploiting this vulnerability can allow attackers to cause system failures or execute arbitrary code...
The vulnerability of the Rails Html Sanitizer configuration tool for Rails applications allows attackers to perform cross-site scripting attacks.
The vulnerability of the Rails Html Sanitizer configuration tool for applications relates to the improper use of the select and style elements when defining allowed tags. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...
The vulnerability of the implementation of LTE microprogramming technology in Qualcomm’s embedded chips allows a intruder to trigger a service failure.
The vulnerability of the LTE microprogramming technology implementation in Qualcomm’s embedded chips is related to deficiencies in the authentication process when processing the securityModeCommand parameter. Exploiting this vulnerability allows a malicious actor to trigger a service failure by...
The vulnerability of the kernel of microprogramming software in Qualcomm’s embedded chips allows a hacker to trigger a service failure or execute arbitrary code.
The vulnerability of the kernel of microprogramming software in embedded Qualcomm chips is related to improper processing of parallel operations by the supervisor for enabling or disabling IRQ signals. Exploiting this vulnerability can allow an attacker to cause service failures or execute...
The vulnerability of the devMode debugging mode implementation in the Apache Struts software platform allows attackers to perform cross-site scripting attacks.
The vulnerability of the devMode debugging mode implementation in the Apache Struts software platform is related to the lack of measures taken to protect the web page structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
The vulnerability of the implementation of the DefaultActionMapper mechanism in the Apache Struts software framework allows attackers to circumvent security restrictions.
The vulnerability of the DefaultActionMapper mechanism implemented by the Apache Struts software platform is related to deficiencies in access control when processing the ‘action: prefix’ parameter. Exploiting this vulnerability allows an attacker to bypass security restrictions while operating...
The vulnerability of the Graphics component in Qualcomm’s embedded software allows a hacker to trigger a service failure or execute arbitrary code.
The vulnerability of the Graphics component in Qualcomm’s embedded software lies in the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to cause a service failure or execute arbitrary code by opening a specially created file...
The vulnerability of the kernel of microprogramming software in Qualcomm’s embedded chips allows a hacker to trigger a service failure or execute arbitrary code.
The vulnerability of the kernel of microprogramming software in Qualcomm’s embedded chips is related to a numerical overflow condition. Exploiting this vulnerability can allow an attacker to cause malfunctions or execute arbitrary code...
The vulnerability of the implementation of content protection functions in Qualcomm’s embedded software allows a perpetrator to trigger a service failure or execute arbitrary code.
The vulnerability of the content protection implementation in Qualcomm’s embedded software lies in the lack of checks for buffer length and reading beyond the memory boundary. Exploiting this vulnerability can allow an attacker to cause a service failure or execute arbitrary code...
The vulnerability of the `cv::HOGDescriptor::getDescriptorSize` function in the Open Source Computer Vision Library (OpenCV) software library, which is used for computer vision, image processing, and numerical algorithms in general-purpose applications, allows a attacker to cause a service failure.
The vulnerability of the cv::HOGDescriptor::getDescriptorSize function in the Open Source Computer Vision Library OpenCV software library for computer vision, image processing, and general numerical algorithms is related to the lack of checks for division by zero. Exploiting this vulnerability...
The vulnerability of the Apex One antivirus software is related to deficiencies in its authentication process. This allows unauthorized users to gain access to protected information and circumvent security restrictions.
The vulnerability of the Apex One antivirus software is related to deficiencies in the authentication process when processing request parameters. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information and circumvent security...
The vulnerability of the Dpkg::Source::Archive component of the package manager Dpkg allows a hacker to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the Dpkg::Source::Archive component of the package manager Dpkg is related to deficiencies in pathname restrictions for directories. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures...
The vulnerability of the _zip_read_eocd64 function in the zip_open.c component of the Libzip library allows a attacker to cause a service failure.
The vulnerability of the zipreadeocd64 function in the zipopen.c component of the Libzip library library for working with Zip archives is related to the allocation of unlimited memory. Exploiting this vulnerability allows a remote attacker to cause service interruptions...
The vulnerability of the sbr_process_channel function in the libfaad/sbr_dec.c component of the Freeware Advanced Audio Decoder 2 (FAAD2) allows a intruder to trigger a service failure.
The vulnerability of the sbrprocesschannel function in the libfaad/sbrdec.c component of the Freeware Advanced Audio Decoder 2 FAAD2 audio decoder is related to improper processing of new PS channels. Exploiting this vulnerability allows a remote attacker to cause service interruptions...
The vulnerability of the Overview Mode function in Google Chrome browser allows a hacker to execute arbitrary code.
The vulnerability of the Overview Mode function in Google Chrome browser is related to the use of memory after it is freed. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code through a specially created web page from a remote location...
The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to the writing of data beyond the buffer boundaries in memory, allowing an attacker to execute arbitrary code.
The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird lies in the writing of data beyond the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the `cgroup1_parse_param` function in the kernel/cgroup/cgroup-v1.c file of the Linux operating system allows a hacker to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of the cgroup1parseparam function in the kernel/cgroup/cgroup-v1.c file of the Linux operating system is related to the lack of checks to ensure that the source parameter is indeed a string. Exploiting this vulnerability could allow an attacker to access confidential data,...
The vulnerability of the unzzip_cat_file function in the ZZIPlib compression library allows a hacker to trigger a service failure.
The vulnerability of the unzzipcatfile function in the ZZIPlib archive library is related to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability allows an attacker to cause a service failure...
The vulnerabilities of DCE/RPC components in Samba’s network communication software package allow attackers to compromise data integrity.
The vulnerability of DCE/RPC components in Samba’s networking communication software lies in the insufficient neutralization of certain elements in requests. Exploiting this vulnerability allows a remote attacker to compromise data integrity...
The vulnerability of the Linux operating system’s sound subsystem allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of the Linux operating system’s kernel audio subsystem is related to incorrect handling of parallel calls to the PCM hwparams function. Exploiting this vulnerability can allow an attacker to access confidential data, compromise its integrity, and cause service failures...
Vulnerability of the vmw_execbuf_tie context driver’s function in the vmwgfx driver (drivers/gpu/vmxgfx/vmxgfx_execbuf.c) in the Linux operating system, which allows a malicious actor to increase their privileges or cause service failures.
The vulnerability of the vmwexecbuftie context driver function in the vmwgfx driver file: drivers/gpu/vmxgfx/vmxgfxexecbuf.c in the Linux operating system is related to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to gain elevated privileges or...
The vulnerability of the utf_ptr2char function in the Vim text editor allows for reading data beyond the buffer’s boundaries in memory, enabling an attacker to execute arbitrary code.
The vulnerability of the utfptr2char function in the Vim text editor relates to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
The vulnerability of the disaster recovery tool for Azure virtual machines – Azure Site Recovery and VMWare to Azure – arises due to insufficient validation of input data. This allows attackers to execute arbitrary code.
The vulnerability of the disaster recovery tool for Azure virtual machines exists due to insufficient verification of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the NPM package manager vm2 library allows a hacker to execute arbitrary code.
The vulnerability of the NPM packet manager’s vm2 library is related to insufficient control over resources with dynamic management. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the messaging service in the centralized network management system of Cisco Catalyst SD-WAN Manager allows a attacker to compromise the integrity of protected information or cause service failures.
The vulnerability of the Cisco Catalyst SD-WAN Manager, a centralized messaging service, is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to compromise the integrity of protected information or cause service failures by sending specially...
The vulnerability of the BIOS microprogramming system of Intel Server Platform Services allows a perpetrator to trigger a service failure.
The vulnerability of the BIOS microprogramming system in Intel Server Platform Services is related to incomplete cleanup of temporary or auxiliary resources. Exploiting this vulnerability can allow an attacker to cause service failures...
The vulnerability of the do_tag() function in the Vim text editor allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the dotag function in the Vim text editor is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of the GetValue() function in the microprogramming software for LinkHub Mesh Wi-Fi AC1200 allows a hacker to execute arbitrary code.
The vulnerability in the implementation of the GetValue function in the microprogramming system of LinkHub Mesh Wi-Fi AC1200 lies in the copying of buffers without checking the size of the input data during the processing of the logserver file. Exploiting this vulnerability allows an attacker...
The vulnerability of the User Interface sub-component of the Oracle WebCenter Sites Support Tools software platform allows a malicious individual to gain unauthorized access to read, modify, or add data, or to cause service interruptions.
The vulnerability of the User Interface sub-component of the Oracle WebCenter Sites Support Tools software platform exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to read, modify, or add...
The vulnerability of the microprogramming software of the Cognex 3D-A1000 Dimensioning System, related to the implementation of security functions at the client-side, allows attackers to exploit their privileges.
The vulnerability of the microprogramming software of the Cognex 3D-A1000 Dimensioning System is related to the implementation of security functions at the client side. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...
The vulnerability of the Device Software Manager installer, related to an uncontrolled search path, allows a hacker to load arbitrary files.
The vulnerability of the Device Software Manager installer is related to an uncontrolled element in the search process. Exploiting this vulnerability could allow a hacker to load arbitrary files...
The vulnerability of the dict0dict.cc component of the MariaDB database management system allows a attacker to cause a service failure.
The vulnerability of the dict0dict.cc component in the MariaDB database management system is related to the use of the assert function or similar operators. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...
The vulnerability of the Crow web service framework relates to the possibility of exploiting memory after it is freed, allowing an attacker to execute arbitrary code.
The vulnerability of the Crow web service creation framework relates to the possibility of using memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of Firefox browser, related to insufficient validation of input data, allows attackers to circumvent security restrictions.
The vulnerability of Firefox browsers is related to insufficient validation of input data when processing values of array elements. Exploiting this vulnerability can allow a remote attacker to bypass security restrictions...
The vulnerability of the RPKI validator OctoRPKI, which stems from the lack of data validation during data transmission, allows a violator to trigger a service failure.
The vulnerability of the RPKI validator OctoRPKI is related to the lack of verification of returned data during the generation of Route Origin Authorisations. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the Infrastructure sub-component of the Oracle FLEXCUBE Universal Banking banking analytics system’s simulation model, allowing a perpetrator to gain access to read data and modify it.
The vulnerability of the Infrastructure sub-component of the Oracle FLEXCUBE Universal Banking banking analytics system’s simulation model exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify...
The vulnerability of the Integration Broker component in the Oracle PeopleSoft Enterprise PeopleTools business application suite allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Integration Broker component in the Oracle PeopleSoft Enterprise PeopleTools business application exists due to insufficient validation of input data. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information using the HTTP...
The vulnerability of SAP Enterprise Extension Defense Forces & Public Security software, related to authentication errors, allows a perpetrator to increase their privileges.
The vulnerability of SAP Enterprise Extension Defense Forces & Public Security software is related to authentication errors. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...
The vulnerability of Google Chrome’s SplitScreen display mode allows a hacker to disclose protected information.
The vulnerability of Google Chrome’s SplitScreen display mode is related to the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to disclose protected information...
The vulnerability of the REST API interface of the Apache Geode data management platform allows a hacker to execute arbitrary code.
The vulnerability of the REST API interface of the Apache Geode data management platform involves the restoration of unreliable data in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...