90604 matches found
The vulnerability of the Python library for interacting with git repositories, GitPython, is related to the use of an insecure search path, allowing attackers to execute arbitrary code with elevated privileges.
The vulnerability of the Python library for interacting with git repositories, GitPython, is related to the use of an unreliable search path. Exploiting this vulnerability allows a attacker to execute arbitrary code with elevated privileges using a specially created binary file...
The vulnerability of the JavaFX component of the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine allows attackers to compromise the integrity of protected information.
The vulnerability of the JavaFX component of Oracle Java SE and the Oracle GraalVM Enterprise Edition platform exists due to insufficient testing of input data. Exploiting this vulnerability can allow an attacker to compromise the integrity of protected information...
The vulnerability of the prog.cgi component in D-Link DIR-X3260 Wi-Fi routers allows a hacker to execute arbitrary code.
The vulnerability of the prog.cgi component in D-Link DIR-X3260 Wi-Fi routers involves reading data outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of Fanuc i Series CNC control systems’ microprogrammed software, related to uncontrolled resource consumption, allows attackers to cause malfunctions during maintenance operations.
The vulnerability of Fanuc i Series CNC control systems’ microprogramming software is related to uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause malfunctions in the system...
The vulnerability of the WLAvalancheService service in the Avalanche device management system allows a hacker to execute arbitrary code.
The vulnerability of the WLAvalancheService service in the mobile device management system of Avalanche is related to writing beyond the buffer boundaries. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Google Chrome browser’s Extensions allows a malicious actor to install a malicious extension and gain access to read files.
The vulnerability of the Google Chrome browser’s Extensions exists due to insufficient validation of input data. Exploiting this vulnerability allows attackers to deploy malicious extensions and gain access to files by using a specially crafted HTML page...
The vulnerability of the Git-based software platform for collaborative code development on GitLab arises from insufficient verification of data authenticity. This allows a malicious actor to alter the metadata of signed commits.
The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to insufficient verification of data authenticity. Exploiting this vulnerability could allow a malicious actor, operating remotely, to modify the metadata of signed commits...
The vulnerability of the MICROprogramming software for the SIMATIC CN 4100 communication gateway, which stems from insufficient validation of input data, allows a intruder to alter the IP configuration and trigger a service failure.
The vulnerability of the SIMATIC CN 4100 communication gateway’s microprogramming software is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to alter the IP configuration and cause service failures...
The compatibility subsystem for running Linux applications allows Windows Subsystem for Linux (WSL) operating systems, enabling attackers to enhance their privileges.
The vulnerability of the compatibility subsystem for running Linux applications in Windows Subsystem for Linux WSL operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of Adobe Experience Manager’s content and media data management system, related to the lack of measures taken to protect the website structure, allows attackers to execute XSS attacks.
The vulnerability of the Adobe Experience Manager content and media data management system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to carry out XSS attacks...
The vulnerability of the MySQL software component used for managing power supply sources in Voltronic Power View. This allows a hacker to elevate their privileges to the level of an administrator.
The vulnerability of the MySQL component in the software for managing power sources in Voltronic Power ViewPower Pro lies in the use of rigidly encoded credentials. Exploiting this vulnerability could allow an attacker to elevate their privileges to the level of an administrator...
The vulnerability of the selectEventConfig method in the software for managing power sources of Voltronic Power ViewPower Pro allows a hacker to execute arbitrary SQL code.
The vulnerability of the selectEventConfig method in the software for managing power supply sources of Voltronic Power ViewPower Pro relates to the lack of measures taken to protect the SQL query structure when data cleaning is insufficient. Exploiting this vulnerability could allow an attacker...
The vulnerability of Adobe Experience Manager’s content and media data management system, related to the lack of measures taken to protect the website structure, allows attackers to carry out XSS attacks.
The vulnerability of the Adobe Experience Manager content and media data management system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to carry out XSS attacks...
The vulnerability of the programming software for PLCs (programmable logic controllers), namely the Saia PG5 Controls Suite, arises from incorrect restrictions on XML references to external objects. This vulnerability allows attackers to gain unauthorized access to protected information.
The vulnerability of the programming software for PLCs programmable logic controllers, Saia PG5 Controls Suite, is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...
The vulnerability of the sms_decode_address_field() function in the OFono mobile phone stack allows a hacker to execute arbitrary code.
The vulnerability of the smsdecodeaddressfield function in the OFono mobile phone stack is related to the execution of operations outside the buffer in memory when sending SMS messages in PDU format. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the Sunshine Photo Cart plugin of the WordPress content management system allows a hacker to execute XSS attacks.
The vulnerability of the Sunshine Photo Cart plugin of the WordPress content management system is related to the lack of measures taken to protect the website’s structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks...
The vulnerability of the application access control library in the SAP XS Advanced sap-xssec development, integration, and application extension platform in the SAP Business Technology Platform (BTP) environment is related to insecure management of privileges. This allows attackers to escalate their privileges.
The vulnerability of the application access control library in the SAP XS Advanced sap-xssec development, integration, and application extension platform in the SAP Business Technology Platform BTP environment is related to insecure management of privileges. Exploiting this vulnerability can allo...
The vulnerability of the Static Handler component of the web framework used to create scalable and high-performance web applications, Echo, allows a attacker to perform an SSRF attack.
The vulnerability of the Static Handler component of the web framework used to create scalable and high-performance web applications, Echo, involves redirecting URLs to an unreliable website. Exploiting this vulnerability can enable a remote attacker to perform an SSRF attack...
The vulnerability of the get_set.ccp file in the web interface for controlling the wireless router TRENDnet TEW-652BRP allows a hacker to execute arbitrary code.
The vulnerability of the getset.ccp file in the web interface for controlling the wireless router TRENDnet TEW-652BRP is related to the lack of data cleaning measures at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of FortiWeb web applications’ network firewalls arises from improper processing of output data for registration logs, allowing attackers to replace the traffic logs.
The vulnerability of FortiWeb web applications’ network firewalls is related to improper processing of output data for registration logs. Exploiting this vulnerability allows a malicious actor to replace traffic logs through a specially created web page...
The vulnerability of the Bulk Modification Tool component in Nagios XI allows a hacker to execute arbitrary SQL code.
The vulnerability of the Bulk Modification Tool component in Nagios XI is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...
The vulnerability of the Adobe Experience Manager (AEM) content and media data management system, related to the lack of measures taken to protect the website structure, allows a perpetrator to execute arbitrary code.
The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the driver for auxiliary functions in Windows Sockets operating systems allows attackers to increase their privileges.
The vulnerability of the WinSock auxiliary function driver in Windows operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the Microsoft Office for Mac software, related to errors in user interface information representation, allows attackers to perform spear-phishing attacks.
The vulnerability of the Microsoft Office for Mac software is related to information representation errors in the user interface. Exploiting this vulnerability can allow attackers to perform spear-phishing attacks remotely...
The vulnerability of Adobe Experience Manager’s content and media data management system, which stems from the lack of measures taken to protect the structure of web pages, allows attackers to disclose protected information.
The vulnerability of Adobe Experience Manager’s content and media data management system exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability could allow a malicious actor to disclose protected information remotely...
The vulnerability of Adobe Experience Manager’s content and media data management system, which stems from the lack of measures taken to protect the website structure, allows attackers to execute arbitrary code.
The vulnerability of Adobe Experience Manager’s content and media data management system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the Windows Hyper-V hardware virtualization system allows attackers to escalate their privileges.
The vulnerability of the Windows Hyper-V hardware virtualization system is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to increase their privileges...
The vulnerability of the software for creating and managing graphical user interfaces in industrial automation systems like SCADA CONPROSYS HMI Systems lies in the use of a password hash instead of a password for authentication. This allows attackers to exploit this flaw to disclose sensitive information through a “man-in-the-middle” attack.
The vulnerability of the SCADA CONPROSYS HMI System lies in the use of a password hash instead of a plain-text password for authentication. Exploiting this vulnerability allows an attacker, operating remotely, to disclose sensitive information through a “man-in-the-middle” attack...
The vulnerability of the IBM DB2 database management system, which arises due to insufficient validation of input data, allows a hacker to trigger a service failure.
The vulnerability of the IBM DB2 database management system exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions using a specially created RUNSTATS command for a table with a size of 8 TB...
The vulnerability of the IBM DB2 database management system, which arises due to insufficient validation of input data, allows a hacker to trigger a service failure.
The vulnerability of the IBM DB2 database management system exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...
The vulnerability of the 5G mobile communication network organization software free5GC, related to the lack of authentication for critical functions, allows attackers to disclose protected information.
The vulnerability of the software for managing fifth-generation mobile communication networks 5G, free5GC, is related to the absence of authentication for a critical function. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose protected information...
The vulnerability of the Delta Electronics InfraSuite Device Master software for real-time device monitoring lies in its ability to restore unreliable data in memory, allowing an attacker to execute commands with local administrator privileges.
The vulnerability of the Delta Electronics InfraSuite Device Master software for real-time device monitoring lies in the recovery of unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute code with local administrator privileges...
The vulnerability of the FedCM component in the Google Chrome browser allows a perpetrator to execute arbitrary code or trigger a service failure.
The vulnerability of the FedCM component in the Google Chrome browser relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code or cause a service failure through a specially created malicious web page...
The vulnerability of the Windows operating system’s kernel allows attackers to enhance their privileges.
The vulnerability of the Windows operating system’s kernel is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to enhance their privileges...
The vulnerability of the Delta Electronics InfraSuite Device Master software in monitoring devices in real time arises from an incorrect limitation on the path name to the restricted access catalog. This allows a perpetrator to write to any file anywhere within the file system.
The vulnerability of the Delta Electronics InfraSuite Device Master software for real-time device monitoring exists due to an incorrect restriction on the path name to the restricted catalog. Exploiting this vulnerability allows a malicious actor to write to any file anywhere within the file syst...
The vulnerability of the microprogramming software of the Ubiquiti Networks UniFi Dream Machine Pro, related to deficiencies in access control, allows intruders to circumvent domain restrictions.
The vulnerability of the microprogrammed software of the Ubiquiti Networks UniFi Dream Machine Pro relates to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to bypass domain restrictions using specially created packages...
The vulnerability of the Adobe Experience Manager (AEM) content and media data management system, related to the lack of measures taken to protect the website structure, allows a perpetrator to execute arbitrary code.
The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the Adobe Experience Manager (AEM) content and media data management system, related to the lack of measures taken to protect the website structure, allows a perpetrator to execute arbitrary code.
The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the software for automation, dispatching, and analysis in the ICONICS Suite arises from the use of an unreliable search path, allowing a perpetrator to execute arbitrary code.
The vulnerability of the software for automation, dispatching, and analysis in the ICONICS Suite is related to the use of an unreliable search path. Exploiting this vulnerability allows a perpetrator to execute arbitrary code...
The vulnerability in the Safari browser on operating systems such as iPadOS, iOS, and Mac OS allows a hacker to exploit it to access the history of web browsing activities.
The vulnerability of the Safari browser on iPadOS, iOS, and Mac OS relates to the disclosure of information. Exploiting this vulnerability allows a malicious actor to disclose the history of web browsing...
The vulnerability of the cstecgi.cgi implementation in TOTOLINK X5000R router microprogramming software allows a perpetrator to execute arbitrary commands.
The vulnerability of the cstecgi.cgi microprogramming system implementation in TOTOLINK X5000R routers is related to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary...
The vulnerability in the implementation of the Media Capture application interface of Google Chrome and Microsoft Edge allows a perpetrator to disclose protected information.
The vulnerability of the Media Capture application interface in Google Chrome and Microsoft Edge browsers relates to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to disclose sensitive information...
The vulnerability of the Delta Electronics InfraSuite Device Master software for real-time device monitoring lies in improper restrictions on path names in the catalog. This allows attackers to disclose user information, obtain login credentials in plain text, or perform NTLM relay attacks.
The vulnerability of the Delta Electronics InfraSuite Device Master software for real-time device monitoring is related to an incorrect limitation on the path name to the catalog. Exploiting this vulnerability can allow a malicious actor to disclose user information, obtain login credentials in...
The vulnerability of the MPI process tracing tools Intel Trace Analyzer and Collector, related to writing beyond buffer boundaries, allows attackers to exploit their privileges.
The vulnerability of the MPI process tracing tools Intel Trace Analyzer and Collector lies in the ability to write beyond buffer boundaries. Exploiting this vulnerability can allow attackers to gain increased privileges...
The vulnerability of the BIG-IP Access Policy Manager’s access control and remote authentication mechanisms, as well as the software products such as BIG-IP Advanced Firewall Manager, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Hybrid Defender, BIG-IP Domain Name System, BIG-IP Fraud Protection Service, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Enforcement Manager, BIG-IP Orchestrator, allows a perpetrator to trigger a service failure.
The vulnerabilities of the BIG-IP Access Policy Manager, as well as the BIG-IP Advanced Firewall Manager, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Hybrid Defender, BIG-IP Domain Name System, BIG-IP Fraud Protection Service, BIG-IP Link...
The vulnerability of the Adobe Media Encoder application, related to access to an uninitialized pointer, allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the Adobe Media Encoder application relates to access to an uninitialized pointer. Exploiting this vulnerability could allow a perpetrator to gain unauthorized access to protected information through a specially created malicious file...
The vulnerability of Adobe InDesign’s computer layout automation tool, related to reading data outside the buffer in memory, allows attackers to exploit this to disclose protected information.
The vulnerability of Adobe InDesign’s computer layout automation tool is related to reading data outside the buffer in memory. Exploiting this vulnerability can allow an attacker to disclose protected information...
The vulnerability of the Apache Storm distributed stream processing software’s software platform in UNIX-like operating systems, related to access control deficiencies, allows attackers to disclose sensitive information.
The vulnerability of the Apache Storm distributed stream processing software’s software platform in UNIX-like operating systems is related to lack of access control mechanisms. Exploiting this vulnerability can allow attackers to disclose sensitive information that is protected by the system’s...
The vulnerability of the 3D modeling software Argon Ashlar-Vellum lies in its uncontrolled search element, which allows a hacker to execute arbitrary code.
The vulnerability of the 3D modeling software Argon Ashlar-Vellum is related to an uncontrolled element in the search process. Exploiting this vulnerability could allow a hacker to execute arbitrary code...
The vulnerability of distributed computing platforms and PowerJob task scheduling systems, related to incorrect default permissions, allows attackers to gain unauthorized access to protected information.
The vulnerability of distributed computing platforms and the PowerJob task scheduling system is related to incorrect default permissions. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...