90509 matches found
The vulnerability of the Apache Hadoop distributed development and execution platform, related to insufficient validation of input data, allows a malicious actor to execute commands with root privileges remotely.
The vulnerability of the Apache Hadoop distributed development and execution platform is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute commands with root privileges...
The vulnerability of the Sandbox component of the Mac OS X operating system allows a malicious actor to trigger a service failure or execute arbitrary code in a privileged context.
The vulnerability of the Sandbox component of the Mac OS X operating system arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in a privileged context remotely, or to trigger a service failure...
The vulnerability of the GIF loader in the imlib2 library allows a hacker to trigger a service failure or gain access to confidential data.
The vulnerability of the imlib2 GIF library loader exists due to a read buffer overflow error. Exploiting this vulnerability can allow an attacker to cause service failures or gain access to confidential data using a specially created GIF image...
The vulnerability of the try_read_command function (memcached.c) in the memcached data caching software allows a attacker to cause a service failure.
The vulnerability of the tryreadcommand function in the memcached.c library lies in the fact that the operation is executed outside of the buffer in memory. Exploiting this vulnerability allows an attacker, operating locally, to cause a service failure segmentation fault by using a specially...
The vulnerability in GoAhead’s embedded web server software for the COM-module of SICAM RTUs SM-2556 allows a intruder to execute arbitrary code.
The vulnerability of GoAhead’s embedded web server’s COM-module software for SICAM RTUs SM-2556 is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability in the Omnibox browser implementation of Google Chrome allows a hacker to replace the domain name.
The vulnerability of the Omnibox browser implementation by Google Chrome is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to replace a domain name using a specially crafted domain name that includes IDN Internationalized Domain Names...
The vulnerability of the FileReceiveServlet servlet in the network management system by Brocade Network Advisor allows a attacker to upload a malicious file into the file system, where it can be executed.
The vulnerability of the FileReceiveServlet server in the IP and SAN network management system provided by Brocade Network Advisor exists due to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability allows a malicious actor to download a malicious fi...
The vulnerability of MySQL and MariaDB database drivers for the Perl Database Interface (DBI) relates to buffer overflow attacks, allowing attackers to cause service interruptions.
The vulnerability of the MySQL and MariaDB database drivers for the Perl Database Interface DBI arises due to buffer overflow. Exploiting this vulnerability allows an attacker to trigger a fixed-length buffer error message, leading to a crash error FORTIFYSOURCE. This potentially results in servi...
The vulnerability of the `usb_get_bos_descriptor` function in the Linux operating system’s kernel allows a hacker to cause a service failure or exert other effects.
The vulnerability of the usbgetbosdescriptor function in the Linux kernel’s drivers/usb/core/config.c file relates to reading beyond the buffer boundaries. Exploiting this vulnerability could allow an attacker to cause a service failure or other effects through a specially created USB device...
The vulnerability of the “networkmap” component in ASUS’s microprogramming router software allows a hacker to execute arbitrary code.
The vulnerability of the “networkmap” component in ASUS’s microprogramming router software arises from buffer overflow. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by constructing long strings as values for the hostname and port in the response to a...
The vulnerability in the server component of the SAP POS software for automating accounting, sales, and production processes allows a perpetrator to read and delete files, shut down the Xpress Server, view the contents of the POS terminal, and attack user accounts.
The vulnerability in the server component of the SAP POS software for accounting, trading, and production automation lies in the absence of authentication procedures during file reading, operation completion, daemon shutdown, and terminal reading. Exploiting this vulnerability allows a malicious...
The vulnerability of the Python script execution subsystem of the NX-OS network operating system allows a attacker to execute arbitrary commands on the underlying operating system.
The vulnerability of the Python script execution subsystem in the NX-OS network operating system is related to insufficient cleaning of user parameters used by certain Python functions in an isolated scripting environment. Exploiting this vulnerability allows a malicious actor to exit the isolate...
The vulnerability of the doFilter method in the UrlAccessController class of the HPE Intelligent Management Center PLAT software platform allows a attacker to bypass the authentication process.
The vulnerability of the doFilter method in the UrlAccessController class of the HPE Intelligent Management Center PLAT software platform for managing wired and wireless networks is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor ...
The vulnerability in the PHPMemcachedAdmin web interface exists due to errors in the mechanism for recovering serialized data. This allows attackers to escalate their privileges and execute arbitrary PHP code.
The vulnerability of the PHPMemcachedAdmin web interface exists due to errors in the mechanism for restoring serialized data. Exploiting this vulnerability allows a malicious actor to elevate their privileges to the level of an administrator and execute arbitrary PHP code...
The vulnerability of the Redmine.pm web application for managing projects and tasks allows a perpetrator to gain access to protected information or exert other effects.
The vulnerability of the Redmine.pm web application for managing projects and tasks in Redmine is related to the lack of verification of the “Repository” module in project settings. Exploiting this vulnerability may allow a malicious actor, operating remotely, to gain access to protected...
The vulnerability of the _isBidi function in the (bidi.c) library of Libidn2, which allows a hacker to cause a service failure or exert other effects.
The vulnerability of the isBidi function in the bidi.c library from Libidn2 is due to a numerical overflow condition. Exploiting this vulnerability could allow an attacker, operating remotely, to cause service failures or other adverse effects...
The vulnerability of the install/index.php script of the Exponent CMS system allows a hacker to execute arbitrary code.
The vulnerability of the Exponent CMS content management system is related to improper handling of code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using the sc parameter in the install/index.php script...
The vulnerability of the JavaScript script handler ChakraCore in the Microsoft Edge browser allows a hacker to execute arbitrary code.
The vulnerability of the JavaScript script handler ChakraCore in the Microsoft Edge browser is related to improper handling of objects in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user, using a specially crafted web page...
The vulnerability of Microsoft Edge’s JavaScript interpreter allows a perpetrator to execute arbitrary code using specially crafted content.
The vulnerability of Microsoft Edge’s JavaScript interpreter is related to improper handling of objects in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user...
The vulnerability of the FileUploadServlet class in the software for managing workstations through the ManageEngine Desktop Central web interface allows a malicious individual to upload and execute any file they desire.
The vulnerability of the FileUploadServlet class in the software for managing workstations through the web interface of ManageEngine Desktop Central is related to the lack of restrictions on file uploads. Exploiting this vulnerability allows an unauthorized intruder, operating remotely, to upload...
The vulnerability of the graphical component of the Windows operating system, Win32k, allows a hacker to execute code in kernel mode and gain increased privileges.
The vulnerability of the graphical component of the Windows operating system, Win32k, is related to deficiencies in access control. Exploiting this vulnerability allows a local attacker to execute code at the kernel level and increase their privileges through a specially created application...
The vulnerability of the WPA2 protocol, which stems from errors in managing the cryptographic keys, allows unauthorized access to encrypted information transmitted over a wireless network.
The vulnerability of the WPA2 protocol, which provides security for Wi-Fi wireless networks, is related to errors in the management of cryptographic keys. Exploiting this vulnerability allows a perpetrator within the range of a Wi-Fi network to gain access to encrypted information transmitted ove...
The vulnerability of the Arbor Peakflow SP traffic control analysis system lies in the lack of protection for operational data, allowing intruders to read arbitrary files.
The vulnerability of the Arbor Peakflow SP traffic control analysis system is related to the lack of protection for operational data. Exploiting this vulnerability allows a malicious actor to read arbitrary files...
The vulnerability of the “/com.sap.portal.themes.styleservice.LockingTestPortalComponent” component of the SAP NetWeaver software integration platform allows a hacker to inject any HTML tags into a page.
The vulnerability of the “/com.sap.portal.themes.styleservice.LockingTestPortalComponent” component of the SAP NetWeaver software integration platform exists due to the lack of measures taken to protect the structure of web pages. This vulnerability allows a malicious actor to inject arbitrary HT...
The vulnerability in the embedded microprogramming software of the IP-stack service for Huawei Campus series network switches models S2300, S2700, S3300, S3700, S5300EI, S5700EI, S5300SI, S5700SI, S5300HI, S5700HI, S6300EI, S6700EI, S5710HI, S5300LI, S5700LI, S2350EI, S2750EI, S5720HI, S7700, S9300, S9700 allows a intruder to cause service failure.
The vulnerability of the embedded microprogramming software of the IP-stack service for Huawei Campus series network switches, such as S2300, S2700, S3300, S3700, S5300EI, S5700EI, S5300SI, S5700SI, S5300HI, S5700HI, S6300EI, S6700EI, S5710HI, S5300LI, S5700LI, S2350EI, S2750EI, S5720HI, S7700,...
The vulnerability of the Archive::ReadHeader15 function in the libunrar.a library, a tool for decompressing UnRAR files, allows a malicious actor to cause an unexpected termination of the application.
The vulnerability of the Archive::ReadHeader15 function in the libunrar.a library, a tool for decompressing UnRAR files, arises due to the execution of an operation beyond the buffer boundaries in memory reading beyond the memory boundaries when calling EncodeFileName::Decode. Exploiting this...
The vulnerability of the LTE component of the Android operating system from the CAF repository, which allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the LTE component of the Android operating system exists due to insufficient verification of data related to the size of the frequency list. Exploiting this vulnerability could allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the...
The vulnerability of the FileUploadController servlet in the web application, which is designed for managing and monitoring printing devices and image processing. SyncThru 6 allows a perpetrator to execute arbitrary code with system privileges.
The vulnerability of the FileUploadController servlet in the web application, which is designed for managing and monitoring printing devices and image processing, exists due to an incorrect path limitation for the restricted directory. Exploiting this vulnerability allows a malicious actor to...
The vulnerability of the FileUploadController servlet in the web application, which is designed for managing and monitoring printing devices and image processing. SyncThru 6 allows a perpetrator to execute arbitrary code with system privileges.
The vulnerability of the FileUploadController servlet in the web application, which is designed for managing and monitoring printing devices and image processing, exists due to an incorrect path limitation for the restricted directory. Exploiting this vulnerability allows a malicious actor to...
The vulnerability of the ReadOneDJVUImage function in the console-based ImageMagick graphic editor allows a hacker to trigger a service failure.
The vulnerability of the ReadOneDJVUImage function in the console-based ImageMagick graphics editor is related to resource management errors. Exploiting this vulnerability can allow an attacker, operating remotely, to cause a service failure an infinite loop, excessive consumption of computationa...
The vulnerability of the AcquireVirtualMemory component in the console-based ImageMagick graphics editor allows a hacker to trigger a service failure.
The vulnerability of the AcquireVirtualMemory component in the console-based ImageMagick graphics editor is related to a memory leak. Exploiting this vulnerability can allow an attacker to cause a service failure memory consumption...
The vulnerability of JavaScript handlers in the Microsoft Edge browser for the Windows operating system, allowing a perpetrator to execute arbitrary code
The vulnerability of Microsoft Edge’s JavaScript handlers arises from an operation going beyond the buffer boundaries due to a memory object processing error. Exploiting this vulnerability allows a remote attacker to execute arbitrary code in the context of the current user...
The vulnerability of the sock_setsockopt function in the kernel of the Linux operating system’s net/core/sock.c file allows a hacker to cause a service failure or exert other effects.
The vulnerability of the socksetsockopt function in the kernel’s net/core/sock.c file in the Linux operating system arises from the execution of an operation beyond the buffer boundaries in memory. Exploiting this vulnerability allows a local attacker to cause a service failure or other adverse...
The vulnerability of the RW-message structure in the Aerospike Database Server of the Oracle Database database management system allows a perpetrator to execute arbitrary code.
The vulnerability of the RW-message structure in the Aerospike Database Server of the Oracle Database database management system is related to unvalidated array indexing. Exploiting this vulnerability allows a malicious actor to execute arbitrary code read from beyond the memory limit using a...
The vulnerability of the ring_buffer_resize function in the Linux kernel’s profiling subsystem allows a hacker to increase their privileges.
The vulnerability of the ringbufferresize function in the Linux kernel’s profiling subsystem arises due to integer overflow or cyclic shift attacks. Exploiting this vulnerability can allow an attacker, operating locally, to increase their privileges by writing to the file in the...
The vulnerability of the Windows operating system’s kernel driver mode allows attackers to escalate their privileges.
The vulnerability of the Windows operating system’s kernel mode driver is related to improper data handling. Exploiting this vulnerability can allow an attacker, operating locally, to increase their privileges...
The vulnerability of the Internet Explorer browser, which allows a hacker to execute arbitrary code
The vulnerability of the Internet Explorer browser is related to improper access to objects in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Xen hypervisor, a platform for server virtualization called XenServer, allows a attacker to cause a service failure, obtain confidential information, or execute arbitrary code.
The vulnerability of the Xen hypervisor and the XenServer platform for server virtualization exists due to insufficient validation of input data. Exploiting this vulnerability can allow a guest user of the 86-bit operating system running locally to obtain confidential information, execute arbitra...
The vulnerability of the audio driver of the MediaTek Android operating system allows a hacker to execute arbitrary code.
The vulnerability of the audio driver of the MediaTek Android operating system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to enhance their privileges and execute arbitrary code within the kernel context, through the use of a local maliciou...
The vulnerability of Ubuntu and Debian GNU/Linux operating systems allows attackers to enhance their privileges.
The vulnerability of Ubuntu and Debian GNU/Linux operating systems is related to errors in error handling. Exploiting this vulnerability can allow an intruder to increase their privileges locally. The dmcrypt-get-device utility, which comes with the Ubuntu package for extraction, does not check t...
The vulnerability of the Android operating system’s camera, allowing a intruder to compromise the confidentiality of information
The vulnerability of the Android operating system’s camera is related to deficiencies in access control. Exploiting this vulnerability can allow a remote attacker to compromise the confidentiality of information...
The vulnerability of the tools::Polygon::Insert function in the LibreOffice office software package allows a hacker to trigger a service failure.
The vulnerability of the tools::Polygon::Insert function in the LibreOffice office software package is caused by a buffer overflow in the dynamic memory. Exploiting this vulnerability can allow an attacker to cause a service failure remotely...
The vulnerability of the FFmpeg multimedia library, which allows a hacker to perform recording beyond the memory limit
The vulnerability of the FFmpeg multimedia library arises from an overflow in the buffer in the dynamic memory. Exploiting this vulnerability allows a malicious actor to perform write operations beyond the memory boundaries, related to the decodeframe function in libavcodec/pictordec.c...
The vulnerability in the loading of DLL files of the Cisco AnyConnect Secure Mobility Client software allows a perpetrator to install or execute a file with privileges equivalent to those of a Microsoft Windows system administrator account.
The vulnerability related to the loading of DLL files in the Cisco AnyConnect Secure Mobility Client encryption solution stems from deficiencies in access control. Exploiting this vulnerability allows a malicious actor, operating locally, to install or execute a DLL file with privileges equivalen...
The vulnerability of the coders/wpg.c component in the console-based image editing tool ImageMagick allows a hacker to exert undefined effects.
The vulnerability of the coders/wpg.c component in the console-based image editing tool ImageMagick is caused by an unaccounted-for unit. Exploiting this vulnerability can allow a remote attacker to exert unpredictable effects using vectors related to the copy of the string...
The vulnerability of the DiskArbitration component in the Mac OS X operating system allows a hacker to execute arbitrary code in a privileged context.
The vulnerability of the DiskArbitration component in the Mac OS X operating system arises due to synchronization errors when using a shared resource. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary code in privileged context racing condition through a...
The vulnerability of the SQLite component in Mac OS X and iOS operating systems allows a hacker to trigger a service failure or execute arbitrary code.
The vulnerability of the SQLite component in Mac OS X and iOS operating systems arises from the execution of an operation beyond the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a service failure memory corruption, application...
The vulnerability of the Microsoft Server Message Block 1.0 (SMBv1) network protocol on the Windows operating system allows a perpetrator to execute arbitrary code or cause a service failure.
The vulnerability of the Microsoft Server Message Block 1.0 SMBv1 operating system in Windows is related to improper data processing. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause service failures by manipulating certain requests...
Microsoft Edge browser vulnerability, allowing a hacker to trigger memory corruption
The vulnerability of Microsoft Edge arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a remote attacker to cause memory corruption...
The vulnerability in the JavaScript kernel of Microsoft Edge’s browser allows a hacker to trigger memory corruption.
The vulnerability in the Microsoft Edge JavaScript kernel is caused by a race condition that occurs outside of the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to induce memory corruption from a remote perspective...