90509 matches found
The vulnerability of the Adobe Photoshop graphic editor lies in the ability to write beyond the buffer boundaries in memory, allowing an attacker to execute arbitrary code.
The vulnerability of the Adobe Photoshop graphic editor is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Microsoft Malware Protection Engine’s antivirus kernel, related to access control deficiencies, allows attackers to escalate their privileges or cause service failures.
The vulnerability of the Microsoft Malware Protection Engine’s antivirus kernel is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges or cause service interruptions...
Vulnerability of the extract_name() function (rfc1035.c): The Dnsmasq DNS server has a vulnerability related to the failure of operations beyond the buffer in memory, allowing an attacker to cause a service failure.
The vulnerability of the extractname function rfc1035.c in the Dnsmasq DNS server is related to the lack of length checking on input data. Exploiting this vulnerability allows a remote attacker to cause a service failure...
The vulnerabilities of PDF viewing and editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat Reader Document Cloud, as well as Adobe Acrobat 2017 and Adobe Acrobat Reader 2017, are related to memory usage after it is released. These vulnerabilities allow attackers to gain unauthorized access to protected information.
The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, and Adobe Acrobat Reader 2017 are related to the use of memory after it is freed. Exploiting these vulnerabilities can allow an attacker to gain...
The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine allows attackers to trigger a service failure.
The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine is related to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to cause a service failure...
The vulnerability of the Adobe Photoshop graphic editor, related to a type conversion error, allows attackers to execute arbitrary code.
The vulnerability of the Adobe Photoshop graphic editor is related to a type conversion error. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
The vulnerability of JunOS Evolved and Junos operating systems arises from reading beyond the buffer boundaries in memory, allowing an attacker to execute arbitrary code or cause the application to crash.
The vulnerability of the JunOS Evolved and Junos operating systems arises from reading beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause an unexpected termination of the application...
The vulnerabilities of PDF viewing and editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat Reader Document Cloud, as well as Adobe Acrobat 2017 and Adobe Acrobat Reader 2017, are related to memory usage after it is freed. This allows attackers to execute arbitrary code.
The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, and Adobe Acrobat Reader 2017 are related to the use of memory after it is freed. Exploiting these vulnerabilities can allow an attacker to execut...
The vulnerability of Google Chrome’s full-screen mode, related to insufficient validation of input data, allows a hacker to compromise data integrity.
The vulnerability of the full-screen mode of the Google Chrome browser is related to the insufficient implementation of security policies. Exploiting this vulnerability can allow a malicious actor to compromise data integrity remotely...
The vulnerability of the PDFium component in Google Chrome browsers, related to the use of an uninitialized resource, allows attackers to access confidential information or cause service failures.
The vulnerability of the PDFium component in the Google Chrome browser is related to the use of an uninitialized resource. Exploiting this vulnerability could allow a malicious actor to gain access to confidential information or cause service failures...
The vulnerability of the Mozilla Thunderbird email client, related to writing beyond the buffer in memory, allows a hacker to execute arbitrary code.
The vulnerability of the Mozilla Thunderbird email client is related to writing data beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by creating a special web page...
The vulnerability of the FreeBSD operating system’s kernel, related to deficiencies in the authentication mechanism, allows a perpetrator to disable the SMAP protection and compromise the integrity of the protected information.
The vulnerability of the FreeBSD operating system’s kernel is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows a malicious actor to disable the SMAP protection and compromise the integrity of the protected information during system calls...
The vulnerability of the Apache Traffic Server web server arises from insufficient validation of input data, allowing attackers to trigger service interruptions.
The vulnerability of the Apache Traffic Server web server exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of Cisco IOS XE and Cisco IOS network devices from the Cisco Catalyst 4500 series and Cisco Catalyst 4500-X series lies in their lack of exception handling capabilities. This allows attackers to trigger a system reboot, cause an unexpected termination of an application, or induce a service failure.
The vulnerability of Cisco IOS and Cisco IOS XE software for Cisco Catalyst 4500 and Cisco Catalyst 4500-X network devices is related to exception handling flaws. Exploiting this vulnerability can allow an attacker to trigger a device reboot, a failed termination of the application, or a service...
The vulnerability of the runc tool’s configuration allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the configuration of the tool for running isolated containers, “runc,” exists due to an incorrect limitation on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and...
The vulnerability of the traffic analysis module of the FortiSandbox system allows a perpetrator to execute arbitrary code or commands.
The vulnerability of the traffic analysis module of the FortiSandbox system exists because measures are not taken to neutralize the special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or commands remotely...
The vulnerability of the Blit_3or4_to_3or4__inversed_rgb function in the multimedia library Simple DirectMedia Layer, which involves reading data beyond the allowed buffer limits, allows an intruder to access confidential data and also trigger a service failure.
The vulnerability of the Blit3or4to3or4inversedrgb function in the multimedia library Simple DirectMedia Layer involves reading data beyond the permissible buffer limits. Exploiting this vulnerability could allow an attacker to access confidential data, as well as cause service failures...
The vulnerability of the MagickCore/resample.c file, a set of programs for reading and editing ImageMagisk files, is related to the lack of checks for division by zero. This allows a malicious actor to trigger a service failure.
The vulnerability of the MagickCore/resample.c file, a set of programs for reading and editing ImageMagisk files, is related to the lack of checks for division by zero. Exploiting this vulnerability could allow an attacker to cause service failures...
The vulnerability of the Job::onEntry function in the jobs.cpp file of the Ark archive viewer is related to deficiencies in the pathname restriction mechanism for the directory. This vulnerability allows an attacker to compromise the integrity of the protected information.
The vulnerability in the Job::onEntry function in the jobs.cpp file of the Ark archive viewer is related to an incorrect restriction on the path name to the directory. Exploiting this vulnerability could allow a remote attacker to compromise the integrity of the protected information...
The vulnerability of the readSampleCountForLineBlock function in software for storing OpenEXR images with wide dynamic range brightness levels, related to integer overflow, allows a malicious actor to cause service interruptions.
The vulnerability of the readSampleCountForLineBlock function in software for storing OpenEXR images with wide dynamic range brightness values is related to integer overflow. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
The vulnerability of the FastHufDecoder::refill library in the ImfFastHuf.cpp software for storing images in OpenEXR format with a wide dynamic range of brightness levels, related to reading data beyond the buffer’s acceptable limits, allows attackers to cause service interruptions.
The vulnerability of the FastHufDecoder::refill library in the ImfFastHuf.cpp software for storing images with wide dynamic range brightness in the OpenEXR format is related to reading data beyond the allowable buffer size. Exploiting this vulnerability could allow a malicious actor to cause...
The vulnerability of the HuffmanDecodeImage function in the command-line applications for processing GraphicsMagick image files, related to integer overflow, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of the HuffmanDecodeImage function in the command-line applications for processing GraphicsMagick image files is related to a numerical overflow of values. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and caus...
The vulnerability of the urllib2 module in the Python programming language, related to the failure to eliminate the crlf sequence, allows attackers to compromise data integrity.
The vulnerability of the urllib2 module in the Python programming language is related to the lack of measures taken to neutralize the crlf sequence. Exploiting this vulnerability can allow an attacker to compromise data integrity remotely...
The vulnerability of the Avaya Aura Device Services toolset lies in the creation of temporary files with insecure permissions, allowing a hacker to execute arbitrary code.
The vulnerability of the Avaya Aura Device Services toolset relates to the creation of temporary files with insecure permissions. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
The vulnerability of the AutoBuild service on the AVEVA System Platform allows a malicious actor to execute arbitrary code with system privileges.
The vulnerability of the AutoBuild service on the AVEVA System Platform is related to an incorrect restriction on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary commands with system privileges...
The vulnerability of the “LOCMAN Configurator” module of the engineering data and product lifecycle management system LOCMAN:PLM, which is related to the unlimited loading of dangerous type files, allows a perpetrator to execute arbitrary code.
The vulnerability of the “LOZMAN Configurator” module of the engineering data and product lifecycle management system LOZMAN involves unlimited loading of dangerous files. Exploiting this vulnerability can allow attackers to execute arbitrary code by replacing the dll libraries such as...
The vulnerability of Microsoft Office packages and Microsoft Office Web Apps arises from improper code generation management, allowing an attacker to execute arbitrary code.
The vulnerability of Microsoft Office packages and Microsoft Office Web Apps is related to improper code generation during the processing of COM objects. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created malware file or a specially crafted...
The vulnerability of Intel Falcon 8+ UAS AscTec Thermal Viewer lies in errors during resolution saving, which allows attackers to escalate their privileges.
The vulnerability of Intel Falcon 8+ UAS AscTec Thermal Viewer relates to errors during resolution saving. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the Management Console component of the Oracle Storage Cloud Software Appliance allows a hacker to gain unauthorized access to protected information.
The vulnerability of the Management Console component of the Oracle Storage Cloud Software Appliance is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP...
The vulnerability of the Adobe Framemaker desktop publishing system, related to reading data beyond the buffer in memory, allows a hacker to execute arbitrary code.
The vulnerability of the Adobe Framemaker desktop publishing system relates to reading beyond the buffer in memory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary code in the context of the current user...
The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to gain unauthorized access to protected information.
The vulnerability of the Core component of the Oracle VM VirtualBox software is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of the Attribute Admin Setup component of the Oracle Partner Management application within the Oracle E-Business Suite allows a malicious individual to gain access to modify, add, or delete data, as well as to unauthorizedly access protected information.
The vulnerability of the Attribute Admin Setup component in the Oracle Partner Management application of the Oracle E-Business Suite is related to lack of access control. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data, as well as gain...
The vulnerability of the REST API interface of the Cisco Firepower Device Manager On-Box software allows a hacker to trigger a maintenance failure.
The vulnerability of the REST API interface of the Cisco Firepower Device Manager On-Box software relates to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to trigger service failure remotely...
The vulnerability of the Quotes component in the Oracle Trade Management application of the Oracle E-Business Suite allows a malicious actor to gain access to modify, add, or delete data, as well as to unauthorizedly access protected information.
The vulnerability of the Quotes component in the Oracle Trade Management application of the Oracle E-Business Suite is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to modify, add, or delete data, as well as gain unauthorized...
The vulnerability of the Apache OFBiz resource planning software lies in its ability to restore unreliable data in memory, allowing an attacker to execute arbitrary code.
The vulnerability of Apache OFBiz’s resource planning software lies in its ability to restore unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially crafted request...
The vulnerability of the Compensation Workbench component of the Oracle Compensation Workbench application within the Oracle E-Business Suite, a system for automating business processes, allows an attacker to gain access to modify, add, or delete data, as well as to unauthorizedly access protected information.
The vulnerability of the Compensation Workbench component of the Oracle Compensation Workbench application, a part of the Oracle E-Business Suite system for automating business processes, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operatin...
The vulnerability of the Quote sub-component of the Oracle Lease and Finance Management component in the Oracle E-Business Suite system allows a malicious individual to gain unauthorized access to the device.
The vulnerability of the Quotes sub-component of the Oracle Lease and Finance Management component within the Oracle E-Business Suite automation system is related to code errors. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to the device...
The vulnerability of the sub-components “Loan Details” and “Loan Accounting Events” of the Oracle Loans component in the Oracle E-Business Suite, a business automation system, allows a malicious individual to gain unauthorized access to the device.
The vulnerability of the Loan Details and Loan Accounting Events subcomponents of the Oracle Loans component in the Oracle E-Business Suite is related to code errors. Exploitation of this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to the device through HT...
The vulnerability of the Create Contracts sub-component of the Oracle Legal Entity Configurator, a component of the Oracle E-Business Suite, allows a violator to gain unauthorized access to the device.
The vulnerability of the Create Contracts sub-component of the Oracle Legal Entity Configurator, a component of the Oracle E-Business Suite, is related to code errors. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to the device through HTTP...
The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to gain unauthorized access to modify, add, or delete data.
The vulnerability of the Core component of the Oracle VM VirtualBox software lies in insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to modify, add, or delete data...
The vulnerability of the DBI Setup component of the Oracle E-Business Intelligence system, a business automation solution from Oracle E-Business Suite, allows a malicious individual to gain unauthorized access to the device and disclose protected information.
The vulnerability of the DBI Setup component of the Oracle E-Business Intelligence system, a business automation solution from Oracle E-Business Suite, is related to errors in the code. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the...
The vulnerability of the CNCSoft-B software, related to reading beyond the buffer boundaries, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the CNCSoft-B numerical control software system relates to reading data beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...
The vulnerability of the LOV sub-component of the Oracle Depot Repair component in the Oracle E-Business Suite automation system allows a malicious individual to gain unauthorized access to the device and disclose protected information.
The vulnerability of the LOV sub-component of the Oracle Depot Repair component in the Oracle E-Business Suite automation system is related to code errors. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the device and disclose protected...
The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to gain unauthorized access to protected information.
The vulnerability of the Core component of the Oracle VM VirtualBox software lies in insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to trigger a service failure.
The vulnerability of the Core component of the Oracle VM VirtualBox software lies in insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to gain access to modify, add, or delete data.
The vulnerability of the Core component of the Oracle VM VirtualBox software lies in insufficient validation of input data. Exploiting this vulnerability can allow an attacker to modify, add, or delete data...
The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to gain unauthorized access to protected information.
The vulnerability of the Core component of the Oracle VM VirtualBox software lies in insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to gain unauthorized access to protected information.
The vulnerability of the Core component of the Oracle VM VirtualBox software lies in insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of the CNCSoft ScreenEditor, related to reading beyond the buffer boundaries, allows attackers to gain unauthorized access to protected information.
The vulnerability of the CNCSoft ScreenEditor relates to reading beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...
The vulnerability of Microprogramming-based Network Interface Software of Cisco Adaptive Security Appliance Software (ASA) and Cisco Firepower Threat Defense (FTD) lies in the copying of buffers without checking the size of the input data. This allows attackers to compromise the confidentiality and accessibility of the protected information.
The vulnerability of Microprogramming Software for Cisco Adaptive Security Appliance Software ASA and Cisco Firepower Threat Defense FTD lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow a malicious actor to compromise the...