90509 matches found
The vulnerability of the Process Scheduler component in the PeopleSoft Enterprise PeopleTools business application package allows a hacker to gain read access to data or modify data.
The vulnerability of the Process Scheduler component in the PeopleSoft Enterprise PeopleTools business application exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain read access to data or modify data using special...
The vulnerabilities of microprogrammed software in programmable logic controllers such as ILC 1x0, ILC 1x1, ILC 1x1 GSM/GPRS, ILC 3xx, AXC 1050, AXC 1050 XC, AXC 3050, RFC 480S PN 4TX, RFC 470 PN 3TX, RFC 470S PN 3TX, RFC 460R PN 3TX, RFC 460R PN 3TX-S, RFC 430 ETH-IB, RFC 450 ETH-IB, PC WORX SRT, PC WORX RT BASIC, and FC 350 PCI ETH are related to authentication process flaws. These flaws allow attackers to gain unauthorized access to protected information or compromise the integrity of that information.
The vulnerabilities of the microprogrammed logic controllers ILC 1x0, ILC 1x1, ILC 1x1 GSM/GPRS, ILC 3xx, AXC 1050, AXC 1050 XC, AXC 3050, RFC 480S PN 4TX, RFC 470 PN 3TX, RFC 470S PN 3TX, RFC 460R PN 3TX, RFC 460R PN 3TX-S, RFC 430 ETH-IB, RFC 450 ETH-IB, PC WORX SRT, PC WORX RT BASIC, and FC 35...
The vulnerability of Trendnet’s router microprogramming software TEW-831DR arises from the lack of measures taken to protect the website structure. This allows attackers to carry out XSS attacks.
The vulnerability of Trendnet’s router microprogramming software TEW-831DR exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
The vulnerability of iCare subcomponents, within the Oracle Hospitality Reporting and Analytics software suite of Oracle Food and Beverage Applications, allows a perpetrator to gain access to read data or modify data.
The vulnerability of iCare subcomponents, as well as the Configuration component of the Oracle Hospitality Reporting and Analytics package from the Oracle Food and Beverage Applications, exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to ga...
The vulnerability of Adobe Illustrator’s graphic editor, related to reading data beyond the buffer in memory, allows attackers to exploit this to disclose protected information.
The vulnerability of Adobe Illustrator graphic editor is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to disclose protected information using a specially created file...
The vulnerability of the Microsoft PowerPoint presentation preparation program arises from overflowing buffers in dynamic memory, allowing an attacker to execute arbitrary code.
The vulnerability of the Microsoft PowerPoint presentation preparation program arises due to an overflow in the buffer of dynamic memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted document...
The vulnerability of the Windows Print Spooler daemon in the Windows operating system allows a hacker to escalate their privileges.
The vulnerability of the Windows Print Spooler service in the Windows operating system is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges...
The vulnerability of Microsoft Exchange Server servers, related to deficiencies in access control, allows attackers to increase their privileges.
The vulnerability of Microsoft Exchange Server is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to increase their privileges...
The vulnerability of Visual Studio Code’s source editor, related to deficiencies in access control, allows attackers to escalate their privileges.
The vulnerability of Visual Studio Code’s source editor is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to enhance their privileges...
The vulnerability of the Azure Site Recovery disaster recovery tool, related to insufficient validation of input data, allows a perpetrator to execute arbitrary code.
The vulnerability of the Azure Site Recovery recovery tool is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code...
The vulnerability of the ClamAV antivirus software, related to the repeated release of memory, allows a hacker to execute arbitrary code.
The vulnerability of the ClamAV antivirus software is related to repeated memory release. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially created file...
The vulnerability of the Ajax.NET Professional framework exists due to the lack of measures taken to protect the structure of web pages. This vulnerability allows attackers to compromise the confidentiality and integrity of the protected information.
The vulnerability of the Ajax.NET Professional framework exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality and integrity of the protected information...
The vulnerability of the DNS server of the Microsoft Windows operating system, allowing a hacker to execute arbitrary code.
The vulnerability of the DNS server of the Microsoft Windows operating system is related to incorrect code generation management. Exploitation of this vulnerability can allow a remote attacker to execute arbitrary code...
The vulnerability of the PJSIP multimedia communication library, related to executing a loop with an unavailable exit condition, allows attackers to cause service failures.
The vulnerability of the PJSIP multimedia communication library lies in the execution of a loop with an unavailable exit condition during the processing of WAV/AVI files. Exploiting this vulnerability can allow a malicious actor to cause service failures...
The vulnerability lies in the implementation of the --no-clobber and --remove-on-error options in the cURL command-line utility, which allow a malicious user to delete any files they desire.
The vulnerability of the --no-clobber and --remove-on-error command-line utilities of cURL is related to the use of incorrect path names. Exploiting this vulnerability could allow a remote attacker to delete any files they desire...
The vulnerability of the llcp_sock_connect() function in the NFC protocol of the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the llcpsockconnect function in the NFC protocol of the Linux operating system’s kernel is related to improper memory release before deleting the last references. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
The vulnerability of the CMS system Pixelimity lies in the lack of measures to cleanse input data, allowing attackers to execute arbitrary code.
The vulnerability of the CMS system Pixelimity is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through admin/admin-ajax.php?action=installtheme remotely...
The vulnerability of the execution file C:\R-SeeNet\mysql\bin\mysqld.exe, which is part of the monitoring service for routers of the Advantech R-SeeNet software, allows a perpetrator to gain increased privileges.
The vulnerability of the execution file C:\R-SeeNet\mysql\bin\mysqld.exe, which is part of the monitoring service for the Advantech R-SeeNet router, relates to deficiencies in access control to the C:\R-SeeNet directory. Exploiting this vulnerability could allow an attacker to enhance their...
The vulnerability of the sapi/cgi/cgi_main.c component of the PHP programming language interpreter allows a hacker to execute arbitrary code.
The vulnerability of the sapi/cgi/cgimain.c component of the PHP programming language interpreter is related to the lack of validation for the sequences of XML objects. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Alac decoder in Microprogramming Software Microchip MediaTek MT6570, MT6580, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6883, MT6885, MT6889, MT6893, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8176, MT8183, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797—allows a hacker to disclose protected information.
The vulnerability of the Alac decoder in microprogramming software for MediaTek’s MT6570, MT6580, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6753, MT6755, MT6755S, MT6757, MT6757C, MT6757CD, MT6757CH, MT6758, MT6761, MT6763, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6797, MT6799, MT6833,...
The vulnerability of the Jira Seraph authentication platform, along with the Jira and Jira Service Management systems for tracking errors and incidents, allows attackers to increase their privileges.
The vulnerability of the Jira Seraph web authentication platform is related to deficiencies in the authentication process of Jira and Jira Service Management. Exploiting this vulnerability could allow attackers, operating remotely, to increase their privileges through specially crafted HTTP...
The vulnerability of the `php_raw_url_encode` function in the PHP programming language allows attackers to trigger a denial-of-service attack.
The vulnerability of the phprawurlencode function in the PHP programming language is related to errors in number processing. Exploiting this vulnerability can allow an attacker to cause service failures...
The vulnerability of the exif_process_user_comment function (ext/exif/exif.c) in the PHP programming language allows a hacker to cause a service failure.
The vulnerability of the exifprocessusercomment function ext/exif/exif.c in the PHP programming language is related to pointer arithmetic errors. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...
The vulnerability of the AppNav-XE function in the Cisco IOS XE operating system allows a hacker to trigger a device reboot or cause a service failure.
The vulnerability of the AppNav-XE function in the Cisco IOS XE operating system is related to improper locking of resources. Exploiting this vulnerability can allow a malicious actor to trigger a device reboot or cause a service failure by sending a TCP traffic...
The vulnerability of the OpenSSL library, related to reading beyond the buffer in memory, allows a hacker to cause a service failure.
The vulnerability of the OpenSSL library is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a remote attacker to cause a service failure...
The vulnerability of the exif_process_ifd_in_makernote function (ext/exif/exif.c) in the PHP programming language allows a attacker to cause a service failure, disclose protected information, or potentially have other adverse effects.
The vulnerability of the exifprocessifdinmakernote function ext/exif/exif.c in the PHP programming language is caused by buffer overflow. Exploiting this vulnerability could allow a remote attacker to cause service failures, disclose sensitive information, or potentially have other adverse effect...
The vulnerability of the web interface of Cisco Small Business routers such as RV160, RV160W, RV260, RV260P, RV260W, RV340, RV340W, RV345, and RV345P allows attackers to elevate their privileges to the root level.
The vulnerability of the web interface of Cisco Small Business RV160, RV160W, RV260, RV260P, RV260W, RV340, RV340W, RV345, and RV345P routers is related to authentication deficiencies. Exploiting this vulnerability can allow an attacker to elevate their privileges to the root level remotely...
The vulnerability of the SSL VPN microprogramming software for Cisco Small Business RV340, RV340W, RV345, and RV345P routers allows a hacker to execute arbitrary code.
The vulnerability of the SSL VPN microprogramming software for Cisco Small Business RV340, RV340W, RV345, and RV345P routers stems from an operation that occurs outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code with root privileges usin...
The vulnerability of the Cisco IOx software platform arises from an incorrect limitation on the path name to the restricted access directory. This allows a perpetrator to execute arbitrary code or carry out cross-site scripting attacks.
The vulnerability of the Cisco IOx software platform exists due to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or perform XSS attacks remotely...
The vulnerability of the Display Key Combination Switches in the Wayland server display protocol implementation allows a hacker to compromise data integrity or cause service failures.
The vulnerability of the Display Key Combination Demon in the Wayland display protocol implementation relates to the ability to save the PID of a process in the /tmp/swhks.pid file and incorporate the PID of an existing process into it. Exploiting this vulnerability allows a remote attacker to...
The vulnerability of the interactive graphical SCADA system, Interactive Graphical SCADA System (IGSS), related to reading data beyond the specified buffer, allows a intruder to trigger a service failure.
The vulnerability of the interactive graphical SCADA system, Interactive Graphical SCADA System IGSS, relates to the reading of data beyond the specified buffer. Exploiting this vulnerability can allow a malicious actor to cause a service failure by sending a specially crafted message...
The vulnerability of GUI temperature control software relates to errors in processing configuration files *.gd1. This allows an intruder to access protected information or cause service failures.
The vulnerability of GUI temperature control software is related to errors in processing configuration files .gd1. Exploiting this vulnerability can allow an attacker to gain access to protected information or cause service failures...
The vulnerability of the zend_ini_do_op() function in the PHP interpreter allows a hacker to execute arbitrary PHP code.
The vulnerability of the zendinidoop function Zend/zendini parser.c in the PHP interpreter is caused by buffer overflow. Exploiting this vulnerability could allow a remote attacker to execute arbitrary PHP code...
The vulnerability of FTP servers for microprogrammed software controllers such as CAPITAL VSTAR, APOGEE MBC, APOGEE MEC, APOGEE PXC, TALON TC, and the operating system Nucleus allows a hacker to cause a service failure or execute arbitrary code.
The vulnerability of FTP servers for microprogrammed control devices such as CAPITAL VSTAR, APOGEE MBC, APOGEE MEC, APOGEE PXC, TALON TC, and the operating system Nucleus is related to errors during the verification of the MKD/XMKD command length. Exploiting this vulnerability can allow an attack...
The vulnerabilities of the software for designing and configuring controllers from the CCW platform, the SISW workstation for automated safety systems, and the ISaGRAF Workbench development environment for programmable logic controllers from Rockwell Automation allow attackers to execute arbitrary code by restoring unreliable data into memory.
The vulnerabilities of the software for designing and configuring controllers in the Connected Components Workbench, the workstations for automated safety systems called Safety Instrumented Systems Workstations, and the application development environment for programmable logic controllers in the...
The vulnerability of the software for managing virtual infrastructure, such as VMware vCenter Server and VMware Cloud Foundation, is related to deficiencies in access control. This allows attackers to gain unauthorized access to protected information.
The vulnerability of the software for managing virtual infrastructure, such as VMware vCenter Server and VMware Cloud Foundation, is related to deficiencies in access control to the /etc/vmware-vpx/vcdb.properties file, which contains plaintext credentials. Exploiting this vulnerability could all...
The vulnerability of the IBM DataPower Gateway’s network firewall, related to insufficient validation of requests on the server side, allows a hacker to execute arbitrary code.
The vulnerability of the IBM DataPower Gateway network firewall is related to insufficient validation of requests at the server side. Exploiting this vulnerability allows an attacker to execute arbitrary code...
The vulnerability of the de265_image::available_zscan function in the h.265 Libde265 implementation allows a attacker to cause a service failure.
The vulnerability of the de265image::availablezscan function in the h.265 Libde265 implementation is related to writing beyond the buffer boundaries. Exploiting this vulnerability allows a remote attacker to cause a service failure using a specially created file...
The vulnerability of the gif_process_raster function in the fromgif.c component of the SIXEL Libsixel encoder/decoder implementation allows a attacker to cause a service failure.
The vulnerability of the gifprocessraster function in the fromgif.c component of the SIXEL Libsixel encoder/decoder implementation is related to the output of the operation beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to cause a service failure...
Vulnerability of the Cluster component: The general system for managing MySQL Cluster databases, which allows attackers to execute arbitrary code.
Vulnerability of the Cluster component: General database management systems like MySQL Cluster are vulnerable due to buffer overflows in the stack. Exploitation of this vulnerability can allow an attacker to execute arbitrary code remotely...
The vulnerability of the centralized system for managing emergency messages and events in CAMS for HIS distributed control systems CENTUM VP and CENTUM VP Entry Class, along with the OPC-server Exaopc, allows a intruder to trigger a service failure.
The vulnerability of the centralized system for managing emergency messages and events in CAMS for HIS distributed control systems CENTUM VP and CENTUM VP Entry Class, along with the OPC-server Exaopc, is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a...
The vulnerability of the software for working with animations in Adobe Character Animator, related to reading data beyond the buffer in memory, allows attackers to exploit the protected information.
The vulnerability of the Adobe Character Animator software for animation processing is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...
The vulnerability of D-Link DIR-850 router’s microprogramming software, related to errors during the loading of configuration files, allows a hacker to redirect users to any arbitrary URL address.
The vulnerability of D-Link DIR-850 router’s microprogramming software is related to errors during the loading of configuration files. Exploiting this vulnerability can allow a malicious actor to redirect users to any desired URL address...
Vulnerability of the Server component: DML of the MySQL database management system, which allows attackers to cause service interruptions.
The vulnerability of the Server component: The DML part of the MySQL database management system is related to errors during resource release. Exploiting this vulnerability allows a malicious actor to cause service interruptions remotely...
The vulnerability of the decoder in the MPEG-4 multimedia platform GPAC’s encoding function allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of the decoder in the MPEG-4 multimedia platform GPAC’s decoding function is related to the lack of verification for the result of the addition arithmetic operation. Exploiting this vulnerability allows a remote attacker to gain access to confidential data, compromise its...
The vulnerability of the gf_isom_oinf_read_entry function in the MP4Box component of the GPAC multimedia platform allows a hacker to gain access to confidential data.
The vulnerability of the gfisomoinfreadEntry function in the MP4Box component of the GPAC multimedia platform is related to improper memory release before deleting the last reference. Exploiting this vulnerability allows a remote attacker to gain access to confidential data through a specially...
The vulnerability of the Clipboard editing plugin for the CKEditor WYSIWYG editor allows a hacker to compromise data integrity.
The vulnerability of the Clipboard editing plugin of the CKEditor editor is related to improper handling of code generation. Exploiting this vulnerability allows an attacker to compromise data integrity remotely...
The vulnerability of the decoder in the SIX functional decoding system for MPEG-4 multimedia platform GPAC allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of the SSIX decoder for MPEG-4 multimedia platform GPAC is related to incorrect checking of the result of an arithmetic operation. Exploiting this vulnerability allows a remote attacker to gain access to confidential data, compromise its integrity, and cause service failures...
The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to improper session management, allows a perpetrator to compromise data integrity.
The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to improper session management. Exploiting this vulnerability allows a malicious actor to compromise data integrity remotely...
The vulnerability of the Caja component in the Jupyter Notebook document creation environment allows a hacker to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of the Caja component in the Jupyter Notebook document creation environment is related to improper filtering of special symbols. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures...