74701 matches found
The vulnerability of the serde.py component in the BentoML library allows a hacker to execute arbitrary code on the server.
The vulnerability of the serde.py component in the BentoML library is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code on the server...
The vulnerability of the invert_photometric() function in the src/tiff.imageio/tiffinput.cpp module of the OpenImageIO library allows a hacker to gain access to protected information or cause service failures.
The vulnerability of the invertphotometric function in the src/tiff.imageio/tiffinput.cpp file of the OpenImageIO library is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to gain access to protected information or cause servi...
The vulnerability of the JpgInput::jpeg_decode_iptc() function in the src/jpeg.imageio/jpeginput.cpp module of the OpenImageIO library allows a malicious actor to access protected information or cause service failures.
The vulnerability of the JpgInput::jpegdecodeiptc function in the src/jpeg.imageio/jpeginput.cpp module of the OpenImageIO library is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to gain access to protected information or cause...
The vulnerability of the write_exif_data() function in the src/tiff.imageio/tiffoutput.cpp module of the OpenImageIO library allows a hacker to cause a service failure.
The vulnerability of the writeexifdata function in the src/tiff.imageio/tiffoutput.cpp module of the OpenImageIO library is related to the use of a NULL pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the TIFFInput::bit_convert() function in the src/tiff.imageio/tiffinput.cpp module of the OpenImageIO library may affect the integrity of protected information or cause service failures.
The vulnerability of the TIFFInput::bitconvert function in the src/tiff.imageio/tiffinput.cpp module of the OpenImageIO library is related to writing beyond the buffer boundaries. Exploiting this vulnerability could allow an attacker to compromise the integrity of the protected information or cau...
The vulnerability of the ICOInput::readimg() function in the src/ico.imageio/icoinput.cpp module of the OpenImageIO library may affect the integrity of protected information or cause service failures.
The vulnerability of the ICOInput::readimg function in the src/ico.imageio/icoinput.cpp module of the OpenImageIO library is related to writing beyond the buffer boundaries. Exploiting this vulnerability could allow an attacker to compromise the integrity of the protected information or cause...
The vulnerability of the PSDInput::read_native_scanline() function in the src/psd.imageio/psdinput.cpp module of the OpenImageIO library allows a malicious actor to access protected information or cause a service failure.
The vulnerability of the PSDInput::readnativescanline function in the src/psd.imageio/psdinput.cpp module of the OpenImageIO library is related to the use of an uninitialized variable. Exploiting this vulnerability could allow a malicious actor to gain access to protected information or cause...
The vulnerability of the functions PSDInput::load_layers() and PSDInput::load_layers_16_32() in the OpenImageIO library allows a attacker to cause a service failure.
The vulnerability of the functions PSDInput::loadlayers and PSDInput::loadlayers1632 in the src/psd.imageio/psdinput.cpp module of the OpenImageIO library is related to integer overflow. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of server software like HAProxy, related to deficiencies in HTTP request processing, allows attackers to circumvent security restrictions and send hidden HTTP requests (HTTP Request Smuggling attack).
The vulnerability of server-side software like HAProxy is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and send hidden HTTP requests a type of HTTP Request Smuggling attack...
The vulnerability of the PHP library TCPDF, related to incorrect pathname restrictions for restricted access directories, allows attackers to gain unauthorized access to protected information.
The vulnerability of the PHP library TCPDF lies in the incorrect path limitation for the access to the restricted directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of Adobe After Effects’ video and dynamic image editing software lies in the ability to write code beyond the buffer boundaries in memory, allowing attackers to execute arbitrary code.
The vulnerability of Adobe After Effects’ video and dynamic image editing software lies in the ability to write beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the PSDInput::decompress_zip_prediction() function in the src/psd.imageio/psdinput.cpp module of the OpenImageIO library allows a attacker to compromise the integrity of the protected information or cause service failures.
The vulnerability of the PSDInput::decompresszipprediction function in the src/psd.imageio/psdinput.cpp module of the OpenImageIO library is related to integer overflow. Exploiting this vulnerability could allow an attacker to compromise the integrity of protected information or cause service...
The vulnerability of the Web Intelligence component of the SAP BusinessObjects Business Intelligence Platform allows a hacker to modify arbitrary files and cause service interruptions.
The vulnerability of the Web Intelligence component of the SAP BusinessObjects Business Intelligence Platform is related to errors in inherited permissions. Exploiting this vulnerability could allow attackers to modify arbitrary files and cause service failures...
The vulnerability of the ICOInput::seek_subimage function in the src/ico.imageio/icoinput.cpp module of the OpenImageIO library allows a attacker to cause a service failure.
The vulnerability of the ICOInput::seeksubimage function in the src/ico.imageio/icoinput.cpp module of the OpenImageIO library is related to the lack of checks for division by zero. Exploiting this vulnerability could allow a remote attacker to cause a service failure...
The vulnerability of the setOption function in the vConsole software package, which allows a hacker to execute a “prototype contamination” attack.
The vulnerability of the setOption function in the vConsole software package is related to unregulated changes to object prototypes’ attributes. Exploiting this vulnerability could allow a malicious actor to execute a “prototype pollution” attack remotely...
The vulnerability of the pgCodeKeeper plugin for the PostgreSQL database, related to deserialization mechanism flaws, allows a hacker to execute arbitrary code.
The vulnerability of the pgCodeKeeper plugin for the PostgreSQL database is related to deficiencies in the deserialization mechanism in the “deserialize” method of the “Utils” class. Exploiting this vulnerability allows an attacker to execute arbitrary code through a specially crafted file with t...
OOO TaxTelecom pgCodeKeeper (Baranov Yuri) (No. 3 dated April 22, 2025 at 15:47:46)
...
Vulnerability eliminated
...
The vulnerability of the SafeInspect system for privileged users relates to the lack of measures taken to protect the structure of the web page, allowing a perpetrator to execute arbitrary JavaScript code.
The vulnerability of the SafeInspect privilege control system is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code during the user creation process...
The vulnerability of the SafeInspect system for privileged users stems from the lack of measures taken to protect the structure of the web page. This allows a perpetrator to execute arbitrary HTML code.
The vulnerability of the SafeInspect privilege user control system is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability could allow a malicious actor to execute arbitrary HTML code remotely...
The vulnerability of the SafeInspect privilege control system lies in its failure to eliminate special elements used in the operating system’s command set, allowing a violator to execute arbitrary commands.
The vulnerability of the SafeInspect privilege control system lies in the lack of measures to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to remotely execute arbitrary commands...
The vulnerability of the SafeInspect system for privileged users relates to the lack of measures taken to protect the structure of the web page, allowing a perpetrator to execute arbitrary JavaScript code.
The vulnerability of the SafeInspect privilege-controlled user control system is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary JavaScript code...
The vulnerability of the pgCodeKeeper plugin for the PostgreSQL database, which involves unencrypted storage of critical information, allows a hacker to disclose the protected data.
The vulnerability of the pgCodeKeeper plugin for the PostgreSQL database is related to the unencrypted storage of critical information. Exploiting this vulnerability could allow an attacker to disclose the protected data...
The vulnerability of Windows operating system task schedulers allows a malicious actor to execute arbitrary commands with SYSTEM privileges.
The vulnerability of Windows operating system task schedulers is related to access control errors. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands with SYSTEM privileges by sending a specially crafted XML file...
Vulnerability eliminated
...
The vulnerability of the Four-Faith F3x36 router’s microprogramming software, which stems from the use of strictly encrypted login credentials, allows a intruder to gain unauthorized access to protected information.
The vulnerability of the Four-Faith F3x36 router’s microprogramming software is related to the use of strictly encrypted login credentials. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information through specially crafted HTT...
The vulnerability of TOTOLINK A7100RU router’s microprogramming software, which exists due to the lack of measures to neutralize special elements, allows intruders to inject arbitrary commands.
The vulnerability of TOTOLINK A7100RU router microprogramming software exists due to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a remote attacker to inject arbitrary commands...
The vulnerability of the oc_huff_tree_unpack function in Theora video codecs, which allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the ochufftreeunpack function in Theora video encoding involves an unacceptable left shift operation. Exploiting this vulnerability could allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of the IP address verification mechanism in the Brocade Fabric OS operating system allows a hacker to execute arbitrary code with root privileges.
The vulnerability of the IP address verification mechanism in the Brocade Fabric OS operating system is related to incorrect code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code with root privileges...
The vulnerability of the SafeInspect system for privileged users relates to the lack of measures taken to protect the structure of the web page, allowing a perpetrator to execute arbitrary JavaScript code.
The vulnerability of the SafeInspect privilege-controlled user control system is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute arbitrary JavaScript code...
The vulnerability of the favicon.ico component of the SafeInspect system for controlling privileged users allows a violator to disclose protected information.
The vulnerability of the favicon.ico component in the SafeInspect privilege management system is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose protected information through a specially crafted GET...
The vulnerability of the software URL processor for Cisco Webex App allows a perpetrator to execute arbitrary commands.
The vulnerability of the software URL processor for Cisco Webex App relates to the ability to download files from untrusted sources. Exploiting this vulnerability could allow a malicious actor to execute arbitrary commands when a user accesses a specially crafted link...
The vulnerability of Prisma Access Browser lies in the lack of authentication checks for a critical function, allowing attackers to escalate their privileges.
The vulnerability of Prisma Access Browser is related to the lack of authentication checks for a critical function. Exploiting this vulnerability can allow an attacker, operating remotely, to increase their privileges...
The vulnerability of the Simple Certificate Enrollment Protocol (SCEP) implementation in the PAN-OS operating system allows a perpetrator to trigger a service failure.
The vulnerability of the Simple Certificate Enrollment Protocol SCEP implementation in the PAN-OS operating system is related to insufficient checking of unusual or exceptional states. Exploiting this vulnerability allows a malicious actor to cause service failures by sending a specially crafted...
The vulnerability of the doUpdate function in the web interface of TP-Link’s router software, TL-WR841N, allows a hacker to inject any JavaScript code.
The vulnerability of the doUpdate function in the web interface of TP-Link’s router software, the TL-WR841N, is related to a deficiency in the upnpTbl filter parameter when accessing the UPnP.html web page. Exploiting this vulnerability allows an attacker to inject arbitrary JavaScript code by...
The vulnerability of the ASUS AiCloud cloud platform, related to bypassing authentication by using an alternative path or channel, allows a perpetrator to execute arbitrary commands.
The vulnerability of the ASUS AiCloud cloud platform involves bypassing authentication by using an alternative path or channel. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending specially crafted requests...
The vulnerability of the setWifiConfig() function in the /goform/setModules file of the Tenda W18E router’s microprogramming software allows a attacker to execute arbitrary code or cause a service failure.
The vulnerability of the setWifiConfig function in the /goform/setModules file of the Tenda W18E router’s microprogramming system is related to buffer overflow during the processing of the wifiPwd parameter. Exploiting this vulnerability allows an attacker to execute arbitrary code or cause a...
The vulnerability of the ipv6_has_hopopt_jumbo() function in the net/core/dev.c module of the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the ipv6hashopoptjumbo function in the net/core/dev.c module of the Linux kernel is related to insufficient input validation. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the formSetAutoPing() function in the Tenda i12 wireless access point software allows a hacker to execute arbitrary code or cause a service failure.
The vulnerability of the formSetAutoPing function in the Tenda i12 wireless access point software is related to buffer overflows due to the processing of the ping1 parameter. Exploiting this vulnerability allows an attacker to execute arbitrary code or cause service interruptions...
The vulnerability of the in_atomic() function in the net/core/sock.c module of the Linux kernel allows a hacker to trigger a service failure.
The vulnerability of the inatomic function in the net/core/sock.c module of the Linux kernel is related to insufficient locking of resources. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the soup_message_headers_get_content_disposition() function in the libsoup library for GNOME’s graphical interface allows a attacker to execute arbitrary code.
The vulnerability of the soupmessageheadersgetcontentdisposition function in the GNOME graphical interface library libsoup is related to the release of previously unallocated memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code by sending a specially craft...
The vulnerability of the /etc/shadow file in TOTOLINK CA300-PoE router microprogramming software allows a hacker to disclose protected information.
The vulnerability of the /etc/shadow file in TOTOLINK CA300-PoE router microprogramming systems is related to the use of strictly encrypted login credentials. Exploiting this vulnerability could allow an attacker to disclose the protected information...
The vulnerability of the setNetworkDiag() function in the microprogramming software for TOTOLINK CA300-PoE allows a hacker to execute arbitrary commands.
The vulnerability of the setNetworkDiag function in TOTOLINK CA300-PoE router microprogramming software is related to the lack of measures taken to clean data at the management level when processing the NetDiagPingSize parameter. Exploiting this vulnerability allows a remote attacker to execute...
The vulnerability of the setUploadUserData() function in the microprogramming software for TOTOLINK CA300-PoE allows a hacker to execute arbitrary commands.
The vulnerability of the setUploadUserData function in the TOTOLINK CA300-PoE router’s microprogramming software is related to the lack of measures taken at the control level during the processing of the FileName parameter. Exploiting this vulnerability allows an attacker operating remotely to...
The vulnerability of the exec() function in the icepay.php script of the MagnusBilling VoIP system allows a hacker to execute arbitrary commands.
The vulnerability of the exec function in the icepay.php script of the MagnusBilling VoIP system is related to the failure to take measures to neutralize special elements used in the operating system’s commands when processing the democ parameter. Exploiting this vulnerability allows a remote...
The vulnerability of the hclge_ptp_get_cycle() function in the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the hclgeptpgetcycle function in the Linux operating system is related to incorrect initialization of resources. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the formSetStaticRoute() function in the Tenda W20E wireless Wi-Fi router software allows a hacker to execute arbitrary code or cause a service failure.
The vulnerability of the formSetStaticRoute function in the Tenda W20E wireless Wi-Fi router software lies in the reading of data beyond the buffer in memory during the processing of parameters such as staticRouteNet, staticRouteMask, staticRouteGateway, and staticRouteWAN. Exploiting this...
The vulnerability of the exit_round_robin() function in the ACPI kernel of Linux operating systems allows a hacker to trigger a service failure.
The vulnerability of the exitroundrobin function in ACPI components of Linux operating systems is related to the round-robin scheduling algorithm. Exploiting this vulnerability could allow an attacker to trigger a service failure...
The vulnerability of the batteryhookunregister() function in the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the batteryhookunregister function in the Linux operating system’s kernel is related to resource management errors. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the ocfs2_reflink_xattrInline() function in the cluster file system ocfs2 of the Linux operating system allows a attacker to cause a service failure.
The vulnerability of the ocfs2reflinkxattrInline function in the cluster file system ocfs2 of the Linux operating system is related to incorrect input validation. Exploiting this vulnerability could allow an attacker to cause service failures...