74701 matches found
The vulnerability of software for optimizing and deploying AI-based applications on AMD Ryzen AI systems, related to integer overflow, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of software for optimizing and deploying AI-based applications on AMD Ryzen AI systems is related to a numerical overflow condition. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...
The vulnerability of the HFSPlus file system driver of the Grub2 operating system allows a attacker to trigger a service failure.
The vulnerability of the HFSPlus file system driver of the Grub2 operating system is related to improper manipulation of the link counter for resources. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the JPEG file loader for Grub2 operating systems, which allows a hacker to bypass the secure loading mechanism
The vulnerability of JPEG files loaded by Grub2 operating systems is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to bypass the secure loading mechanism...
The vulnerability of the mangle platform’s executable file for application deployment and management allows a perpetrator to execute arbitrary system commands.
The vulnerability of the mangle platform’s executable file for application deployment and management related to buffer overflow in the stack. Exploiting this vulnerability allows a malicious actor to execute arbitrary system commands by sending specially crafted HTTP requests remotely...
The vulnerability of the Clickstorm SEO (cs_seo) extension of the TYPO3 content management system, which exists due to the lack of measures taken to protect the structure of web pages, allows attackers to perform cross-site scripting attacks.
The vulnerability of the Clickstorm SEO csseo extension of the TYPO3 content management system exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
The vulnerability of the binary file mongocryptd and the library mongocryptv1.so of the MongoDB database management system, which involves the transmission of critical information in plaintext, allows attackers to gain unauthorized access to protected information.
The vulnerability of the binary file mongocryptd and the MongoDB database library v1.so involves the transmission of critical information in plaintext. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
Vulnerability of the dm_integrity_status() function (driver/md/dm-integrity.c) in the Linux kernel, allowing a hacker to trigger a service failure
The vulnerability of the dmintegritystatus function driver/md/dm-integrity.c in the Linux kernel is related to the lack of checks for division by zero. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of Adobe Experience Manager’s content and media data management system, which stems from the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks.
The vulnerability of Adobe Experience Manager’s content and media data management system exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially created link...
The vulnerability of the webapi component of the cloud software for file storage, synchronization, and sharing with Synology Drive Server allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the webapi component of the cloud software for file storage, synchronization, and sharing with Synology Drive Server is related to the lack of authentication for a critical function. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthoriz...
The vulnerability of the UFS file system used by Grub2 for operating system installations allows a hacker to bypass the secure boot mechanism.
The vulnerability of the UFS file system used by Grub2 operating systems is related to writing beyond the buffer boundaries. Exploiting this vulnerability could allow an attacker to bypass the secure boot mechanism...
The vulnerability of the tarHandler component in the Grub2 operating system’s downloader allows a hacker to bypass the secure download mechanism.
The vulnerability of the tarHandler component in the Grub2 operating system’s loader involves writing beyond the buffer boundaries. Exploiting this vulnerability could allow an attacker to bypass the secure loading mechanism...
The vulnerability of the IntelliJ IDEA integrated development environment, related to the disclosure of information in the log file, allows attackers to gain unauthorized access to protected information.
The vulnerability of the IntelliJ IDEA integrated development environment is related to the disclosure of information in the idea.log log file. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...
The vulnerability of the Jenkins automation server’s monitor-remote-job plugin, related to deficiencies in access control, allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the Jenkins automation server’s “monitor-remote-job” plugin is related to deficiencies in access control, resulting from passwords being stored publicly in the config.xml file. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protecte...
Vulnerability of the optee_supp_thrd_req() function (drivers/tee/optee/supp.c) in the Linux kernel, allowing a hacker to cause a service failure
The vulnerability of the opteesuppthrdreq function drivers/tee/optee/supp.c in the Linux kernel is related to incorrect blocking mechanisms. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the do_fp_load() function in the arch/powerpc/lib/sstep.c module, which is part of the PowerPC platform support for the Linux operating system, allows a hacker to trigger a service failure.
The vulnerability of the dofpload function in the arch/powerpc/lib/sstep.c module of the PowerPC platform supporting Linux operating systems is related to the distribution of resources without any restrictions or regulations. Exploiting this vulnerability could allow an attacker to cause a servic...
The vulnerability of the Suricata intrusion detection and prevention system, due to insufficient validation of input data, allows attackers to bypass security restrictions and execute arbitrary codes.
The vulnerability of the Suricata intrusion detection and prevention system is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to bypass security restrictions and execute arbitrary code...
The vulnerability of the kvm_pv_send_ipi() function in the arch/x86/include/asm/kvm_host.h module on the Linux operating system’s x86 kernel platform allows a attacker to cause a service failure.
The vulnerability of the kvmpvsendipi function in the arch/x86/include/asm/kvmhost.h module on the Linux operating system’s x86 kernel platform is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a attacker to cause a service failure...
The vulnerability of the form_fast_setting_wifi_set function in the microprogrammed router software Tenda AC1206 allows a hacker to execute arbitrary code.
The vulnerability of the formfastsettingwifiset function in the Tenda AC1206 router microprogramming software lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially crafted...
The vulnerability of the SIEM systems’ load testing tool, Kraken Stress Testing Toolkit, arises from the improper use of X-Content-Type-Options headers. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the SIEM systems’ load testing tools, such as the Kraken Stress Testing Toolkit, is related to the improper use of X-Content-Type-Options headers for protection mechanisms. Exploiting this vulnerability can allow attackers to compromise the confidentiality, integrity, and...
The vulnerability of the SIEM system testing tool Kraken Stress Testing Toolkit lies in the reading beyond the buffer in memory, allowing a malicious actor to trigger a service failure.
The vulnerability of the SIEM systems’ load testing tools, such as the Kraken Stress Testing Toolkit, lies in the reading of data beyond the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of Microsoft Edge browser on the iOS operating system, related to insufficient protection of the website structure, allows attackers to perform spear-phishing attacks.
The vulnerability of Microsoft Edge browser on the iOS operating system is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to perform spear-phishing attacks remotely...
The vulnerability of the web interface of the “Central Archive of Medical Images” information system, which stems from the lack of protective measures for the website structure, allows attackers to gain unauthorized access to the protected information.
The vulnerability of the web interface of the “Central Archive of Medical Images” information system is related to the lack of protective measures for the website structure. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the protected...
The vulnerability of the Jenkins automation server plugin Asakusa Satellite lies in the lack of password masking, which allows attackers to gain unauthorized access to protected information.
The vulnerability of the Jenkins automation server plugin Asakusa Satellite is related to the absence of password masking. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...
The vulnerability in the Windows 10 22H2 operating system, related to the swapping of the zero pointer, allows a malicious actor to trigger a service failure in the operating system’s kernel.
The vulnerability of the Windows 10 22H2 operating system is related to the assignment of the null pointer. Exploiting this vulnerability can allow an attacker to cause a kernel failure in the operating system...
The vulnerability of the SIEM system testing tool Kraken Stress Testing Toolkit lies in its uncontrolled resource consumption, which allows a malicious actor to trigger a service failure.
The vulnerability of the SIEM systems’ load testing tools, such as the Kraken Stress Testing Toolkit, is related to an uncontrolled consumption of resources. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...
The vulnerability of Microsoft Edge browser on the iOS operating system, related to information representation errors in the user interface, allows attackers to perform spear-phishing attacks.
The vulnerability of Microsoft Edge browser on the iOS operating system is related to information representation errors in the user interface. Exploiting this vulnerability can allow a remote attacker to perform spear-phishing attacks...
The vulnerability of Kubernets Rancher cluster management software, related to deficiencies in access control, allows a hacker to change administrator passwords and gain access to their accounts.
The vulnerability of Kubernets Rancher cluster management software is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to change administrator passwords and gain access to their accounts...
The vulnerability of the SIEM systems’ load testing tool, Kraken Stress Testing Toolkit, arises from the improper use of Content Security Policy (CSP) protection mechanisms. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the SIEM systems’ load testing tools, such as the Kraken Stress Testing Toolkit, is related to the improper use of Content Security Policy CSP protection mechanisms. Exploiting this vulnerability can allow attackers to compromise the confidentiality, integrity, and...
The vulnerability of the SIEM systems’ load testing tools, Kraken Stress Testing Toolkit, arises due to deficiencies in the authentication process, allowing unauthorized users to gain access to protected information.
The vulnerability of the SIEM systems’ stress testing tools, such as Kraken Stress Testing Toolkit, stems from deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the Eltex NTU-RG-5420G-Wac router’s microprogramming software lies in the fact that the operation of writing data beyond the buffer in memory occurs when processing the value of the "_session" parameter in the cookie header. This allows a hacker to cause a service failure.
The vulnerability of the Eltex NTU-RG-5420G-Wac router’s microprogramming software lies in the fact that the operation exceeds the buffer boundaries in memory when processing the value of the "session" parameter in the cookie header. Exploiting this vulnerability allows a remote attacker to cause...
The vulnerability of the ReadJXLImage() function in the GraphicsMagick graphics editor allows a hacker to cause a service failure.
The vulnerability of the ReadJXLImage function in the GraphicsMagick graphics editor is related to the unlimited distribution of resources. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the “Open Git Repository in Terminal” control element, a extension for the JupyterLab web-oriented interactive development environment, allows an attacker to gain access to and modify data, as well as execute arbitrary commands.
The vulnerability of the “Open Git Repository in Terminal” control element in the JupyterLab-Git web-oriented interactive development environment is related to the failure to implement measures to neutralize special elements used in the operating system command line. Exploiting this vulnerability...
The vulnerability of the web interface of the “Central Medical Imaging Archive” information system, due to deficiencies in access control, allows unauthorized access to protected information.
The vulnerability of the web interface of the “Central Archive of Medical Images” information system is related to deficiencies in encryption mechanisms. Exploiting this vulnerability could allow an attacker, operating remotely, to compromise the confidentiality and accessibility of the protected...
The vulnerability of the SIEM systems’ load testing tools, such as the Kraken Stress Testing Toolkit, arises from improper restrictions on the visible layers of the user interface. This allows attackers to compromise the integrity of the protected information.
The vulnerability of the SIEM systems’ load testing tools, such as the Kraken Stress Testing Toolkit, is related to improper restrictions on the visible layers of the user interface. Exploiting this vulnerability could allow a malicious actor to compromise the integrity of the protected informati...
The vulnerability of the SIEM system testing tool Kraken Stress Testing Toolkit lies in the incorrect restriction on the path name to the catalog, which allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the SIEM systems’ load testing tools, such as the Kraken Stress Testing Toolkit, is related to incorrect restrictions on the path name to the catalog. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected...
The vulnerability of the ShutdownSetAdd() function in Tenda AC10 router software allows a hacker to execute arbitrary code or cause a service failure.
The vulnerability of the ShutdownSetAdd function in Tenda AC10 router microprogramming software is related to the operation of writing data outside the buffer in memory when processing the length parameter “time”. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or...
The vulnerability of the web interface of the “Central Archive of Medical Images” information system, due to deficiencies in encryption mechanisms, allows attackers to compromise the confidentiality and accessibility of the protected information.
The vulnerability of the web interface of the “Central Archive of Medical Images” information system is related to deficiencies in encryption mechanisms. Exploiting this vulnerability could allow an attacker, operating remotely, to compromise the confidentiality and accessibility of the protected...
The vulnerability of the Apache Traffic Server web server, related to defects in the processing of HTTP request headers, allows attackers to send hidden HTTP requests (HTTP Request Smuggling attack).
The vulnerability of the Apache Traffic Server web server is related to deficiencies in the processing of HTTP request headers. Exploiting this vulnerability allows a malicious actor to send hidden HTTP requests remotely HTTP Request Smuggling attack...
The vulnerability of the Cadence Verisium Manager plugin for Jenkins, related to the storage of passwords in an open manner, allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the Cadence Verisium Manager plugin for the Jenkins automation server lies in the storage of passwords in an open manner within the config.xml file. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...
The vulnerability of the Pidgin instant messaging system, related to errors in the authentication process, allows a perpetrator to gain control over the XMPP connection, user credentials, and message content.
The vulnerability of the Pidgin instant messaging system is related to errors in the process of verifying certificate authenticity. Exploiting this vulnerability can allow a malicious actor to gain control over the XMPP connection, user credentials, and message content...
The vulnerability of the !defined() function (kernel/sched/core.c) in the Linux operating system’s kernel allows a hacker to cause a service failure.
The vulnerability of the !defined function in the Linux kernel/sched/core.c file is related to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability could allow an attacker to cause a service failure...
Vulnerability of the rkisp1_csi_disable() function in the drivers/media/platform/rockchip/rkisp1/rkisp1-csi.c module – This driver is responsible for supporting multimedia devices in the Linux operating system. An attacker can exploit this vulnerability to cause a service failure.
Vulnerability of the rkisp1csidisable function in the drivers/media/platform/rockchip/rkisp1/rkisp1-csi.c module – The Linux kernel’s multimedia device support driver is vulnerable to synchronization errors when using shared resources. Exploiting this vulnerability could allow an attacker to caus...
The vulnerability of the section_nr_to_pfn() function in the include/linux/mmzone.h module of the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the sectionnrtopfn function in the include/linux/mmzone.h module of the Linux operating system is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of Adobe Experience Manager’s content and media data management system, which stems from the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks.
The vulnerability of Adobe Experience Manager’s content and media data management system exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially created link...
The vulnerability of the Apache Fineract digital financial services platform, related to the lack of measures to protect the SQL query structure, allows attackers to execute arbitrary SQL code.
The vulnerability of the Apache Fineract digital financial services platform lies in the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary SQL code...
The vulnerability of software for optimizing and deploying AI-based applications on AMD Ryzen AI systems, related to integer overflow, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of software for optimizing and deploying AI-based applications on AMD Ryzen AI systems is related to a numerical overflow condition. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...
The vulnerability of the Suricata intrusion detection and prevention system, due to insufficient validation of input data, allows attackers to bypass security restrictions and execute arbitrary codes.
The vulnerability of the Suricata intrusion detection and prevention system is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to bypass security restrictions and execute arbitrary code...
The vulnerability of the Interactive Service (iservice) of the OpenVPN GUI software allows a malicious individual to gain unauthorized access to the user’s account.
The vulnerability of the Interactive Service iservice of the OpenVPN GUI software relates to deficiencies in access control when processing the SeImpersonatePrivilege parameter. Exploiting this vulnerability can allow an attacker to gain unauthorized access to the user account...
The vulnerability of the webapi component in the operating systems Synology BeeStation Manager (BSM), Synology DiskStation Manager (DSM), and Synology BeeStation OS allows a malicious individual to gain unauthorized access to protected information.
The vulnerability of the webapi component in Synology BeeStation Manager BSM, Synology DiskStation Manager DSM, and Synology BeeStation OS is related to a lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability can allow an attacker operating remotely to gain...
The vulnerability of the Nextcloud calendar application, a cloud-based software for creating and using Nextcloud data storage, stems from incorrect neutralization of special elements in the output data. This allows attackers to inject arbitrary SMTP commands.
The vulnerability of the Nextcloud calendar application, a cloud-based software for creating and using Nextcloud data storage, is related to incorrect elimination of certain elements in the output data. Exploiting this vulnerability allows an attacker to inject arbitrary SMTP commands remotely...