90509 matches found
The vulnerability in the `drivers/isdn/hardware/mISDN/hfcpci.c` module related to mISDN hardware devices in the Linux operating system allows a hacker to cause a service failure.
The vulnerability in the drivers/isdn/hardware/mISDN/hfcpci.c module, related to mISDN hardware support in the Linux operating system, is associated with incorrect initialization of resources. Exploiting this vulnerability can allow an attacker to cause service failures...
The vulnerability of the __kasan_populate_vmalloc() function in the mm/kasan/shadow.c module, a address sanitizer for KASAN in Linux kernel, allows a malicious actor to trigger a service failure.
The vulnerability of the kasanpopulatevmalloc function in the mm/kasan/shadow.c module of the address sanitizer for Linux kernel involves mutual locking of resources. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the get_stubs_size() function in the arch/powerpc/kernel/module_64.c module, which is part of the PowerPC platform support for the Linux operating system, allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the getstubssize function in the arch/powerpc/kernel/module64.c module, which is part of the PowerPC kernel support for the Linux operating system, involves the distribution of resources without any restrictions or regulation. Exploiting this vulnerability could allow an...
The vulnerability of the bpf_timer CancelAndFree() function in the kernel/bpf/helpers.c module, which supports the BPF interpreter for the Linux operating system’s kernel, allows a hacker to trigger a service failure.
The vulnerability of the bpftimer CancelAndFree function in the kernel/bpf/helpers.c file, which is part of the Linux operating system’s BPF interpreter support, stems from the lack of a check on the returned value. Exploiting this vulnerability could allow an attacker to trigger a service failur...
The vulnerability of the ANGLE library in Google Chrome and Microsoft Edge browsers allows a hacker to induce a service failure.
The vulnerability of the ANGLE library in Google Chrome and Microsoft Edge is related to a numerical overflow condition. Exploiting this vulnerability can allow an attacker to cause a service failure through a specially crafted HTML page...
The vulnerability of the microprogrammed software of Zyxel ATP, USG FLEX, and USG FLEX 50(W)/USG20(W)-VPN lies in the lack of measures to neutralize special elements, allowing attackers to execute arbitrary commands.
The vulnerability of the microprogrammed software in Zyxel ATP, USG FLEX, and USG FLEX 50W/USG20W-VPN devices is related to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the DevTools suite for web development in Google Chrome and Microsoft Edge browsers allows a hacker to trigger a service failure.
The vulnerability of the DevTools suite for web development in Google Chrome and Microsoft Edge stems from the use of an object that does not invoke a destructor. Exploiting this vulnerability could allow a malicious actor to cause a service failure by installing a malicious extension...
The vulnerability of the WebAudio component in Google Chrome and Microsoft Edge browsers allows a hacker to trigger a service failure.
The vulnerability of the WebAudio component in Google Chrome and Microsoft Edge relates to reading data beyond the permitted range in memory. Exploiting this vulnerability could allow a malicious actor to cause a service failure through a specially crafted HTML page...
The vulnerability of the CISA Thorium analytical platform lies in the incorrect restriction on the name of the path to the catalog, which allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the CISA Thorium analytical platform is related to an incorrect limitation on the name of the path to the catalog. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information...
The vulnerability of Google Chrome and Microsoft Edge browsers’ CSS components allows attackers to trigger a service failure.
The vulnerability of Google Chrome and Microsoft Edge browsers’ CSS components is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to cause service interruptions through a specially created HTML page...
The vulnerability of the LDAP Server component of the FortiSandbox threat detection and mitigation system allows a perpetrator to execute arbitrary code.
The vulnerability of the LDAP Server component of the FortiSandbox threat detection and mitigation system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted reques...
The vulnerability of the FortiMail email protection system, the FortiVoice corporate telephony software, and the FortiRecorder video surveillance device arises from the lack of encryption measures for protected data. This allows unauthorized individuals to gain unauthorized access to protected information.
The vulnerabilities of the FortiMail email protection system, the FortiVoice corporate telephony software, and the FortiRecorder video surveillance device are related to the lack of encryption measures for protected data. Exploiting these vulnerabilities can allow attackers to gain unauthorized...
The vulnerability of Fortinet FortiWeb network firewalls, related to buffer overflow in the stack, allows attackers to bypass the stack and ASLR protections and execute arbitrary code.
The vulnerability of Fortinet FortiWeb web applications’ network firewalls is related to buffer overflows in the stack. Exploiting this vulnerability allows a malicious actor to bypass the stack and ASLR protections and execute arbitrary code using specially crafted HTTP requests...
The vulnerability of software platforms for developing and managing online stores like Magento Open Source, Adobe Commerce, and Adobe Commerce B2B lies in their lack of authentication mechanisms, which allow attackers to circumvent security restrictions.
The vulnerabilities of the software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B are related to deficiencies in authentication mechanisms. Exploiting these vulnerabilities can allow attackers to bypass security restriction...
The vulnerability of software platforms for developing and managing online stores like Magento Open Source, Adobe Commerce, and Adobe Commerce B2B lies in their lack of authentication mechanisms, which allow attackers to circumvent security restrictions.
The vulnerabilities of the software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B are related to deficiencies in authentication mechanisms. Exploiting these vulnerabilities can allow attackers to bypass security restriction...
The vulnerability of software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B lies in insufficient validation of requests at the server side. This allows attackers to circumvent security restrictions.
The vulnerability of software platforms for developing and managing online stores like Magento Open Source, Adobe Commerce, and Adobe Commerce B2B is related to insufficient validation of requests at the server side. Exploiting this vulnerability can allow a malicious actor to bypass security...
The vulnerability of the jbd2_journal_dirtymetadata() function in the fs/jbd2/transaction.c file of the Linux kernel’s file system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the jbd2journaldirtymetadata function in the fs/jbd2/transaction.c module of the Linux kernel file system is related to the copying of buffers without checking the size of the input data a classic buffer overflow attack. Exploiting this vulnerability could allow an attacker t...
The vulnerability of the power_pmu_disable() function in the arch/powerpc/perf/core-book3s.c module of the PowerPC platform allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the powerpmudisable function in the arch/powerpc/perf/core-book3s.c module of the PowerPC platform supporting Linux operating systems is related to code errors. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibili...
The vulnerabilities of the functions rxe_qp_init_misc() and rxe_qp_init_req() in the driver module drivers/infiniband/sw/rxe/rxe_qp.c of the Linux operating system’s InfiniBand driver allow a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerabilities of the functions rxeqpinitmisc and rxeqpinitreq in the driver module drivers/infiniband/sw/rxe/rxeqp.c of the Linux operating system’s InfiniBand driver are related to improper initialization. Exploiting these vulnerabilities could allow an attacker to compromise the...
The vulnerability of the dx_probe() function in the fs/ext4/namei.c module of the Ext4 file system in the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the dxprobe function in the fs/ext4/namei.c module of the Ext4 file system in the Linux operating system is related to the lack of code to verify the return value of this function. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...
The vulnerability of the diUnmount() function in the fs/jfs/jfs_imap.c module of the Linux file system’s JFS kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the diUnmount function in the fs/jfs/jfsimap.c module of the Linux file system is related to the repeated release of previously released memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of protected...
The vulnerability in the adv7511_remove() function of the drivers/gpu/drm/bridge/adv7511/adv7511_drv.c driver for the Direct Rendering Infrastructure (DRI) kernel of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the adv7511remove function in the drivers/gpu/drm/bridge/adv7511/adv7511drv.c driver for the Direct Rendering Infrastructure DRI kernel of the Linux operating system is related to the assignment of pointers in a incorrect order after releasing a complex resource. Exploiting...
The vulnerabilities of the functions list_version_get_needed() and __list_versions() in the drivers/md/dm-ioctl.c file of the Linux operating system’s RAID and LVM device driver module allow a hacker to cause a service failure.
The vulnerability of the listversiongetneeded and listversions functions in the drivers/md/dm-ioctl.c driver for multiple device drivers RAID and LVM in the Linux kernel is related to the distribution of resources without any restrictions or regulation. Exploiting this vulnerability could allow a...
The vulnerability of the mwifiexhandle_uap_rx_forward() function in the drivers/net/wireless/marvell/mwifiex/uap_txrx.c file of the Marvell wireless adapter driver for the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the mwifiexhandleuaprxforward function in the drivers/net/wireless/marvell/mwifiex/uaptxrx.c file of the Marvell wireless adapter driver in the Linux operating system kernel is related to the use of pointers. Exploiting this vulnerability could allow an attacker to cause a...
The vulnerabilities of the functions ublk CancelCmd() and ublk_uringCmdCancelFn() in the drivers/block/ublk_drv.c module of the Linux kernel’s block devices driver allow attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the functions ublk CancelCmd and ublkuringCmdCancelFn in the drivers/block/ublkdrv.c module of the Linux kernel’s block devices driver is related to improper disabling or release of resources. Exploiting this vulnerability could allow an attacker to compromise the...
The vulnerability of the Intel Trust Domain Extensions (TDX) microprogramming software for Intel processors allows attackers to enhance their privileges.
The vulnerability of the Intel Trust Domain Extensions TDX microprogramming software for Intel processors is related to synchronization errors when using common resources. Exploiting this vulnerability can allow attackers to increase their privileges...
The vulnerability of Intel Trust Domain Extensions (TDX) microprogramming software for Intel processors allows a perpetrator to gain unauthorized access to confidential information.
The vulnerability of Intel Trust Domain Extensions TDX microprogramming software for Intel processors lies in the ability to read data beyond the allowed range in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to confidential information...
The vulnerability of the PowerVR graphics driver in Google Chrome and Microsoft Edge browsers allows a hacker to induce a service failure.
The vulnerability of the PowerVR graphics driver in Google Chrome and Microsoft Edge is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to cause a service failure through a specially created HTML page...
The vulnerability of the Navigation function in Google Chrome and Microsoft Edge browsers allows attackers to bypass the sandboxing protection mechanisms.
The vulnerability of the Navigation function in Google Chrome and Microsoft Edge is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to bypass the sandboxing protection mechanisms...
The vulnerability of the software for centralized device management of Fortinet’s FortiManager and FortiManager Cloud, as well as the security event monitoring and analysis tools Fortinet’s FortiAnalyzer and FortiAnalyzer Cloud, stems from the use of uncontrolled format strings, allowing a perpetrator to execute arbitrary code.
The vulnerability of the software tools for centralized device management of Fortinet’s FortiManager and FortiManager Cloud, as well as the security event monitoring and analysis tools Fortinet’s FortiAnalyzer and FortiAnalyzer Cloud, is related to the use of uncontrolled format strings. Exploiti...
The vulnerability of the microprogramming software for Fortinet FortiSwitchAXFixed, related to deficiencies in access control, allows a intruder to execute arbitrary system commands.
The vulnerability of Fortinet FortiSwitchAXFixed microprogramming software is related to deficiencies in access control. Exploiting this vulnerability allows an attacker to execute arbitrary system commands using a specially created SSH configuration file...
The vulnerability of Fortinet FortiWeb network firewalls lies in insufficient control over the frequency of interactions between devices. This allows attackers to circumvent the limit on the number of authentication attempts.
The vulnerability of Fortinet FortiWeb network firewalls is related to insufficient control over the frequency of interactions. Exploiting this vulnerability allows a malicious actor to circumvent the limit on the number of authentication attempts through specially crafted requests...
The vulnerability of software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B lies in insufficient validation of requests on the server side. This allows attackers to read arbitrary files.
The vulnerability of software platforms for developing and managing online stores like Magento Open Source, Adobe Commerce, and Adobe Commerce B2B is related to insufficient validation of requests at the server side. Exploiting this vulnerability allows a malicious actor to read arbitrary files...
The vulnerability of the CISA Thorium analytical platform lies in its failure to properly neutralize special elements in LDAP requests, allowing attackers to gain access and modify authentication data.
The vulnerability of the CISA Thorium analytical platform lies in the lack of measures to neutralize special elements in the LDAP request. Exploiting this vulnerability can allow a remote attacker to gain access and modify authentication data...
The vulnerability of the Google Chrome browser’s Media component, which allows a hacker to trigger a service failure.
The vulnerability of the Google Chrome browser’s Media component relates to reading beyond the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause a service failure through a specially created HTML page...
The vulnerability of the Fortinet FortiManager software, which is used for centralized device management, and the Fortinet FortiAnalyzer software, which is used for event monitoring and analysis, stems from errors in the certificate validation process. These errors allow attackers to gain unauthorized access to protected information and perform MITM (Man-In-The-Middle) attacks.
The vulnerability of the Fortinet FortiManager software, which is used for centralized device management, and the Fortinet FortiAnalyzer software, which is used for security event monitoring and analysis, is related to errors in the certificate validation process. Exploiting this vulnerability ca...
The vulnerability of software platforms for developing and managing online stores like Magento Open Source, Adobe Commerce, and Adobe Commerce B2B lies in the redirection of URLs to unreliable websites. This allows attackers to redirect users to arbitrary URL addresses.
The vulnerability of software platforms for developing and managing online stores like Magento Open Source, Adobe Commerce, and Adobe Commerce B2B relates to the redirection of URLs to unreliable websites. Exploiting this vulnerability allows a malicious actor to redirect users to arbitrary URL...
The vulnerability of software platforms for developing and managing online stores like Magento Open Source, Adobe Commerce, and Adobe Commerce B2B lies in their lack of authentication mechanisms, which allow attackers to circumvent security restrictions.
The vulnerabilities of the software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B are related to deficiencies in authentication mechanisms. Exploiting these vulnerabilities can allow attackers to bypass security restriction...
The vulnerability of software platforms for developing and managing online stores like Magento Open Source, Adobe Commerce, and Adobe Commerce B2B arises from incorrect pathname restrictions in the catalog system. This allows attackers to bypass security restrictions.
The vulnerability of software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B is related to incorrect path name restrictions. Exploiting this vulnerability can allow attackers to bypass security restrictions remotely...
The vulnerability of the Skia graphic library used by Google Chrome and Microsoft Edge browsers allows attackers to trigger a service failure.
The vulnerability of the Skia graphic library in Google Chrome and Microsoft Edge is related to a countable amount of value loss. Exploiting this vulnerability can allow an attacker to cause service interruptions through a specially created HTML page...
The vulnerability of Intel Trust Domain Extensions (TDX) microprogramming software for Intel processors allows a perpetrator to gain unauthorized access to confidential information.
The vulnerability of the Intel Trust Domain Extensions TDX microprogramming software for Intel processors is related to the implementation of incorrect control flow. Exploiting this vulnerability can allow an attacker to gain unauthorized access to confidential information...
The vulnerability of the WebAssembly module of Google Chrome and Microsoft Edge browsers allows a hacker to trigger a service failure.
The vulnerability of the WebAssembly module in Google Chrome and Microsoft Edge is related to access control deficiencies. Exploiting this vulnerability could allow a malicious actor to cause a service failure through a specially crafted HTML page...
The vulnerability of the Tint component in the Google Chrome browser allows a hacker to trigger a service failure.
The vulnerability of the Tint component in the Google Chrome browser is related to reading beyond the buffer in memory. Exploiting this vulnerability could allow a remote attacker to cause a service failure through a specially crafted HTML page...
The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers allows attackers to trigger a service failure.
The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers is related to lack of access control. Exploiting this vulnerability can allow a malicious actor to cause service interruptions through a specially crafted HTML page...
The vulnerability of the Fortinet FortiManager software, which is used for centralized device management, and the Fortinet FortiAnalyzer software, which is used for event monitoring and analysis, lies in their susceptibility to being bypassed by an alternative authentication method or channel. This allows attackers to circumvent the multi-factor authentication checks.
The vulnerability of the Fortinet FortiManager software, which is used for centralized device management, and the Fortinet FortiAnalyzer software, which is used for event monitoring and analysis, relates to bypassing authentication by using an alternative path or channel. Exploiting this...
The vulnerability of Fortinet FortiWeb web applications’ network firewalls, related to pointer swapping errors, allows attackers to trigger a service failure.
The vulnerability of Fortinet FortiWeb network firewalls in web applications is related to pointer arithmetic errors. Exploiting this vulnerability can allow an attacker to trigger a service failure through specially crafted HTTP requests...
The vulnerability of the Fortinet FortiSandbox Cloud threat detection and mitigation system lies in its inability to neutralize certain elements used in the operating system’s command chain. This allows attackers to execute arbitrary code.
The vulnerability of the Fortinet FortiSandbox Cloud threat detection and mitigation system lies in the lack of measures taken to neutralize special elements used in the operating system. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using specially created HTTP...
The vulnerability of software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B lies in their inadequate authentication procedures. This allows attackers to bypass existing security mechanisms and gain unauthorized access to protected information.
The vulnerabilities of the software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B are related to deficiencies in authentication procedures. Exploiting these vulnerabilities can allow attackers to bypass existing security...
The vulnerability of the analytical platform CISA Thorium, related to uncontrolled resource consumption, allows a hacker to cause a service failure.
The vulnerability of the CISA Thorium analytical platform, related to uncontrolled resource consumption. Exploiting this vulnerability can allow a remote attacker to cause service failures...
The vulnerability of the WebCodecs component in Google Chrome and Microsoft Edge browsers allows a hacker to induce a service failure.
The vulnerability of the WebCodecs component in Google Chrome and Microsoft Edge is related to buffer overflows in dynamic memory. Exploiting this vulnerability can allow an attacker to cause a service failure through a specially created HTML page...