90604 matches found
The vulnerability of Trend Micro Worry-Free Business Security and Worry-Free Business Security Services lies in its uncontrolled search path, which allows attackers to execute arbitrary code.
The vulnerability of Trend Micro Worry-Free Business Security and Worry-Free Business Security Services lies in its uncontrolled search path. Exploiting this vulnerability allows an attacker to execute arbitrary code...
The vulnerability of the j1939_xtp_rx_rts_sessionactive() function in the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the j1939xtprxrtssessionactive function in the operating system is related to errors during the update of the link counter. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the Linux operating system’s kernel component “perf” allows attackers to compromise the integrity and accessibility of protected information.
The vulnerability of the Linux operating system’s kernel component “perf” is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to compromise the integrity and accessibility of protected information...
The vulnerability of the dmaengine kernel component in the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the dmaengine kernel component of the operating system is related to memory release errors. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of Adminer’s database management software lies in insufficient validation of queries on the server side, allowing attackers to execute SSRF attacks.
The vulnerability of Adminer’s database management software is related to insufficient testing of queries on the server side. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...
The vulnerability of the keycloak-services component of the Keycloak identity and access management software allows a perpetrator to elevate their privileges.
The vulnerability of the keycloak-services component of the identity and access management software relates to improper handling of logical operations. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...
The vulnerability of the metadata.checkType() function in the framework for software update security protection in the go-tuf framework allows a attacker to trigger a service failure.
The vulnerability of the metadata.checkType function in the framework for software update security protection in the go-tuf framework is related to the return of invalid JSON metadata. Exploiting this vulnerability could allow an attacker to cause service failure...
Vulnerability of the VerifyDelegate() function in the metadata framework used for software update security in the go-tuf framework. This allows attackers to gain access to and modify data.
The vulnerability of the VerifyDelegate function in the software update security framework for systems managed by Go-TUF is related to errors in verifying the cryptographic signature due to incorrect validation of the set threshold value. Exploiting this vulnerability could allow an attacker to...
The vulnerability of the browser’s Background Fetch API programming interface in Google Chrome allows attackers to disclose protected information.
The vulnerability of the Google Chrome browser’s Background Fetch API programming interface is related to errors in the implementation of security checks for standard elements. Exploiting this vulnerability allows a remote attacker to disclose sensitive information through a specially created HTM...
The vulnerability of the configuration data backup mechanism of the zVirt virtualization platform allows a intruder to gain unauthorized access to the configuration data.
The vulnerability of the configuration data storage mechanism of the zVirt virtualization platform is related to insufficient validation of requests on the server side. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to configuration data...
The vulnerability of the Privacy component: The Anti-Tracking feature of the Mozilla Firefox browser, which allows the intruder to compromise the integrity of the protected information.
The vulnerability of the Privacy component in the Mozilla Firefox browser’s Anti-Tracking feature is related to a violation of data protection mechanisms. Exploiting this vulnerability allows an attacker to potentially compromise the integrity of the protected information...
The vulnerability of the readGGUFV1String() function in the Ollama system for running and managing large language models allows a attacker to trigger a service failure.
The vulnerability of the readGGUFV1String function in the Ollama system, which is used for running and managing large language models LLMs, is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the Git-based software platform for collaborative code development on GitLab CE/EE, related to deficiencies in the authentication process, allows a violator to trigger a service failure.
The vulnerability of the Git-based software platform for collaborative code development on GitLab CE/EE is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
The vulnerability of the D-Link D-View software platform for comprehensive network management lies in its lack of measures to neutralize specific elements, allowing attackers to execute arbitrary commands.
The vulnerability of the D-Link D-View software platform for comprehensive network management is related to an uncontrolled element in the search process. Exploiting this vulnerability could allow a hacker to execute arbitrary commands...
The vulnerability of the File Name Handler component in Comodo Internet Security Premium antivirus software allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the File Name Handler component in Comodo Internet Security Premium antivirus software exists due to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability can allow a malicious actor to compromise the confidentiality, integrity, and...
The vulnerability of the D-Link D-View software platform, related to bypassing authentication using a user-controlled key, allows a intruder to gain full control over the account and system.
The vulnerability of the D-Link D-View software platform relates to the bypassing of authentication using a key controlled by the user. Exploiting this vulnerability allows an attacker, operating remotely, to gain full control over the account and the system...
The vulnerability of the software platform’s configuration based on Git for collaborative code development on GitLab allows a hacker to disclose protected information from security reports.
The vulnerability of Git-based software platform configurations for collaborative code development on GitLab is related to security mechanism errors. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose protected information from security reports under certai...
The vulnerability of the Integration Broker component in the Oracle PeopleSoft Enterprise PeopleTools business application suite allows a hacker to gain access to read, modify, or delete data.
The vulnerability of the Integration Broker component in the Oracle PeopleSoft Enterprise PeopleTools business application suite is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain read, modify, or delete access to data...
The vulnerability of the Product Quality Management component of the Oracle Agile Product Lifecycle Management for Process application allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Product Quality Management component of the Oracle Agile Product Lifecycle Management for Process application is related to insufficient validation of input data. Exploiting this vulnerability may allow an attacker operating remotely to gain unauthorized access to protect...
The vulnerability of the SQLcl component of the Oracle Database Server database management system allows a hacker to gain full control over the application.
The vulnerability of the SQLcl component of the Oracle Database Server database management system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain full control over the application...
The vulnerability of the Brookstrut Sample App component allows unauthorized access for reading, updating, inserting, or deleting data, enabling attackers to gain unauthorized control over the data using APEX Sample Applications.
The vulnerability of the Brookstrut Sample App, a sample application for demonstrating functions using APEX Sample Applications test data, is related to insufficient testing of input data. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to read,...
The vulnerability of the Zimbra Collaboration Suite’s email management system, related to the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks.
The vulnerability of the Zimbra Collaboration Suite email management system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...
The vulnerability of Reolink WiFi IP cameras’ microprogramming software lies in the insecure storage of confidential information, allowing intruders to execute arbitrary commands.
The vulnerability of Reolink WiFi IP cameras’ microprogramming software is related to the insecure storage of confidential information. Exploiting this vulnerability could allow a intruder to execute arbitrary commands...
The vulnerability of the Jose4j JWT library, related to improper protection of security tokens, allows a attacker to trigger a service failure.
The vulnerability of the Jose4j JWT library is related to improper protection of security tokens. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service failures...
The vulnerability of the qemu-img utility of the Ironic Python Agent, which enables unauthorized access to protected information between the Ironic system and the physical hardware.
The vulnerability of the qemu-img utility of the Ironic Python Agent IPA relates to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the system for managing internal services and automating business processes allows a perpetrator to gain access to the user account.
The vulnerability of the system for managing internal services and automating business processes is related to the lack of a password recovery mechanism. Exploiting this vulnerability could allow an attacker operating remotely to gain access to the user account...
The vulnerability of the path.join() function in the npm package manager allows a malicious actor to gain unauthorized access to protected information and enhance their privileges.
The vulnerability of the path.join function in the npm package manager is related to an incorrect restriction on the path to the restricted directory when processing the directories.bin field. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected...
The vulnerability in the web interface for managing Tenda W30E micro-programming software allows a attacker to perform cross-site scripting (XSS) attacks.
The vulnerability in the web interface for managing Tenda W30E micro-programming software is related to the lack of mechanisms for encoding or shielding output data during the processing of headers. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks XSS...
Vulnerability in the web interface for managing microprogrammed wireless router Tenda F3, which allows a hacker to intercept user sessions
The vulnerability in the web-based interface for managing microprogrammed wireless routers Tenda F3 is related to improper session management. Exploiting this vulnerability can allow an attacker to intercept a user’s session...
The vulnerability of the JSP application component in a corporate security solution for the TeleMessage TM SGNL messaging service allows attackers to compromise the confidentiality of the protected information.
The vulnerability of the JSP application component in a corporate security solution for message exchange via TeleMessage TM SGNL is related to the disclosure of kernel dump files in an unauthorized controlled area. Exploiting this vulnerability could allow attackers to compromise the...
The vulnerability of the unserialize() function in the Laravel Reverb WebSocket server allows a hacker to execute arbitrary code.
The vulnerability of the unserialize function in the Laravel Reverb WebSocket server is related to defects in the deserialization mechanism. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
Vulnerability of the web interface for managing microprogramming software in Tenda F3 routers, which allows a hacker to disclose protected information
The vulnerability of the web interface for managing microprogrammed wireless routers Tenda F3 relates to the transmission of account data in an unencrypted form. Exploiting this vulnerability allows a malicious actor to disclose protected information by sending specially crafted packets...
The vulnerability of the mlx5e_netdev_change_profile() function in the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the mlx5enetdevchangeprofile function in the Linux operating system is related to a pointer swapping error. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerabilities in the modules arch/x86/kvm/x86.c and arch/x86/kernel/fpu/core.c of the Linux operating system’s kernel allow a hacker to cause a service failure.
The vulnerability in the arch/x86/kvm/x86.c module and arch/x86/kernel/fpu/core.c modules of the Linux operating system is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerabilities of the functions rt6_uncached_list_del() and rt_del_uncached_list() in the Linux operating system allow a hacker to cause a service failure.
The vulnerability of the rt6uncachedlistdel and rtdeluncachedlist functions in the Linux operating system is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability lies in the scripts for fetching/binary-fetcher/src/index.ts and resolving/resolver-base/src/index.ts of the package manager pnpm, allowing a hacker to write arbitrary files.
The vulnerability in the fetch/binary-fetcher/src/index.ts and resolve/resolver-base/src/index.ts scripts of the package manager pnpm is related to an incorrect path name limitation. Exploiting this vulnerability could allow a remote attacker to write arbitrary files...
The vulnerability of the npm package manager lies in the incorrect path name restrictions, which allow attackers to write arbitrary files.
The vulnerability of the npm package manager is related to incorrect restrictions on path names in the catalog. Exploiting this vulnerability allows a remote attacker to write arbitrary files...
The vulnerability of the jabsorb library of the AjaxProxy service in the SolarWinds IT-infrastructure management software’s Web Help Desk allows a hacker to execute arbitrary code.
The vulnerability of the jabsorb library in the AjaxProxy service of the SolarWinds IT-infrastructure management software’s Web Help Desk is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow an attacker to execute arbitrary code by sending a...
Vulnerability of the Layout component: Scrolling and overflow in the Mozilla Firefox browser, allowing the attacker to execute arbitrary code.
The vulnerability of the Layout component: Scrolling and overflow in the Mozilla Firefox browser are related to the use of memory after it is released. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the subtitles field in the virtual learning environment Moodle allows a hacker to perform cross-site scripting attacks.
The vulnerability of the subtitles field in the virtual learning environment Moodle is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks XSS remotely...
The vulnerability of the PostgreSQL phpPgAdmin administration tool, an administration tool for databases, arises from the failure to take measures to neutralize special elements. This vulnerability allows attackers to execute arbitrary commands.
The vulnerability of the phpPgAdmin web administration tool for PostgreSQL is related to the failure to take measures to neutralize special elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...
The vulnerabilities of the Company Dir/Org Chart Viewer, Employee Snapshot platform for human resource management in PeopleSoft Enterprise HCM Human Resources, allow attackers to gain access to read, modify, or delete data.
The vulnerability of the Company Dir/Org Chart Viewer, Employee Snapshot component of the PeopleSoft Enterprise HCM Human Resources platform is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to gain read, modify, or delete access to data...
The vulnerability of the portValidate method in the IpOrPortController class of the IT infrastructure and cybersecurity management system Sangfor Operation and Maintenance Security Management System (OSM) allows a attacker to execute arbitrary commands.
The vulnerability of the portValidate method in the IpOrPortController class of the IT infrastructure and cybersecurity management system, Sangfor Operation and Maintenance Security Management System OSM, is related to the failure to take measures to neutralize special elements during the...
The vulnerability of the getInformation method in the FortEquipmentNodeController class of the IT-infrastructure and cybersecurity management system Sangfor Operation and Maintenance Security Management System (OSM) allows a attacker to execute arbitrary commands.
The vulnerability of the getInformation method in the FortEquipmentNodeController class of the IT-infrastructure and cybersecurity management system Sangfor Operation and Maintenance Security Management System OSM is related to the lack of measures taken to neutralize special elements during the...
Vulnerability of the Server component: The Optimizer component of the Oracle MySQL Server database management system, which allows a hacker to cause a service failure.
The vulnerability of the Oracle MySQL Server component of the database management system’s optimizer is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions...
The vulnerability of the Server Infrastructure component of the Oracle Siebel CRM system’s customer relationship management system allows a perpetrator to gain unauthorized access to read, update, insert, or delete data.
The vulnerability of the Server Infrastructure component of the Oracle Siebel CRM system for managing customer relationships is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions...
The vulnerability of the TDDP module in TP-Link Archer C20 and Archer AX53 software allows a hacker to execute arbitrary commands.
The vulnerability of the TDDP module in TP-Link Archer C20 and Archer AX53 router software lies in its ability to bypass authentication through spoofing. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the Epson Web Installer software, a microprogramming-based solution for Epson printers and scanners, stems from the lack of authentication for a critical function. This allows attackers to trigger a service failure.
The vulnerability of the Epson Web Installer software for Epson printers and scanners is related to the absence of authentication for a critical function. Exploiting this vulnerability can allow attackers to cause malfunctions in the system...
The vulnerability of the information system openSIS, related to the failure to protect the SQL query structure, allows a perpetrator to execute arbitrary SQL queries.
The vulnerability of the information system openSIS is related to the failure to implement measures to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries remotely...
The vulnerability of the Linux operating system’s kernel, which allows a hacker to trigger a service failure
The vulnerability of the Linux operating system’s kernel is related to insufficient resource control during its existence. Exploiting this vulnerability can allow an attacker to cause a service failure...