The vulnerabilities of the components of the Oracle Java SE software platform, including Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition, allow attackers to gain unauthorized access to protected information and to modify, add, or delete data.

The vulnerabilities of the Oracle Java SE software platform’s components, as well as the Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines, are related to deficiencies in the authentication mechanism. Exploiting these vulnerabilities can allow an attacker to gain...

The vulnerability of the Monitor component of the IBM Maximo Application Suite, a platform for managing corporate assets based on artificial intelligence, allows a perpetrator to disclose protected information.

The vulnerability of the Monitor component of the IBM Maximo Application Suite, a platform for managing corporate assets based on artificial intelligence, is related to improper processing of output data from registration logs. Exploiting this vulnerability can allow an attacker to disclose...

The vulnerability of the Smart IP Ban module in the Drupal CMS system allows a violator to view and modify settings.

The vulnerability of the Smart IP Ban module in the Drupal CMS system is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows a malicious actor to remotely view and modify settings...

The vulnerability of the cloud integrated development environment (IDE) Atheos lies in the lack of file loading restrictions, which allows attackers to read, modify, or execute any files on the server.

The vulnerability of the cloud integrated development environment IDE Atheos relates to the absence of file loading restrictions. Exploiting this vulnerability allows a malicious actor to remotely read, modify, or execute any files on the server...

The vulnerability of the IBM Robotic Process Automation software lies in its use of the RSA algorithm without the OAEP algorithm. This allows a perpetrator to disclose the protected information.

The vulnerability of the IBM Robotic Process Automation software lies in the use of the RSA algorithm instead of the OAEP algorithm. Exploiting this vulnerability allows a remote attacker to disclose the protected information...

The vulnerability of Microsoft SharePoint Server and Microsoft SharePoint Enterprise Server packages lies in the lack of measures taken to protect the structure of web pages, allowing attackers to execute spear-phishing attacks.

The vulnerability of Microsoft SharePoint Server and Microsoft SharePoint Enterprise Server packages is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability can allow a malicious actor to perform a spear-phishing attack remotely...

The vulnerability of the InnoDB component of the MySQL Database Server management system, which allows a hacker to cause a service failure.

The vulnerability of the InnoDB component in the MySQL Database Management System is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor to cause downtime or service failures using the MySQL network protocol...

Vulnerability of the Monitor component of the IBM Maximo Application Suite, a cloud-based artificial intelligence-driven corporate asset management platform, allowing unauthorized access to protected information

The vulnerability of the Monitor component of the IBM Maximo Application Suite, a platform for managing corporate assets based on artificial intelligence, is related to insufficient protection of sensitive data in the source code. Exploiting this vulnerability could allow an attacker operating...

Vulnerability of the Monitor component of the IBM Maximo Application Suite, a cloud-based artificial intelligence-driven enterprise asset management platform. It is possible to execute arbitrary code and gain unauthorized access to protected information.

The vulnerability of the Monitor component in the IBM Maximo Application Suite for corporate asset management platform exists due to the lack of measures taken to neutralize special elements used in the operating system. Exploiting this vulnerability allows a malicious actor to execute arbitrary...

The vulnerability of the IBM Control Center’s process monitoring and control system, related to inconsistencies in responses to incoming requests, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the IBM Control Center’s process monitoring and control system lies in the inconsistency of responses to incoming requests. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

The vulnerability of the software for managing business processes in IBM Cognos Dashboards in Cloud Pak for Data lies in an uncontrolled element of the search process, allowing a perpetrator to increase their privileges.

The vulnerability of the IBM Cognos Dashboards management software in Cloud Pak for Data is related to an uncontrollable element in the search process. Exploiting this vulnerability could allow a malicious actor to increase their privileges...

The vulnerability of the Technology Foundation component of the Oracle Project Foundation software, a system for automating business operations in enterprises, allows a perpetrator to gain unauthorized access to the device.

The vulnerability of the Technology Foundation component of the Oracle Project Foundation software in the Oracle E-Business Suite relates to deficiencies in the authentication mechanism. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the...

The vulnerability of the Fortinet FortiManager software for centralized device management, as well as the FortiAnalyzer and FortiAnalyzer-BigData tools for security event monitoring and analysis, arises from incorrect restrictions on the path to the restricted-access directory. This allows an attacker to gain access to and read/write arbitrary files in the directory.

The vulnerability of the Fortinet FortiManager software for centralized device management, as well as the FortiAnalyzer and FortiAnalyzer-BigData security monitoring and analysis tools, is related to an incorrect limitation on the path name to the restricted access directory. Exploiting this...

The vulnerability of the IBM Control Center’s process monitoring and control system, related to the disclosure of information through the reading of directory files, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the IBM Control Center’s process monitoring and control system lies in the fact that it exposes information through the reading of files in the directory. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected...

The vulnerability of the NTLMv2 authentication protocol implemented in Windows operating systems allows a hacker to carry out a Pass-the-hash attack.

The vulnerability of the NTLMv2 authentication protocol for Windows operating systems is related to the disclosure of hashes due to improper external manipulation of the name or file. Exploiting this vulnerability can allow a remote attacker to execute a Pass-the-hash attack...

The vulnerability of the application programming interface of the Trellix Enterprise Security Manager (ESM) system, which allows a perpetrator to execute arbitrary commands.

The vulnerability of the application programming interface of the Trellix Enterprise Security Manager ESM system for monitoring, analyzing, and managing security threats is related to the failure to take measures to neutralize special elements used in the operating system’s command set. Exploitin...

The vulnerability of Microsoft Purview’s data management tool, related to insufficient validation of server-side requests, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Microsoft Purview data management tool is related to insufficient validation of requests on the server side. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...

The vulnerability of the nf_tables module of the netfilter component in Linux kernel allows a hacker to cause a service failure.

The vulnerability of the nftables module in the netfilter component of the Linux operating system’s kernel is related to the improper use of the allocated buffer after resuming from sleep mode. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the software for creating and managing graphical user interfaces for Rockwell Automation FactoryTalk View Machine Edition (ME) devices lies in the lack of authentication procedures. This allows attackers to escalate their privileges and execute arbitrary code.

The vulnerability of the software for creating and managing graphical user interfaces for Rockwell Automation FactoryTalk View Machine Edition industrial devices is related to deficiencies in the authentication process. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the Monster Menus module in the Drupal CMS system allows a hacker to execute arbitrary code.

The vulnerability of the Monster Menus module in the Drupal CMS system is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the Drupal Security Kit module in the Drupal CMS system allows attackers to trigger a service failure.

The vulnerability of the Drupal Security Kit CMS system’s module is related to access to resources through incompatible types. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures...

The vulnerability of the software for deploying and maintaining enterprise-level cloud systems based on IBM Cloud Pak System allows a perpetrator to expose protected information.

The vulnerability of software for deploying and maintaining enterprise-level cloud systems based on IBM Cloud Pak Systems is related to incorrect restrictions on path names in the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to disclose protected...

The vulnerability of Symantec’s Privileged Access Management tool, related to the manipulation of inter-site requests, allows a perpetrator to intercept user sessions.

The vulnerability of Symantec’s Privileged Access Management tool is related to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to intercept user sessions remotely...

The vulnerability of the IBM Automation Decision Services platform for modeling and managing business solutions lies in its ability to disclose information through browser caching. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the IBM Automation Decision Services platform for modeling and managing business solutions relates to the disclosure of information through browser caching. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

Vulnerability of the Server component: The MySQL Server database management system, which allows a hacker to cause service interruptions.

Vulnerability of the MySQL Server component: The MySQL Server component of the database management system involves unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor to cause downtime or service failures using the MySQL network protocol...

Vulnerability of the Monitor component of the IBM Maximo Application Suite, a cloud-based artificial intelligence-driven enterprise asset management platform. It is possible to execute arbitrary code and gain unauthorized access to protected information.

The vulnerability of the Monitor component of the IBM Maximo Application Suite, a platform for managing corporate assets based on artificial intelligence, is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows an attacker operating remotely t...

The vulnerability of Python virtualenv’s activation script scenario allows a hacker to execute arbitrary commands.

The vulnerability of Python virtualenv activation scripts is related to the failure to take measures to neutralize special elements used in the operating system’s command line. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of Android operating systems, related to insufficient validation of input data, allows attackers to escalate their privileges.

The vulnerability of Android operating systems is related to insufficient checking of input data. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the Framework component in Android operating systems allows a hacker to trigger a service failure.

The vulnerability of the Framework component in Android operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures...

The vulnerability of the Framework component in Android operating systems, which allows a hacker to increase their privileges

The vulnerability of the Framework component in Android operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the Framework component in Android operating systems, which allows a hacker to increase their privileges

The vulnerability of the Framework component in Android operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the Wazuh intrusion detection and prevention agent, related to access control errors, allows intruders to increase their privileges.

The vulnerability of the Wazuh intrusion detection and prevention agent is related to access control errors. Exploiting this vulnerability can allow attackers to enhance their privileges by placing a specially crafted DLL file in the directory where the installed software resides...

The vulnerability of the driver for the camera sensor module (drivers/cam_sensor_module/cam_eeprom/cam_eeprom_core.c) in Qualcomm’s embedded software allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the camera sensor driver drivers/camsensormodule/cameeprom/cameepromcore.c in Qualcomm’s embedded software is related to synchronization errors when using shared resources “Race Situation”. Exploiting this vulnerability can allow attackers to compromise the confidentiality,...

The vulnerability of the SetCmdlineRun function (/goform/SetCmdlineRun) in the Tenda A18 router microprogramming system allows a attacker to cause a service failure.

The vulnerability of the SetCmdlineRun function /goform/SetCmdlineRun in the Tenda A18 router microprogramming system is related to buffer overflow in the stack. Exploiting this vulnerability could allow a malicious actor to trigger a service failure by sending a specially crafted POST request wi...

The vulnerability of the FactoryTalk AssetCentre software, a centralized asset management system, lies in the insufficient protection of registration data, which allows attackers to disclose sensitive information.

The vulnerability of the FactoryTalk AssetCentre software for centralized asset management lies in the insufficient protection of registration data. Exploiting this vulnerability could allow attackers to disclose sensitive information that is protected by security measures...

The vulnerability of Android operating systems, related to insufficient validation of input data, allows attackers to escalate their privileges.

The vulnerability of Android operating systems is related to insufficient checking of input data. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of Android operating systems, related to insufficient validation of input data, allows attackers to escalate their privileges.

The vulnerability of Android operating systems is related to insufficient checking of input data. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the Framework component in Android operating systems, which allows a hacker to increase their privileges

The vulnerability of the Framework component in Android operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the FactoryTalk AssetCentre software, a centralized asset management system, is related to insufficiently secure data encryption. This allows attackers to disclose sensitive information that should be protected.

The vulnerability of the FactoryTalk AssetCentre software for centralized asset management is related to insufficiently secure data encryption. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose the protected information...

The vulnerability of the hab_ioctl() function in Qualcomm’s embedded software allows a hacker to disclose protected information.

The vulnerability of the habioctl function in Qualcomm’s embedded software lies in the fact that the operation results are written outside of the buffer in memory. Exploiting this vulnerability can allow an attacker to disclose sensitive information that is protected by security measures...

The vulnerability of the CassandraNetworkAuthorizer and CassandraCIDRAuthorizer components of the distributed Apache Cassandra database management system allows attackers to enhance their privileges.

The vulnerability of the CassandraNetworkAuthorizer and CassandraCIDRAuthorizer components of the distributed Apache Cassandra database management system is related to deficiencies in the authentication mechanism. Exploiting this vulnerability could allow a malicious actor to enhance their...

The vulnerability of the mm/mremap.c module in Android operating systems allows attackers to increase their privileges.

The vulnerability of the mm/mremap.c module in Android operating systems is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow attackers to gain increased privileges...

The vulnerability of Android operating systems, related to insufficient validation of input data, allows attackers to escalate their privileges.

The vulnerability of Android operating systems is related to insufficient checking of input data. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the Framework component in Android operating systems, which allows a hacker to disclose protected information

The vulnerability of the Framework component in Android operating systems is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow attackers to disclose confidential information...

The vulnerability of the web service for transmitting information through temporary links, Password Pusher, is related to an incorrect session timeout restriction, allowing attackers to gain unauthorized access to the system.

The vulnerability of the web service for transmitting information through temporary links, Password Pusher, is related to incorrect time-out restrictions on sessions. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to the system using o...

The vulnerability of Android operating systems, related to insufficient protection of sensitive data, allows attackers to disclose confidential information.

The vulnerability of Android operating systems is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow attackers to disclose protected information...

The vulnerability of the EventLogAttachmentExtractor, ArchiveExtractor, LogCleanUp, or ArchiveLogCleanUp packages of the FactoryTalk AssetCentre software solution allows a perpetrator to disclose protected information.

The vulnerability of the EventLogAttachmentExtractor, ArchiveExtractor, LogCleanUp, or ArchiveLogCleanUp packages of the FactoryTalk AssetCentre centralized asset management software is related to insufficient protection of registration data. Exploiting this vulnerability could allow an attacker ...

The vulnerability of the ocfs2_aborttrigger() function in the fs/ocfs2/journal.c module of the ocfs2 component in the Linux operating system allows a attacker to trigger a service failure.

The vulnerability of the ocfs2aborttrigger function in the fs/ocfs2/journal.c module of the ocfs2 component in the Linux operating system is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to trigger a service failure...

The vulnerability of the Framework component in Android operating systems, which allows a hacker to increase their privileges

The vulnerability of the Framework component in Android operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability lies in the implementation of the WebSocket protocol used by the software testing tool Vitest, which allows a hacker to execute arbitrary code.

The vulnerability of the WebSocket protocol implementation in the software testing tool Vitest is related to the lack of authentication for the communication source. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted file...