74701 matches found
The vulnerability of the Framework component in Android operating systems, which allows a hacker to increase their privileges
The vulnerability of the Framework component in Android operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the uvc_parse_format() function in the drivers/media/usb/uvc/uvc_driver.c file of the Linux operating system’s UVC driver kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the uvcparseformat function in the drivers/media/usb/uvc/uvcdriver.c file, a part of the Linux kernel’s USB Video Class UVC driver, relates to memory access beyond the allocated buffer. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...
The vulnerability of the Framework component in Android operating systems, which allows a hacker to increase their privileges
The vulnerability of the Framework component in Android operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerabilities in the modules msm/eva/msm_cvp_buf.c and msm/eva/msm_cvp.c of the embedded chips from Qualcomm allow a hacker to cause a service failure.
The vulnerability of the msm/eva/msmcvpbuf.c and msm/eva/msmcvp.c modules in Qualcomm’s embedded software is related to insufficient checking of input data. Exploiting this vulnerability can allow an attacker to cause malfunctions in the device...
The vulnerability of the JMX distributed database system management interface of Apache Cassandra allows a attacker to execute a “man-in-the-middle” attack.
The vulnerability of the JMX distributed database management system interface of Apache Cassandra is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow an attacker to execute a “man-in-the-middle” type attack...
The vulnerability of the CLI command-line interface of the Fortinet FortiManager device management software, as well as the FortiAnalyzer security event monitoring and analysis tools, allows attackers to exploit their privileges.
The vulnerability of the CLI command-line interface of the Fortinet FortiManager device management software, as well as the FortiAnalyzer security event monitoring and analysis tools, is related to buffer overflow in dynamic memory. Exploiting this vulnerability can allow an attacker to gain...
Vulnerability of the SourceCodester Phone Contact Manager system: This vulnerability is related to the execution of operations beyond the buffer in memory, allowing an attacker to execute arbitrary code.
The vulnerability of the SourceCodester Phone Contact Manager System lies in the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
The vulnerability of the Apache Hive database, related to the improper assignment of permissions for critical resources, allows attackers to gain unauthorized access to protected information.
The vulnerability of the Apache Hive database is related to the improper assignment of permissions for the critical resource. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of the Diff module in the Drupal system, related to incorrect authentication procedures, allows attackers to access confidential information.
The vulnerability of the Diff module in the Drupal system is related to incorrect authentication procedures. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to confidential information...
The vulnerability of the TemplateHandler component in the \src\main\java\com\cms\controller\admin\TemplateController.java file of the Jfinal CMS content management system allows a hacker to execute arbitrary code.
The vulnerability of the TemplateHandler component in the \src\main\java\com\cms\controller\admin\TemplateController.java file of the Jfinal CMS content management system is related to improper code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...
The vulnerability of the Freelinking module in Drupal CMS systems, related to improper authentication, allows attackers to expose protected information and execute a Forceful Browsing attack.
The vulnerability of the Freelinking module in the Drupal CMS system is related to improper authentication. Exploiting this vulnerability allows a malicious actor to disclose protected information and execute a Forceful Browsing attack...
The vulnerability of the Advanced Varnish CMS system’s Drupal module, related to insufficient protection of operational data, allows attackers to bypass security restrictions and execute a Forceful Browsing attack.
The vulnerability of the Advanced Varnish CMS system, Drupal, is related to insufficient protection of operational data. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and execute a Forceful Browsing attack...
The vulnerability of the Content Entity Clone module in the Drupal CMS system, related to improper authentication, allows attackers to disclose protected information and execute a Forceful Browsing attack.
The vulnerability of the Content Entity Clone module in the Drupal CMS system is related to improper authentication. Exploiting this vulnerability can allow a malicious actor to disclose protected information and execute a Forceful Browsing attack...
The vulnerabilities of the unzip() and untar() functions in the Deep Java Library (DJL) allow a hacker to write arbitrary files.
The vulnerability of the unzip and untar functions in the Deep Java Library DJL is related to improper external handling of file names or paths. Exploiting this vulnerability allows a malicious actor to write any files they desire remotely...
The vulnerability of software for creating music or podcasts in Apple GarageBand on MacOS arises from the operation of operations beyond the buffer in memory, allowing an attacker to execute arbitrary code.
The vulnerability of the software for creating music or podcasts in Apple GarageBand on MacOS lies in the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the ogs_dbi_auth_info() function (lib/dbi/subscription.c), which is used for creating and managing the NR/LTE Open5GS mobile network, allows a perpetrator to cause a service failure.
The vulnerability of the ogsdbiauthinfo function lib/dbi/subscription.c, which is used for creating and managing the NR/LTE Open5GS mobile network, is related to the unlimited distribution of resources. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...
The vulnerability of the microprogrammed software of medical monitoring devices such as CMS8000 Patient Monitor and Epsimed MN-120 arises from the fact that the output of operations may escape the buffer in memory. This allows an intruder to gain unauthorized access to protected information, execute arbitrary codes, or gain full control over the device.
The vulnerability of the microprogrammed software of the CMS8000 Patient Monitor and Epsimed MN-120 medical devices related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protecte...
The vulnerability of the setVpnAccountCfg() function (/web/cgi-bin/cstecgi.cgi) in the TOTOLINK X5000R router’s microprogramming software allows a attacker to execute arbitrary commands.
The vulnerability of the setVpnAccountCfg function /web/cgi-bin/cstecgi.cgi of the TOTOLINK X5000R router’s microprogramming software is related to the failure to take measures to neutralize special elements used in the operating system’s command processing when handling the desc parameter...
The vulnerability of the setVpnAccountCfg() function (/web/cgi-bin/cstecgi.cgi) in the TOTOLINK X5000R router’s microprogramming software allows a attacker to execute arbitrary commands.
The vulnerability of the setVpnAccountCfg function /web/cgi-bin/cstecgi.cgi of the TOTOLINK X5000R router’s microprogramming software is related to the failure to eliminate special elements used in the operating system’s command when processing the user parameter. Exploiting this vulnerability...
The vulnerability of the setVpnAccountCfg() function (located in web/cgi-bin/cstecgi.cgi) in the TOTOLINK X5000R router’s microprogramming software allows a malicious actor to execute arbitrary commands.
The vulnerability of the setVpnAccountCfg function located at web/cgi-bin/cstecgi.cgi in the TOTOLINK X5000R router’s microprogramming software is related to the failure to eliminate special elements used in the operating system’s command processing when handling the pass parameter. Exploiting th...
The vulnerability of the Craft CMS content management system lies in the improper restriction on the path to the restricted catalog. This allows a hacker to execute arbitrary code or perform Server Side Template Injection (SSTI) attacks.
The vulnerability of the Craft CMS content management system is related to incorrect restrictions on the path to the restricted catalog. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or perform Server Side Template Injection SSTI attacks...
The vulnerability of the Livewire PHP framework for Laravel allows attackers to execute arbitrary code.
The vulnerability of the Livewire PHP framework for Laravel is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
The vulnerability of Moxa’s Ethernet switch microprogramming software lies in the fact that the operation output goes beyond the buffer in memory, allowing a hacker to trigger a service failure.
The vulnerability of Moxa’s Ethernet switch microprogramming software lies in the fact that the operation output escapes the buffer boundaries and enters memory. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of microprogrammed medical device monitoring systems, such as the CMS8000 Patient Monitor and Epsimed MN-120, related to the incorrect provision of information to unauthorized individuals, allows a intruder to gain unauthorized access to protected information and carry out a “man-in-the-middle” type attack.
The vulnerability of the microprogrammed software used in medical devices for monitoring patient status, such as the CMS8000 Patient Monitor and Epsimed MN-120, stems from the unauthorized provision of information to individuals who are not authorized. This occurs due to the use of a rigidly code...
Vulnerability of the SourceCodester Phone Contact Manager system, which is related to insufficient validation of input data, allowing attackers to execute arbitrary code.
The vulnerability of the SourceCodester Phone Contact Manager System is related to insufficient validation of entered data. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
Vulnerability of the SourceCodester Phone Contact Manager system, which is related to insufficient validation of input data, allowing attackers to execute arbitrary code.
The vulnerability of the SourceCodester Phone Contact Manager System is related to insufficient validation of entered data. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
The vulnerability of the Craft CMS content management system lies in the improper restriction on the path to the restricted catalog. This allows a hacker to execute arbitrary code or perform Server Side Template Injection (SSTI) attacks.
The vulnerability of the Craft CMS content management system is related to incorrect restrictions on the path to the restricted catalog. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or perform Server Side Template Injection attacks...
The vulnerability of the AppleMobileFileIntegrity component in the MacOS operating system allows a perpetrator to gain access to read and modify data.
The vulnerability of the AppleMobileFileIntegrity component in MacOS operating systems is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain access to read and modify data...
The vulnerability of the YETI platform for collecting and analyzing data on cyber threats lies in the insufficient verification of input data. This allows a malicious actor to execute arbitrary code or carry out Server Side Template Injection (SSTI) attacks.
The vulnerability of the YETI platform for collecting and analyzing data on cyber threats is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or carry out Server Side Template Injection SSTI attacks...
The vulnerability of the microprogrammed software of the CMS8000 Patient Monitor and Epsimed MN-120 medical devices lies in the fact that they send requests to a rigidly encoded external IP address. This allows attackers to circumvent security restrictions and upload or re-upload files onto the devices.
The vulnerability of the microprogrammed software in medical monitoring devices such as CMS8000 Patient Monitor and Epsimed MN-120 lies in the fact that requests are sent to a rigidly encoded external IP address. Exploiting this vulnerability allows an attacker to bypass security restrictions and...
The vulnerability of the xsk_map_delete_elem function in the Linux operating system’s kernel allows a hacker to cause a service failure.
The vulnerability of the xskmapdeleteelem function in the Linux operating system is related to memory writing beyond the allocated buffer. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the /admin/tag/save file in the Jfinal CMS system allows a attacker to perform a CSRF attack.
The vulnerability of the /admin/tag/save file in the Jfinal CMS system is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to perform a CSRF attack remotely...
The vulnerability of the Launch Services interface for operating systems such as MacOS, iOS, iPadOS, watchOS, and visionOS allows attackers to gain unauthorized access to protected information.
The vulnerability of the Launch Services interface for operating systems such as MacOS, iOS, iPadOS, watchOS, and visionOS is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...
The vulnerability of the Launch Services interface for macOS operating systems allows attackers to circumvent security restrictions.
The vulnerability of the Launch Services interface for macOS operating systems is related to deficiencies in access control. Exploiting this vulnerability could allow a perpetrator to circumvent security restrictions...
The vulnerability of the AppleMobileFileIntegrity component in the MacOS operating system allows a perpetrator to gain access to read and modify data.
The vulnerability of the AppleMobileFileIntegrity component in MacOS operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to gain access to read and modify data...
The vulnerability of the WindowServer component in MacOS operating systems allows a hacker to trigger a service failure.
The vulnerability of the WindowServer component in MacOS operating systems is related to resource management errors. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...
The vulnerability of the `assert` function in the GNU C Library is related to incorrect calculations of the size of the buffer allocated. This vulnerability allows an attacker to compromise the accessibility of the protected information.
The vulnerability of the assert function in the GNU C Library is related to incorrect calculations of the size of the buffer allocated. Exploiting this vulnerability could allow a malicious actor to compromise the accessibility of protected information...
The vulnerability of the IBM Sterling B2B Integrator software for automating business processes lies in the lack of protective measures for the SQL query structure. This allows attackers to gain unauthorized access to read, modify, add, or delete data.
The vulnerability of the IBM Sterling B2B Integrator software for automating business processes is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows an attacker operating remotely to gain unauthorized access to read, modify, add, or...
The vulnerabilities in web browsers Firefox and Firefox ESR, as well as the Thunderbird email client, are related to the lack of security measures protecting the structure of web pages. This allows attackers to gain unauthorized access to protected information.
The vulnerabilities in web browsers Firefox and Firefox ESR, as well as the email client Thunderbird, are related to the lack of security measures for handling web page structures. Exploiting these vulnerabilities can allow an attacker operating remotely to gain unauthorized access to protected...
The vulnerability lies in the system for managing configuration files and remote execution of operations called Salt. The Python web framework Tornado allows attackers to gain unauthorized access to protected information.
The vulnerability of the configuration management system and the remote execution of operations, such as Salt, is related to the use of open redirection in the Python Tornado web framework. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected...
The vulnerability of the graph creation function or graph template creation function of the Cacti network monitoring software allows a hacker to execute arbitrary code.
The vulnerability of the graph creation function or graph template creation function in the Cacti network monitoring software is related to improper handling of line separators. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code...
The vulnerability of the get_discovery_results() function in the Cacti network monitoring software allows a hacker to execute arbitrary code.
The vulnerability of the getdiscoveryresults function in the Cacti network monitoring software is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code...
The vulnerabilities in the Firefox and Firefox ESR web browsers, as well as the Thunderbird email client, involve exploits that allow attackers to bypass authentication procedures, thereby compromising data integrity.
The vulnerabilities in web browsers Firefox and Firefox ESR, as well as the Thunderbird email client, involve exploiting authentication vulnerabilities through phising techniques. Exploiting these vulnerabilities allows a malicious actor to compromise data integrity remotely...
The vulnerability of the Linux operating system’s Bluetooth kernel component, which allows a hacker to trigger a service failure
The vulnerability of the Linux operating system’s Bluetooth kernel component is related to errors that occur after the release of the software. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the ALSA kernel component in Linux operating systems, which allows a hacker to cause a service failure
The vulnerability of the ALSA kernel component in Linux operating systems is related to improper validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures...
Vulnerability of Linux operating system kernel’s mm/writeback components, allowing attackers to execute arbitrary code
The vulnerability of the mm/writeback components in the Linux operating system’s kernel is related to integer overflow. Exploiting this vulnerability allows an attacker to execute arbitrary code...
The vulnerability of Xen hypervisors, related to improper blocking mechanisms, allows attackers to trigger a service failure.
The vulnerability of Xen hypervisors is related to improper blocking mechanisms. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the RPM-based build system, related to improper elimination of input data during the generation of web pages, allows for cross-site scripting attacks (XSS).
The vulnerability of the RPM-based build system is related to the improper elimination of input data during the generation of web pages. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks XSS...
The vulnerability of the RIB Revalidation component of the networking routing implementation software on Unix-like systems allows a perpetrator to cause service interruptions.
The vulnerability of the RIB Revalidation component of the networking routing implementation software on Unix-like systems is related to errors in resource release. Exploiting this vulnerability can allow a malicious actor to cause service failures...
The vulnerability of the GiveWP plugin of the WordPress content management system allows a hacker to execute arbitrary code.
The vulnerability of the GiveWP plugin in the WordPress content management system is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...