90709 matches found
The vulnerability of the Azure Connected Machine Agent, a software tool for managing servers and virtual machines, arises from operations that go beyond the buffer limits in memory. This allows attackers to escalate their privileges.
The vulnerability of the Azure Connected Machine Agent, a software tool for managing servers and virtual machines, is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of Veritas Appliance’s backup server lies in the lack of protective measures for website structures. This allows attackers to carry out XSS attacks and cause service failures.
The vulnerability of the Veritas Appliance data backup server relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely and cause service failures...
The vulnerability of the Vasion Print Virtual Appliance Host and Print Application software for managing, controlling, and organizing printing processes allows attackers to execute arbitrary code by enabling unlimited loading of dangerous files.
The vulnerability of the Vasion Print Virtual Appliance Host and Print Application software for process management, control, and organization is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the HTTP Handler component of the /goform/set_blacklist file in the microprogramming-based routing software LB-LINK allows a attacker to execute arbitrary commands.
The vulnerability of the HTTP Handler component in the /goform/setblacklist file of the LB-LINK router microsystem is related to the failure to take measures to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The application for advanced analysis, creation of custom monitoring panels, and detailed examination of Workstation server metrics for data collection, storage, and display is vulnerable. The SAP SAP Wily Introscope Enterprise Manager (EM) allows attackers to execute arbitrary code.
The vulnerability of the advanced analysis application, which allows for the creation of custom monitoring panels and detailed examination of server metrics related to SAP Workstation systems, for data collection, storage, and display is related to improper code generation. Exploiting this...
The vulnerability of the fs/vfs/fs_rename file in the Apache Nuttx operating system, which allows a hacker to cause a service failure
The vulnerability of the fs/vfs/fsrename file in the Apache Nuttx operating system is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
The vulnerability of the Nimes Backup and Recovery software for automated backup and data restoration operations lies in the insufficient checking of incoming requests. This allows a hacker to execute an SRF attack.
The vulnerability of the Nimes Backup and Recovery software for automated backup and data recovery operations is related to insufficient checking of incoming requests. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack remotely...
The vulnerability of the HTTP Handler component of the /goform/set_hidessid_cfg file in the microprogramming-based routing software for LB-LINK allows a attacker to execute arbitrary commands.
The vulnerability of the HTTP Handler component in the /goform/sethidessidcfg file of the LB-LINK router microprogramming system is related to the lack of data cleaning at the management level when processing the enable parameter. Exploiting this vulnerability allows a remote attacker to execute...
The vulnerability of the Kerberos protocol for Windows operating systems allows attackers to increase their privileges.
The vulnerability of the Kerberos protocol for Windows operating systems is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...
The vulnerability of the strcpy() function in the /goform/formUserStatusRemark file of the UTT 1250GW network device-specific software, which allows for copying buffers without checking the size of the input data, enables attackers to execute arbitrary code.
The vulnerability of the strcpy function in the /goform/formUserStatusRemark file of the UTT 1250GW network device software is related to copying buffers without checking the size of the input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the Cisco Identity Services Engine (ISE) policy management platform and the Cisco ISE Passive Identity Connector (ISE-PIC) virtual authentication data collection device lies in the improper limitation on XML links to external objects. This allows attackers to load arbitrary files.
The vulnerability of the Cisco Identity Services Engine ISE policy management platform and the Cisco ISE Passive Identity Connector ISE-PIC virtual authentication data collection device is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability coul...
The vulnerability of the Microsoft SharePoint Server software lies in the lack of protective measures for the SQL query structure, allowing attackers to execute arbitrary code.
The vulnerability of the Microsoft SharePoint Server software relates to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
The vulnerability of the Windows Cloud Files Mini Filter Driver allows a hacker to gain elevated privileges.
The vulnerability of the Windows Cloud Files Mini Filter Driver operating system is related to the assignment of an untrusted pointer. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the taskhost.exe/taskhostw.exe executable files on Windows operating systems allows a hacker to increase their privileges.
The vulnerability of the taskhost.exe/taskhostw.exe executable files on Windows operating systems is related to the incorrect handling of symbolic links before accessing the file. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the HTTP.sys driver on Windows operating systems, which allows attackers to increase their privileges
The vulnerability of the HTTP.sys driver on Windows operating systems is related to access control deficiencies. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...
The vulnerability of the GNU Tar archive manager arises from an incorrect limitation on the path to the restricted-access directory. This allows attackers to circumvent existing security restrictions and gain access to the files for overwriting.
The vulnerability of the GNU Tar archive editor is related to an incorrect limitation on the path name to the restricted-access directory. Exploiting this vulnerability could allow a attacker to bypass existing security restrictions and gain access to the files for overwriting...
The vulnerability of the PDF document viewing program Foxit PDF Reader (formerly Foxit Reader) and the PDF file editing program Foxit PDF Editor (formerly Foxit PhantomPDF) allows a perpetrator to execute arbitrary code.
The vulnerability of the PDF document viewing program Foxit PDF Reader formerly Foxit Reader and the PDF file editing program Foxit PDF Editor formerly Foxit PhantomPDF is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the PDF document viewing program Foxit PDF Reader (formerly Foxit Reader) and the PDF file editing program Foxit PDF Editor (formerly Foxit PhantomPDF) allows a perpetrator to execute arbitrary code.
The vulnerability of the PDF document viewing program Foxit PDF Reader formerly Foxit Reader and the PDF file editing program Foxit PDF Editor formerly Foxit PhantomPDF is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the Remote Connection tool for applications and Parallels Client, related to an uncontrolled search path element, allows a perpetrator to escalate their privileges.
The vulnerability of the remote connection tool for applications and the Parallels Client is related to an uncontrolled element in the search process. Exploiting this vulnerability can allow attackers to increase their privileges...
The vulnerability of the microprogramming software for relay boards of Dingtian DT-R002 lies in the insufficient protection of registration data, allowing unauthorized access by attackers to the protected information.
The vulnerability of the microprogramming software for relay boards of Dingtian DT-R002 is related to insufficient protection of registration data. Exploiting this vulnerability can allow an unauthorized attacker to gain unauthorized access to the protected information...
The vulnerability of the microprogramming software for relay boards of Dingtian DT-R002 lies in the insufficient protection of registration data, allowing unauthorized access by attackers to the protected information.
The vulnerability of the microprogramming software for relay boards of Dingtian DT-R002 is related to insufficient protection of registration data. Exploiting this vulnerability can allow an unauthorized attacker to gain unauthorized access to the protected information...
The vulnerability of the phMonitor component in the FortiSIEM security management system allows a attacker to execute arbitrary code.
The vulnerability of the phMonitor component in the FortiSIEM security management system is related to the failure to take measures to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending specially crafted TCP requests...
The vulnerability of the npm library Debug, related to the presence of undeclared features, allows a hacker to execute arbitrary code.
The vulnerability of the npm library Debug is related to the presence of undeclared features. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the Solar appScreener platform, related to insufficient verification of incoming requests, allows a hacker to execute an SSRF attack.
The vulnerability of the Solar appScreener platform is related to insufficient verification of incoming requests. Exploiting this vulnerability could allow a remote attacker to execute an SSRF attack...
The vulnerability of the search and detection function for micro-programmed wireless access points from Hikvision allows a intruder to trigger a service failure.
The vulnerability of the search and detection function for Hikvision wireless access points is related to buffer overflow in the stack. Exploiting this vulnerability could allow a malicious actor to cause service interruptions by sending specially crafted packets...
The vulnerability of the Routing and Remote Access Service (RRAS) in Windows operating systems allows attackers to enhance their privileges.
The vulnerability of the Routing and Remote Access Service RRAS in Windows operating systems is related to access control deficiencies. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of Microsoft Excel spreadsheet editors in Microsoft Office packages and Microsoft 365 Apps for Enterprise allows a perpetrator to execute arbitrary code.
The vulnerability of Microsoft Excel spreadsheet editors within the Microsoft Office and Microsoft 365 Apps for Enterprise software packages is related to reading data beyond the buffer in memory. Exploitation of this vulnerability could allow an attacker to execute arbitrary code by sending a...
The vulnerability of the Windows File Explorer driver on Windows operating systems, allowing attackers to disclose protected information
The vulnerability of the Windows File Explorer in Windows operating systems is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow an attacker to disclose protected information...
The vulnerability of the Local Security Authority Subsystem Service (LSASS) in Windows operating systems allows a hacker to execute arbitrary code.
The vulnerability of the Local Security Authority Subsystem Service LSASS in Windows operating systems is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the NTLM (NT LAN Manager) protocol implementation in Windows operating systems allows attackers to perform spoofing attacks.
The vulnerability of the NTLM NT LAN Manager protocol in Windows operating systems is related to incorrect external handling of file names or file paths when processing hashes. Exploiting this vulnerability allows a malicious actor to perform spoofing attacks remotely...
The vulnerability of the Windows Management Services management tool allows attackers to increase their privileges.
The vulnerability of the Windows Management Services management tool in Windows operating systems is related to competitive access to resources race condition. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the Windows File Explorer driver on Windows operating systems, allowing attackers to disclose protected information
The vulnerability of the Windows File Explorer in Windows operating systems is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow an attacker to disclose protected information...
The vulnerability of the Windows Deployment Services service allows a perpetrator to execute arbitrary code.
The vulnerability of Windows Deployment Services for Windows operating systems is related to access control errors. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the qs.parse() function in the string query analysis and conversion library allows a attacker to cause a service failure.
The vulnerability of the qs.parse function in the string query analysis and transformation library is related to memory exhaustion caused by insufficient checking of constraints for indexed records. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...
The vulnerability of the SAP S/4HANA software platform, related to the failure to implement protective measures for SQL query structures, allows attackers to gain unauthorized access to protected information.
The vulnerability of the SAP S/4HANA software platform lies in the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to protected information by sending specially crafted SQL queries...
The vulnerability of the Windows File Explorer driver on Windows operating systems, allowing attackers to disclose protected information
The vulnerability of the Windows File Explorer in Windows operating systems is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow an attacker to disclose protected information...
The vulnerability of the libxslt library, related to the pointer being set to an expired value, allows a malicious actor to trigger a service failure.
The vulnerability of the libxslt library is related to the dereferencing of a pointer with an expired lifetime. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the software for managing, controlling, and organizing printing processes in Vasion Print Virtual Appliance Host and Print Application, due to insufficient spatial separation, allows attackers to gain unauthorized access to protected information.
The vulnerability of the Vasion Print Virtual Appliance Host and Print Application software for process management, control, and organization is related to insufficient spatial separation. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
Vasion Print Virtual Appliance Host and Print Application software control systems are vulnerable due to a vulnerability present in the borrowed components. This vulnerability allows attackers to execute arbitrary code.
The vulnerabilities of the Vasion Print Virtual Appliance Host and Print Application software management, control, and process automation systems are related to the presence of vulnerabilities in the borrowed components. Exploiting these vulnerabilities allows a remote attacker to execute arbitra...
The vulnerability of the formSetAdInfoDetails() function (/goform/setAdInfoDetail) in the Tenda M3 router software allows a hacker to cause a service failure.
The vulnerability of the formSetAdInfoDetails function /goform/setAdInfoDetail in the Tenda M3 router software is related to the issue where an operation is executed outside the buffer in memory when processing parameters such as adName, smsPassword, smsAccount, weixinAccount, weixinName,...
The vulnerability of the Jenkins automation server allows a attacker to perform a CSRF attack.
The vulnerability of the Jenkins automation server relates to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to execute a CSRF attack from a remote location...
The vulnerability of the Jenkins automation server allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Jenkins automation server is related to the lack of authentication. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the cockpit-project.org website’s Cockpit server management system allows a attacker to perform an SSRF attack.
The vulnerability of the cockpit-project.org website related to the Cockpit server management system involves insufficient validation of requests on the server side. Exploiting this vulnerability could allow a malicious actor to perform an SSRF attack remotely...
The vulnerability of the SAML Assertion Consumer Service (ACS) server of OpenVPN Access allows a perpetrator to execute arbitrary HTML code or web scripts.
The vulnerability of the SAML Assertion Consumer Service ACS of the OpenVPN Access server is related to the lack of security measures taken for the structure of the web page during the processing of the RelayState parameter. Exploiting this vulnerability allows a malicious actor to execute...
The vulnerability of the apply_substitution function in the libarchive library allows a perpetrator to trigger a service failure.
The vulnerability of the applysubstitution function in the libarchive library is related to the execution of a loop with an unavailable exit condition. Exploiting this vulnerability could allow an attacker to cause service failures...
The vulnerability of the software for managing, controlling, and organizing printing processes in Vasion Print Virtual Appliance Host and Print Application lies in the lack of authentication procedures, allowing attackers to execute arbitrary code.
The vulnerabilities of the Vasion Print Virtual Appliance Host and Print Application software for process management, control, and organization are related to deficiencies in authentication procedures. Exploiting these vulnerabilities could allow a malicious actor to execute arbitrary code remote...
The vulnerability of the Idle function in the PackageKit package manager allows a hacker to compromise the accessibility of protected information.
The vulnerability of the Idle function in the PackageKit package manager is related to the possibility of using memory after it is freed. Exploiting this vulnerability could allow an attacker to compromise the accessibility of protected information...
The vulnerability of the HttpFoundation component in the Symfony software development and web application management platform allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the HttpFoundation component in the Symfony software development and web application management platform is related to the use of non-canonical URL paths for authentication solutions. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality,...
The vulnerability of the zipfile module in the CPython interpreter allows a attacker to compromise the integrity of the protected information.
The vulnerability of the zipfile module in the CPython interpreter is related to incorrect checking of specified indices, positions, or offsets in input data. Exploiting this vulnerability allows an attacker to compromise the integrity of the protected information...
The vulnerability of the Options::fontFamily function in the ImageMagick graphical editor allows a hacker to trigger a service failure.
The vulnerability of the Options::fontFamily function in the ImageMagick graphic editor is related to a memory reclamation error. Exploiting this vulnerability could allow an attacker to cause a service failure...