90604 matches found
The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.
The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the inclusion of functions from an unverified and uncontrolled area. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
Blitz Identity Provider (Authentication server)
...
The vulnerability of the software for calculating positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager lies in the lack of a mechanism for verifying input data during backup scenarios. This allows a malicious actor to execute arbitrary code with SYSTEM privileges.
The vulnerability of the software for calculating positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager is related to deficiencies in the mechanism for verifying input data during backup scenario execution. Exploiting this vulnerability could allow an attacker, operating...
The vulnerability of the Directum Web Agent component of the Directum RX system, which arises due to insufficient validation of input data, allows a perpetrator to execute arbitrary code.
The vulnerability of the Directum Web Agent component of the Directum RX system exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially crafted file...
The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.
The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the Directum HR Pro system, which exists due to insufficient verification of input data, allows a perpetrator to disclose protected information.
The vulnerability of the Directum HR Pro system exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor to disclose protected information by sending a specially crafted POST request...
The vulnerability of the Directum RX ECM system, related to deficiencies in access control, allows a perpetrator to compromise data integrity.
The vulnerability of the Directum RX ECM system is related to deficiencies in access control. Exploiting this vulnerability could allow a remote attacker to compromise data integrity...
The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed, allowing an attacker to execute arbitrary code.
The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the MmMapIoSpace() function in the ThrottleBlood.sys driver allows a hacker to escalate their privileges, execute arbitrary code, or cause a service failure.
The vulnerability of the MmMapIoSpace function in the ThrottleBlood.sys driver, as part of the ThrottleStop utility, is related to open IOCTLs with insufficient access control. Exploiting this vulnerability could allow an attacker to enhance their privileges, execute arbitrary code, or cause...
The vulnerability of the Kerberos protocol for Windows operating systems allows attackers to increase their privileges.
The vulnerability of the Kerberos protocol for Windows operating systems is related to errors in the mechanism for handling relative pathnames to the directory. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...
The vulnerability in the drivers/bluetooth/btnxpuart.c module of Linux operating systems allows a hacker to cause a service failure.
The vulnerability in the drivers/bluetooth/btnxpuart.c module of Linux operating systems is related to incorrect resource management. Exploiting this vulnerability can allow an attacker to cause service failures...
The vulnerabilities in the net/bluetooth/eir.c and net/bluetooth/mgmt.c modules of Linux kernel allow a hacker to cause a service failure.
The vulnerability in the net/bluetooth/eir.c and net/bluetooth/mgmt.c modules of Linux kernel systems relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a system failure...
The vulnerability of the user remote access agent for corporate resources and applications in Palo Alto Networks Prisma Access Agent, related to errors in the certificate validation process, allows attackers to carry out “man-in-the-middle” attacks.
The vulnerability of the user remote access agent for corporate resources and applications in Palo Alto Networks Prisma Access Agent is related to errors in the certificate validation process. Exploiting this vulnerability allows a malicious actor to carry out a “man-in-the-middle” attack...
The vulnerability of the DLP agent for remote access to corporate resources and applications by Palo Alto Networks Prisma Access Agent allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the DLP agent for remote access to corporate resources and applications by Palo Alto Networks Prisma Access Agent is related to a flaw in the data protection mechanism. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of the rt6_make_pcpu_route() function in the net/ipv6/route.c module of the IPv6 protocol implementation in the Linux operating system allows a attacker to cause a service failure.
The vulnerability of the rt6makepcpuroute function in the net/ipv6/route.c module of the IPv6 protocol implementation in the Linux operating system is related to the distribution of resources without any restrictions or regulations. Exploiting this vulnerability could allow a attacker to cause...
The vulnerability of the pm8001_mpi_task_abort_resp() function in the drivers/scsi/pm8001/pm8001_hwi.c module of the Linux operating system’s SCSI device driver allows a hacker to trigger a service failure.
The vulnerability of the pm8001mpitaskabortresp function in the drivers/scsi/pm8001/pm8001hwi.c module of the Linux SCSI device driver is related to state management errors. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the c_start() function in the arch/loongarch/kernel/proc.c module, which supports the LoongArch architecture of the Linux operating system, allows a attacker to cause a service failure.
The vulnerability of the cstart function in the arch/loongarch/kernel/proc.c module, which supports the LoongArch architecture of the Linux operating system, is related to buffer overflow based on a stack. Exploiting this vulnerability could allow an attacker to trigger a service failure...
The vulnerability of the `z_erofs_do_map_blocks()` function in the `fs/erofs/zmap.c` file of the EROFS Enhanced ReadOnly File System file system in the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the zerofsdomapblocks function in the fs/erofs/zmap.c file of the EROFS Enhanced ReadOnly File System file system in the Linux operating system is related to copying buffers without checking the size of the input data a classic buffer overflow attack. Exploiting this...
The vulnerability of the tcf_idrinfodestroy() function in the net/sched/act_api.c module of the net/sched subsystem of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the tcfidrinfodestroy function in the net/sched/actapi.c module of the net/sched subsystem of the Linux operating system is related to the pointer manipulation. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibili...
The vulnerability of the User-ID Terminal Server Agent component of the PAN-OS operating system, as well as the user remote access agent for corporate resources and applications, the Palo Alto Networks Prisma Access Agent, allows a perpetrator to trigger service interruptions or execute arbitrary codes.
The vulnerability of the User-ID Terminal Server Agent component of the PAN-OS operating system, as well as the user remote access agent for corporate resources and applications, namely the Palo Alto Networks Prisma Access Agent, is related to buffer overflow attacks. Exploiting this vulnerabilit...
The vulnerability of the command-line interface of the PAN-OS operating system, allowing a perpetrator to execute arbitrary commands
The vulnerability of the command-line interface of the PAN-OS operating system is related to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerabilities of the functions bpf_jit_binary_hdr() and bpf_jit_free() in the kernel/bpf/core.c module of the Linux operating system’s bpf interpreter allow attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerabilities of the functions bpfjitbinaryhdr and bpfjitfree in the kernel/bpf/core.c module of the Linux operating system’s bpf interpreter are related to reading memory beyond the allocated buffer. Exploiting these vulnerabilities could allow an attacker to compromise the confidentiality...
The vulnerability of the gpiochip_add_data_with_key() function in the drivers/gpio/gpiolib.c module of the Linux kernel’s GPIO driver allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the gpiochipadddatawithkey function in the drivers/gpio/gpiolib.c module of the Linux kernel GPIO driver is related to a race condition. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected...
The vulnerability of the network traffic processing module of the PAN-OS operating system, as well as the remote access agent for users to access corporate resources and applications, allows a hacker to cause a service failure.
The vulnerability of the network traffic processing module in the PAN-OS operating system, as well as the remote access agent for users to access corporate resources and applications, involves improper handling of unusual or exceptional states. Exploiting this vulnerability can allow a malicious...
The vulnerability of the mdp5_pipe_release() function in the drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.c file of the Direct Rendering Infrastructure (DRI) driver for the Linux operating system allows a attacker to cause a service failure.
The vulnerability of the mdp5piperelease function in the drivers/gpu/drm/msm/disp/mdp5/mdp5pipe.c file of the Direct Rendering Infrastructure DRI driver in the Linux operating system is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an...
The vulnerability of the CheckRepoScopedToken() function in the Git repository management system Gitea, which allows a hacker to increase their privileges.
The vulnerability of the CheckRepoScopedToken function in the Git repository management system Gitea is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...
The vulnerability of the Large Scale VPN (LSVPN) module of the PAN-OS operating system, which allows a intruder to disclose protected information
The vulnerability of the Large Scale VPN LSVPN module of the PAN-OS operating system is related to the absence of authentication for a critical function. Exploiting this vulnerability can allow an attacker to bypass existing security mechanisms remotely...
The vulnerability of the fuel_gauge_external_power_changed() function in the drivers/power/supply/axp288_fuel_gauge.c driver of the Linux operating system’s power management driver, which allows a hacker to cause a service failure.
The vulnerability of the fuelgaugeexternalpowerchanged function in the drivers/power/supply/axp288fuelgauge.c file of the Linux kernel’s power management driver is related to the racing scenario. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the smb2_set_ea() function in the fs/smb/server/smb2pdu.c module, which is part of the SMB server support in Linux kernel, allows a hacker to cause a service failure.
The vulnerability of the smb2setea function in the fs/smb/server/smb2pdu.c module of the SMB server software in Linux operating systems is related to the copying of buffers without checking the size of the input data a classic buffer overflow attack. Exploiting this vulnerability could allow an...
The vulnerability of the Open WebUI web interface, related to deficiencies in the authentication process, allows attackers to escalate their privileges.
The vulnerability of the Open WebUI web interface is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to enhance their privileges remotely...
The vulnerability in the web interface of the operating system PAN-OS allows a perpetrator to compromise the confidentiality and integrity of the protected information.
The vulnerability of the PAN-OS operating system’s web management interface is related to insufficient validation of input data. Exploiting this vulnerability can allow a remote attacker to compromise the confidentiality and integrity of the protected information...
The vulnerability of the svc_rdma_copyInline_range() function in the net/sunrpc/xprtrdma/svc_rdma_rw.c module of the Linux operating system’s RPC protocol implementation allows a attacker to cause a service failure.
The vulnerability of the svcrdmacopyInlinerange function in the net/sunrpc/xprtrdma/svcrdmarw.c module of the Linux operating system’s RPC protocol is related to writing beyond the buffer boundaries. Exploiting this vulnerability could allow a remote attacker to cause a service failure...
The vulnerability of the DefaultHttp2FrameReader class in the framework for developing network applications, servers, and clients using the Netty protocol allows a attacker to cause a service failure.
The vulnerability of the DefaultHttp2FrameReader class in the network application development framework for protocols like Netty relates to the distribution of resources without any restrictions or regulation. Exploiting this vulnerability can allow a malicious actor to cause service failures...
The vulnerability of the Vite application development local server relates to incorrect path name restrictions for the directory, allowing attackers to gain unauthorized access to protected information.
The vulnerability of the Vite application development local server is related to an incorrect restriction on the path name to the directory. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...
The vulnerability in the web interface of the operating system PAN-OS, which allows a perpetrator to disclose protected information
The vulnerability of the PAN-OS operating system’s web management interface is related to the disclosure of information through caching. Exploiting this vulnerability can allow a remote attacker to disclose the protected information...
The vulnerability of the Large Scale VPN (LSVPN) module of the PAN-OS operating system, which allows a intruder to disclose protected information
The vulnerability of the Large Scale VPN LSVPN module of the PAN-OS operating system is related to the incorrect elimination of certain elements in the output data. Exploiting this vulnerability can allow a malicious actor to bypass existing security mechanisms remotely...
The vulnerability of the aiohttp HTTP client, related to uncontrolled resource consumption, allows attackers to trigger a service failure.
The vulnerability of the aiohttp HTTP client is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
The vulnerability of the tarfile module in the Python programming language, which allows attackers to compromise the integrity of protected information
The vulnerability of the tarfile module in the Python programming language is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to compromise the integrity of the protected information...
The vulnerability of the Libjxl library, related to the execution of operations beyond buffer boundaries in memory, allows attackers to cause a service failure.
The vulnerability of the Libjxl library is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to cause a service failure...
The vulnerability in the Open WebUI web interface, related to the unlimited loading of dangerous types of files, allows attackers to bypass existing security mechanisms and load any files they desire.
The vulnerability of the Open WebUI web interface is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a malicious actor to bypass existing security mechanisms and load any desired files...
The vulnerability of the wusb3801probe() function in the drivers/usb/typec/wusb3801.c file of the Linux operating system’s USB TypeC driver allows a hacker to cause a service failure.
The vulnerability of the wusb3801probe function in the drivers/usb/typec/wusb3801.c file of the Linux USB TypeC driver module is related to improper memory release memory leak. Exploiting this vulnerability could allow an attacker to cause a system failure...
The vulnerability in the web interface of the operating system PAN-OS allows a hacker to bypass existing security mechanisms.
The vulnerability of the PAN-OS operating system’s web management interface is related to insufficient checking of requests on the server side. Exploiting this vulnerability allows a malicious actor to bypass existing security mechanisms remotely...
The vulnerability of the framework for developing network applications, servers, and client protocols using Netty lies in its lack of proper handling of HTTP requests. This allows attackers to send hidden HTTP requests (HTTP Request Smuggling attack).
The vulnerability of the framework for developing network applications, servers, and client protocols using Netty is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to send hidden HTTP requests remotely HTTP Request Smuggling attack...
The vulnerability of the IPv6 packet processing module in the PAN-OS operating system and the Prisma Access cloud security remote access system allows attackers to bypass existing security mechanisms.
The vulnerability of the IPv6 packet processing module in the PAN-OS operating system and the Prisma Access cloud security remote access system is related to incorrect calculation of buffer size. Exploiting this vulnerability can allow a malicious actor to bypass existing security mechanisms...
The vulnerability of the fc_do_one_pass() function in the fs/jbd2/recovery.c file of the Linux kernel operating system allows a attacker to cause a service failure.
The vulnerability of the fcdoonepass function in the fs/jbd2/recovery.c file of the Linux kernel operating system is related to errors during link counter updates. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the kvm_set_memory_region() function in the virt/kvm/kvm_main.c module of the KVM virtualization subsystem in the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the kvmsetmemoryregion function in the virt/kvm/kvmmain.c module of the Kernel-based Virtual Machine KVM virtualization subsystem of the Linux operating system is related to the reutilization of previously released memory. Exploiting this vulnerability could allow an attacker...
The vulnerability of the SP Page Builder component of the JoomShaper application software allows a hacker to execute arbitrary code.
The vulnerability of the SP Page Builder component of the JoomShape application software involves unlimited loading of dangerous files. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the src/filters/dmx_nhml.c component of the GPAC multimedia platform allows a attacker to cause a service failure or execute arbitrary code.
The vulnerability of the src/filters/dmxnhml.c component of the GPAC multimedia platform is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to cause service interruptions or execute arbitrary code...
The vulnerability of the Python programming language’s HTTP client module allows attackers to inject arbitrary HTTP headers.
The vulnerability of the Python programming language’s HTTP client module is related to the failure to take measures to neutralize crlf sequences. Exploiting this vulnerability allows a remote attacker to inject arbitrary HTTP headers...
The vulnerability of the fuse_uring_req_end() function in the fs/fuse/dev_uring.c file of the Linux kernel operating system allows a attacker to trigger a service failure.
The vulnerability of the fuseuringreqend function in the fs/fuse/devuring.c file of the Linux kernel operating system is related to the reutilization of previously released memory. Exploiting this vulnerability could allow an attacker to cause a service failure...