The vulnerability of packet tunneling protocols for IPv4-to-IPv6 and IPv6-to-IPv4 protocols arises from insufficient checks on the source of the communication channel. This allows attackers to execute attacks such as “spoofing of trusted objects”.

The vulnerability of IPv4-to-Ipv6 and IPv6-to-Ipv4 tunneling protocols is related to insufficient checks on the source of the communication channel. Exploiting this vulnerability allows a remote attacker to execute “host object substitution” attacks by sending a specially crafted packet with two ...

The vulnerabilities of the GRE and GRE6 tunneling protocols, related to insufficient source checking of the communication channel, allow attackers to execute attacks such as “spoofing of trusted objects”.

The vulnerabilities of the tunneling protocols GRE and GRE6 are related to insufficient verification of the source of the communication channel. Exploiting these vulnerabilities allows a malicious actor to carry out “host substitution” attacks by sending a specially crafted packet with two IP...

The vulnerability of GUE tunneling protocols, related to insufficient verification of the communication channel source, allows attackers to execute attacks such as “substitution of the trusted object”.

The vulnerability of GUE tunneling protocols lies in insufficient verification of the source of the communication channel. Exploiting this vulnerability allows a malicious actor to execute attacks such as “substitution of the trusted object” by sending a specially crafted packet containing two IP...

The vulnerability of the Mailjet CMS system’s Drupal module allows a hacker to execute arbitrary code.

The vulnerability of the Mailjet CMS system’s Drupal module is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

Vulnerability of automation tools for business processes in SAP Business Workflow and SAP Flexible Workflow systems: The ability to bypass authentication by using a user-controlled key allows unauthorized users to gain unauthorized access to protected information.

Vulnerability of tools for automating business processes in SAP: SAP Business Workflow and SAP Flexible Workflow involve bypassing authentication by using a user-controlled key. Exploiting this vulnerability can allow an intruder operating remotely to gain unauthorized access to protected...

The vulnerability of the GDI+ component in Microsoft Office programs and the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of the GDI+ component in Microsoft Office programs and the Windows operating system is related to a numerical overflow condition. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of Microsoft 365 Apps for Enterprise, Microsoft Office, and the Microsoft Access database management system arises from buffer overflows in dynamic memory, allowing an attacker to execute arbitrary code.

The vulnerability of Microsoft 365 Apps for Enterprise, Microsoft Office, and the Microsoft Access database management system is related to buffer overflow in dynamic memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the Active Directory Federation Server component for the Windows operating system, which allows a attacker to perform a CSRF attack

The vulnerability of the Active Directory Federation Server operating system on Windows is related to the manipulation of cross-site requests. Exploiting this vulnerability can allow a malicious actor to execute a CSRF attack remotely...

The vulnerability of the Windows operating system’s Network Authentication Protocol NTLM implementation allows a perpetrator to compromise the confidentiality of protected information.

The vulnerability of the Windows operating system’s Network Authentication Protocol NTLM implementation is related to a flaw in the data protection mechanism. Exploiting this vulnerability allows an attacker to compromise the confidentiality of the protected information...

The vulnerability of the setVpnAccountCfg function in the microprogramming software for TOTOLINK X5000R allows a perpetrator to execute arbitrary commands.

The vulnerability of the setVpnAccountCfg function in TOTOLINK X5000R router microprogramming software lies in the lack of measures to neutralize special elements used in the operating system’s processing of the limit parameter. Exploiting this vulnerability allows a remote attacker to execute...

The vulnerability of the CSC (Client-Side Caching) service in Windows operating systems allows attackers to disclose sensitive information.

The vulnerability of the CSC Client-Side Caching service in Windows operating systems lies in the fact that operations may be performed outside of the buffer in memory. Exploiting this vulnerability can allow an attacker to disclose sensitive information that is protected by the system’s security...

The vulnerability of the servicebroker framework of the MoCCA multimedia system of Mercedes-Benz User Experience (MBUX) allows a hacker to execute arbitrary code or trigger a service failure.

The vulnerability of the servicebroker framework of the MoCCA multimedia system of Mercedes-Benz User Experience MBUX is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to execute arbitrary code or cause a service failure...

The vulnerability of Microsoft On-Premises Data Gateway local servers, related to incorrect authentication, allows attackers to disclose protected information.

The vulnerability of the Microsoft On-Premises Data Gateway local database is related to incorrect authentication. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose protected information...

The vulnerability of the Microsoft Visual Studio software development tool lies in its lack of access control mechanisms, which allows attackers to escalate their privileges.

The vulnerability of the Microsoft Visual Studio software development tool is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the Launch Services interface for macOS operating systems allows attackers to bypass the sandbox protection mechanism.

The vulnerability of the Launch Services interface for MacOS systems is related to synchronization errors when using a shared resource “Race Condition”. Exploiting this vulnerability can allow an attacker to bypass the sandbox’s security mechanisms...

The vulnerability of the Core server component of Oracle WebLogic Server, a software platform of Oracle Fusion Middleware, allows an intruder to gain unauthorized access to read, modify, or delete data.

The vulnerability of the Core server component of Oracle WebLogic Server, a software platform of Oracle Fusion Middleware, is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to read, modify, or...

The vulnerability of the Amazon Redshift JDBC driver lies in the lack of security measures for SQL query structures, allowing attackers to exploit this to increase their privileges.

The vulnerability of the Amazon Redshift JDBC driver is related to the lack of security measures for SQL query structures. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the Amazon Redshift Python Connector driver lies in the lack of security measures for SQL query structures, allowing attackers to exploit their privileges.

The vulnerability of the Amazon Redshift Python Connector driver is related to the lack of security measures for SQL query structures. Exploiting this vulnerability can allow an attacker to enhance their privileges remotely...

The vulnerability of the `start_clu` function in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the startclu function in Linux operating systems is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the glink component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the glink component in the Linux operating system’s kernel is related to single-shift errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the LibreOffice office software package, related to insufficient protection of sensitive data, allows a perpetrator to disclose confidential information.

The vulnerability of the LibreOffice office software package is related to insufficient protection of operational data. Exploiting this vulnerability could allow an attacker to disclose confidential information...

The vulnerability of the SCADAPack RemoteConnect configuration tool lies in its deserialization mechanism’s flaws, which allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the SCADAPack RemoteConnect configuration tool is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information by loading a malicious...

The vulnerabilities of the functions CHBString::const_iterator::incrementSteps() and CHBString::remove() in the UserData service of the Mercedes-Benz Multimedia User Experience (MBUX) system allow a hacker to trigger a service failure.

The vulnerabilities of the functions CHBString::constiterator::incrementSteps and CHBString::remove of the UserData service in the Mercedes-Benz Multimedia User Experience MBUX system are related to buffer overflows in dynamic memory during the decoding of UD2 format files. Exploiting these...

The vulnerability of the PackageKit component in macOS operating systems allows a hacker to execute arbitrary code.

The vulnerability of PackageKit for macOS operating systems is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code...

The vulnerability of the qcom_pcie_perst_deassert() function in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the qcompcieperstdeassert function in the Linux operating system is related to an uncontrolled, exploitable condition. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

The vulnerability of the ocfs2_file_read_iter() function in the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the ocfs2filereaditer function in the Linux operating system is related to the use of an uninitialized pointer. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

The vulnerability of the htc_connect_service() function in the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the htcconnectservice function in the Linux operating system’s kernel is related to unvalidated array indexing. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of IBM DB2 database management systems and IBM DB2 Connect Server lies in the fact that it allows information to be disclosed through registration files, enabling attackers to expose confidential data.

The vulnerability of IBM DB2 database management systems, including IBM DB2 Connect Server, relates to the disclosure of information through registration files. Exploiting this vulnerability can allow attackers to disclose sensitive information that is protected by these systems...

The vulnerability of the `start_clu` function in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the startclu function in the Linux operating system is related to read errors beyond the buffer boundaries. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

The vulnerability of the Apache HugeGraph graph database server lies in the ability to bypass authentication by using data that is assumed to be unchangeable. This allows attackers to execute arbitrary code.

The vulnerability of the Apache HugeGraph graph database server relates to bypassing authentication using data that is assumed to be unchangeable. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the tegra194 component in the Linux operating system’s kernel allows a hacker to cause a service failure.

The vulnerability of the tegra194 component in the Linux operating system’s kernel is related to an uncontrolled and exploitable flaw. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

The vulnerability of the IBM Security ReaQta information protection tool lies in its authentication procedures’ flaws, which allow attackers to disclose the protected information.

The vulnerability of the IBM Security ReaQta security tool is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...

The vulnerability of the Aviatrix Controller software, a cloud infrastructure management tool, arises from the lack of measures to neutralize specific elements, allowing a perpetrator to execute arbitrary code.

The vulnerability of the Aviatrix Controller software for managing cloud infrastructure is related to the failure to take measures to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the microprogrammed software used in Modicon M580 programmable logic controllers and the EVLink Pro AC charging stations relates to incorrect calculations of the size of the allocated buffer. This vulnerability allows a intruder to cause malfunctions in the equipment.

The vulnerability of the microprogrammed software used in Modicon M580 programmable logic controllers and the EVLink Pro AC charging stations is related to incorrect calculations of the size of the buffer space allocated. Exploiting this vulnerability allows a malicious actor to cause service...

The software for creating automation projects of Schneider Electric’s Web Designer network modules BMXNOE0110H, BMENOC0311C, BMENOC0321C, and BMXNOR0200H is vulnerable due to incorrect restrictions on XML references to external objects. This vulnerability allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the software used for creating automation projects in Schneider Electric’s Web Designer for network modules BMXNOE0110H, BMENOC0311C, BMENOC0321C, and BMXNOR0200H is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows ...

The vulnerability of the openssl.conf configuration file of the FlexNet Publisher licensing management software allows a perpetrator to increase their privileges and execute arbitrary code.

The vulnerability of the openssl.conf configuration file of the FlexNet Publisher licensing management software is related to an uncontrolled element in the search process. Exploiting this vulnerability allows a perpetrator to enhance their privileges and execute arbitrary code...

The vulnerability of the svcrdma component in the Linux operating system allows a hacker to execute arbitrary code.

The vulnerability of the svcrdma component in the Linux operating system’s kernel is related to a numerical overflow condition. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

The vulnerability of the applnco_probet() function in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the applncoprobet function in the Linux operating system is related to the assignment of the NULL pointer. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

The vulnerability of the Next.js software platform for creating web applications, related to unlimited resource distribution, allows attackers to trigger service failures.

The vulnerability of the Next.js software platform for creating web applications is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures...

The vulnerability of the FortiOS operating system’s interface allows a perpetrator to compromise the accessibility of protected information.

The vulnerability of FortiOS operating systems is related to the unlimited distribution of resources. Exploiting this vulnerability allows a remote attacker to compromise the accessibility of protected information...

The vulnerability of the tarfile.extractall method in the TrueNAS CORE operating system allows a hacker to execute arbitrary code.

The vulnerability of the tarfile.extractall method in the TrueNAS CORE operating system is related to an incorrect limitation on the path name for the restricted access directory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

The vulnerability of the microprogrammed software of the multi-environmental electrical voltage measuring instrument PowerLogic HDPM6000, related to bypassing authentication by using a user-controlled key, allows intruders to escalate their privileges.

The vulnerability of the microprogrammed software of the multi-environmental electrical voltage measuring instrument PowerLogic HDPM6000 lies in the ability to bypass authentication by using a user-controlled key. Exploiting this vulnerability allows an attacker to enhance their privileges by...

The vulnerability of the import/export function of the UserData service in the Mercedes-Benz MBUX multimedia system allows a perpetrator to trigger a service failure.

The vulnerability of the import/export function of the UserData service in the Mercedes-Benz MBUX multimedia system is related to errors in data type mixing. Exploiting this vulnerability can allow attackers to cause service failures...

Vulnerability of components of the Linux operating system’s kernel, allowing a hacker to execute arbitrary code

The vulnerability of the kernel component in the Linux operating system is related to integer overflow. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Vulnerability of the ole32.dll!UtOlePresStmToContentsStm function in Windows OLE operating systems, allowing a perpetrator to execute arbitrary code

The vulnerability of the ole32.dll!UtOlePresStmToContentsStm function in Windows OLE operating systems is related to the possibility of using memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

The vulnerability of IBM Concert Software’s artificial intelligence-based automation tools, related to the use of cryptographic algorithms containing defects, allows attackers to gain unauthorized access to protected information.

The vulnerability of IBM Concert Software’s artificial intelligence-based automation tools lies in the use of cryptographic algorithms that contain vulnerabilities. Exploiting this vulnerability could allow an unauthorized attacker to gain unauthorized access to protected information...

The vulnerability of IBM Concert Software’s artificial intelligence-based automation tool lies in its improper handling of output data from registration logs, allowing a hacker to execute arbitrary commands.

The vulnerability of IBM Concert Software’s artificial intelligence-based automation tool is related to incorrect processing of output data for registration logs. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the microprogrammed software of the multi-environmental electrical voltage measuring instrument PowerLogic HDPM6000 lies in the lack of checks for the integrity of messages during transmission over communication channels. This allows attackers to exploit their privileges.

The vulnerability of the Pro-Face GP-Pro EX automation project creation software and the Pro-face Remote HMI remote monitoring software lies in the lack of checks for the integrity of messages during transmission over communication channels. Exploiting this vulnerability allows a malicious actor ...

The vulnerability of the XPC service in MacOS operating systems allows attackers to execute arbitrary code and increase their privileges.

The vulnerability of the XPC service in MacOS operating systems is related to deficiencies in access control. Exploiting this vulnerability allows an attacker to execute arbitrary code and increase their privileges...

The vulnerability of the remember() function in the Laravel Pulse performance monitoring and application usage analysis tool allows a hacker to execute arbitrary code.

The vulnerability of the remember function in the Laravel Pulse performance monitoring and application usage analysis tool is related to improper code generation. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...