The vulnerability of the microprogrammed software of the multi-environmental electrical voltage measuring instrument PowerLogic HDPM6000 lies in the lack of checks for the integrity of messages during transmission over communication channels. This allows attackers to exploit their privileges.

The vulnerability of the Pro-Face GP-Pro EX automation project creation software and the Pro-face Remote HMI remote monitoring software lies in the lack of checks for the integrity of messages during transmission over communication channels. Exploiting this vulnerability allows a malicious actor ...

The vulnerability of the SCADAPack RemoteConnect configuration tool lies in its deserialization mechanism’s flaws, which allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the SCADAPack RemoteConnect configuration tool is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information by loading a malicious...

The vulnerability of the XPC service in MacOS operating systems allows attackers to execute arbitrary code and increase their privileges.

The vulnerability of the XPC service in MacOS operating systems is related to deficiencies in access control. Exploiting this vulnerability allows an attacker to execute arbitrary code and increase their privileges...

The vulnerability of the decode_cb_compound4res() function in the Linux operating system allows a hacker to execute arbitrary code.

The vulnerability of the decodecbcompound4res function in the Linux operating system is related to integer overflow. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the IBM Security ReaQta information protection tool lies in its authentication procedures’ flaws, which allow attackers to disclose the protected information.

The vulnerability of the IBM Security ReaQta security tool is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...

The vulnerability of the Next.js software platform for creating web applications, related to unlimited resource distribution, allows attackers to trigger service failures.

The vulnerability of the Next.js software platform for creating web applications is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures...

The vulnerabilities of the functions CHBString::const_iterator::incrementSteps() and CHBString::remove() in the UserData service of the Mercedes-Benz Multimedia User Experience (MBUX) system allow a hacker to trigger a service failure.

The vulnerabilities of the functions CHBString::constiterator::incrementSteps and CHBString::remove of the UserData service in the Mercedes-Benz Multimedia User Experience MBUX system are related to buffer overflows in dynamic memory during the decoding of UD2 format files. Exploiting these...

The vulnerability of the Amazon Redshift JDBC driver lies in the lack of security measures for SQL query structures, allowing attackers to exploit this to increase their privileges.

The vulnerability of the Amazon Redshift JDBC driver is related to the lack of security measures for SQL query structures. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of IBM DB2 database management systems and IBM DB2 Connect Server lies in the fact that it allows information to be disclosed through registration files, enabling attackers to expose confidential data.

The vulnerability of IBM DB2 database management systems, including IBM DB2 Connect Server, relates to the disclosure of information through registration files. Exploiting this vulnerability can allow attackers to disclose sensitive information that is protected by these systems...

The vulnerability of the svcrdma component in the Linux operating system allows a hacker to execute arbitrary code.

The vulnerability of the svcrdma component in the Linux operating system’s kernel is related to a numerical overflow condition. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

The vulnerability of the CGI script form2PortriggerRule.cgi of the D-Link DIR-816A2 router’s microprogramming system allows a hacker to execute arbitrary code.

The vulnerability of the CGI script form2PortriggerRule.cgi of the D-Link DIR-816A2 router’s microprogramming system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted POST request...

The vulnerability of the formSetDeviceName and sub_C6BB0 functions in the Tenda AC18 router’s microprogramming system allows a hacker to induce a service failure.

The vulnerability of the formSetDeviceName and subC6BB0 functions in the Tenda AC18 router’s microprogramming system lies in the possibility of copying input data into the buffer without checking its size. Exploiting this vulnerability could allow a malicious actor to cause a service failure by...

The vulnerability of the graphical interface of the Fortinet FortiManager device management software and the Fortinet FortiAnalyzer security event monitoring and analysis software allows a malicious individual to write arbitrary files and execute arbitrary code.

The vulnerability of the graphical interface of the Fortinet FortiManager device management center and the Fortinet FortiAnalyzer event monitoring and analysis tool is related to incorrect restrictions on the path name to the restricted directory. Exploiting this vulnerability allows a malicious...

The vulnerability of packet tunneling protocols for IPv4-to-IPv6 and IPv6-to-IPv4 protocols arises from insufficient checks on the source of the communication channel. This allows attackers to execute attacks such as “spoofing of trusted objects”.

The vulnerability of IPv4-to-Ipv6 and IPv6-to-Ipv4 tunneling protocols is related to insufficient checks on the source of the communication channel. Exploiting this vulnerability allows a remote attacker to execute “host object substitution” attacks by sending a specially crafted packet with two ...

The vulnerability in the /goform/form2NetSniper.cgi microprogramming of the D-Link DIR-816 A2 wireless router allows a intruder to gain unauthorized access to protected information.

The vulnerability of the /goform/form2NetSniper.cgi microprogramming software for D-Link DIR-816 A2 wireless routers is related to access control deficiencies. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information by sendin...

The vulnerability of Acronis Cyber Protect 16’s data protection software lies in the lack of measures taken to protect the structure of web pages. This allows attackers to carry out XSS attacks.

The vulnerability of Acronis Cyber Protect 16 data protection software is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

The vulnerability of Remote Desktop Services (RDS) for Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of Remote Desktop Services RDS for Windows operating systems lies in the storage of confidential data in improperly locked memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the nf_tables component in the Linux operating system’s kernel allows a hacker to cause a service failure or increase their privileges.

The vulnerability of the nftables component in the Linux operating system’s kernel network filter relates to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to cause a service failure or increase their privileges by sending a specially crafted request...

The vulnerability of the Digital Media component of Windows operating systems, which allows a perpetrator to elevate their privileges to a system-level level

The vulnerability of the Digital Media component of Windows operating systems relates to reading data beyond the allowed range in memory. Exploiting this vulnerability can allow an attacker to elevate their privileges to a system-level level...

The vulnerability of the Windows Telephony Service in Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the Windows Telephony Service in Windows operating systems is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a request to the server...

The vulnerability of the Windows Telephony Service in Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the Windows Telephony Service in Windows operating systems is related to reading data beyond the allowed range in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending requests to the server...

The vulnerability of the Redis database management system, related to insufficient validation of input data, allows attackers to trigger service failures.

The vulnerability of the Redis database management system is related to insufficient validation of input data. Exploiting this vulnerability can allow attackers to cause service failures...

The vulnerability of the Remote Desktop Gateway (RD Gateway) for Windows Server operating systems allows a hacker to trigger a service failure.

The vulnerability of Remote Desktop Gateway RD Gateway for Windows Server operating systems is related to data type mixing errors. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

The vulnerability of Fortinet’s software products arises from incorrect restrictions on path names in restricted access catalogs, allowing attackers to escalate their privileges.

The vulnerability of Fortinet’s software products is related to incorrect restrictions on path names in the restricted access catalog. Exploiting this vulnerability can allow attackers to enhance their privileges through specially created packages...

The vulnerability of the Session Token Handler component of the software platform based on Git for collaborative code development on GitLab allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Session Token Handler component in the Git-based software development platform, which is used for collaborative code development on GitLab, is related to context switching errors during privilege handling. Exploiting this vulnerability can allow an attacker, operating...

The vulnerability of the Kotlin HTTP http4k application library’s functionality is related to incorrect restrictions on XML links to external objects, allowing attackers to perform XXE attacks.

The vulnerability of the Kotlin HTTP http4k application’s toolset is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability allows a remote attacker to perform XXE attacks...

Vulnerability of the Currency.php script (phpoffice/phpspreadsheet/samples/Wizards/NumberFormat/Currency.php) in the PHP library PhpSpreadsheett, which allows attackers to perform cross-site scripting attacks

The vulnerability in the Currency.php script phpoffice/phpspreadsheet/samples/Wizards/NumberFormat/Currency.php of the PhpSpreadsheet library involves a lack of measures to protect web page structures. Exploiting this vulnerability allows an attacker to perform cross-site scripting attacks remote...

The vulnerability of the generateRow() function in the PHP Spreadsheet library allows attackers to perform cross-site scripting attacks.

The vulnerability of the generateRow function in the PHP Spreadsheet library is related to the lack of protective measures for web page structures. Exploiting this vulnerability allows an attacker to perform cross-site scripting attacks remotely...

The vulnerability of the Mitel MiCollab collaboration platform, related to an incorrect restriction on the path name to the restricted access catalog, allows a hacker to read arbitrary files.

The vulnerability of the Mitel MiCollab collaboration platform lies in an incorrect restriction on the path name used to access the restricted catalog. Exploiting this vulnerability could allow an attacker to read arbitrary files...

The vulnerability of the command-line interface (CLI) of the Fortinet FortiManager device management software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the command-line interface CLI of the Fortinet FortiManager device management software is related to an incorrect session duration. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected...

The vulnerability of the Brokering File System (BFS) in Windows operating systems allows a perpetrator to increase their privileges.

The vulnerability of the Brokering File System BFS in Windows operating systems lies in the possibility of exploiting memory after it is freed. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of the NTLMv1 protocol implementation in Windows operating systems allows attackers to enhance their privileges.

The vulnerability of the NTLMv1 protocol in Windows operating systems is related to deficiencies in the authentication process. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...

The vulnerability of the server for the Continuous Integration and Delivery system (CI/CD) of GoCD arises from incorrect restrictions on XML references to external objects. This allows attackers to perform XXE attacks.

The vulnerability of the CI/CD server of GoCD is related to an incorrect restriction on XML references to external objects. Exploiting this vulnerability allows a malicious actor to perform XXE attacks remotely...

The vulnerability of the Digital Media component of Windows operating systems allows attackers to elevate their privileges to a system-level level.

The vulnerability of the Digital Media component of Windows operating systems relates to reading data beyond the allowed range in memory. Exploiting this vulnerability can allow an attacker to elevate their privileges to a system-level level...

The vulnerability of the Windows Telephony Service in Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the Windows Telephony Service in Windows operating systems is related to reading data beyond the allowed range in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending requests to the server...

The vulnerability of the Digital Media component of Windows operating systems allows attackers to elevate their privileges to a system-level level.

The vulnerability of the Digital Media component of Windows operating systems relates to reading data beyond the allowed range in memory. Exploiting this vulnerability can allow an attacker to elevate their privileges to a system-level level...

The vulnerability of the Adobe Animate software for creating multimedia and computer animations, related to a countable loss of significance, allows attackers to execute arbitrary code.

The vulnerability of the Adobe Animate software for creating multimedia and computer animations is related to a significant loss of functionality. Exploiting this vulnerability allows an attacker to execute arbitrary code in the context of the current user, using a specially created malicious fil...

The vulnerability of SAP NetWeaver Application Server ABAP and ABAP Platform software integration platforms, related to information leakage in error messages, allows attackers to gain unauthorized access to protected information.

The vulnerability of SAP NetWeaver Application Server ABAP and ABAP Platform software integration platforms is related to the leakage of information in error messages. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of Fortinet’s software products arises from incorrect restrictions on path names in restricted access catalogs, allowing attackers to escalate their privileges.

The vulnerability of Fortinet’s software products is related to incorrect restrictions on path names in the restricted access catalog. Exploiting this vulnerability can allow attackers to enhance their privileges through specially created packages...

The vulnerability of the Login Message function in the microprogrammed industrial Ethernet switches Moxa MGate allows a attacker to perform XSS attacks.

The vulnerability of the Login Message function in the microprogrammed industrial Ethernet switches Moxa MGate relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

The vulnerability of the QuTS operating systems and QTS network devices from Qnap, related to improper handling of data with URL encoding, allows attackers to execute arbitrary code.

The vulnerability of the QuTS operating systems and QTS network devices involves improper handling of data with URL encoding. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the generateMeta() function in the PHP Spreadsheet library allows attackers to perform cross-site scripting attacks.

The vulnerability of the generateMeta function in the PhpSpreadsheet PHP library is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks remotely...

The vulnerability of the SmartScreen security component against phishing and malicious software attacks in Windows operating systems allows attackers to carry out spear-phishing attacks.

The vulnerability of the SmartScreen security component against phishing and malicious programs in Windows operating systems is related to errors in information representation by the user interface. Exploiting this vulnerability allows a remote attacker to carry out phishing attacks...

The vulnerability of the karmada-operator and karmadactl packages from the Kubernetes cluster management system allows a hacker to write arbitrary files to the basic file system, enabling them to run cloud applications on multiple Karmada clusters.

The vulnerability of the karmada-operator and karmadactl packages from the Kubernetes cluster management system, which are used to run cloud applications across multiple Karmada clusters, is related to an incorrect path name limitation for accessing the restricted directory. Exploiting this...

The vulnerability of the server for the Continuous Integration and Delivery (CI/CD) system GoCD arises due to an incorrect path name limitation for the restricted access directory. This allows a malicious actor to execute arbitrary code.

The vulnerability of the CI/CD GoCD server exists due to an incorrect pathname limitation for the access-controlled directory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

The vulnerability of the Reliable Multicast Transport Driver (RMCAST) for Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the Reliable Multicast Transport Driver RMCAST for Windows operating systems is related to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

The vulnerability of the Windows Telephony Service in Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the Windows Telephony Service in Windows operating systems is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a request to the server...

The vulnerability of the Digital Media component of Windows operating systems, which allows a perpetrator to elevate their privileges to a system-level level

The vulnerability of the Digital Media component of Windows operating systems relates to reading data beyond the allowed range in memory. Exploiting this vulnerability can allow an attacker to elevate their privileges to a system-level level...

The vulnerability of the Digital Media component of Windows operating systems allows attackers to elevate their privileges to a system-level level.

The vulnerability of the Digital Media component of Windows operating systems relates to reading data beyond the allowed range in memory. Exploiting this vulnerability can allow an attacker to elevate their privileges to a system-level level...

The vulnerability of the Windows Telephony Service in Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the Windows Telephony Service in Windows operating systems is related to a potential overflow condition. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a request to the server...