90709 matches found
The vulnerability of the virtualization management library libvirt, related to access control deficiencies, allows a attacker to trigger a service failure.
The vulnerability of the virtualization management library libvirt is related to lack of access control. Exploiting this vulnerability can allow an attacker to cause a service failure using a specially created malicious XML file...
The vulnerability of the ExportSettings.sh (/cgi-bin/ExportSettings.sh) script of the D-Link DAP-1325 wireless signal booster software allows a hacker to circumvent security restrictions and gain unauthorized access to protected information.
The vulnerability of the ExportSettings.sh /cgi-bin/ExportSettings.sh script of the D-Link DAP-1325 wireless signal booster software is related to the lack of authentication for critical functions. Exploiting this vulnerability could allow an attacker to bypass security restrictions and gain...
The vulnerability of the Apache Common Text library on FileMaker Server, related to improper code generation, allows a hacker to execute arbitrary code.
The vulnerability of the Apache Common Text library in FileMaker Server is related to improper code generation when using interpolation functions. Exploiting this vulnerability allows an attacker to execute arbitrary code...
The vulnerability of PLC NLcon-CE-485-C arises from insufficient validation of input data during the processing of the 0xcccc packet in Codesys v2. This allows a perpetrator to trigger a failure in the operation of the Codesys v2 execution environment.
The vulnerability of PLC NLcon-CE-485-C is related to insufficient validation of input data during the processing of the 0xcccc packet in Codesys v2. Exploiting this vulnerability can allow an attacker to cause a failure in the operation of the Codesys v2 execution environment...
The vulnerability of PLC NLcon-CE-485-C arises from insufficient validation of input data when processing a packet of the type 0xbbbb in the Codesys v2 service. This vulnerability allows an attacker to trigger a failure in the operation of the Codesys v2 execution environment.
The vulnerability of PLC NLcon-CE-485-C is related to insufficient validation of input data during the processing of the 0xbbbb packet in Codesys v2. Exploiting this vulnerability can allow an attacker to cause a failure in the operation of the Codesys v2 execution environment...
The vulnerability of PLC NLcon-CE-485-C arises from insufficient validation of input data in the Codesys v2 service. This allows a perpetrator to trigger a failure in the operation of the Codesys v2 execution environment.
The vulnerability of PLC NLcon-CE-485-C is related to insufficient validation of input data in the Codesys v2 service. Exploiting this vulnerability can allow an attacker, operating remotely, to cause failures in the Codesys v2 execution environment...
The vulnerability of the R7-Officer corporate server’s document editor, related to the lack of measures taken to protect the website structure, allows attackers to carry out XSS attacks.
The vulnerability of the R7-Officer corporate server document editor is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability can allow attackers to carry out XSS attacks...
The vulnerability of the IBM Integrated Analytics System, a unified data analysis system, lies in its ability to allow unlimited loading of dangerous types of files. This allows attackers to upload any type of files they desire.
The vulnerability of the IBM Integrated Analytics System, a unified data analysis system, lies in its ability to allow unlimited loading of dangerous types of files. Exploiting this vulnerability could enable a malicious actor to load any desired files remotely...
The vulnerability of PLC NLcon-CE-485-C arises from the use of the outdated Windows CE 5.0 operating system, which allows a hacker to gain full access to the system.
The vulnerability of PLC NLcon-CE-485-C is related to the use of the outdated Windows CE 5.0 operating system. Exploiting this vulnerability can allow an attacker to gain full access to the system...
The vulnerability of the office online package ONLYOFFICE Docs, related to the lack of protective measures for the website structure, allows attackers to carry out cross-site scripting attacks.
The vulnerability of the office online package ONLYOFFICE Docs DocumentServer is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
The vulnerability of the Sprecher SPRECON-E automation module’s microprogramming software, related to insufficiently secure data encryption, allows a intruder to gain unauthorized access to protected information.
The vulnerability of the microprogramming software of the automation module Sprecher SPRECON-E is related to insufficiently secure data encryption. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
Vulnerabilities of the functions mxc_isi_m2m_vb2_buffer_queue(), mxc_isi_m2m_vb2_stop_streaming(), and mxc_isi_m2m_s_fmt_vid() in the Linux operating system, allowing a hacker to trigger a service failure
The vulnerabilities of the functions mxcisim2mvb2bufferqueue, mxcisim2mvb2stopstreaming, and mxcisim2msfmtvid in the Linux operating system are related to state management errors. Exploiting these vulnerabilities can allow an attacker to cause service failures...
The vulnerability of the Sprecher SPRECON-E automation module’s microprogramming software lies in the use of a rigidly encrypted cryptographic key, which allows attackers to compromise the confidentiality and integrity of the protected information.
The vulnerability of the microprogramming software of the automation module Sprecher SPRECON-E is related to the use of a rigidly encrypted cryptographic key. Exploiting this vulnerability allows an attacker operating remotely to compromise the confidentiality and integrity of the protected...
The vulnerability of the HTTP request handler in the microprogramming-based router software Tenda WH450 allows for the execution of arbitrary code.
The vulnerability of the HTTP request handler in the microprogramming-based router software Tenda WH450 lies in the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially crafted GET request...
The vulnerability of the Paragon Hard Disk Manager software allows a perpetrator to modify any files they choose.
The vulnerability of the Paragon Hard Disk Manager software is related to insecure management of privileges. Exploiting this vulnerability could allow an attacker to modify arbitrary files...
The vulnerability of the armor_filter() function in the GnuPG program for encrypting information and generating electronic digital signatures allows a hacker to execute arbitrary code.
The vulnerability of the armorfilter function in the GnuPG program, which is used for information encryption and creating electronic digital signatures, is related to a numerical overflow condition. Exploiting this vulnerability could allow an attacker, operating remotely, to execute arbitrary co...
The vulnerability of PLC NLcon-CE-485-C, related to deficiencies in the authorization process of the Codesys v2 service, allows a perpetrator to gain full access to the Codesys v2 execution environment.
The vulnerability of PLC NLcon-CE-485-C is related to deficiencies in the authentication process of the Codesys v2 service. Exploiting this vulnerability can allow an attacker, operating remotely, to gain full access to the Codesys v2 execution environment...
The vulnerability of the Instant Search function in the Content Search module of the ManageEngine Exchange Reporter Plus software, a monitoring, analysis, and reporting tool, allows a perpetrator to carry out cross-site scripting attacks.
The vulnerability of the Instant Search function in the Content Search module of the ManageEngine Exchange Reporter Plus software exists because measures to protect the website structure have not been taken. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting...
The vulnerability of the web interface of the Nagios Log Server monitoring and analysis software allows a hacker to perform cross-site scripting attacks.
The vulnerability of the web interface of the Nagios Log Server monitoring and analysis software exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
The vulnerability of the Nagios Log Server’s monitoring and analysis software interface allows a hacker to gain access to and modify data.
The vulnerability of the Nagios Log Server software monitoring and analysis interface is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain access to read and modify data...
Vulnerabilities of the functions mxc_isi_m2m_vb2_buffer_queue(), mxc_isi_m2m_vb2_stop_streaming(), and mxc_isi_m2m_s_fmt_vid() in the Linux operating system, allowing a hacker to trigger a service failure
The vulnerabilities of the functions mxcisim2mvb2bufferqueue, mxcisim2mvb2stopstreaming, and mxcisim2msfmtvid in the Linux operating system are related to state management errors. Exploiting these vulnerabilities can allow an attacker to cause service failures...
The vulnerability of the R7-Officer corporate server’s document editor, related to the lack of measures taken to protect the website structure, allows attackers to carry out XSS attacks.
The vulnerability of the R7-Officer corporate server document editor is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow an attacker to carry out XSS attacks...
The vulnerability of the R7-Officer corporate server’s document editor, related to the lack of measures taken to protect the website structure, allows attackers to carry out XSS attacks.
The vulnerability of the R7-Officer corporate server document editor is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow an attacker to carry out XSS attacks...
The vulnerability of the R7-Officer corporate server’s document editor, related to the lack of measures taken to protect the website structure, allows attackers to carry out XSS attacks.
The vulnerability of the R7-Office corporate server document editor is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow an attacker to carry out XSS attacks...
The vulnerability of the R7-Officer corporate server’s document editor, related to the lack of measures taken to protect the website structure, allows attackers to carry out XSS attacks.
The vulnerability of the R7-Officer corporate server document editor is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability can allow attackers to carry out XSS attacks...
The vulnerability of the R7-Officer corporate server’s document editor, related to the lack of measures taken to protect the website structure, allows attackers to carry out XSS attacks.
The vulnerability of the R7-Officer corporate server document editor is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability can allow attackers to carry out XSS attacks...
The vulnerability of the Sprecher SPRECON-E automation module’s microprogramming software, which stems from the use of a rigidly encrypted cryptographic key, allows attackers to execute a type of “man-in-the-middle” attack.
The vulnerability of the microprogramming software of the automation module Sprecher SPRECON-E is related to the use of a rigidly encrypted cryptographic key. Exploiting this vulnerability could allow a malicious actor, operating remotely, to execute a “man-in-the-middle” type attack...
The vulnerability of the sub_F934() function in the Wi-Fi adapter software developed by TRENDnet TEW-800MB allows a hacker to execute arbitrary commands.
The vulnerability of the subF934 function in the TRENDnet TEW-800MB Wi-Fi adapter software relates to the lack of measures taken for data cleaning at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by sending specially crafted HTTP requests...
The vulnerability of PLC NLcon-CE-485-C, related to the lack of measures taken to encrypt confidential data, allows attackers to gain access to confidential information.
The vulnerability of PLC NLcon-CE-485-C is related to the lack of measures taken to encrypt confidential data. Exploiting this vulnerability can allow a remote attacker to gain access to confidential information...
The vulnerability of the Content Search module in the ManageEngine Exchange Reporter Plus software, a monitoring, analysis, and reporting tool, allows a violator to trigger a service outage.
The vulnerability of the Content Search module in the ManageEngine Exchange Reporter Plus monitoring, analysis, and reporting tool is related to the use of a regular expression with high computational complexity. Exploiting this vulnerability could allow a malicious actor to cause service...
The vulnerability of the office online package ONLYOFFICE Docs, related to the lack of protective measures for the website structure, allows attackers to carry out cross-site scripting attacks.
The vulnerability of the office online package ONLYOFFICE Docs DocumentServer is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
The vulnerability of the office online package ONLYOFFICE Docs (DocumentServer) arises from the improper handling of symbolic links before accessing a file. This allows a malicious actor to execute arbitrary code.
The vulnerability of the office online package ONLYOFFICE Docs is related to the incorrect definition of symbolic links before accessing a file. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
The vulnerability of the office online package ONLYOFFICE Docs, related to the lack of protective measures for the website structure, allows attackers to carry out cross-site scripting attacks.
The vulnerability of the office online package ONLYOFFICE Docs DocumentServer is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
The vulnerability of the Amiro.CMS content management system lies in the lack of measures taken to protect the website structure, allowing attackers to gain unauthorized access to protected information.
The vulnerability of the Amiro.CMS content management system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to the protected information...
The vulnerability of the SSM backup function of the Sprecher SPRECON-E automation module allows a perpetrator to gain unauthorized access to protected information or execute arbitrary code.
The vulnerability of the SSM backup function of the Sprecher Storage Manager software in the SPRECON-E automation module is related to insufficient protection of operational data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information or execute...
The vulnerability of the toolset for interacting with MariaDB MCP MariaDB Server arises from insufficient validation of input data, allowing attackers to gain unauthorized access to protected information.
The vulnerability of the tools for interacting with MariaDB MCP MariaDB Server stems from insufficient validation of input data. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...
The vulnerability of the JetBrains YouTrack project management and task management software lies in the lack of TLS certificate verification. This allows attackers to disclose sensitive information and compromise the integrity of the system.
The vulnerability of the JetBrains YouTrack project and task management software is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information and compromise the integrity of the system...
The vulnerability of the Forgejo collaborative development platform, related to deficiencies in the mechanism for processing symbolic links, allows a violator to gain unauthorized access to the platform.
The vulnerability of the Forgejo collaborative development platform is related to deficiencies in the mechanism for handling symbolic links. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to the platform by sending a specially crafted...
The vulnerability in the Request Handling component of Mozilla Firefox, Firefox ESR, and the email client Thunderbird allows a hacker to bypass existing security restrictions.
The vulnerability in the Request Handling component of Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to the lack of verification of the reliability of data sources or messages. Exploiting this vulnerability can allow a malicious actor to bypass existing security...
The vulnerability of the Core component of Oracle’s ZFS Storage Appliance Kit, a storage system from Oracle Systems, allows a hacker to trigger a service failure.
The vulnerability of the Core component of Oracle’s ZFS Storage Appliance Kit relates to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the Web Service API component of the Oracle BI Publisher software, which is used for creating reports, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Web Service API component of the Oracle BI Publisher software for creating reports is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of IBM OpenPages, a risk management platform for enterprises, relates to the disclosure of system data by unauthorized parties in the controlled area. This allows attackers to expose protected information.
The vulnerability of IBM OpenPages, a risk management platform for enterprises, involves the disclosure of system data that is not accessible to authorized personnel in the controlled area. Exploiting this vulnerability could allow an attacker, operating remotely, to disclose protected informatio...
The vulnerability of the JetBrains YouTrack project management and task management software, related to the lack of user principal cleanup, allows a hacker to reuse incorrect authentication contexts.
The vulnerability of the JetBrains YouTrack project and task management software is related to the absence of user principal cleanup. Exploiting this vulnerability allows a malicious actor to repeatedly use incorrect authentication contexts remotely...
The vulnerability of the OpManager, OpManager MSP, and OpManager Plus network monitoring software lies in the lack of protective measures for the website structure, allowing attackers to execute arbitrary code.
The vulnerability of the OpManager, OpManager MSP, and OpManager Plus network monitoring software lies in the lack of security measures for the website structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Zohocorp ManageEngine Exchange Reporter Plus software, a monitoring, analysis, and reporting tool, arises from the lack of protective measures for the website structure. This allows attackers to gain unauthorized access to protected information.
The vulnerability of the monitoring, analysis, and reporting software Zohocorp ManageEngine Exchange Reporter Plus is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected...
The vulnerability of the ubusd component in the embedded operating system OpenWrt allows a hacker to execute arbitrary code.
The vulnerability of the ubusd component in the embedded operating system OpenWr is related to buffer overflow in dynamic memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the LibreChat artificial intelligence-based platform, related to deficiencies in the authentication process, allows a violator to gain unauthorized access to protected information.
The vulnerability of the LibreChat artificial intelligence-based platform is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the llama_index component of the JSON data reading class, which uses JSONReader tokens, allows a attacker to cause a service failure.
The vulnerability of the llamaindex component of the JSON data reading class, implemented through JSONReader tokens, is related to an uncontrolled recursion. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the DeleteMac Component’s sub_402D1C function in the Wavlink NU516U1 router’s microprogramming system allows a hacker to execute arbitrary commands.
The vulnerability of component DeleteMac Page’s sub402D1C function in the Wavlink NU516U1 microprogramming system lies in the failure to take data cleaning measures at the control level when processing the deletelist argument. Exploiting this vulnerability allows an attacker to execute arbitrary...
The vulnerability of the Next.js software platform for creating web applications, related to shortcomings in HTTP request processing, allows attackers to trigger service failures.
The vulnerability of the Next.js software platform for creating web applications is related to shortcomings in HTTP request processing. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...