The vulnerability of the Woocommerce Product Design plugin of the WordPress content management system arises from incorrect restrictions on the path to the restricted catalog. This allows attackers to gain access to read, modify, or delete data.

The vulnerability of the Woocommerce Product Design plugin in the WordPress content management system is related to an incorrect restriction on the path to the restricted catalog. Exploiting this vulnerability could allow a malicious actor to gain access to read, modify, or delete data...

The vulnerability of the Lenovo XClarity Controller (XCC) against Lenovo ThinkSystem servers allows a hacker to execute arbitrary commands.

The vulnerability of the Lenovo XClarity Controller XCC for Lenovo ThinkSystem systems is related to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary commands using a specially created IPMI...

The vulnerability of AMD Secure Processor’s microprogramming software is related to improper validation of input data, allowing attackers to exploit their privileges.

The vulnerability of AMD Secure Processor ASP microprogramming software relates to improper validation of input data. Exploiting this vulnerability can allow attackers to enhance their privileges...

Vulnerability of web-based interfaces for microprogramming software Wi-Fi routers such as Netis NX10, Netis 11AC Router NC65, Netis 11AC Router NC63, Netis 11AC Router NC21, and Netis Wifi Router MW5360 allow attackers to increase their privileges

The vulnerability of the web-based management interfaces for Netis microprogramming systems, including Netis NX10, Netis 11AC Router NC65, Netis 11AC Router NC63, Netis 11AC Router NC21, and Netis Wifi Router MW5360, lies in the ability to read data beyond the permitted range in memory. Exploitin...

The vulnerability of the SSL VPN remote access technology implemented on SonicOS operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the SSL VPN remote access technology implemented on SonicOS operating systems is related to the use of a insecure random number generator program. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected...

The vulnerability of the edge_bulk_out_cmd_callback() function in the drivers/usb/serial/io_edgeport.c file of the Linux kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the edgebulkoutcmdcallback function in the drivers/usb/serial/ioedgeport.c file of the Linux kernel is related to the repeated use of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility...

The vulnerability of the `ksmbdexpiresession()` function in the `fs/smb/server/mgmt/user_session.c` module within the Linux-based CIFS/SMB3 server kernel `ksmbd server` allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the ksmbdexpiresession function in the fs/smb/server/mgmt/usersession.c module, within the Linux kernel-based CIFS/SMB3 server ksmbd server, relates to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the...

The vulnerability of the software for managing Lenovo Accessories and Display Manager (LADM) and the software for managing and configuring Lenovo Display Control Center (LDCC) lies in errors in the authentication process, allowing a perpetrator to execute arbitrary code.

The vulnerabilities of the Lenovo Accessories and Display Manager LADM software for managing accessories and displays, as well as the Lenovo Display Control Center LDCC software for controlling and configuring displays, are related to errors in the certificate validation process. Exploiting these...

The vulnerabilities of vSphere CPI (Cloud Provider Interface) and vSphere CSI (Container Storage Interface), which are software platforms for deploying containers in a production environment, allow attackers to exploit them to disclose sensitive information.

The vulnerability of vSphere CPI Cloud Provider Interface and vSphere CSI Container Storage Interface, two components of the software platform for container deployment in a production environment, is related to insufficient protection of registration data. Exploiting this vulnerability can allow ...

The vulnerability of software tools for managing and configuring Intel Ethernet Controller Administrative Tools is related to access segmentation errors, allowing attackers to escalate their privileges.

The vulnerability of the software tools for managing and configuring Intel Ethernet Controller Administrative Tools is related to access control violations. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of the Lenovo XClarity Controller (XCC) for Lenovo ThinkSystem servers arises from the lack of measures taken to neutralize specific elements, allowing a perpetrator to execute arbitrary commands.

The vulnerability of the Lenovo XClarity Controller XCC for Lenovo ThinkSystem systems is related to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using specially created files...

The vulnerability of the INF-file utility for Intel chipset and circuit boards, known as the Intel Chipset INF Utility (previously called Intel Chipset Device Software or Intel Chipset Software Installation Utility), is related to an uncontrolled search path element. This allows a malicious user to gain elevated privileges.

The vulnerability of the INF-file utility for Intel chipset and circuit boards is related to an uncontrolled search path element. Exploiting this vulnerability can allow a hacker to gain increased privileges...

The vulnerability of the SMEM partition in Qualcomm’s security microprogramming software allows attackers to disclose protected information.

The vulnerability of the SMEM microprogramming software for Qualcomm processors lies in reading data beyond the allowed range in memory. Exploiting this vulnerability can allow an attacker to disclose protected information...

The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to improper code generation management, allowing an attacker to execute arbitrary code.

The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird are related to improper code generation. Exploiting these vulnerabilities allows a remote attacker to execute arbitrary code...

The vulnerability of the software tool for collecting network and application performance data from Cisco ThousandEyes Endpoint Agent, related to errors in the certificate validation process, allows attackers to escalate their privileges.

The vulnerability of the software tool for collecting network performance and Cisco ThousandEyes Endpoint Agent application data is related to errors in the certificate validation process. Exploiting this vulnerability can allow an attacker to increase their privileges remotely...

The vulnerability of the switch network firewall for HPE CX 10000 corporate networks allows a intruder to disclose protected information.

The vulnerability of the switch network firewalls for HPE CX 10000 corporate networks is related to insufficient protection of operational data. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...

The vulnerability of the Intel MPI Library’s parallel programming library, related to an uncontrolled element in the search process, allows attackers to increase their privileges.

The vulnerability of the Intel MPI Library, which is related to parallel programming, lies in its uncontrolled search path. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the `ucsi_ccg_update_set_new_cam_cmd()` function in the Linux kernel’s drivers/usb/typec/ucsi/ucsi_ccg.c file allows a attacker to compromise the confidentiality and accessibility of protected information.

The vulnerability of the ucsiccgupdatesetnewcamcmd function in the Linux kernel’s drivers/usb/typec/ucsi/ucsiccg.c file relates to reading memory beyond the bounds of the allocated buffer. Exploiting this vulnerability could allow an attacker to compromise the confidentiality and accessibility of...

The vulnerability of the SSL VPN remote access technology implemented on SonicOS operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the SSL VPN remote access technology implemented on SonicOS systems is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the Framework component of the Android operating system, which allows a hacker to increase their privileges

The vulnerability of the Framework component in the Android operating system relates to the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of the System component of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerability of the System component of the Android operating system is related to incorrect code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the System component of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerability of the System component of the Android operating system is related to incorrect code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the System component of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerability of the System component of the Android operating system is related to incorrect code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the System component of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerability of the System component of the Android operating system is related to incorrect code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the search_nested_keyrings() function in the security/keys/keyring.c module of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the searchnestedkeyrings function in the security/keys/keyring.c module of the Linux kernel involves accessing memory beyond the allocated buffer. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the...

The vulnerability of the JWT library cjwt, related to incorrect verification of the cryptographic signature, allows attackers to circumvent security restrictions.

The vulnerability of the JWT library cjwt is related to incorrect verification of the cryptographic signature. Exploiting this vulnerability could allow a malicious actor to bypass security restrictions remotely...

The vulnerability of the Media Framework component of the Android operating system, which allows a hacker to increase their privileges

The vulnerability of the Media Framework component in the Android operating system relates to the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of the _cfg80211_unregister_wdev() function in the net/wireless/core.c module of the Linux kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the cfg80211unregisterwdev function in the net/wireless/core.c module of the Linux kernel is related to the re-release of previously released memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of...

The vulnerability of Typogrify, a Drupal CMS system, relates to the lack of measures taken to protect the website structure. This allows attackers to carry out XSS attacks.

The vulnerability of Typogrify, a module within the Drupal CMS system, is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows an attacker to carry out XSS attacks remotely...

The vulnerability in the web interface of the Cisco Crosswork Network Controller (CNC) allows a attacker to execute XSS attacks.

The vulnerability in the web interface of the Cisco Crosswork Network Controller CNC management interface is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to the execution of operations beyond the buffer in memory, allowing an attacker to execute arbitrary code.

The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to the execution of operations outside of the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially created website...

The vulnerability of the formSetLog function (/goform/formSetLog) in D-Link DIR-619L router software allows a intruder to trigger a service failure.

The vulnerability of the formSetLog /goform/formSetLog function in D-Link DIR-619L router microprogramming software lies in the copying of buffers without checking the size of input data when processing the curTime parameter. Exploiting this vulnerability can allow an attacker to cause service...

The vulnerability of the formSetDDNS function (/goform/formSetDDNS) in D-Link DIR-619L router software allows a hacker to cause a service failure.

The vulnerability of the formSetDDNS function /goform/formSetDDNS in D-Link DIR-619L router software lies in the copying of a buffer without checking the size of the input data during the processing of the curTime parameter. Exploiting this vulnerability allows an attacker to cause a service...

The vulnerability of the formResetStatistic function (/goform/formResetStatistic) in D-Link DIR-619L router software allows a hacker to trigger a service failure.

The vulnerability of the formResetStatistic function /goform/formResetStatistic in D-Link DIR-619L router software lies in the copying of buffers without checking the size of the input data during the processing of the curTime parameter. Exploiting this vulnerability can allow an attacker to caus...

The vulnerability of the scpi_dvfs_get_info() function in the System Control and Power Interface (SCPI) Message Protocol Driver (drivers/firmware/arm_scpi.c) in Linux kernel allows a hacker to trigger a service failure.

The vulnerability of the scpidvfsgetinfo function in the System Control and Power Interface SCPI Message Protocol Driver drivers/firmware/armscpi.c in Linux kernel systems is related to a pointer arithmetic error. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of the uof_get_name() function in the QAT_420xx driver (driver/crypto/intel/qat/qat_420xx/adf_420xxHW_data.c) on Linux operating systems allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the uofgetname function in the QAT420xx driver driver/crypto/intel/qat/qat420xx/adf420xxhwdata.c in Linux operating systems is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow an attacker to gain unauthorized acces...

The vulnerability of the uof_get_name() function in the QAT_4xxx driver (driver/crypto/intel/qat/qat_4xxx/adf_4xxx_hw_data.c) on Linux operating systems allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the uofgetname function in the QAT4xxx driver driver/crypto/intel/qat/qat4xxx/adf4xxxhwdata.c on Linux operating systems is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow an attacker to gain unauthorized access t...

The vulnerability of the kunit_try_catch_run() function in the KUnit framework (lib/kunit/try-catch.c) in the Linux kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the kunittrycatchrun function in the KUnit framework lib/kunit/try-catch.c in the Linux kernel is related to the reallocation of memory after its deallocation due to concurrent access to resources race condition. Exploiting this vulnerability could allow an attacker to...

The vulnerability of the Chatbot component of Oracle Financial Services’ Revenue Management and Billing system allows a hacker to gain unauthorized access to read, add, modify, or delete data.

The vulnerability of the Chatbot component of Oracle Financial Services’ Revenue Management and Billing system is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to read, add, modify, or delete...

The vulnerability of the microprogrammed software of Schneider Electric PowerLogic PM5320, PM5340, and PM5341 lies in their uncontrollable resource consumption, which allows a intruder to trigger a service failure.

The vulnerability of the microprogramming software for Schneider Electric’s PowerLogic PM5320, PM5340, and PM5341 lies in the uncontrolled consumption of resources. Exploiting this vulnerability could allow a malicious actor to cause service failures by sending specially crafted IGMP packets...

The vulnerability of the UDP packet verification mechanism in microprogramming software for Cisco SD-WAN vEdge allows a attacker to trigger a service failure.

The vulnerability of the UDP packet verification mechanism in Cisco SD-WAN vEdge microprogramming software lies in the fact that the operation results are stored outside of the buffer in memory. Exploiting this vulnerability allows a malicious actor to cause service failures by sending specially...

The vulnerability of the etimeclockwp_load_function_callback() function in the WordPress Content Management System allows a hacker to execute arbitrary code.

The vulnerability of the etimeclockwploadfunctioncallback function in the Time Clock plugin of the WordPress content management system is related to improper handling of code generation. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

The vulnerability in the web server of Cisco Adaptive Security Appliance (ASA), a microprogramming-based network device, allows attackers to execute XSS attacks.

The vulnerability of Cisco Adaptive Security Appliance ASA’s microprogramming-based web server exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

The vulnerability of the mse102x_tx_frame_spi() function in the Linux kernel’s drivers/net/ethernet/vertexcom/mse102x.c file allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the mse102xtxframespi function in the Linux kernel’s drivers/net/ethernet/vertexcom/mse102x.c file is related to the repeated release of previously released memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...

The vulnerability of the scmi_device_release() function in the drivers/firmware/arm_scmi/bus.c module of the Linux kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the scmidevicerelease function in the drivers/firmware/armscmi/bus.c module of the Linux kernel is related to the repeated use of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of...

The vulnerability in the update_check.cgi script of NETGEAR’s Wi-Fi router model R6900 allows a hacker to execute arbitrary code or trigger a service failure.

The vulnerability in the updatecheck.cgi script of the NETGEAR R6900 Wi-Fi router lies in the memory writing beyond the allocated buffer. Exploiting this vulnerability allows an attacker to execute arbitrary code or cause a service failure...

The vulnerability of the software for discrete event simulation and automation in Rockwell Automation Arena allows a intruder to execute arbitrary code by exploiting incorrect resource initialization.

The vulnerability of the software for discrete event simulation and automation in Rockwell Automation Arena is related to incorrect initialization of resources. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created DOE file...

The vulnerability of the Suricata intrusion detection and prevention system, related to asymmetric resource consumption, allows an intruder to trigger a service failure.

The vulnerability of the Suricata intrusion detection and prevention system is related to asymmetric resource consumption caused by incorrect compression of resource names during DNS message processing. Exploiting this vulnerability allows a malicious actor to cause service failures...

The vulnerability of the StreamingBufferSlideToOffsetWithRegions() function in the Suricata intrusion detection and prevention system allows a intruder to execute arbitrary code or cause a service failure.

The vulnerability of the StreamingBufferSlideToOffsetWithRegions function in the Suricata intrusion detection and prevention system is related to the execution of operations outside of the buffer’s memory boundaries. Exploiting this vulnerability could allow a malicious actor to execute arbitrary...

The vulnerability of the Suricata intrusion detection and prevention system’s TCP protocol allows attackers to compromise the integrity of the protected information.

The vulnerability of the Suricata intrusion detection and prevention system’s TCP protocol implementation is related to the incomplete model of the characteristics of the destination node. Exploiting this vulnerability could allow a malicious actor to compromise the integrity of the protected...