74701 matches found
Vulnerability of RDMA/cma components of Linux operating system cores, allowing a hacker to trigger a service failure
The vulnerability of RDMA/cma components in Linux operating systems is related to memory leaks in the cmavalidateport function. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the kunit/fortify components in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the kunit/fortify components in Linux kernel relates to a memory corruption in the DEFINEALLOCSIZETESTPAIR function. Exploiting this vulnerability can allow an attacker to access confidential information...
The vulnerability of the btrfs component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the hns3 component in the Linux operating system’s kernel is related to a memory leak. Exploiting this vulnerability can allow an attacker to cause a system failure...
The vulnerability of the /bin/alphapd file in D-Link DCS-932L microprogrammable software-based cameras allows a intruder to trigger a service failure.
The vulnerability of the /bin/alphapd binary in D-Link DCS-932L microprogrammed software cameras lies in the fact that the operation data is written outside of the buffer in memory when processing the AUTHORIZATION field in the HTTP request header. Exploitation of this vulnerability allows a remo...
The vulnerability of the Apache Tomcat application server, related to uncontrolled resource consumption, allows attackers to cause service failures.
The vulnerability of the Apache Tomcat application server is related to an uncontrolled consumption of resources. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...
The vulnerability of the Streaming Service of the Synology Media Server, which allows a hacker to read arbitrary files.
The vulnerability of the Streaming Service in Synology Media Server lies in the ability to bypass authentication by using a user-controlled key. Exploiting this vulnerability allows an attacker to remotely access and read arbitrary files...
The vulnerability of the xen-netfront driver (drivers/net/xen-netfront.c) in Xen hypervisors for Linux operating systems allows a hacker to cause a service failure.
The vulnerability of the xen-netfront driver drivers/net/xen-netfront.c in Xen hypervisors for Linux operating systems is related to a pointer swapping error. Exploiting this vulnerability can allow an attacker to cause service interruptions...
The vulnerability of the rte_raw_cksum_mbuf() function in the vhost library, part of the libraries and drivers for fast packet processing by DPDK, allows a attacker to cause a service failure.
The vulnerability of the rterawcksummbuf function in the vhost library, which is part of the DPDK toolkit for fast packet processing, stems from a failure to properly manage the output beyond the buffer in memory when calculating the checksum. Exploiting this vulnerability could allow an attacker...
The vulnerability of the /sbin/httpd file in D-Link DIR-860L router microprogramming software allows a hacker to cause a service failure.
The vulnerability of the /sbin/httpd microprogramming system of D-Link DIR-860L routers is related to errors in pointer assignment due to incorrect checking of HTTP request formats. Exploiting this vulnerability allows a malicious actor to cause service failures by sending specially crafted HTTP...
The vulnerability of Adobe Connect’s instant messaging program, related to the lack of protective measures for website structures, allows attackers to execute XSS attacks.
The vulnerability of the Adobe Connect instant messaging program relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute XSS attacks by injecting malicious scripts into form fields...
The vulnerability of the getWindowsIEEE8021x function in the npm systeminformation package of the Node.js software platform allows a perpetrator to escalate their privileges and execute arbitrary commands.
The vulnerability of the getWindowsIEEE8021x function in the npm systeminformation package of the Node.js software platform is related to improper code generation during the processing of SSID identifiers. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute...
The vulnerability of the RequestBuilder class in the CookieStore interface of the asynchronous HTTP request processing library Async Http Client allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the RequestBuilder class in the CookieStore interface of the asynchronous HTTP request processing library Async Http Client is related to the replacement of cookie files due to incorrect authentication procedures. Exploiting this vulnerability can allow an attacker operating...
The vulnerability of the plugins_call_handle_uri_clean() function in the /sbin/lighttpd microprogramming system of D-Link DAP-1520 wireless signal amplifiers allows a hacker to induce a service failure.
The vulnerability of the pluginscallhandleuriclean function in the /sbin/lighttpd microprogramming system for D-Link DAP-1520 wireless signal amplifiers is related to errors in pointer assignment due to incorrect checking of HTTP request formats. Exploiting this vulnerability could allow an...
The vulnerability of the software for developing and executing applications in the ABAP language on the SAP NetWeaver Application Server ABAP lies in the absence of an authentication procedure, which allows attackers to increase their privileges.
The vulnerability of the software used for developing and executing applications in the ABAP language of SAP NetWeaver Application Server is related to the absence of an authentication process. Exploiting this vulnerability allows a malicious actor to increase their privileges remotely...
The vulnerability in the fs/cachefiles/ondemand.c module of the Linux file system’s cachefiles module allows a hacker to cause a service failure.
The vulnerability in the fs/cachefiles/ondemand.c module of the Linux file system is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability in the getSyslogFile function of the mainfunction.cgi web interface of the DrayTek Vigor router software allows a malicious individual to gain unauthorized access to confidential system files.
The vulnerability of the getSyslogFile function in the mainfunction.cgi web interface of the DrayTek Vigor router software is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain...
The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers allows attackers to execute arbitrary code and gain full control over the system.
The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers is related to type mixing errors. Exploiting this vulnerability allows a remote attacker to execute arbitrary code and gain full control over the system...
The vulnerability of Adobe InDesign’s computer layout automation tool, related to the execution of operations beyond buffer boundaries in memory, allows attackers to bypass the ASLR protection mechanism and gain unauthorized access to protected information.
The vulnerability of Adobe InDesign’s computer layout automation tool is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to bypass the ASLR protection mechanism and gain unauthorized access to protected informati...
The vulnerability of the DownloadFileServlet function in the software for monitoring, managing, and configuring VigorAP access points and VigorSwitches in the DrayTek VigorConnect local network allows a malicious actor to upload arbitrary files with root privileges.
The vulnerability of the DownloadFileServlet function in the software for monitoring, managing, and configuring VigorAP access points and VigorSwitches in the DrayTek VigorConnect local network is related to the unlimited download of dangerous types of files. Exploiting this vulnerability could...
The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure, allowing attackers to execute arbitrary code.
The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure, allowing attackers to execute arbitrary code.
The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure, allowing attackers to execute arbitrary code.
The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure, allowing attackers to execute arbitrary code.
The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure, allowing attackers to execute arbitrary code.
The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the /usr/ucb/ps component of the Solaris operating system, which allows a hacker to access confidential information
The vulnerability of the /usr/ucb/ps component of the Solaris operating system is related to insufficient protection for service data. Exploiting this vulnerability can allow an attacker to access confidential information...
The vulnerability of the QuLog Center software platform for managing QNAP NAS devices lies in the lack of security measures to protect the website structure. This allows attackers to carry out XSS attacks.
The vulnerability of the QuLog Center software platform for managing QNAP NAS devices is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
The vulnerability of the Happy Eyeballs sorting algorithm for Envoy proxy servers allows a hacker to trigger a service denial.
The vulnerability of the Happy Eyeballs sorting algorithm for the Envoy proxy server is related to the incorrect implementation of the control flow when processing IP addresses. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
The vulnerability of the /bin/webs file in D-Link DAP-1513 wireless access points allows a hacker to cause a service failure.
The vulnerability of the /bin/webs file in D-Link DAP-1513 wireless access points is related to errors in pointer redirection due to incorrect checking of HTTP request formats. Exploiting this vulnerability allows a remote attacker to cause service interruptions by sending specially crafted HTTP...
The vulnerability of the Siemens User Management Component (UMC) in products such as Opcenter Execution Foundation, Opcenter Intelligence, Opcenter Quality, Opcenter RDL, SIMATIC PCS neo, SINEC NMS, Totally Integrated Automation Portal (TIA Portal) allows a attacker to execute arbitrary code.
The vulnerability of the Siemens User Management Component UMC in products such as Opcenter Execution Foundation, Opcenter Intelligence, Opcenter Quality, Opcenter RDL, SIMATIC PCS neo, SINEC NMS, and Totally Integrated Automation Portal TIA Portal is related to buffer overflow in dynamic memory...
The vulnerability of the ieee80211_sta_ps_deliver_wakeup() function in the mac80211 component of the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the ieee80211stapsdeliverwakeup function in the mac80211 component of the Linux operating system is related to improper locking of resources. Exploiting this vulnerability could allow an attacker to trigger a service failure...
The vulnerability of the web interface of Draytek Vigor routers, Draytek Vigor access points, Draytek Vigor switches, and the cloud platform Draytek Vigor Myvigor arises from the use of rigidly encrypted credentials. This allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the web interface of Draytek Vigor routers, Draytek Vigor access points, Draytek Vigor switches, and the cloud platform Draytek Vigor Myvigor is related to the use of rigidly encrypted login credentials. Exploiting this vulnerability allows a malicious actor to compromise the...
The vulnerability of the web interface of DrayTek Vigor microprogramming software-enabled routers allows a hacker to execute a CSRF attack.
The vulnerability of the web interface of DrayTek Vigor microprogramming software lies in the possibility of inter-site requests being forged. Exploiting this vulnerability allows a remote attacker to execute a CSRF attack...
The vulnerability of the CyberPanel web hosting control panel, related to the lack of measures to neutralize specific elements, allows a hacker to execute arbitrary commands.
The vulnerability of the CyberPanel web hosting control panel exists due to the lack of measures taken to neutralize certain elements. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary commands using a specially created HTTP OPTIONS request...
The vulnerability in the SSLapp.cgi web interface of the DrayTek Vigor router software allows a attacker to trigger a Denial-of-Service Attack (DoS).
The vulnerability in the SSLapp.cgi web interface of the DrayTek Vigor router software lies in the buffer overflow that occurs during the processing of the sAppName parameter. Exploiting this vulnerability allows an attacker to trigger a Denial-of-Service Attack DoS from a remote location...
The vulnerability in the inetipv6.cgi web interface of the DrayTek Vigor router software allows a attacker to trigger a Denial-of-Service Attack (DoS).
The vulnerability in the SSLapp.cgi web interface of the DrayTek Vigor router software lies in the overflow of buffers on the stack during the processing of the sIpv6AiccuUser parameter. Exploiting this vulnerability allows a remote attacker to trigger a Denial-of-Service attack...
The vulnerability of the v2x00.cgi web interface of the DrayTek Vigor router software allows a attacker to trigger a Denial-of-Service Attack (DoS).
The vulnerability of the v2x00.cgi web interface of the DrayTek Vigor router software lies in the buffer overflow that occurs during the processing of the saveVPNProfile parameter. Exploiting this vulnerability allows a malicious actor to trigger a Denial-of-Service attack from a remote location...
The vulnerability in the Profile Name field of the software for monitoring, managing, and configuring VigorAP access points and VigorSwitches in the DrayTek VigorConnect local network allows a attacker to perform XSS attacks.
The vulnerability of the Profile Name field in software for monitoring, managing, and configuring VigorAP access points and VigorSwitches in the DrayTek VigorConnect local network is related to the lack of security measures taken to protect the website structure. Exploiting this vulnerability cou...
The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure, allowing attackers to execute arbitrary code.
The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure, allowing attackers to execute arbitrary code.
The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure, allowing attackers to execute arbitrary code.
The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure, allowing attackers to execute arbitrary code.
The vulnerability of the Adobe Experience Manager content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the handle_api2_request() function in the Proxmox Virtual Environment platform’s interface, as well as the Proxmox Mail Gateway email protection mechanism, allows a perpetrator to gain access to read, modify, or delete data.
The vulnerability of the handleapi2request function in the Proxmox Virtual Environment platform’s interface, along with the Proxmox Mail Gateway email protection mechanism, is related to improper external management of file names or paths when processing objects like “download” or “data-download”...
The vulnerability of the built-in network firewall QuFirewall for protecting data on NAS devices from QNAP, related to the lack of measures taken at the management level to clean data, allows attackers to execute arbitrary commands.
The vulnerability of the built-in network firewall of QuFirewall, used for protecting data on NAS devices from QNAP, is related to the lack of measures taken at the management level to clean data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the QuLog Center software platform for managing QNAP NAS devices lies in the lack of security measures to protect the website structure. This allows attackers to carry out XSS attacks.
The vulnerability of the QuLog Center software platform for managing QNAP NAS devices is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
The vulnerability of the tracefs file system in the Linux operating system allows a perpetrator to gain access to read, modify, or delete data.
The vulnerability of the tracefs file system in the Linux operating system is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to gain access to read, modify, or delete data...
The vulnerability of the Kerio Control network device protection software lies in its inability to neutralize certain special elements, allowing attackers to execute arbitrary code.
The vulnerability of the Kerio Control network device lies in the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary code with root privileges by sending a specially crafted HTTP request...
The vulnerability in the envoy.load_shed_points.http1_server_abort_dispatch configuration of the proxy server allows a hacker to trigger a service failure.
The vulnerability of the envoy.loadshedpoints.http1serverabortdispatch configuration on the proxy server is related to incorrect implementation of control flow management. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...
The vulnerability of the CBF_Widget object handler in the PDF electronic document viewing software Foxit PDF Reader (formerly Foxit Reader) allows a perpetrator to execute arbitrary code.
The vulnerability of the CBFWidget object handler in the PDF document viewing software Foxit PDF Reader formerly Foxit Reader is related to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to execute arbitrary code, provided that the user opens a special...
The vulnerability in the mainfunction.cgii web interface of DrayTek Vigor software allows a hacker to execute arbitrary code.
The vulnerability in the mainfunction.cgii web interface of the DrayTek Vigor router software exists due to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...
The vulnerability in the mainfunction.cgii web interface of DrayTek Vigor software allows a hacker to execute arbitrary code.
The vulnerability in the mainfunction.cgii web interface of the DrayTek Vigor router software lies in the issue of buffer overflow attacks. Exploiting this vulnerability allows an attacker to execute arbitrary code during the processing of the formuserphonenumber parameter...