90709 matches found
The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.
The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the inclusion of functions from an unverified and uncontrolled area. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
Blitz Identity Provider (Authentication server)
...
The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.
The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the Directum HR Pro system, which exists due to insufficient verification of input data, allows a perpetrator to disclose protected information.
The vulnerability of the Directum HR Pro system exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor to disclose protected information by sending a specially crafted POST request...
The vulnerability in the drivers/bluetooth/btnxpuart.c module of Linux operating systems allows a hacker to cause a service failure.
The vulnerability in the drivers/bluetooth/btnxpuart.c module of Linux operating systems is related to incorrect resource management. Exploiting this vulnerability can allow an attacker to cause service failures...
The vulnerability of the Kerberos protocol for Windows operating systems allows attackers to increase their privileges.
The vulnerability of the Kerberos protocol for Windows operating systems is related to errors in the mechanism for handling relative pathnames to the directory. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...
The vulnerabilities in the net/bluetooth/eir.c and net/bluetooth/mgmt.c modules of Linux kernel allow a hacker to cause a service failure.
The vulnerability in the net/bluetooth/eir.c and net/bluetooth/mgmt.c modules of Linux kernel systems relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a system failure...
The vulnerability of the software for calculating positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager lies in the lack of a mechanism for verifying input data during backup scenarios. This allows a malicious actor to execute arbitrary code with SYSTEM privileges.
The vulnerability of the software for calculating positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager is related to deficiencies in the mechanism for verifying input data during backup scenario execution. Exploiting this vulnerability could allow an attacker, operating...
The vulnerability of the Directum Web Agent component of the Directum RX system, which arises due to insufficient validation of input data, allows a perpetrator to execute arbitrary code.
The vulnerability of the Directum Web Agent component of the Directum RX system exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially crafted file...
The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed, allowing an attacker to execute arbitrary code.
The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the MmMapIoSpace() function in the ThrottleBlood.sys driver allows a hacker to escalate their privileges, execute arbitrary code, or cause a service failure.
The vulnerability of the MmMapIoSpace function in the ThrottleBlood.sys driver, as part of the ThrottleStop utility, is related to open IOCTLs with insufficient access control. Exploiting this vulnerability could allow an attacker to enhance their privileges, execute arbitrary code, or cause...
The vulnerability of the Directum RX ECM system, related to deficiencies in access control, allows a perpetrator to compromise data integrity.
The vulnerability of the Directum RX ECM system is related to deficiencies in access control. Exploiting this vulnerability could allow a remote attacker to compromise data integrity...
The vulnerability of the innerHTML component of the Open WebUI web interface allows a attacker to execute arbitrary JavaScript code.
The vulnerability of the innerHTML component in the Open WebUI-based web interface is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a remote attacker to execute arbitrary JavaScript code...
The vulnerability of the Open WebUI web interface, related to the lack of permission checking, allows a violator to gain read access, modify data, and increase their privileges.
The vulnerability of the Open WebUI web interface relates to the lack of permission checking for workspace.models.import. Exploiting this vulnerability can allow an attacker, operating remotely, to gain read access, modify data, and enhance their privileges by sending a specially crafted POST...
The vulnerabilities of the functions dcn20_enable_stream() (drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20_hwseq.c) and dcn401_enable_stream() (drivers/gpu/drm/amd/display/dc/hwss/dcn401/dcn401_hwseq.c) in the DRI driver for AMD graphics cards with Linux operating systems allow attackers to cause system failures.
The vulnerabilities of the functions dcn20enablestream drivers/gpu/drm/amd/display/dc/hwss/dcn20/dcn20hwseq.c and dcn401enablestream drivers/gpu/drm/amd/display/dc/hwss/dcn401/dcn401hwseq.c in Linux kernel-based AMD Direct Rendering Infrastructure DRI graphics card drivers are related to state...
The vulnerability of the server daemon incusd in the container management system and the Incus virtual machine manager allows a hacker to trigger a service failure.
The vulnerability of the server daemon incus in the container management system and the Incus Virtual Machine Manager is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures...
The vulnerability of the gnutls_pkcs11_token_set_pin() function in the lib/pkcs11_write.c file of the GnuTLS cryptographic library allows a attacker to cause a service failure.
The vulnerability of the gnutlspkcs11tokensetpin function in the lib/pkcs11write.c file of the GnuTLS cryptographic library is related to a buffer out-of-bounds exception due to a pointer that has expired. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the gnutls_pkcs12_bag_set_data() function in the GnuTLS cryptographic library allows a attacker to damage memory or cause service failures.
The vulnerability of the gnutlspkcs12bagsetdata function in the GnuTLS cryptographic library is related to a single-shift error. Exploiting this vulnerability could allow an attacker to corrupt memory or cause service failures remotely...
The vulnerability of the function nameconstraints_node_list_intersect() in the lib/x509/name_constraints.c file, lines 726-727, of the cryptographic library GnuTLS, allows a attacker to perform a MIT attack.
The vulnerability of the nameconstraintsnodelistintersect function in the lib/x509/nameconstraints.c file, lines 726-727, of the cryptographic library GnuTLS is related to errors in the certificate validation process. Exploiting this vulnerability could allow an attacker to perform a MITM attack...
The vulnerability of the gnutls_x509_crt_check_hostname2() function in the lib/x509/hostname-verify.c file, lines 111,245–265, of the GnuTLS cryptographic library allows a attacker to replace the server and gain unauthorized access to protected information.
The vulnerability of the gnutlsx509crtcheckhostname2 function in the lib/x509/hostname-verify.c file at line 111,245-265 of the GnuTLS cryptographic library is related to errors in the certificate validation process. Exploiting this vulnerability could allow an attacker to replace the server and...
The vulnerability of the gnutls_x509_crt_check_hostname2() function in the lib/x509/hostname-verify.c file of the GnuTLS cryptographic library allows a attacker to perform a MITM attack.
The vulnerability of the gnutlsx509crtcheckhostname2 function in the lib/x509/hostname-verify.c file of the GnuTLS cryptographic library is related to errors in the certificate validation process. Exploiting this vulnerability could allow a remote attacker to perform a MITM attack...
The vulnerability of the DTLS implementation of the GnuTLS cryptographic library allows a attacker to induce a service failure.
The vulnerability of the DTLS protocol implementation of the GnuTLS cryptographic library is related to unpredictable behavior of functions due to inconsistencies in parameter values. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...
The vulnerability of the _gnutls_proc_rsa_psk_client_kx() function in the lib/auth/rsa_psk.c file of the GnuTLS cryptographic library allows a perpetrator to bypass existing security mechanisms and gain unauthorized access to protected information.
The vulnerability of the gnutlsprocrsapskclientkx function in the lib/auth/rsapsk.c file of the GnuTLS cryptographic library is related to incorrect handling of zero bytes or NULL characters during data exchange. Exploiting this vulnerability could allow an attacker to bypass existing security...
The vulnerability of the splunkd component of the Splunk Enterprise platform for operational analytics allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the splunkd component of the Splunk Enterprise platform relates to the disclosure of information. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the tar.replace() function in the node-tar library on the Node.js software platform allows a hacker to trigger a denial-of-service attack.
The vulnerability of the tar.replace function in the node-tar library of the Node.js software platform is related to unlimited resource distribution. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the proof-generation tool allows attackers to perform cross-site scripting (XSS) attacks on the Git-based software platform used for collaborative code development in GitLab EE.
The vulnerability of the proof-generation tool and the software platform based on Git for collaborative code development in GitLab EE is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...
The vulnerability of the Management Daemon (MGD) in Juniper Networks’ Junos OS and Junos OS Evolved operating systems allows a attacker to induce a service failure.
The vulnerability of the Management Daemon MGD in Juniper Networks’ Junos OS and Junos OS Evolved operating systems is related to pointer manipulation. Exploiting this vulnerability can allow an attacker to cause service interruptions...
The vulnerability of the _sanitize_proxy_path() function (backend/open_webui/routers/terminals.py) in the Open WebUI AI-based web interface allows a attacker to compromise the confidentiality of protected information.
The vulnerability of the sanitizeproxypath function backend/openwebui/routers/terminals.py in the Open WebUI AI-based web interface is related to an incorrect restriction on the path name of the restricted directory. Exploiting this vulnerability could allow a malicious actor to compromise the...
The vulnerability of the aiohttp HTTP client, related to the failure to handle CRLF sequences in HTTP headers, allows attackers to inject arbitrary HTTP headers.
The vulnerability of the aiohttp HTTP client is related to the failure to handle CRLF sequences in HTTP headers when processing the contenttype parameter. Exploiting this vulnerability allows an attacker to inject arbitrary HTTP headers remotely...
The vulnerability of the aiohttp HTTP client, related to unlimited resource distribution or throttling, allows attackers to cause service failures.
The vulnerability of the aiohttp HTTP client is related to unlimited resource allocation or throttling. Exploiting this vulnerability can allow a remote attacker to cause service failures...
The vulnerability of the HTTP message analyzer for the llhttp HTTP client and aiohttp allows attackers to inject arbitrary HTTP headers and circumvent existing security restrictions.
The vulnerability of the HTTP message analyzer for the llhttp HTTP client and aiohttp is related to the failure to handle CRLF sequences in HTTP headers when processing the reason parameter. Exploiting this vulnerability allows an attacker to inject arbitrary HTTP headers and circumvent existing...
The vulnerability of the Application.add_domain() function in the aiohttp HTTP client allows a perpetrator to cause a service failure.
The vulnerability of the Application.adddomain function in the HTTP client of aiohttp is related to the use of duplicate headers due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to cause service failures...
The vulnerability of the `qdisc_peek_dequeued()` function in the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the qdiscpeekdequeued function in the Linux operating system is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the `virtio_gpu_get_caps_ioctl()` function in the `drivers/gpu/drm/virtio/virtgpu_ioctl.c` driver of the Direct Rendering Infrastructure (DRI) kernel of the Linux operating system allows a malicious actor to cause a service failure.
The vulnerability of the virtiogpugetcapsioctl function in the drivers/gpu/drm/virtio/virtgpuioctl.c driver of the Direct Rendering Infrastructure DRI kernel of the Linux operating system is related to the assignment of pointers L. Exploiting this vulnerability can allow an attacker to cause a...
The vulnerability of the damon_reclaim_init() function in the mm/damon/reclaim.c module of the Linux kernel’s memory management subsystem allows a hacker to trigger a service failure.
The vulnerability of the damonreclaiminit function in the mm/damon/reclaim.c module of the Linux kernel’s memory management subsystem is related to improper memory release „memory leak“. Exploiting this vulnerability could allow an attacker to cause a system failure...
The vulnerability of the cow_file_range() function in the fs/btrfs/inode.c module of the file system Btrfs in the Linux kernel allows a attacker to cause a service failure.
The vulnerability of the cowfilerange function in the fs/btrfs/inode.c module of the btrfs file system in the Linux kernel lies in the absence of resource locking in case of errors. Exploiting this vulnerability could allow a attacker to cause a service failure...
The vulnerability of the _nfs4_open_and_get_state() function in the fs/nfs/nfs4proc.c module, which is part of the NFS client support in Linux kernel, allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the nfs4openandgetstate function in the fs/nfs/nfs4proc.c module, which is part of the NFS client support in Linux kernel, relates to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...
The vulnerability of the CalculateVMAndRowBytes() function in the drivers/gpu/drm/amd/display/dc/dml/dcn30/display_mode_vba_30.c driver file of the Direct Rendering Infrastructure (DRI) driver for AMD graphics cards in Linux operating systems allows a hacker to cause a system failure.
The vulnerability of the CalculateVMAndRowBytes function in the drivers/gpu/drm/amd/display/dc/dml/dcn30/displaymodevba30.c driver of the Direct Rendering Infrastructure DRI for AMD graphics cards in Linux operating systems is related to reading beyond the buffer boundaries. Exploiting this...
The vulnerability of the `secure_boot_fuse_state_show()` function in the `drivers/platform/mellanox/mlxbf-bootctl.c` kernel module of the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the securebootfusestateshow function in the drivers/platform/mellanox/mlxbf-bootctl.c kernel module of the Linux operating system is related to the copying of a buffer without checking the size of the input data a classic buffer overflow attack. Exploiting this vulnerability...
The vulnerability of the `fromDhcpListClient` function in the `/goform/DhcpListClient` file of the httpd component of the Tenda F456 router microprogramming system, which allows a attacker to trigger a service failure or execute arbitrary code.
The vulnerability of the fromDhcpListClient function in the /goform/DhcpListClient file of the httpd microprogramming system for Tenda F456 routers is related to an out-of-buffer operation in memory when processing the page parameter. Exploiting this vulnerability could allow a remote attacker to...
The vulnerability of the /boaform/formCountrystri file in the microprogramming software for the Tenda HG3 router allows a hacker to execute arbitrary code.
The vulnerability of the /boaform/formCountrystri file of the Tenda HG3 router microprogramming system is related to the failure to take measures to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the formgponConf function in the /boaform/admin/formgponConf file of the Tenda HG3 router’s microprogramming system, which allows a hacker to execute arbitrary code.
The vulnerability of the formgponConf function in the /boaform/admin/formgponConf file of the Tenda HG3 router’s microprogramming system is related to the lack of measures to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the setStorageCfg function in the /cgi-bin/cstecgi.cgi file of the CGI Handler component of the TOTOLINK A8000RU router’s software, allowing a malicious actor to execute arbitrary commands.
The vulnerability of the setStorageCfg function in the /cgi-bin/cstecgi.cgi file of the CGI Handler component of the TOTOLINK A8000RU router’s software is related to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute...
The vulnerability of the usb_p910() function in the /cgi-bin/adm.cgi script of the Wavlink WL-NU516U1 wireless USB printer software allows a hacker to execute any command they desire.
The vulnerability of the usbp910 function in the /cgi-bin/adm.cgi script of the Wavlink WL-NU516U1 wireless USB printer software is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability could allow an attacker to execute arbitrary commands remotel...
The vulnerability of the sub_40139C() function in the /cgi-bin/firewall.cgi script of the Wavlink WL-WN579X3-C router’s microprogramming system, which allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the sub40139C function in the /cgi-bin/firewall.cgi script of the Wavlink WL-WN579X3-C router’s microprogramming system is related to buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...
The vulnerability of the X.509 Certificate Handler component of the cryptographic C++ Botan library allows a perpetrator to forge OCSP responses.
The vulnerability of the X.509 Certificate Handler component of the C++ Botan cryptographic library is related to errors in verifying the cryptographic signature. Exploiting this vulnerability could allow a malicious actor to forge OCSP responses remotely...
The vulnerability of the `io.netty.handler.codec.redis.RedisEncoder` component in the framework for developing network applications, servers, and clients using the Netty protocol allows a hacker to inject arbitrary commands.
The vulnerability of the io.netty.handler.codec.redis.RedisEncoder component in the framework for developing network applications, servers, and clients using the Netty protocol is related to improper code generation. Exploiting this vulnerability allows a remote attacker to inject arbitrary...
The vulnerability of the queueattrstore() function in the block/blk-sysfs.c module, which supports the block-level kernel in the Linux operating system, allows a attacker to cause a service failure.
The vulnerability of the queueattrstore function in the block/blk-sysfs.c module, which supports the block-level kernel in the Linux operating system, is related to the occurrence of mutual locking. Exploiting this vulnerability could allow a attacker to cause service failures...
The vulnerability of the `init_amd_bd()` function in the `arch/x86/kernel/cpu/amd.c` module, which is part of the Linux operating system’s x86 kernel support, allows a hacker to trigger a service failure.
The vulnerability of the initamdbd function in the arch/x86/kernel/cpu/amd.c module, which is part of the Linux operating system’s x86 kernel support, is related to insufficient checking of input data. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the mtd_check_of_node() function in the drivers/mtd/mtdcore.c file of the memory driver for the Linux operating system’s kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the mtdcheckofnode function in the drivers/mtd/mtdcore.c file of the Linux operating system’s memory driver module is related to the reutilization of previously released memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity...