90709 matches found
The vulnerability of the Kerberos protocol for Windows operating systems allows attackers to increase their privileges.
The vulnerability of the Kerberos protocol for Windows operating systems is related to errors in the mechanism for handling relative pathnames to the directory. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...
The vulnerabilities in the net/bluetooth/eir.c and net/bluetooth/mgmt.c modules of Linux kernel allow a hacker to cause a service failure.
The vulnerability in the net/bluetooth/eir.c and net/bluetooth/mgmt.c modules of Linux kernel systems relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a system failure...
The vulnerability of the software for calculating positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager lies in the lack of a mechanism for verifying input data during backup scenarios. This allows a malicious actor to execute arbitrary code with SYSTEM privileges.
The vulnerability of the software for calculating positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager is related to deficiencies in the mechanism for verifying input data during backup scenario execution. Exploiting this vulnerability could allow an attacker, operating...
The vulnerability of the Directum Web Agent component of the Directum RX system, which arises due to insufficient validation of input data, allows a perpetrator to execute arbitrary code.
The vulnerability of the Directum Web Agent component of the Directum RX system exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially crafted file...
The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed, allowing an attacker to execute arbitrary code.
The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the MmMapIoSpace() function in the ThrottleBlood.sys driver allows a hacker to escalate their privileges, execute arbitrary code, or cause a service failure.
The vulnerability of the MmMapIoSpace function in the ThrottleBlood.sys driver, as part of the ThrottleStop utility, is related to open IOCTLs with insufficient access control. Exploiting this vulnerability could allow an attacker to enhance their privileges, execute arbitrary code, or cause...
The vulnerability of the Directum RX ECM system, related to deficiencies in access control, allows a perpetrator to compromise data integrity.
The vulnerability of the Directum RX ECM system is related to deficiencies in access control. Exploiting this vulnerability could allow a remote attacker to compromise data integrity...
The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.
The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the inclusion of functions from an unverified and uncontrolled area. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
Blitz Identity Provider (Authentication server)
...
The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.
The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the Directum HR Pro system, which exists due to insufficient verification of input data, allows a perpetrator to disclose protected information.
The vulnerability of the Directum HR Pro system exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor to disclose protected information by sending a specially crafted POST request...
The vulnerability in the drivers/bluetooth/btnxpuart.c module of Linux operating systems allows a hacker to cause a service failure.
The vulnerability in the drivers/bluetooth/btnxpuart.c module of Linux operating systems is related to incorrect resource management. Exploiting this vulnerability can allow an attacker to cause service failures...
The vulnerability of the tar.replace() function in the node-tar library on the Node.js software platform allows a hacker to trigger a denial-of-service attack.
The vulnerability of the tar.replace function in the node-tar library of the Node.js software platform is related to unlimited resource distribution. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the proof-generation tool allows attackers to perform cross-site scripting (XSS) attacks on the Git-based software platform used for collaborative code development in GitLab EE.
The vulnerability of the proof-generation tool and the software platform based on Git for collaborative code development in GitLab EE is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...
The vulnerability of the Management Daemon (MGD) in Juniper Networks’ Junos OS and Junos OS Evolved operating systems allows a attacker to induce a service failure.
The vulnerability of the Management Daemon MGD in Juniper Networks’ Junos OS and Junos OS Evolved operating systems is related to pointer manipulation. Exploiting this vulnerability can allow an attacker to cause service interruptions...
The vulnerability of the _sanitize_proxy_path() function (backend/open_webui/routers/terminals.py) in the Open WebUI AI-based web interface allows a attacker to compromise the confidentiality of protected information.
The vulnerability of the sanitizeproxypath function backend/openwebui/routers/terminals.py in the Open WebUI AI-based web interface is related to an incorrect restriction on the path name of the restricted directory. Exploiting this vulnerability could allow a malicious actor to compromise the...
The vulnerability of the `qdisc_peek_dequeued()` function in the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the qdiscpeekdequeued function in the Linux operating system is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the `virtio_gpu_get_caps_ioctl()` function in the `drivers/gpu/drm/virtio/virtgpu_ioctl.c` driver of the Direct Rendering Infrastructure (DRI) kernel of the Linux operating system allows a malicious actor to cause a service failure.
The vulnerability of the virtiogpugetcapsioctl function in the drivers/gpu/drm/virtio/virtgpuioctl.c driver of the Direct Rendering Infrastructure DRI kernel of the Linux operating system is related to the assignment of pointers L. Exploiting this vulnerability can allow an attacker to cause a...
The vulnerability of the damon_reclaim_init() function in the mm/damon/reclaim.c module of the Linux kernel’s memory management subsystem allows a hacker to trigger a service failure.
The vulnerability of the damonreclaiminit function in the mm/damon/reclaim.c module of the Linux kernel’s memory management subsystem is related to improper memory release „memory leak“. Exploiting this vulnerability could allow an attacker to cause a system failure...
The vulnerability of the cow_file_range() function in the fs/btrfs/inode.c module of the file system Btrfs in the Linux kernel allows a attacker to cause a service failure.
The vulnerability of the cowfilerange function in the fs/btrfs/inode.c module of the btrfs file system in the Linux kernel lies in the absence of resource locking in case of errors. Exploiting this vulnerability could allow a attacker to cause a service failure...
The vulnerability of the _nfs4_open_and_get_state() function in the fs/nfs/nfs4proc.c module, which is part of the NFS client support in Linux kernel, allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the nfs4openandgetstate function in the fs/nfs/nfs4proc.c module, which is part of the NFS client support in Linux kernel, relates to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...
The vulnerability of the CalculateVMAndRowBytes() function in the drivers/gpu/drm/amd/display/dc/dml/dcn30/display_mode_vba_30.c driver file of the Direct Rendering Infrastructure (DRI) driver for AMD graphics cards in Linux operating systems allows a hacker to cause a system failure.
The vulnerability of the CalculateVMAndRowBytes function in the drivers/gpu/drm/amd/display/dc/dml/dcn30/displaymodevba30.c driver of the Direct Rendering Infrastructure DRI for AMD graphics cards in Linux operating systems is related to reading beyond the buffer boundaries. Exploiting this...
The vulnerability of the `secure_boot_fuse_state_show()` function in the `drivers/platform/mellanox/mlxbf-bootctl.c` kernel module of the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the securebootfusestateshow function in the drivers/platform/mellanox/mlxbf-bootctl.c kernel module of the Linux operating system is related to the copying of a buffer without checking the size of the input data a classic buffer overflow attack. Exploiting this vulnerability...
The vulnerability of the `fromDhcpListClient` function in the `/goform/DhcpListClient` file of the httpd component of the Tenda F456 router microprogramming system, which allows a attacker to trigger a service failure or execute arbitrary code.
The vulnerability of the fromDhcpListClient function in the /goform/DhcpListClient file of the httpd microprogramming system for Tenda F456 routers is related to an out-of-buffer operation in memory when processing the page parameter. Exploiting this vulnerability could allow a remote attacker to...
The vulnerability of the /boaform/formCountrystri file in the microprogramming software for the Tenda HG3 router allows a hacker to execute arbitrary code.
The vulnerability of the /boaform/formCountrystri file of the Tenda HG3 router microprogramming system is related to the failure to take measures to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the formgponConf function in the /boaform/admin/formgponConf file of the Tenda HG3 router’s microprogramming system, which allows a hacker to execute arbitrary code.
The vulnerability of the formgponConf function in the /boaform/admin/formgponConf file of the Tenda HG3 router’s microprogramming system is related to the lack of measures to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the usb_p910() function in the /cgi-bin/adm.cgi script of the Wavlink WL-NU516U1 wireless USB printer software allows a hacker to execute any command they desire.
The vulnerability of the usbp910 function in the /cgi-bin/adm.cgi script of the Wavlink WL-NU516U1 wireless USB printer software is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability could allow an attacker to execute arbitrary commands remotel...
The vulnerability of the sub_40139C() function in the /cgi-bin/firewall.cgi script of the Wavlink WL-WN579X3-C router’s microprogramming system, which allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the sub40139C function in the /cgi-bin/firewall.cgi script of the Wavlink WL-WN579X3-C router’s microprogramming system is related to buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...
The vulnerability of the X.509 Certificate Handler component of the cryptographic C++ Botan library allows a perpetrator to forge OCSP responses.
The vulnerability of the X.509 Certificate Handler component of the C++ Botan cryptographic library is related to errors in verifying the cryptographic signature. Exploiting this vulnerability could allow a malicious actor to forge OCSP responses remotely...
The vulnerability of the `io.netty.handler.codec.redis.RedisEncoder` component in the framework for developing network applications, servers, and clients using the Netty protocol allows a hacker to inject arbitrary commands.
The vulnerability of the io.netty.handler.codec.redis.RedisEncoder component in the framework for developing network applications, servers, and clients using the Netty protocol is related to improper code generation. Exploiting this vulnerability allows a remote attacker to inject arbitrary...
The vulnerability of the mtd_check_of_node() function in the drivers/mtd/mtdcore.c file of the memory driver for the Linux operating system’s kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the mtdcheckofnode function in the drivers/mtd/mtdcore.c file of the Linux operating system’s memory driver module is related to the reutilization of previously released memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity...
The vulnerability of the hibmc_msi_init() function in the drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_drv.c driver for the Direct Rendering Infrastructure (DRI) kernel of the Linux operating system allows a attacker to cause a service failure.
The vulnerability of the hibmcmsiinit function in the drivers/gpu/drm/hisilicon/hibmc/hibmcdrmdrv.c driver for the Direct Rendering Infrastructure DRI component of the Linux operating system is related to the reutilization of previously freed memory. Exploiting this vulnerability can allow an...
The vulnerabilities of the functions ParseConfigYamlFile() and backup.GetInfo() in the container management system and the virtual machine manager Incus allow a hacker to trigger a service failure.
The vulnerabilities of the functions ParseConfigYamlFile and backup.GetInfo in the container management system and the virtual machine manager Incus are related to the use of a null pointer. Exploiting these vulnerabilities could allow an attacker to cause service interruptions...
The vulnerability of the npm library extract-zip’s mechanism for processing symbolic links allows a hacker to execute arbitrary code.
The vulnerability of the npm library extract-zip’s mechanism for handling symbolic links is related to errors in link processing. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code...
The vulnerability of the t7xx_port EnumMsgHandler() function in the Linux operating system allows a hacker to disclose sensitive information or cause service failures.
The vulnerability of the t7xxport EnumMsgHandler function in the Linux operating system is related to reading beyond the buffer boundaries. Exploiting this vulnerability can allow a remote attacker to disclose sensitive information or cause service failures...
The vulnerabilities of the functions set_mesh_complete() and set_mesh_sync() in the net/bluetooth/mgmt.c module of the Linux kernel’s Bluetooth subsystem allow a malicious actor to cause a service failure.
The vulnerability of the setmeshcomplete and setmeshsync functions in the net/bluetooth/mgmt.c module of the Linux kernel’s Bluetooth subsystem lies in the fact that they involve reading beyond the buffer boundaries. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the tee_shm_register_user_buf() function in the drivers/tee/tee_shm.c module of the Linux kernel’s trusted execution environment allows a attacker to cause a service failure.
The vulnerability of the teeshmregisteruserbuf function in the drivers/tee/teeshm.c module of the Linux kernel’s trusted execution environment is related to pointer manipulation. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the aa_simple_write_to_buffer() function in the security/apparmor/apparmorfs.c module of the AppArmor security component for the Linux operating system allows a attacker to cause a service failure.
The vulnerability of the aasimplewritetobuffer function in the security/apparmor/apparmorfs.c module of the AppArmor security component of the Linux operating system’s kernel is related to the distribution of resources without any restrictions or regulations. Exploiting this vulnerability could...
The vulnerability of the mctp_frag_queue() function in the net/mctp/route.c module of the MCTP implementation in the Linux operating system’s kernel allows a attacker to cause a service failure.
The vulnerability of the mctpfragqueue function in the net/mctp/route.c module of the MCTP implementation in the Linux operating system’s kernel is related to improper memory release memory leak. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the btf_ext_parse_info() function in the tools/lib/bpf/btf.c kernel module of the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the btfextparseinfo function in the tools/lib/bpf/btf.c module of the Linux kernel is related to the copying of buffers without checking their size a classic buffer overflow attack. Exploiting this vulnerability could allow an attacker to cause a system failure...
The vulnerability of the Lite Agent Feature of the Cisco Enterprise Chat and Email (ECE) messaging service allows a perpetrator to access, modify, add, or delete data.
The vulnerability of the Lite Agent Feature in the Cisco Enterprise Chat and Email ECE messaging service is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to access, modify, add, or delete data using a specially created...
The vulnerability of the Scheduler component in the microprogramming software for the routing and switching platform RUGGEDCOM ROX MX5000, MX5000RE, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, RX5000 allows a attacker to execute arbitrary commands.
The vulnerability of the Scheduler component in the microprogramming software for routing and switching platforms RUGGEDCOM ROX MX5000, MX5000RE, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, RX5000 lies in the lack of measures to neutralize specific elements. Exploiting this...
The vulnerability of the microprogramming software in the RUGGEDCOM ROX MX5000, MX5000RE, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, RX5000 routing and switching platforms, due to the lack of measures to neutralize special elements, allows a perpetrator to execute arbitrary commands.
The vulnerability of the Scheduler component in the microprogramming software for routing and switching platforms RUGGEDCOM ROX MX5000, MX5000RE, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, RX5000 lies in the lack of measures to neutralize specific elements. Exploiting this...
The vulnerability of the CsteSystem function in the /cgi-bin/cstecgi.cgi file of the CGI Handler component of the TOTOLINK A8000RU router’s software, allowing a malicious user to execute arbitrary commands.
The vulnerability of the CsteSystem function in the /cgi-bin/cstecgi.cgi file, belonging to the CGI Handler component of the TOTOLINK A8000RU router’s software, is related to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execu...
The vulnerability of the setDmzCfg function in the /cgi-bin/cstecgi.cgi file of the CGI Handler component of the TOTOLINK A8000RU router’s software, allowing a malicious user to execute arbitrary commands.
The vulnerability of the setDmzCfg function in the /cgi-bin/cstecgi.cgi file of the CGI Handler component of the TOTOLINK A8000RU router’s software is related to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary...
The vulnerability of the setup-sandbox.js file in the vm2 package manager of NPM allows a hacker to execute arbitrary code.
The vulnerability of the setup-sandbox.js file in the vm2 package manager’s library in NPM is related to a data protection mechanism breach. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary code...
The vulnerability of the REST API interface implementation of the Splunk Enterprise platform for operational analysis allows a perpetrator to execute arbitrary code.
The vulnerability of the REST API implementation of the Splunk Enterprise platform for operational analysis is related to the lack of measures taken at the management level when processing the unarchivecmd parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the REST API interface implementation of the Splunk Enterprise platform for operational analysis allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the REST API interface implementation of the Splunk Enterprise platform for operational analysis is related to the disclosure of information. Exploiting this vulnerability may allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the read_compound() function in the Vim text editor, allowing a hacker to cause a service failure
The vulnerability of the readcompound function in the Vim text editor is related to buffer overflows in dynamic memory when processing the spelllang parameter. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the X509 Path Validation Handler component of the cryptographic C++ Botan library allows a hacker to forge OCSP responses.
The vulnerability of the X509 Path Validation Handler component in the C++ Botan cryptographic library is related to errors in verifying the cryptographic signature. Exploiting this vulnerability could allow a malicious actor to forge OCSP responses remotely...