90104 matches found
The vulnerability of the Mattermost instant messaging application, related to insufficient checking of unusual or exceptional states, allows a hacker to trigger a service failure.
The vulnerability of the Mattermost instant messaging application is related to insufficient checking of unusual or exceptional states. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause service failures...
The vulnerability of the IPX image optimizer developed by Sharp and SVGO lies in the improper restriction on the path name to the restricted directory. This allows attackers to bypass security restrictions and gain unauthorized access to protected information.
The vulnerability of the IPX image optimizer developed by Sharp and SVGO is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability can allow a malicious actor to bypass security restrictions and gain unauthorized access to protected...
The vulnerability of the Mocca Calendar application lies in the improperly encrypted color and text fields in the event modal window, which allows attackers to perform cross-site scripting attacks.
The vulnerability of the Mocca Calendar application exists because the background and text colors in the event details panel are not properly encrypted. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...
The vulnerability of the SM2 Handler component in the C++ Botan cryptographic library allows a hacker to trigger a service failure and disclose confidential information.
The vulnerability of the SM2 Handler component in the C++ Botan cryptographic library is related to reading data beyond the permitted range of memory. Exploiting this vulnerability can allow an attacker to cause service failures and disclose confidential information...
The vulnerability of the AMF function in the src/amf/ngap-handler.c script, a tool for creating and managing NR/LTE Open5GS mobile networks, allows a attacker to cause a service failure.
The vulnerability of the AMF function in the src/amf/ngap-handler.c script, a tool for creating and managing NR/LTE Open5GS mobile networks, is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to cause service interruptions...
The vulnerability of the npm library Color-Name relates to the presence of undeclared functions, allowing a hacker to execute arbitrary code.
The vulnerability of the npm library Color-Name is related to the presence of undeclared functions. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the moodle-mod_customcert plugin in the virtual learning environment Moodle, which allows a intruder to gain unauthorized access to protected information
The vulnerability of the moodle-modcustomcert plugin in the virtual learning environment Moodle relates to bypassing authentication using a key controlled by the user. Exploiting this vulnerability could allow an intruder, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the setVpnAccountCfg() function in the cgi-bin/cstecgi.cgi script of the TOTOLINK A7100RU router’s software allows a hacker to execute arbitrary commands.
The vulnerability of the setVpnAccountCfg function in the cgi-bin/cstecgi.cgi script of the TOTOLINK A7100RU router’s microprogramming software is related to the failure to take measures to neutralize special elements. Exploiting this vulnerability could allow a remote attacker to execute arbitra...
The vulnerability of the Linux operating system’s kernel security module, AppArmor, allows a hacker to compromise the integrity and accessibility of protected information.
The vulnerability of the Linux operating system’s kernel security module, AppArmor, is related to coding errors. Exploiting this vulnerability could allow an attacker to compromise the integrity and accessibility of the protected information...
The vulnerability of the software for deploying and executing AI models with NVIDIA Triton Inference Server (previously known as TensorRT Inference Server) involves uncontrolled memory consumption, which allows a malicious actor to cause service failures.
The vulnerability of the software for deploying and executing NVIDIA Triton Inference Server previously known as TensorRT Inference Server is related to uncontrolled memory consumption. Exploiting this vulnerability can allow a malicious actor, operating remotely, to trigger a service failure...
The vulnerability of the formSetMACFilter() function in TRENDnet TEW-432BRP router software allows a hacker to execute arbitrary code.
The vulnerability of the formSetMACFilter function in TRENDnet TEW-432BRP router software lies in the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability in the software for downloading pyLoad files arises from incorrect path restrictions for the restricted access directory. This allows attackers to elevate their privileges and execute code as the root user.
The vulnerability of the software for downloading pyLoad files is related to incorrect restrictions on the path to the restricted directory. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute code as the root user...
The vulnerability of the TOML parser in JavaScript, related to uncontrolled changes to prototype attributes, allows attackers to execute “prototype pollution” attacks.
The vulnerability of the TOML parser relates to uncontrolled changes to object prototype attributes. Exploiting this vulnerability could allow a remote attacker to execute a “prototype pollution” attack...
The vulnerability of the OpenShift AI platform, related to insufficient spatial partitioning, allows attackers to compromise the confidentiality and integrity of the protected information.
The vulnerability of the OpenShift AI platform for developing artificial intelligence models is related to insufficient spatial partitioning. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality and integrity of the protected information...
The vulnerability of the notification handler of the Instant Messaging application Mattermost, which allows a violator to cause a service failure
The vulnerability of the notification handler in the Mattermost instant messaging application is related to synchronization errors when using a shared resource “Race Situation”. Exploiting this vulnerability could allow a malicious actor to cause a service failure...
The vulnerability of the Mattermost instant messaging application, related to uncontrolled resource consumption, allows a hacker to cause a service failure.
The vulnerability of the Mattermost instant messaging application is related to an uncontrolled resource consumption due to the processing of large HTTP requests. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
The vulnerability of the API request handler of the Mattermost instant messaging application allows a attacker to trigger a service failure.
The vulnerability of the API request handler for Mattermost instant messaging applications is related to improper validation of the specified data type. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of tools for storing and delivering content from containers – related to insufficient validation of requests on the server side – allows attackers to execute SSRF attacks.
The vulnerability of the storage and content delivery tools for containers like Distribution is related to insufficient validation of requests at the server side. Exploiting this vulnerability could allow a malicious actor to perform a SSRF attack remotely...
The vulnerability of the formResetStatistic() function in TRENDnet TEW-432BRP router software allows a hacker to execute arbitrary code.
The vulnerability of the formResetStatistic function in TRENDnet TEW-432BRP router software lies in the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the formSetPassword() function in TRENDnet TEW-432BRP router software allows a hacker to execute arbitrary code.
The vulnerability of the formSetPassword function in TRENDnet TEW-432BRP router software lies in the fact that the operation’s output goes beyond the buffer in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
The vulnerability of the formPortFw() function in TRENDnet TEW-432BRP router’s microprogramming software allows a hacker to execute arbitrary code.
The vulnerability of the formPortFw function in TRENDnet TEW-432BRP router microprogramming software is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Real Estate Property Management System allows a perpetrator to gain unauthorized access to protected information and execute arbitrary codes.
The vulnerability of the Real Estate Property Management System is related to the failure to take measures to neutralize certain elements. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information and execute arbitrary codes...
The vulnerability of the automation application and the Conda-build package for distributing Python packages, related to errors in inherited permissions, allows a perpetrator to trigger a “Race Situation” and execute arbitrary code.
The vulnerability of the automation application and the Conda-build package distribution in Python is related to errors in inherited permissions. Exploiting this vulnerability could allow a perpetrator to trigger a “race condition” and execute arbitrary code...
The vulnerability of the Java framework JUnit, related to the storage of critical information in an open manner, allows attackers to exploit their privileges.
The vulnerability of the Java framework JUnit is related to the storage of critical information in an open manner. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the npm library Color-Convert, related to the presence of undeclared functions, allows a hacker to execute arbitrary code.
The vulnerability of the npm library Color-Convert is related to the presence of undeclared capabilities. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the PX4 Autopilot system, which involves copying buffers without checking the size of the input data, allows a intruder to trigger a service failure.
The vulnerability of the missionblock.cpp component in the PX4 Autopilot system management software lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow a hacker to cause a service failure...
The vulnerability of the software for automating browser processes in Skyvern lies in the lack of measures to neutralize special elements in the template creation mechanism. This allows a perpetrator to execute arbitrary code.
The vulnerability of the software for automating browser processes in Skyvern is related to the lack of measures taken to neutralize special elements in the template creation mechanism. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the nossrf software lies in its insufficiently checked incoming requests, which allows a perpetrator to execute an SSRF attack.
The vulnerability of the nossrf software is related to insufficient testing of incoming requests. Exploiting this vulnerability allows a remote attacker to execute an SSRF attack...
The vulnerability of the setWizardCfg() function in the cgi-bin/cstecgi.cgi script of the TOTOLINK A7100RU router’s software allows a hacker to execute arbitrary commands.
The vulnerability of the setWizardCfg function in the cgi-bin/cstecgi.cgi script of the TOTOLINK A7100RU router’s microprogramming software is related to the lack of measures taken to clean up data at the control level. Exploiting this vulnerability could allow a remote attacker to execute...
The vulnerability of the setAppEasyWizardConfig() function in the TOTOLink A800R router’s microprogramming software allows a hacker to execute arbitrary code or cause service failure.
The vulnerability of the setAppEasyWizardConfig function in the TOTOLink A800R router’s microprogramming software lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow an attacker to execute arbitrary code or cause service failures...
The vulnerability of NVIDIA NeMo’s integrated platform for training and applying neural networks in speech processing and natural language processing lies in its ability to restore unreliable data in memory. This allows attackers to execute arbitrary code, gain unauthorized access to protected information, and replace data.
The vulnerability of NVIDIA NeMo’s integrated platform for training and applying neural networks in speech processing and natural language processing is related to the recovery of unreliable data in memory. Exploiting this vulnerability can allow attackers to execute arbitrary code, gain...
The vulnerability of the training library for NVIDIA Megatron-LM, related to the restoration of unreliable data in memory, allows attackers to execute arbitrary code, gain unauthorized access to protected information, and replace data.
The vulnerability of the NVIDIA Megatron-LM training library relates to the restoration of unreliable data in memory. Exploiting this vulnerability can allow attackers to execute arbitrary code, gain elevated privileges, obtain unauthorized access to protected information, and replace data using ...
The vulnerability of the formSetEnableWizard() function in TRENDnet TEW-432BRP router software allows a hacker to execute arbitrary code.
The vulnerability of the formSetEnableWizard function in TRENDnet TEW-432BRP router software is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the qfq_reset_qdisc() function in the net/sched/sch_qfq.c module of the network scheduling subsystem of the Linux operating system allows a attacker to cause a service failure.
The vulnerability of the qfqresetqdisc function in the net/sched/schqfq.c module, within the net/sched subsystem of the Linux operating system’s kernel, is related to the dereferencing of a NULL pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the cifs_get_spnego_key() function in the cifs.upcall tool of the cifs-utils package in Linux kernel allows a attacker to elevate their privileges to root and execute arbitrary code.
The vulnerability of the cifsgetspnegokey function in the cifs.upcall tool of the cifs-utils package in Linux kernel systems is related to the lack of authentication for the critical function. Exploiting this vulnerability can allow an attacker to elevate their privileges to root and execute...
The vulnerability of the verify_dfa() function in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the verifydfa function in the Linux operating system’s kernel involves reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the Linux operating system’s kernel security module, AppArmor, allows a hacker to trigger a service failure.
The vulnerability of the Linux operating system’s kernel security module, AppArmor, arises due to a race condition. Exploiting this vulnerability can allow an attacker to trigger a service failure...
The vulnerability of the Linux operating system’s kernel security module, AppArmor, allows a hacker to trigger a service failure.
The vulnerability of the Linux operating system’s kernel security module, AppArmor, arises from a race condition. Exploiting this vulnerability can allow an attacker to trigger a service failure...
The vulnerability of the isVMLowLevelOptionForbidden() function in the LXD container management system allows a attacker to elevate their privileges.
The vulnerability of the isVMLowLevelOptionForbidden function in the LXD container management system is related to the use of an incomplete blacklist when processing input data. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...
The vulnerability of the LXD container management system, which stems from insufficient validation of input data, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the LXD container management system is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of protected information...
The vulnerability of the doCertificateUpdate() function in the LXD container management system allows a attacker to escalate their privileges.
The vulnerability of the doCertificateUpdate function in the LXD container management system is related to insufficient control over the modification of dynamically defined object properties. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...
The vulnerability of the JavaScript-based Thymeleaf framework lies in the lack of measures taken to neutralize special elements used in the expression language. This allows attackers to execute Server Side Template Injection (SSTI) attacks.
The vulnerability of the JavaScript-based Thymeleaf framework is related to the lack of measures taken to neutralize special elements used in the expression language operator. Exploiting this vulnerability can allow a remote attacker to execute a Server Side Template Injection SSTI attack...
The vulnerability of the TLS protocol implementation in the IBM HTTP Server allows a perpetrator to execute arbitrary code or cause a service failure.
The vulnerability of the TLS protocol implementation in the IBM HTTP Server is related to incorrect code generation practices. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause service failures...
The vulnerability of the authorization mechanism for performers of artificial intelligence workflow runners on a Git-based software platform for collaborative code development on GitLab allows a perpetrator to compromise the confidentiality and integrity of the protected information.
The vulnerability of the authorization mechanism for performers of artificial intelligence AI workflow runners on a Git-based software platform for collaborative code development on GitLab relates to bypassing authorization by using a user-controlled key. Exploiting this vulnerability could allow...
The vulnerability of the formPing6() function in the Boa microprogramming software-based router Tenda HG9 HTTP server allows a hacker to execute arbitrary code or cause a service failure.
The vulnerability of the formPing6 function on the Boa microprogrammed software-based Tenda HG9 router’s HTTP server is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure...
The vulnerability of the sub_453140() function in D-Link DWR-M960 router microprogramming software allows a hacker to execute arbitrary code or cause a service failure.
The vulnerability of the sub453140 function in D-Link DWR-M960 router microprogramming software is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause malfunctions in the device...
The vulnerability of the setTelnetCfg() function (/cgi-bin/cstecgi.cgi) in the TOTOLINK A7100RU router’s microprogramming software allows a hacker to execute arbitrary commands.
The vulnerability of the setTelnetCfg function /cgi-bin/cstecgi.cgi of the TOTOLINK A7100RU router’s microprogramming software is related to the failure to take measures to neutralize special elements used in the operating system’s command for handling the telnetenabled parameter. Exploiting this...
The vulnerability of the fromP2pListFilter() function (/goform/P2pListFilter) in the Tenda F451 router software allows a hacker to execute arbitrary code or cause service failures.
The vulnerability of the fromP2pListFilter function /goform/P2pListFilter in the Tenda F451 router software relates to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code or cause service failures...
The vulnerability of the formWrlExtraSet() function in the httpd daemon of the Tenda F456 microprogramming router allows a hacker to execute arbitrary code or cause a service failure.
The vulnerability of the formWrlExtraSet function in the httpd daemon of the Tenda F456 microprogramming router lies in the fact that the operation escapes the buffer boundaries in memory when processing the GO parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary...
The vulnerability of the drm/i915/gem component of the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the drm/i915/gem component of the Linux operating system is related to pointer arithmetic errors. Exploiting this vulnerability could allow a hacker to cause a service failure...