The vulnerability of the Vault Enterprise and Vault Community Edition archiving platforms for corporate information, related to improper privilege assignment, allows attackers to elevate their privileges to the root level.

The vulnerability of the Vault Enterprise and Vault Community Edition archiving platforms for corporate information is related to the improper assignment of privileges. Exploiting this vulnerability can allow an attacker to elevate their privileges to the root level...

The vulnerability of the authentication method used by the Vault Enterprise and Vault Community Edition archiving platforms for corporate information allows a perpetrator to create malicious certificates.

The vulnerability of the authentication method used by the Vault Enterprise and Vault Community Edition archiving platforms for corporate information is related to errors in the certificate validation process. Exploiting this vulnerability could allow an attacker to create malicious certificates...

The vulnerability of the Git-based software platform for collaborative code development on GitLab EE/CE lies in its unlimited resource distribution, which allows a hacker to cause a service failure.

The vulnerability of the Git-based software platform for collaborative code development in GitLab EE/CE relates to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures...

The vulnerability of the CLI component of the FortiOS operating system for FortiGate network interfaces allows a hacker to disclose sensitive information.

The vulnerability of the CLI component of the FortiOS operating system and the FortiGate network interface devices is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...

The vulnerability of the Tidal component of the Alpine iLX-507 audio system allows a hacker to execute arbitrary code.

The vulnerability of the Tidal component of the Alpine iLX-507 audio system is related to errors in the certificate validation process. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Apple CarPlay implementation of the Alpine iLX-507 audio system allows a violator to execute arbitrary code within the context of the root user.

The vulnerability of the Apple CarPlay implementation of the Alpine iLX-507 audio system is related to buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to execute arbitrary code under the root user’s context...

The vulnerability of the Windows Ancillary Function Driver for WinSock on Windows operating systems allows attackers to exploit their privileges.

The vulnerability of the Windows Ancillary Function Driver for WinSock operating systems is related to the assignment of a zero pointer. Exploiting this vulnerability can allow an attacker to gain increased privileges...

The vulnerability of FortiWeb web applications’ network firewalls, related to the lack of protective measures for SQL query structures, allows attackers to disclose protected information.

The vulnerability of FortiWeb web applications’ network firewalls is related to the lack of security measures for SQL query structures. Exploiting this vulnerability can allow a malicious actor to disclose protected information remotely...

The vulnerability of the websAspInit() function in D-Link DIR-513 router microprogramming software allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the websAspInit function /goform/formSetWanPPPoE in the D-Link DIR-513 router microprogramming software is caused by buffer overflow. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure...

The vulnerability of the data collection and aggregation application from Cisco Spaces Connectors lies in the lack of measures taken to neutralize special elements used in operating system teams. This allows attackers to enhance their privileges and execute arbitrary code with root privileges.

The vulnerability of the data collection and aggregation application from Cisco Spaces Connector relates to the lack of measures taken to neutralize special elements used in operating system teams. Exploiting this vulnerability can allow attackers to enhance their privileges and execute arbitrary...

The vulnerability of the usb_paswd.asp file in the jhttpd component of D-Link DI-8400 router software allows a hacker to induce a service failure.

The vulnerability of the usbpaswd.asp file of the jhttpd component in D-Link DI-8400 router microprogramming software is related to pointer swapping errors. Exploiting this vulnerability can allow a malicious actor to cause service failure remotely...

The vulnerability of the napi_complete() function in the Linux kernel component of operating systems allows a hacker to cause a service failure.

The vulnerability of the napicomplete function in the Linux kernel component of operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the implementation of the JSON Web Encryption (JWE) standard RFC 7516 in the Ruby programming language allows a perpetrator to disclose and modify the protected information.

The vulnerability of the JSON Web Encryption JWE RFC 7516 standard implementation in the Ruby programming language is related to improper verification of data integrity. Exploiting this vulnerability could allow an attacker to disclose and modify the protected information...

The vulnerability of PDF document viewing and editing programs such as PDF-XChange Editor, PDF-Tools, and PDF-XChange PRO lies in the possibility of an out-of-buffer operation, which allows attackers to trigger a service failure.

The vulnerability of PDF-XChange Editor, PDF-Tools, and PDF-XChange PRO programs relates to the execution of operations outside the buffer during the processing of EMF files. Exploiting this vulnerability can allow an attacker to cause service interruptions...

The vulnerability of the FortiOS operating systems, related to operations beyond the buffer in memory, allows attackers to execute arbitrary code or commands.

The vulnerability of the FortiOS operating systems is related to operations that occur outside of the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or commands by sending specially crafted HTTP requests...

The vulnerability in the management of FortiOS operating systems and FortiProxy proxy servers, related to improper security checks for standard elements, allows attackers to bypass existing security restrictions.

The vulnerability in the management of FortiOS operating systems and FortiProxy proxy servers for protecting against Internet attacks is related to improper security checks for standard elements. Exploiting this vulnerability can allow a malicious actor to circumvent existing security restriction...

The vulnerability of the Fortinet FortiPortal security analysis and management tool, related to improper handling of path equivalence, allows for the disclosure of protected information.

The vulnerability of the Fortinet FortiPorta security management and analysis tool is related to improper resolution of path equivalence. Exploiting this vulnerability can allow a remote attacker to disclose sensitive information that is protected by the system...

The vulnerability in the management of FortiOS operating systems and FortiProxy proxy servers, related to authentication procedures that lack sufficient protection, allows attackers to bypass existing security restrictions and gain access to the system.

The vulnerability in the management of FortiOS operating systems and FortiProxy proxy servers for protecting against Internet attacks is related to authentication procedures’ deficiencies. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and gain...

The vulnerability of the control console of the antivirus software Trend Micro Apex One allows a hacker to execute arbitrary code.

The vulnerability of the control console of the antivirus software Trend Micro Apex One is related to the failure to take measures to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the software platform for managing execution environments of virtual machines in Apache CloudStack lies in the insecure management of privileges, allowing attackers to escalate their privileges.

The vulnerability of the software platform that manages virtual machine environments in Apache CloudStack relates to insecure management of privileges. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...

The vulnerability of the get_ip_addr_details() function (/view/vpn/sxh_vpn/sxh_vpnlic.php) of the D-Link DAR-7000 router’s software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the getipaddrdetails function /view/vpn/sxhvpn/sxhvpnlic.php of the D-Link DAR-7000 router’s software is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...

The vulnerability of the system() function in the bin/goahead software for D-Link DIR-816 A2 wireless routers allows a hacker to execute arbitrary code.

The vulnerability of the system function in the bin/goahead microprogramming software for D-Link DIR-816 A2 wireless routers is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

The vulnerability of the lxmldbc_system function in D-Link DIR‑817L router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the lxmldbcsystem function in D-Link DIR-817L router microprogramming software is related to the lack of measures taken at the control level to clean data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the distribution and transaction optimization software in the Apache Seata microservice architecture, related to shortcomings in the deserialization mechanism, allows attackers to trigger service failures.

The vulnerability of distribution software and the improvement of transaction performance in the architecture of Apache Seata microservices is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to trigger service failures through a...

The vulnerability of the API interface of the 5G HPE Aruba Networking Private 5G Core platform allows a attacker to disclose protected information.

The vulnerability of the API interface of the 5G HPE Aruba Networking Private 5G Core platform relates to the insecure storage of confidential information. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...

The vulnerability of the mbedtls_asn1_store_named_data function in Mbed TLS software allows a attacker to execute arbitrary code.

The vulnerability of the mbedtlsasn1storenameddata function in Mbed TLS is related to the assignment of a null pointer. Exploiting this vulnerability could allow an attacker operating remotely to execute arbitrary code...

The vulnerability in the pppoe.cgi script of Netgear DGN2200B router software allows a hacker to execute arbitrary commands.

The vulnerability of the pppoe.cgi script of the Netgear DGN2200B router operating system is related to the failure to take measures to neutralize special elements used in the operating system when processing the pppoeusername parameter. Exploiting this vulnerability allows a remote attacker to...

The vulnerability of the formSetWanL2TPcallback() function in the file /goform/formSetWanL2TPtriggers of the D-Link DIR-513 router’s microprogramming software allows a hacker to induce a service failure.

The vulnerability of the formSetWanL2TPcallback function in the file /goform/formSetWanL2TPtriggers of the D-Link DIR-513 router’s microprogramming software is related to the output of operations that go beyond the buffer in memory. Exploiting this vulnerability could allow a remote attacker to...

The vulnerability of the Apache Tomcat application server arises from bypassing the authentication process by using an alternative path or channel, allowing attackers to compromise the confidentiality of the protected information.

The vulnerability of the Apache Tomcat application server arises from bypassing authentication procedures by using an alternative path or channel. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality of the protected information...

The vulnerability of the SetDDNSSettings() function (/HNAP1/) of the DDNS Service component of the D-Link DIR-823G router’s software, which allows a hacker to circumvent security restrictions.

The vulnerability of the SetDDNSSettings function /HNAP1/ of the DDNS Service component of the D-Link DIR-823G router’s software stack is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to circumvent security restrictions from a...

The vulnerability of the set_wifi_blacklists() function (/goform/set_wifi_blacklists) in D-Link DIR-823X router microprogramming software allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the setwifiblacklists function /goform/setwifiblacklists of the D-Link DIR-823X router’s microprogramming software is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow an attacker to compromise the...

The vulnerability of the corporate platform for creating, managing, and processing electronic forms, documents, and business processes within Adobe Experience Manager (AEM) Forms on JEE lies in the incorrect restrictions on XML links to external objects. This allows attackers to read arbitrary files.

The vulnerability of the corporate platform for creating, managing, and processing electronic forms, documents, and business processes within Adobe Experience Manager AEM Forms on JEE is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could...

The vulnerability of the Tidal component of the Alpine iLX-507 audio system allows a hacker to execute arbitrary code.

The vulnerability of the Tidal component of the Alpine iLX-507 audio system is related to an incorrect restriction on the name path to the restricted-access catalog. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

The vulnerability of the mbedtls_aesni_has_support() function in the Mbed TLS software allows a attacker to compromise the integrity and confidentiality of the protected information.

The vulnerability of the mbedtlsaesnihassupport function in Mbed TLS is related to compiler optimization. Exploiting this vulnerability could allow an attacker to compromise the integrity and confidentiality of the protected information...

The vulnerability of the System Settings component in macOS operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the System Settings component in macOS operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

The vulnerability of Apache CXF web services, related to uncontrolled resource consumption, allows attackers to cause service failures.

The vulnerability of Apache CXF web services is related to an uncontrolled consumption of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures...

The vulnerability of embedded software developed by Qualcomm, related to unverified array indexing, allows a hacker to execute arbitrary code.

The vulnerability of microprogramming software in embedded Qualcomm chips is related to unverified array indexing. Exploiting this vulnerability can allow attackers to execute arbitrary code...

The vulnerability of the Admin Framework component in macOS operating systems allows a hacker to trigger a service failure.

The vulnerability of the Admin Framework component in macOS operating systems is related to improper cleaning or release of resources. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of microprogramming software in embedded Qualcomm chips, related to the use of memory after it is freed, allows a hacker to execute arbitrary code.

The vulnerability of microprogramming software in embedded Qualcomm chips relates to the use of memory after it is freed. Exploiting this vulnerability can allow a hacker to execute arbitrary code...

The vulnerability of the FortiSIEM security management graphical interface lies in the lack of protective measures for the SQL query structure, allowing attackers to disclose protected information.

The vulnerability of the FortiSIEM security management graphical interface is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to disclose the protected information remotely...

The vulnerability of the formLanguageChange() function in D-Link DIR-513 router microprogramming software allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the formLanguageChange function in D-Link DIR-513 router microprogramming software is related to the issue of the operation exceeding the buffer in memory when processing the curTime parameter. Exploiting this vulnerability allows a malicious actor to cause service failures o...

The vulnerability of the cw_stad demon in FortiOS operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the cwstad module in FortiOS operating systems is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code...

The vulnerability of the do_file() function in the HTTP POST Request Handler component of D-Link DIR-632 microprogrammed router software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the dofile function in the HTTP POST Request Handler component of D-Link DIR-632 microprogrammed router software is related to the issue of data being written outside of the buffer in memory. Exploiting this vulnerability could allow a malicious actor to compromise the...

The vulnerability of the form_macfilter function in the microprogramming router D-Link DIR-619L allows a hacker to execute arbitrary code.

The vulnerability of the formmacfilter function in D-Link DIR-619L router microprogramming software is related to buffer overflow in the stack. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

The vulnerability of the form_portforwarding function in D-Link DIR-619L router microprogramming software allows a hacker to execute arbitrary code.

The vulnerability of the formportforwarding function in D-Link DIR-619L router microprogramming software is related to buffer overflow in the stack. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the FortiIsolator browser isolation platform and the FortiSandbox threat detection and mitigation system lies in the incorrect session duration, allowing attackers to compromise the confidentiality and integrity of protected information.

The vulnerability of the FortiIsolator browser isolation platform and the FortiSandbox threat detection and mitigation system is related to an incorrect session duration. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality and integrity of the protected...

The vulnerability of the Mbed TLS software lies in its use of hidden time channels for data transmission, which allows a hacker to recover the plaintext.

The vulnerability of Mbed TLS software is related to the use of hidden time channels for data transmission. Exploiting this vulnerability allows a remote attacker to recover the exposed text...

The vulnerability of the CoreServices component in macOS operating systems, which allows attackers to escalate their privileges.

The vulnerability of the CoreServices component in macOS operating systems is related to insecure management of privileges. Exploiting this vulnerability can allow a remote attacker to increase their privileges...

The vulnerability in the Web Console management console for OSGi frameworks like Apache Felix allows a attacker to execute cross-site scripting attacks.

The vulnerability of the Web Console Management for OSGi frameworks like Apache Felix is related to the lack of protective measures for the structure of web pages. Exploiting this vulnerability allows a malicious actor to carry out a cross-site scripting attack remotely...

The vulnerability of the UPDM_wstpCBCUpdStart() function of the Alpine iLX-507 audio system allows a hacker to execute arbitrary code in the context of the root user.

The vulnerability of the UPDMwstpCBCUpdStart function of the Alpine iLX-507 audio system exists due to the failure to take measures to neutralize certain special elements. Exploiting this vulnerability can allow a hacker to execute arbitrary code under the root user’s context...