90336 matches found
The vulnerability of the setWiFiGuestCfg() function in TOTOLINK LR350 router software allows a intruder to trigger a service failure.
The vulnerability of the setWiFiGuestCfg function in TOTOLINK LR350 router microprogramming software is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service failure...
The vulnerability of the learning platform IQ SCHOOL, related to deficiencies in the authentication process, allows unauthorized access to protected information.
The vulnerability of the learning platform IQ SCHOOL is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the npm library Color, related to the presence of undeclared features, allows a hacker to execute arbitrary code.
The vulnerability of the npm library Color is related to the presence of undeclared features. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Java framework JUnit, related to the storage of critical information in an open manner, allows attackers to exploit their privileges.
The vulnerability of the Java framework JUnit is related to the storage of critical information in an open manner. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the automation application and the Conda-build package for distributing Python packages, related to errors in inherited permissions, allows a perpetrator to trigger a “Race Situation” and execute arbitrary code.
The vulnerability of the automation application and the Conda-build package distribution in Python is related to errors in inherited permissions. Exploiting this vulnerability could allow a perpetrator to trigger a “race condition” and execute arbitrary code...
The vulnerability of the server audit plugin of the MariaDB database management system allows attackers to bypass existing security mechanisms.
The vulnerability of the server audit plugin of the MariaDB database management system is related to security configuration errors. Exploiting this vulnerability could allow a malicious actor to bypass existing security mechanisms remotely...
The vulnerability of the PowerChute Serial Shutdown software for managing uninterruptible power supplies is related to incorrect restrictions on the path name to the restricted access directory. This allows a intruder to write arbitrary files.
The vulnerability of the PowerChute Serial Shutdown software for managing uninterruptible power sources is related to an incorrect restriction on the path name to the restricted access directory. Exploiting this vulnerability could allow a malicious actor to write arbitrary files...
The vulnerability of the setAppEasyWizardConfig() function in the TOTOLink A800R router’s microprogramming software allows a hacker to execute arbitrary code or cause service failure.
The vulnerability of the setAppEasyWizardConfig function in the TOTOLink A800R router’s microprogramming software lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow an attacker to execute arbitrary code or cause service failures...
The vulnerability of the function for creating __screenshot-error screenshots in the software testing tool Vitest allows a hacker to execute arbitrary code.
The vulnerability of the screenshot-error function in the software testing tool Vitest relates to an incorrect limitation on the path to the restricted-access directory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code and disclose confidential information...
The vulnerability of the PowerChute Serial Shutdown software for managing uninterruptible power sources is related to insufficient restrictions on authentication attempts. This allows a intruder to compromise the accessibility of protected information.
The vulnerability of the PowerChute Serial Shutdown software for managing uninterruptible power sources is related to insufficient restrictions on authentication attempts. Exploiting this vulnerability could allow an attacker, operating remotely, to compromise the accessibility of protected...
The vulnerability of the setWanCfg() function in the cgi-bin/cstecgi.cgi script of the TOTOLINK A7100RU router’s software allows a hacker to execute arbitrary commands.
The vulnerability of the setWanCfg function in the cgi-bin/cstecgi.cgi script of the TOTOLINK A7100RU router’s software is related to the lack of measures for cleaning input data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary commands...
The vulnerability of the setPptpServerCfg() function in the cgi-bin/cstecgi.cgi script of the TOTOLINK A7100RU router’s microprogramming software allows a perpetrator to execute arbitrary commands.
The vulnerability of the setPptpServerCfg function in the cgi-bin/cstecgi.cgi script of the TOTOLINK A7100RU router’s microprogramming system is related to the lack of measures taken at the control level to protect data. Exploiting this vulnerability could allow an attacker to execute arbitrary...
The vulnerability of the setWizardCfg() function in the cgi-bin/cstecgi.cgi script of the TOTOLINK A7100RU router’s software allows a hacker to execute arbitrary commands.
The vulnerability of the setWizardCfg function in the cgi-bin/cstecgi.cgi script of the TOTOLINK A7100RU router’s microprogramming software is related to the lack of measures taken to clean up data at the control level. Exploiting this vulnerability could allow a remote attacker to execute...
The vulnerability of the setIpQosRules() function in the cgi-bin/cstecgi.cgi script of the TOTOLINK A7100RU router’s microprogramming software allows a perpetrator to execute arbitrary commands.
The vulnerability of the setIpQosRules function in the cgi-bin/cstecgi.cgi script of the TOTOLINK A7100RU router’s microprogramming software is related to the lack of measures taken at the management level to protect data. Exploiting this vulnerability could allow a remote attacker to execute...
The vulnerability of the setSyslogCfg() function in the cgi-bin/cstecgi.cgi script of the TOTOLINK A7100RU router’s software allows a intruder to execute arbitrary commands.
The vulnerability of the setSyslogCfg function in the cgi-bin/cstecgi.cgi script of the TOTOLINK A7100RU router’s microprogramming system is related to the lack of measures taken to protect data at the management level. Exploiting this vulnerability could allow a malicious actor to execute...
The vulnerability of the libarchive library, related to reading beyond the buffer in memory, allows an attacker to disclose protected information.
The vulnerability of the libarchive library is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to disclose the protected information...
The vulnerability of the doCertificateUpdate() function in the LXD container management system allows a attacker to escalate their privileges.
The vulnerability of the doCertificateUpdate function in the LXD container management system is related to insufficient control over the modification of dynamically defined object properties. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...
The vulnerability of the API request handler of the Mattermost instant messaging application allows a attacker to trigger a service failure.
The vulnerability of the API request handler for Mattermost instant messaging applications is related to improper validation of the specified data type. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of the Poetry dependency manager in the Python programming language arises from incorrect restrictions on path names in the directory structure. This allows attackers to gain unauthorized access to protected information.
The vulnerability of the Poetry dependency manager in the Python programming language is related to incorrect restrictions on the path name to the directory. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...
The vulnerability of the formResetStatistic() function in TRENDnet TEW-432BRP router software allows a hacker to execute arbitrary code.
The vulnerability of the formResetStatistic function in TRENDnet TEW-432BRP router software lies in the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the Mocca Calendar application lies in the improperly encrypted color and text fields in the event modal window, which allows attackers to perform cross-site scripting attacks.
The vulnerability of the Mocca Calendar application exists because the background and text colors in the event details panel are not properly encrypted. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...
The vulnerability of the Mocca Calendar application lies in the improperly encrypted color and text fields in the event modal window, which allows attackers to perform cross-site scripting attacks.
The vulnerability of the Mocca Calendar application exists because the background and text colors in the event details panel are not properly encrypted. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...
The vulnerability of the Real Estate Property Management System allows a perpetrator to gain unauthorized access to protected information and execute arbitrary codes.
The vulnerability of the Real Estate Property Management System is related to the failure to take measures to neutralize certain elements. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information and execute arbitrary codes...
The vulnerability of the SENADB microprogramming software for Epson printers and scanners allows a hacker to elevate their privileges and execute arbitrary code.
The vulnerability of the SENADB microprogramming software for Epson AcuLaser CX17NF-WF printers and scanners is related to the absence of quotation marks in the code for elements or search paths. Exploiting this vulnerability can allow an attacker to gain elevated privileges and execute arbitrary...
The vulnerability of the JavaScript-based Thymeleaf framework lies in the lack of measures taken to neutralize special elements used in the expression language. This allows attackers to execute Server Side Template Injection (SSTI) attacks.
The vulnerability of the JavaScript-based Thymeleaf framework is related to the lack of measures taken to neutralize special elements used in the expression language operator. Exploiting this vulnerability can allow a remote attacker to execute a Server Side Template Injection SSTI attack...
The vulnerability of the FlinkSessionJob component in the automation tool for deploying, managing, and scaling a distributed data processing platform. This vulnerability allows attackers to gain unauthorized access to protected information.
The vulnerability of the FlinkSessionJob component in the automation tool for deploying, managing, and scaling a distributed data processing platform called Apache Flink Kubernetes Operator is related to the use of files and directories accessible to external parties. Exploiting this vulnerabilit...
The vulnerability of the wxAdminLogin() function in the Metinfo CMS system allows a hacker to execute arbitrary code.
The vulnerability of the wxAdminLogin function in the Metinfo CMS system is related to incorrect code generation. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the Mattermost instant messaging application, related to uncontrolled resource consumption, allows a hacker to cause a service failure.
The vulnerability of the Mattermost instant messaging application is related to an uncontrolled resource consumption when processing TIFF files. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
The vulnerability of the platform for customer support and IT service management lies in errors related to access control to saved backup files and configurations. This allows attackers to impersonate users without the need for authentication.
The vulnerability of the customer support and IT service management platform is related to errors in restricting access to saved backup files and configurations. Exploiting this vulnerability allows a malicious actor to impersonate users without the need for authentication...
The vulnerability of the Boards API (Focalboard) interface of the Mattermost instant messaging application, which allows a malicious user to gain unauthorized access to protected information.
The vulnerability of the Boards API Focalboard interface of the Mattermost instant messaging application relates to bypassing authentication using a user-controlled key. Exploiting this vulnerability could allow an intruder, operating remotely, to gain unauthorized access to protected information...
The vulnerability of tools for storing and delivering content from containers – related to insufficient validation of requests on the server side – allows attackers to execute SSRF attacks.
The vulnerability of the storage and content delivery tools for containers like Distribution is related to insufficient validation of requests at the server side. Exploiting this vulnerability could allow a malicious actor to perform a SSRF attack remotely...
The vulnerability of the formSetPassword() function in TRENDnet TEW-432BRP router software allows a hacker to execute arbitrary code.
The vulnerability of the formSetPassword function in TRENDnet TEW-432BRP router software lies in the fact that the operation’s output goes beyond the buffer in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
The vulnerability in the software for downloading pyLoad files arises from incorrect path restrictions for the restricted access directory. This allows attackers to elevate their privileges and execute code as the root user.
The vulnerability of the software for downloading pyLoad files is related to incorrect restrictions on the path to the restricted directory. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute code as the root user...
The vulnerability of the SM2 Handler component in the C++ Botan cryptographic library allows a hacker to trigger a service failure and disclose confidential information.
The vulnerability of the SM2 Handler component in the C++ Botan cryptographic library is related to reading data beyond the permitted range of memory. Exploiting this vulnerability can allow an attacker to cause service failures and disclose confidential information...
The vulnerability of the cifs_get_spnego_key() function in the cifs.upcall tool of the cifs-utils package in Linux kernel allows a attacker to elevate their privileges to root and execute arbitrary code.
The vulnerability of the cifsgetspnegokey function in the cifs.upcall tool of the cifs-utils package in Linux kernel systems is related to the lack of authentication for the critical function. Exploiting this vulnerability can allow an attacker to elevate their privileges to root and execute...
The vulnerability of the OpenShift AI platform, related to insufficient spatial partitioning, allows attackers to compromise the confidentiality and integrity of the protected information.
The vulnerability of the OpenShift AI platform for developing artificial intelligence models is related to insufficient spatial partitioning. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality and integrity of the protected information...
The vulnerability of the SonicOS operating system, related to insufficient handling of format lines, allows a hacker to trigger a service failure.
The vulnerability of the SonicOS operating system is related to insufficient handling of format lines. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
The vulnerability of the notification handler of the Instant Messaging application Mattermost, which allows a violator to cause a service failure
The vulnerability of the notification handler in the Mattermost instant messaging application is related to synchronization errors when using a shared resource “Race Situation”. Exploiting this vulnerability could allow a malicious actor to cause a service failure...
The vulnerability of the msgpack module in the Mattermost instant messaging application allows a hacker to trigger a service failure.
The vulnerability of the msgpack module in the Mattermost instant messaging application is related to an uncontrolled memory consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the isVMLowLevelOptionForbidden() function in the LXD container management system allows a attacker to elevate their privileges.
The vulnerability of the isVMLowLevelOptionForbidden function in the LXD container management system is related to the use of an incomplete blacklist when processing input data. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...
The vulnerability of the SiYuan personal knowledge management system, related to the lack of measures taken to protect the website structure, allows attackers to execute arbitrary code.
The vulnerability of the SiYuan personal knowledge management system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Mattermost instant messaging application, related to insufficient checking of unusual or exceptional states, allows a hacker to trigger a service failure.
The vulnerability of the Mattermost instant messaging application is related to insufficient checking of unusual or exceptional states. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause service failures...
The vulnerability of the distribution tool’s dissemination function for storing and delivering content within containers is related to access control errors, allowing attackers to enhance their privileges.
The vulnerability of the distribution tool’s dissemination function related to access control errors. Exploiting this vulnerability could allow a malicious actor to enhance their privileges remotely...
The vulnerability of the DELMIA Apriso production management system, related to deficiencies in the authentication process, allows a perpetrator to gain privileged access to the application.
The vulnerability of the DELMIA Apriso production management system is related to the lack of privileges required to access the application. Exploiting this vulnerability could allow a malicious actor to gain privileged access to the application remotely...
The vulnerability of the IPX image optimizer developed by Sharp and SVGO lies in the improper restriction on the path name to the restricted directory. This allows attackers to bypass security restrictions and gain unauthorized access to protected information.
The vulnerability of the IPX image optimizer developed by Sharp and SVGO is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability can allow a malicious actor to bypass security restrictions and gain unauthorized access to protected...
The vulnerability of the formSysLog() function in TRENDnet TEW-432BRP router software allows a hacker to execute arbitrary code.
The vulnerability of the formSysLog function in TRENDnet TEW-432BRP router microprogramming software is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the TOML parser in JavaScript, related to uncontrolled changes to prototype attributes, allows attackers to execute “prototype pollution” attacks.
The vulnerability of the TOML parser relates to uncontrolled changes to object prototype attributes. Exploiting this vulnerability could allow a remote attacker to execute a “prototype pollution” attack...
The vulnerability of the formSetFirewallRule() function in TRENDnet TEW-432BRP router software allows a hacker to execute arbitrary code.
The vulnerability of the formSetFirewallRule function in TRENDnet TEW-432BRP router software lies in the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the formSetMACFilter() function in TRENDnet TEW-432BRP router software allows a hacker to execute arbitrary code.
The vulnerability of the formSetMACFilter function in TRENDnet TEW-432BRP router software lies in the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the PIM Core Upload module of the PHP software platform pimcore allows a attacker to perform XSS attacks.
The vulnerability of the PIM Core Upload module of the PHP software platform, pimcore, is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...