90336 matches found
The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird relates to reading data beyond the buffer in memory, which allows an attacker to cause a service failure.
The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird involve reading data beyond the buffer in memory. Exploiting these vulnerabilities can allow a remote attacker to cause service interruptions...
The vulnerability of the asynchronous network library Tornado, related to uncontrolled resource consumption, allows a hacker to cause a service failure.
The vulnerability of the asynchronous network library Tornado is related to an uncontrolled consumption of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures...
The vulnerability of the frmL7ImForm function in the goform/L7Im microprogramming system for Tenda F456 allows a hacker to execute arbitrary code or cause service failures.
The vulnerability of the frmL7ImForm function in the goform/L7Im microprogramming system for Tenda F456 is related to the execution of an operation outside the buffer in memory when processing the page parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or...
The vulnerability of the DNS proxy server of the PAN-OS operating system allows a perpetrator to cause a service failure or execute arbitrary code.
The vulnerability of the DNS proxy server of the PAN-OS operating system is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability can allow a remote attacker to cause service failures or execute arbitrary code...
The vulnerability of the formPPTPSetup function in the goform/formPPTPSetup file of the POST Request Handler component of the wireless signal amplifiers’ microprogramming system, Edimax BR-6675nD, allows a hacker to trigger a service failure.
The vulnerability of the formPPTPSetup function in the goform/formPPTPSetup file of the POST Request Handler component of the wireless signal amplifiers’ microprogramming system, Edimax BR-6675nD, is related to the operation of the function beyond the buffer in memory when processing the...
The vulnerability of the Blitz Identity Provider software, related to the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks (XSS).
The vulnerability of the Blitz Identity Provider software is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...
The vulnerability of the Go programming language, related to errors in the certificate validation process, allows a perpetrator to cause service failures.
The vulnerability of the Go programming language is related to errors in the certificate validation process. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service failures...
The vulnerability of the Squid proxy server, related to the use of memory after it is freed, allows a hacker to execute arbitrary code.
The vulnerability of the Squid proxy server is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Python library for working with PDF files, PyPDF, relates to the execution of a loop with an unreachable exit condition, allowing a hacker to cause a service failure.
The vulnerability of the Python library for working with PDF files, PyPDF, is related to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability in the Open WebUI web interface, related to the unlimited loading of dangerous type files, allows attackers to bypass existing security mechanisms and load any files they desire.
The vulnerability of the Open WebUI web interface is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a malicious actor to bypass existing security mechanisms and load any desired files...
The vulnerability of the JOSE library Authlib implementation for OAuth and OpenID Connect servers lies in the exposure of information due to inconsistencies, allowing attackers to gain unauthorized access to protected information.
The vulnerability of the JOSE library Authlib implementation for OAuth and OpenID Connect servers is related to the disclosure of information due to incompatibility. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...
The vulnerability in the Open WebUI web interface, related to the mechanism for restricting access to API keys, allows attackers to bypass existing security measures and gain unauthorized access to protected information.
The vulnerability in the Open WebUI web interface is related to the mechanism for restricting access to API keys. Exploiting this vulnerability allows a malicious actor to bypass existing security measures and gain unauthorized access to protected information...
The vulnerability of the BuildKit container-building software lies in the improper restriction of the path name to the restricted-access directory, which allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the BuildKit container-building software is related to an incorrect limitation on the path to the restricted-access directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the node-tar library on the Node.js software platform allows attackers to gain unauthorized access to protected information.
The vulnerability of the node-tar library in the Node.js software platform is related to an incorrect limitation on the path name for the restricted-access directory. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...
The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird, related to integer overflow, allows attackers to cause service failures.
The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird are related to integer overflows. Exploiting these vulnerabilities can allow a malicious actor to cause service failures remotely...
The vulnerability of the Go programming language lies in the incorrect definition of the link before accessing a file, which allows attackers to escalate their privileges.
The vulnerability of the Go programming language is related to the incorrect definition of the link before accessing a file. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the webbrowser.open() function in the CPython interpreter allows a hacker to trigger a service failure.
The vulnerability of the webbrowser.open function in the CPython interpreter is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the Go programming language, related to the lack of measures taken to protect web page structures, allows attackers to execute arbitrary code.
The vulnerability of the Go programming language is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the secure_popen() function in the Glances monitoring tool allows a hacker to execute arbitrary commands.
The vulnerability of the securepopen function in the Glances monitoring tool is related to the lack of measures taken to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the export module of the Glances monitoring tool allows a hacker to execute arbitrary code.
The vulnerability of the export module of the Glances monitoring tool relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the GlancesServersList.get_servers_list() function in the Glances monitoring tool’s application interface allows a hacker to gain unauthorized access to protected information.
The vulnerability of the GlancesServersList.getserverslist function in the Glances monitoring tool’s application interface is related to the lack of protection for service data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected...
The vulnerability in the web interface of the Glances monitoring tool allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Glances monitoring tool’s web interface is related to the lack of a mechanism for verifying the source of the data. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...
The vulnerability of the GNU Binutils development environment lies in the execution of a loop with an unreachable exit condition, allowing an attacker to cause a service failure.
The vulnerability of the GNU Binutils development tool lies in the execution of a loop with an unreachable exit condition. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the has_access_to_file() function in the Open WebUI artificial intelligence-based web interface allows a perpetrator to gain access to read, modify, or delete data.
The vulnerability of the hasaccesstofile function in the Open WebUI artificial intelligence-based web interface relates to bypassing authentication using a key controlled by the user. Exploiting this vulnerability could allow an attacker to gain read, modify, or delete access to data...
The vulnerability of the Apache Tomcat application server arises from a lack of mechanisms for encoding or shielding output data. This allows attackers to execute arbitrary code.
The vulnerability of the Apache Tomcat application server is related to the lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Banner component in the Open WebUI web interface allows a hacker to manipulate inter-site requests and intercept the administrator’s session.
The vulnerability of the Banner web interface component based on artificial intelligence, Open WebUI, is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to manipulate inter-site requests and intercept the administrator...
The vulnerability of the Open WebUI web interface, related to deficiencies in the authentication process, allows attackers to escalate their privileges and disclose sensitive information.
The vulnerability of the Open WebUI web interface is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to enhance their privileges and disclose sensitive information...
The vulnerability of the application software interface of the Drupal CMS system allows a hacker to enhance their privileges and execute arbitrary code.
The vulnerability of the application software interface of the Drupal CMS system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to enhance their privileges and execute arbitrary code...
The vulnerability of the setcred() function in the operating system kernel of FreeBSD allows a perpetrator to execute arbitrary code, increase their privileges, or cause service failures.
The vulnerability of the setcred function in the operating system kernel of FreeBSD is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to execute arbitrary code, increase their privileges, or cause service failures...
The vulnerability of the software for providing secure remote access to data in the Palo Alto Networks GlobalProtect App is related to the use of an unreliable search path. This allows attackers to escalate their privileges and execute arbitrary commands.
The vulnerability of the software for providing secure remote access to data in the Palo Alto Networks GlobalProtect App is related to the use of an unreliable search path. Exploiting this vulnerability can allow attackers to enhance their privileges and execute arbitrary commands...
The vulnerability of the PAN-OS operating system’s web interface allows attackers to circumvent security restrictions and execute arbitrary commands.
The vulnerability of the PAN-OS operating system’s web interface is related to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and execute arbitrary commands remotely...
The vulnerability of the TCP/IP protocol implementation in Windows operating systems allows a perpetrator to execute arbitrary code.
The vulnerability of the TCP/IP protocol implementation in Windows operating systems relates to the possibility of using memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Prisma SD-WAN ION network management tool, related to errors in the certificate validation process, allows a hacker to execute a type of “man-in-the-middle” attack.
The vulnerability of the Prisma SD-WAN ION network management tool is related to errors in the certificate authentication process. Exploiting this vulnerability could allow a remote attacker to execute a “man-in-the-middle” attack...
The vulnerability of the WAN ARP Driver for Windows operating systems allows attackers to increase their privileges.
The vulnerability of the WAN ARP Driver for Windows operating systems relates to the possibility of exploiting memory after it is freed. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the TCP/IP protocol implementation in Windows operating systems allows attackers to enhance their privileges.
The vulnerability of the TCP/IP protocol implementation in Windows operating systems lies in the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the automated penetration testing system, related to the failure to take measures to neutralize special elements, allows a perpetrator to execute arbitrary commands.
The vulnerability of automated penetration testing systems relates to the failure to take measures to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands on the server...
The vulnerability of the automated penetration testing system, related to the failure to take measures to neutralize special elements, allows a perpetrator to execute arbitrary commands.
The vulnerability of automated penetration testing systems relates to the failure to take measures to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands on the server...
The vulnerability of the GLPI system for managing requests, incidents, and inventory of computer equipment is related to deficiencies in authentication procedures, which allow unauthorized users to elevate their privileges.
The vulnerability of the GLPI system for managing requests, incidents, and inventory of computer equipment is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow attackers who operate remotely to gain increased privileges...
The vulnerability of the Volume Manager Extension Driver for Windows operating systems allows a hacker to execute arbitrary code.
The vulnerability of the Volume Manager Extension Driver for Windows operating systems is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the Windows Common Log File System Driver in the Windows operating system allows a hacker to gain increased privileges.
The vulnerability of the Windows Common Log File System Driver in the operating system is related to a countable amount of importance loss. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the Windows Admin Center server management tool, related to access control errors, allows a perpetrator to increase their privileges.
The vulnerability of the Windows Admin Center management tool is related to access control errors. Exploiting this vulnerability can allow a remote attacker to increase their privileges...
The vulnerability of Microsoft Excel spreadsheet editors in Microsoft Office packages and Microsoft 365 Apps for Enterprise allows a perpetrator to execute arbitrary code.
The vulnerability of Microsoft Excel spreadsheet editors within the Microsoft Office and Microsoft 365 Apps for Enterprise products is related to buffer overflow in dynamic memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of Microsoft Visual Studio Code’s editor, related to errors in the mechanism for handling relative pathnames to directories, allows attackers to gain unauthorized access to protected information.
The vulnerability of Microsoft Visual Studio Code’s editor is related to errors in the mechanism for handling relative pathnames to directories. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...
The vulnerability of the BuildKit container-building software lies in the improper restriction of the path name to the restricted-access directory, which allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the BuildKit container-building software is related to an incorrect limitation on the path to the restricted-access directory. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of Microsoft 365 Copilot’s intelligent virtual assistant, related to access segmentation errors, allows attackers to carry out spear-phishing attacks.
The vulnerability of Microsoft 365 Copilot’s intelligent virtual assistant is related to access control errors. Exploiting this vulnerability could allow attackers to carry out spear-phishing attacks...
The vulnerability of the software for interacting with servers via cURL, related to bypassing authentication due to a fundamental error, allows attackers to escalate their privileges.
The vulnerability of the software for interacting with servers via cURL is related to the bypassing of authentication due to a fundamental flaw. Exploiting this vulnerability allows a remote attacker to increase their privileges...
The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management processes, related to the failure to protect the SQL request structure, allows attackers to execute arbitrary code.
The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management processes is related to the lack of measures taken to protect the SQL request structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...
The vulnerability of the Open WebUI web interface, related to the lack of authentication, allows a perpetrator to trigger a service failure.
The vulnerability of the Open WebUI web interface is related to the lack of authentication during the processing of the final endpoint /api/v1/memories/ef. Exploiting this vulnerability allows a malicious actor to cause service failures by sending a specially crafted GET request...
The vulnerability in the Open WebUI web interface, related to bypassing authentication using a user-controlled key, allows attackers to gain unauthorized access to protected information.
The vulnerability in the Open WebUI web interface relates to bypassing authentication using a key controlled by the user during the processing of the final endpoint /api/chat/completions. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to...
The vulnerability in the Open WebUI web interface, related to the lack of protective measures for website structures, allows attackers to perform cross-site scripting attacks (XSS).
The vulnerability in the Open WebUI web interface is related to the lack of protection for the structure of the web page when processing the profileimageurl field. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...