90509 matches found
The vulnerability of the DNS proxy server of the PAN-OS operating system allows a perpetrator to cause a service failure or execute arbitrary code.
The vulnerability of the DNS proxy server of the PAN-OS operating system is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability can allow a remote attacker to cause service failures or execute arbitrary code...
The vulnerability of the frmL7ImForm function in the goform/L7Im microprogramming system for Tenda F456 allows a hacker to execute arbitrary code or cause service failures.
The vulnerability of the frmL7ImForm function in the goform/L7Im microprogramming system for Tenda F456 is related to the execution of an operation outside the buffer in memory when processing the page parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or...
The vulnerability of the Prisma SD-WAN ION network management tool, related to the lack of input data verification for cyclic operations, allows a attacker to trigger a service failure.
The vulnerability of the Prisma SD-WAN ION network management tool is related to the lack of validation for input data during cyclical operations. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
The vulnerability of the Prisma Access Agent, a user remote access agent for corporate resources and applications, stems from insufficient protection of operational data. This allows attackers to gain unauthorized access to protected information.
The vulnerability of the Prisma Access Agent, a user remote access agent, relates to insufficient protection of operational data. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...
The vulnerability of the Trust Protection Foundation’s key and certificate management tool, which allows unauthorized individuals to access system data, enables attackers to gain unauthorized access to protected information.
The vulnerability of the Trust Protection Foundation’s key management and certificate management tools involves the disclosure of system data to unauthorized individuals. Exploiting this vulnerability could allow a remote attacker to gain unauthorized access to protected information...
The vulnerability of the software for providing secure remote access to data in the Palo Alto Networks GlobalProtect App lies in the fact that the operation is performed outside the buffer in memory. This allows an attacker to execute a “man-in-the-middle” attack and execute arbitrary code.
The vulnerability of the software for providing secure remote access to data in the Palo Alto Networks GlobalProtect App is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to carry out a “man-in-the-middle” attack an...
The vulnerability of the get_tool_by_id() function in the Open WebUI AI-based web interface allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the gettoolbyid function in the Open WebUI AI-based web interface is related to the lack of authorization when processing parameters like toolids and toolservers. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...
The vulnerability of the Packetbeat network packet analyzer, related to unvalidated array indexing, allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Packetbeat network packet analyzer is related to unvalidated array indexing. Exploiting this vulnerability can allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of theOTP library set in the Erlang programming language arises from incorrect processing of highly compressed input data, allowing attackers to trigger a service failure.
The vulnerability of theOTP library in the Erlang programming language is related to the improper processing of highly compressed input data. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability in the set of libraries for the Erlang programming language relates to incorrect restrictions on the path name to the restricted access directory. This allows a intruder to gain unauthorized access to protected information.
The vulnerability in the set of libraries for the Erlang programming language relates to incorrect restrictions on the path name to the restricted-access directory. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the modular interface between web servers and Rack web applications, related to incorrect path name restrictions for the restricted access catalog, allows attackers to gain unauthorized access to protected information.
The vulnerability of the modular interface between web servers and Rack web applications is related to incorrect restrictions on the path name to the restricted directory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of the node-tar library in the Node.js software platform arises from incorrect path name restrictions for restricted-access directories. This allows attackers to gain unauthorized access to protected information.
The vulnerability of the node-tar library in the Node.js software platform is related to an incorrect limitation on the path name for the restricted-access directory. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...
The vulnerability of the PowerDNS software, related to insufficient resource control during its existence, allows a hacker to cause a service failure.
The vulnerability of the PowerDNS software is related to insufficient resource control during its existence. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause service failures...
The vulnerability of the Active Storage component of the Ruby on Rails software framework allows attackers to execute arbitrary code.
The vulnerability of the Active Storage component in the Ruby on Rails software framework is related to insufficient neutralization of certain elements in the request. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Squid proxy server, related to the use of memory after it is freed, allows a hacker to execute arbitrary code.
The vulnerability of the Squid proxy server is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Gimp image processing library, related to buffer overflow in dynamic memory, allows an attacker to execute arbitrary code.
The vulnerability of the Gimp image processing library is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Golang programming language, related to deficiencies in authentication mechanisms, allows attackers to gain unauthorized access to protected information.
The vulnerability of the Go programming language is related to deficiencies in the authentication mechanism. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the package manager for Kubernetes Helm, related to an incorrect path name limitation for the restricted access directory, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the package manager for Kubernetes Helm is related to an incorrect restriction on the path name to the restricted-access directory. Exploiting this vulnerability could allow a perpetrator to gain unauthorized access to protected information...
The vulnerability of the OCI Container Runtime (crun) environment, related to insecure management of privileges, allows attackers to escalate their privileges.
The vulnerability of the OCI Container Runtime crun environment is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges...
The vulnerability of the minimatch library on the Node.js software platform, which allows a hacker to cause a service failure.
The vulnerability of the minimatch library on the Node.js software platform is related to its algorithmic complexity. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the aiohttp HTTP client, related to unlimited resource distribution, allows attackers to cause service failures.
The vulnerability of the aiohttp HTTP client is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a remote attacker to cause service failures...
The vulnerability of the libssh library, related to an uncontrolled search path element, allows attackers to escalate their privileges.
The vulnerability of the libssh library is related to an uncontrolled element in the search process. Exploiting this vulnerability can allow an attacker to enhance their privileges...
The vulnerability of the ngx_http_rewrite_module module in NGINX Plus and NGINX Open Source web servers allows a attacker to execute arbitrary code or cause service interruptions.
The vulnerability of the ngxhttprewritemodule module in NGINX Plus and NGINX Open Source web servers is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause a denial-of-service attack by sending a specially crafte...
The vulnerability of the minimatch library on the Node.js software platform lies in the use of a regular expression with inefficient computational complexity, which allows attackers to trigger a service failure.
The vulnerability of the minimatch library on the Node.js software platform is related to the use of a regular expression with inefficient computational complexity. Exploiting this vulnerability could allow an attacker to cause service interruptions remotely...
The vulnerability in the implementation of the RDS network protocol of the Linux operating system allows a hacker to increase their privileges and cause service failures.
The vulnerability of the Linux operating system’s network protocol implementation is related to the repeated release of memory. Exploiting this vulnerability can allow an attacker to increase their privileges and cause service interruptions...
The vulnerability of the formwlencrypt24g function in the goform/formwlencrypt24g file of the POST Request Handler component of the microprogramming system for wireless signal amplifiers of the Edimax EW-7438RPn Mini device, which allows a hacker to cause a service failure.
The vulnerability of the formwlencrypt24g function in the goform/formwlencrypt24g file of the POST Request Handler component of the microprogramming system for wireless signal amplifiers from Edimax EW-7438RPn Mini is related to the execution of an operation outside the buffer in memory when...
The vulnerability of the formWirelessTbl function in the goform/formWirelessTbl file of the POST Request Handler component of the Edimax BR-6428NS wireless signal amplifiers’ microprogramming system allows a hacker to induce a service failure.
The vulnerability of the formWirelessTbl function in the goform/formWirelessTbl file of the POST Request Handler component of the microprogramming software for wireless signal amplifiers from Edimax BR-6428NS is related to the execution of operations outside the buffer in memory when processing t...
The vulnerability of the Chronosphere Chronocollector data collector lies in its ability to expose system data to unauthorized individuals, allowing intruders to gain unauthorized access to protected information.
The vulnerability of the Chronosphere Chronocollector data collector relates to the exposure of system data to unauthorized individuals. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the Trust Protection Foundation’s key and certificate management mechanism, related to the failure to protect the SQL query structure, allows attackers to execute arbitrary commands and gain access to read, modify, and delete data.
The vulnerability of the Trust Protection Foundation TPF key management and certificate management mechanisms is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary commands and gain access to read, modify...
The vulnerability in the process_respfile function of the asm/nasm.c file in the Netwide Assembler (NASM) compiler allows a hacker to execute arbitrary code.
The vulnerability of the processrespfile function in the asm/nasm.c file of the Netwide Assembler NASM compiler is related to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the qcom_smmu_def_domain_type() function in the drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c file of the Linux operating system’s IOMMU driver allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the qcomsmmudefdomaintype function in the drivers/iommu/arm/arm-smmu/arm-smmu-qcom.c file of the Linux kernel’s IOMMU driver is related to initialization errors for devices. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, an...
The vulnerability of the Metricbeat monitoring tool, related to uncontrolled memory distribution, allows a attacker to trigger a service failure.
The vulnerability of the Metricbeat monitoring tool is related to uncontrolled memory allocation. Exploiting this vulnerability could allow a remote attacker to cause a service failure...
The vulnerability of the network routing implementation software on Unix-like systems, related to the handling of the zero pointer, allows a hacker to cause a service failure.
The vulnerability of the FRRouting software implementation for Unix-like systems relates to the handling of the zero pointer. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of the PDF processing library PyPDF2, related to excessive iteration, allows a hacker to trigger a service failure.
The vulnerability of the PyPDF2 library for processing PDF files is related to excessive iteration. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
The vulnerability of the PyPDF2 library for processing PDF files, related to the execution of a loop with an unreachable exit condition, allows a hacker to cause a service failure.
The vulnerability of the PyPDF2 library for processing PDF files relates to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the PDF processing library PyPDF2, related to algorithmic complexity, allows attackers to trigger a service failure.
The vulnerability of the PyPDF2 library for processing PDF files is related to algorithmic complexity. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
The vulnerability of the webbrowser.open() function in the CPython interpreter allows a hacker to trigger a service failure.
The vulnerability of the webbrowser.open function in the CPython interpreter is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the Go programming language, related to errors in type mixing, allows attackers to execute arbitrary code.
The vulnerability of the Go programming language is related to type mixing errors. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the Go programming language, which comes with unlimited resource distribution, allows attackers to cause service failures.
The vulnerability of the Go programming language is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
The vulnerability of the node-tar library on the Node.js software platform allows attackers to gain unauthorized access to protected information.
The vulnerability of the node-tar library in the Node.js software platform is related to an incorrect limitation on the path name for the restricted-access directory. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...
The vulnerability of the secure_popen() function in the Glances monitoring tool allows a hacker to execute arbitrary commands.
The vulnerability of the securepopen function in the Glances monitoring tool is related to the lack of measures taken to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability in the web interface of the Glances monitoring tool allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Glances monitoring tool’s web interface is related to the lack of a mechanism for verifying the source of the data. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...
The vulnerability of the export module of the Glances monitoring tool allows a hacker to execute arbitrary code.
The vulnerability of the export module of the Glances monitoring tool relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the GlancesServersList.get_servers_list() function in the Glances monitoring tool’s application interface allows a hacker to gain unauthorized access to protected information.
The vulnerability of the GlancesServersList.getserverslist function in the Glances monitoring tool’s application interface is related to the lack of protection for service data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected...
The vulnerability of the setcred() function in the operating system kernel of FreeBSD allows a perpetrator to execute arbitrary code, increase their privileges, or cause service failures.
The vulnerability of the setcred function in the operating system kernel of FreeBSD is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to execute arbitrary code, increase their privileges, or cause service failures...
The vulnerability of the check_ocsp_response() function in the GnuTLS library, which allows a hacker to bypass existing security mechanisms
The vulnerability of the checkocspresponse function in the GnuTLS library is related to the incorrect order of operation of the input validation mechanism. Exploiting this vulnerability could allow a malicious actor to bypass existing security measures remotely...
The vulnerability of the TCP/IP protocol implementation in Windows operating systems allows attackers to enhance their privileges.
The vulnerability of the TCP/IP protocol implementation in Windows operating systems lies in the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the compare_strings() function in the GnuTLS library allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the comparestrings function in the GnuTLS library is related to shortcomings in the mechanism for handling register-dependent data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...
The vulnerability of the automated penetration testing system, related to the failure to take measures to neutralize special elements, allows a perpetrator to execute arbitrary commands.
The vulnerability of automated penetration testing systems relates to the failure to take measures to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands on the server...
The vulnerability of Microsoft 365 Copilot’s intelligent virtual assistant, related to access segmentation errors, allows attackers to carry out spear-phishing attacks.
The vulnerability of Microsoft 365 Copilot’s intelligent virtual assistant is related to access control errors. Exploiting this vulnerability could allow attackers to carry out spear-phishing attacks...