The vulnerability of the Adobe Experience Manager (AEM) content and media data management system, related to deficiencies in authentication procedures, allows attackers to escalate their privileges.

The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to gain increased privileges remotely...

The vulnerability of the Adobe Experience Manager (AEM) content and media data management system lies in the insufficient protection of website structures, allowing attackers to execute arbitrary code.

The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

The vulnerability of the Ruby interpreter’s Rack module’s interface allows a hacker to trigger a service failure.

The vulnerability of the Ruby interpreter’s Rack module interface is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

The vulnerability of the Ruby interpreter’s Rack module’s interface allows a hacker to trigger a service failure.

The vulnerability of the Ruby interpreter’s Rack module interface is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service failures...

The vulnerability of the Adobe Experience Manager (AEM) content and media data management system, related to insufficient validation of input data, allows a hacker to execute arbitrary code.

The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

The vulnerability of the update mechanism of the IBM QRadar SIEM system allows a perpetrator to execute arbitrary code.

The vulnerability of the IBM QRadar SIEM’s event collection and analysis update mechanism is related to improper external management of file names or paths. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by loading a specially crafted automatic update file...

The vulnerability of the cv_upgrade_sensor_firmware() function in the Dell ControlVault3 security driver package allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the cvupgradesensorfirmware function in the Dell ControlVault3 security driver suite is related to writing beyond buffer boundaries. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected...

The vulnerability of the PDF file processing mechanism of the ClamAV antivirus program allows a hacker to execute arbitrary code.

The vulnerability of the PDF file processing mechanism of the ClamAV antivirus program is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code during the processing of a specially crafted PDF file...

The vulnerability of the cvhDecapsulateCmd() function in the Dell ControlVault3 security driver package allows a attacker to execute arbitrary code.

The vulnerability of the cvhDecapsulateCmd function in the Dell ControlVault3 security driver suite is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

The vulnerability of the securebio_identify() function in the Dell ControlVault3 security management driver allows a attacker to execute arbitrary code.

The vulnerability of the securebioidentify function in the Dell ControlVault3 security driver suite is related to buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

The vulnerability of the tb_retimer_scan() function in the drivers/thunderbolt/retimer.c module of the Linux operating system allows a hacker to gain access to protected information or cause a service failure.

The vulnerability of the tbretimerscan function in the drivers/thunderbolt/retimer.c module of the Linux operating system is related to reading beyond the buffer boundaries. Exploiting this vulnerability could allow an attacker to access protected information or cause service failures...

The vulnerability of the badKernel_fault() function in the arch/powerpc/mm/fault.c module of the PowerPC platform supports the Linux operating system’s kernel, allows a hacker to trigger a service failure.

The vulnerability of the badkernelfault function in the arch/powerpc/mm/fault.c module of the PowerPC platform support for the Linux operating system is related to improper control of resource identifiers “resource injection”. Exploiting this vulnerability could allow an attacker to cause a servi...

Vulnerability of the ath11k_wmi_pdev_dfs_radar_detected_event() function in the drivers/net/wireless/ath/ath11k/wmi.c module – This driver provides support for Atheros/Qualcomm wireless adapter devices in the Linux operating system. It allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the ath11kwmipdevdfsradetectedevent function in the drivers/net/wireless/ath/ath11k/wmi.c module – the driver for Atheros/Qualcomm wireless adapter support in Linux operating systems – stems from the reutilization of previously freed memory. Exploiting this vulnerability can...

The vulnerability of the binder_cleanup_ref_olocked() function in the drivers/android/binder.c module of the Linux operating system’s kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the bindercleanuprefolocked function in the drivers/android/binder.c module of the Linux operating system’s kernel is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, a...

Vulnerability of the adf_probe() function in the drivers/crypto/qat/qat_c3xxxvf/adf_drv.c module – a driver for the Linux kernel’s cryptographic accelerator, which allows a hacker to cause a system failure.

Vulnerability of the adfprobe function in the drivers/crypto/qat/qatc3xxxvf/adfdrv.c module – The driver for the Linux kernel’s cryptographic accelerator involves the use of an uninitialized resource. Exploiting this vulnerability could allow a hacker to cause system failures...

The vulnerability of the Messages component in operating systems such as watchOS, macOS, iOS, and iPadOS allows a hacker to carry out a zero-click attack.

The vulnerability of the Messages component in operating systems such as watchOS, macOS, iOS, and iPadOS is related to insufficient validation of input data. Exploiting this vulnerability can allow a remote attacker to carry out a zero-click attack using a specially crafted iCloud link...

The vulnerability of Hikvision’s wireless access points’ microprogramming software lies in the lack of measures to neutralize the special elements used in the operating system commands, allowing attackers to execute arbitrary commands.

The vulnerability of Hikvision’s wireless access points’ microprogramming software is related to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the Adobe Experience Manager (AEM) content and media data management system lies in the insufficient protection of website structures, allowing attackers to execute arbitrary code.

The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

The vulnerability of the serial_resume() function in the drivers/tty/serial/8250/serial_cs.c file of the Linux kernel allows a attacker to compromise the confidentiality and accessibility of the protected information.

The vulnerability of the serialresume function in the drivers/tty/serial/8250/serialcs.c file of the Linux kernel is related to improper memory release before deleting the last reference „memory leak“. Exploiting this vulnerability could allow an attacker to compromise the confidentiality and...

Vulnerability of the rxe_qp_init_req() function in the drivers/infiniband/sw/rxe/rxe_qp.c module – The Linux kernel’s InfiniBand driver, which allows an attacker to compromise the confidentiality, integrity, and accessibility of protected information.

Vulnerability of the rxeqpinitreq function in the drivers/infiniband/sw/rxe/rxeqp.c module – The Linux kernel’s InfiniBand driver relies on the reclamation of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...

The vulnerability of the formSetPPTPServerCfg function in the Tenda AC10 router software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the formSetPPTPServer /goform/SetPptpServerCfg function in the Tenda AC10 router software lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibili...

Vulnerability of the fc_rport_prli_resp() function in the drivers/scsi/libfc/fc_rport.c module – This driver is part of the Linux operating system’s SCSI device support framework. It allows attackers to compromise the confidentiality and accessibility of protected information.

Vulnerability of the fcrportprliresp function in the drivers/scsi/libfc/fcrport.c module – The Linux system’s SCSI device support driver involves reading beyond the buffer boundaries. Exploiting this vulnerability could allow an attacker to compromise the confidentiality and accessibility of...

Vulnerability of the sun8i_ss_prng_generate() function in the drivers/crypto/allwinner/sun8i-ss/sun8i-ss-prng.c module – a driver for the Linux operating system’s cryptographic acceleration engine, allowing a hacker to cause a service failure.

Vulnerability of the sun8issprngGenerate function in the drivers/crypto/allwinner/sun8i-ss/sun8i-ss-prng.c module – The driver for the Linux operating system’s cryptographic acceleration engine is vulnerable due to the absence of restrictions and controls on resource distribution. Exploiting this...

The vulnerability of the ServerConfig.PublicKeyCallback() function in the Go programming language library allows a hacker to bypass security restrictions.

The vulnerability of the ServerConfig.PublicKeyCallback function in the Go programming language library is related to deficiencies in the authentication process when handling keys. Exploiting this vulnerability could allow a malicious actor to circumvent security restrictions from a remote locati...

The vulnerability of the Apache Tomcat application server arises from the acceptance of input data as a internal path without verification. This allows attackers to gain unauthorized access to protected information and execute arbitrary code.

The vulnerability of the Apache Tomcat application server lies in the acceptance of input paths as internal paths without verification. Exploiting this vulnerability allows an attacker operating remotely to gain unauthorized access to protected information and execute arbitrary code...

Vulnerability of the Cluster component: The general system for managing MySQL Cluster databases, which allows a hacker to cause a service failure.

Vulnerability of the MySQL Cluster component: General database management systems related to MySQL Cluster are vulnerable to uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

The vulnerability of the Adobe Experience Manager (AEM) content and media data management system lies in the insufficient protection of website structures, allowing attackers to execute arbitrary code.

The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

The vulnerability of the edna Chat Center’s customer request processing system, related to the improper handling of exceptional states, allows a violator to determine the true identities of users.

The vulnerability of the edna Chat Center’s customer request processing system is related to the improper handling of exceptional states. Exploiting this vulnerability allows a malicious actor to determine the true identities of users...

The vulnerability of the plugin “Import from XML, YML, JSON. Uploading product catalogs for 1C-Bitrix” allows a perpetrator to execute arbitrary commands.

The vulnerability of the plugin “Import from XML, YML, JSON. Uploading product catalogs for 1C-Bitrix” is related to the failure to take measures to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the plugin “Export to Excel. Exporting product catalogs for 1C-Bitrix. Creating price lists” allows a perpetrator to execute arbitrary commands.

The vulnerability of the plugin “Export to Excel. Exporting product catalogs for 1C-Bitrix. Creating price lists” is related to the failure to take measures to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a remote attacker to execute...

The vulnerability of the “Multi-Functional Export/Import in Excel” plugin, which arises from the failure to take measures to neutralize special elements, allows a perpetrator to execute arbitrary commands.

The vulnerability of the “Multi-Functional Export/Import in Excel” plugin is related to the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the “Import from Excel. Upload product catalog 1C-Bitrix” plugin, which stems from the failure to take measures to neutralize special elements, allows attackers to execute arbitrary commands.

The vulnerability of the plugin “Import from Excel. Uploading product catalogs for 1C-Bitrix” is related to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the “Mass Processing of Infobox Elements (Products)” plugin, which arises from failing to take measures to neutralize special elements, allows a violator to execute arbitrary commands.

The vulnerability of the “Massive Processing of Infoblock Elements Products” plugin is related to the failure to take measures to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the IDispatch interface on Windows operating systems allows a perpetrator to execute arbitrary code with SYSTEM level privileges.

The vulnerability of the IDispatch interface on Windows operating systems is related to incorrect code generation. Exploiting this vulnerability allows an attacker to execute arbitrary code with SYSTEM level privileges...

The vulnerability of the Google Chrome browser’s Media component allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Google Chrome browser’s Media component is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the Power Automate for Desktop automation platform, related to insufficient protection of operational data, allows attackers to escalate their privileges.

The vulnerability of the Power Automate for Desktop automation platform is related to insufficient protection for operational data. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...

The vulnerability of Microsoft Office and Microsoft 365 Apps for Enterprise applications relates to buffer overflows in dynamic memory, allowing an attacker to execute arbitrary code.

The vulnerability of Microsoft Office and Microsoft 365 Apps for Enterprise packages is related to buffer overflow in dynamic memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

Vulnerability of Microsoft Office packages and 365 Apps for Enterprise, related to incorrect path name restrictions for restricted access directories, allows attackers to execute arbitrary code.

The vulnerability of Microsoft Office packages and 365 Apps for Enterprise is related to incorrect path name restrictions in the restricted access catalog. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

Vulnerability of Microsoft Office packages, 365 Apps for Enterprise, and Microsoft PowerPoint presentation preparation programs, related to memory usage after its release, allowing attackers to execute arbitrary code.

The vulnerabilities of Microsoft Office packages, 365 Apps for Enterprise, and Microsoft PowerPoint presentation software are related to the use of memory after it is released. Exploiting these vulnerabilities can allow attackers to execute arbitrary code...

The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the incorrect limitation of file names and other resources, allowing attackers to execute arbitrary code.

The vulnerability of Microsoft Office packages and 365 Apps for Enterprise is related to incorrect restrictions on file names and other resources. Exploiting this vulnerability can allow a perpetrator to execute arbitrary code...

The vulnerability of the web server of the Nuance Digital Engagement Platform’s operating system Windows allows a attacker to perform XSS attacks.

The vulnerability of the Windows operating system-based version of the Nuance Digital Engagement Platform’s web server relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to carry out XSS attacks remotely...

The vulnerability of Microsoft Office packages and 365 Apps for Enterprise, related to the use of memory after it is freed, allows attackers to execute arbitrary code.

The vulnerability of Microsoft Office packages and 365 Apps for Enterprise lies in the use of memory after it is released. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of Microsoft SharePoint Server, Microsoft SharePoint Server Subscription Edition, and Microsoft SharePoint Enterprise Server packages lies in their deserialization mechanism flaws, allowing attackers to execute arbitrary code.

The vulnerability of Microsoft SharePoint Server, Microsoft SharePoint Server Subscription Edition, and Microsoft SharePoint Enterprise Server is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

The vulnerability of the Remote Access Connection Manager in Windows operating systems is related to insecure management of privileges. Exploiting this vulnerability can allow attackers to enhance their privileges.

The vulnerability of the Remote Access Connection Manager in Windows operating systems is related to insecure management of privileges. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of Microsoft Office packages, Microsoft 365 Apps for Enterprise, Microsoft SharePoint, and the text editor Microsoft Word relates to a buffer overflow in dynamic memory, allowing an attacker to execute arbitrary code.

The vulnerability of Microsoft Office packages, Microsoft 365 Apps for Enterprise, Microsoft SharePoint, and the text editor Microsoft Word is related to buffer overflow in dynamic memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

Vulnerability of Microsoft Office packages, Microsoft 365 Apps for Enterprise, Microsoft SharePoint, and the text editor Microsoft Word, related to the use of memory after it is released, allowing a hacker to execute arbitrary code.

The vulnerability of Microsoft Office packages, Microsoft 365 Apps for Enterprise, Microsoft SharePoint, and the text editor Microsoft Word is related to the use of memory after it is released. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the Windows Security App antivirus program on the Windows operating system allows attackers to perform spear-phishing attacks.

The vulnerability of the Windows Security App antivirus program in the Windows operating system is related to improper external manipulation of the file name or path. Exploiting this vulnerability can allow attackers to perform spear-phishing attacks...

The vulnerability of the Microsoft AutoUpdate (MAU) for Mac application, which involves insufficient validation of input data, allows a malicious individual to escalate their privileges.

The vulnerability of the Microsoft AutoUpdate MAU for Mac application related to insufficient validation of input data. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the Microsoft .NET software platform and the Microsoft Visual Studio development tools allows a perpetrator to execute arbitrary code.

The vulnerability of the Microsoft .NET software platform and the Microsoft Visual Studio development environment is related to the use of an insecure search path. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...

The vulnerability of Microsoft Office Word and 365 Apps for Enterprise applications relates to buffer overflows in dynamic memory, allowing an attacker to execute arbitrary code.

The vulnerability of Microsoft Office Word and 365 Apps for Enterprise lies in the overflowing of buffers in the dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created RTF file...