90509 matches found
The vulnerability of the microprogrammed network interface cards of SONICWALL series SMA 1000 allows a intruder to elevate their privileges to the level of an administrator.
The vulnerability of the microprogrammed network interface cards of SONICWALL series SMA 1000 is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability can allow an attacker to elevate their privileges to the level of administrator...
The vulnerability of the implementation of the SSL VPN micro-programming software for network interfaces of SONICWALL series SMA 1000 allows a intruder to gain unauthorized access to protected information.
The vulnerability of the implementation of the SSL VPN micro-programming software for network interfaces of the SMA 1000 series, SONICWALL, is related to inconsistencies in the responses to incoming requests. Exploiting this vulnerability can allow an attacker operating remotely to gain...
The vulnerability of the LibreOffice office software package, related to writing beyond the buffer limit, allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the LibreOffice office software package is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of the `load_from_url_async` function in the library for working with large language models (LLMs) like vLLM allows attackers to perform SSRF attacks.
The vulnerability of the loadfromurlasync function in the library for working with large language models LLMs like vLLM is related to insufficient validation of requests on the server side. Exploiting this vulnerability could allow a malicious actor to perform an SSRF attack...
The vulnerability of the print_hex_string() function in the Wazuh intrusion detection and prevention system allows a perpetrator to execute arbitrary code.
The vulnerability of the printhexstring function in the Wazuh intrusion detection and prevention system is related to buffer overflow in the stack. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the GetAlertData() function on the security monitoring and threat detection platform Wazuh allows a malicious actor to trigger a service failure.
The vulnerability of the GetAlertData function on the security monitoring and threat detection platform Wazuh is related to a violation of the buffer’s initial limit. Exploiting this vulnerability could allow an attacker to trigger a service failure...
The vulnerability of the os.system() function on the lifecycle management platform for machine learning models allows a perpetrator to execute arbitrary commands.
The vulnerability of the os.system function on the lifecycle management platform for machine learning models involves improper code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability in the implementation of the Internet Key Exchange (IKE) protocol in Windows operating systems allows a hacker to induce a service failure.
The vulnerability of the Internet Key Exchange IKE protocol implementation in Windows operating systems relates to bypassing authentication by avoiding memory release after the effective lifetime of the protocol. Exploiting this vulnerability can allow a malicious actor to cause service...
The vulnerability of the .NET software platform, related to insufficient validation of output data, allows attackers to increase their privileges.
The vulnerability of the .NET software platform is related to insufficient validation of output data. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the print spooler daemon on Windows operating systems allows attackers to escalate their privileges.
The vulnerability of the Windows Print Spooler in operating systems related to the print queue is associated with synchronization errors when using shared resources. Exploiting this vulnerability can allow attackers to increase their privileges...
Vulnerability of specialized cryptographic modules: BC Java bcpkix on All (API modules), BC Java bcprov on All (API modules), BCPKIX FIPS bcpkix-fips on All (API modules). Libraries from Bouncy Castle allow attackers to exploit these resources excessively.
The vulnerability of specialized cryptographic modules such as BC Java bcpkix in All API modules, BC Java bcprov in All API modules, and BCPKIX FIPS bcpkix-fips in All API modules is related to unlimited resource allocation. Exploiting this vulnerability can allow a remote attacker to excessively...
The vulnerability of the Windows Ancillary Function Driver for WinSock on Windows operating systems allows attackers to exploit their privileges.
The vulnerability of the Windows Ancillary Function Driver for WinSock operating systems is related to the possibility of using memory after it is freed. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the data protection software through backup using PowerProtect Data Domain for Dell EMC Data Domain Operating Systems allows a hacker to execute arbitrary commands with root privileges.
The vulnerability of the data protection software through backup using PowerProtect Data Domain for Dell EMC Data Domain Operating Systems involves a lack of authentication for a critical function. Exploiting this vulnerability allows an attacker to execute arbitrary commands with root privileges...
The vulnerability of the Dawn component in the Google Chrome browser allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Dawn component in the Google Chrome browser arises due to the use of uninitialized resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information through a specially created HTML page...
The vulnerability of the Mattermost instant messaging application, related to deficiencies in authentication procedures, allows attackers to bypass existing security mechanisms.
The vulnerability of the Mattermost instant messaging application is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to bypass existing security measures remotely...
The vulnerability of the Mattermost instant messaging application, related to access control errors, allows a hacker to execute arbitrary code.
The vulnerability of the Mattermost instant messaging application is related to access control errors. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the Mattermost instant messaging application, related to access control errors, allows a malicious user to gain unauthorized access to protected information.
The vulnerability of the Mattermost instant messaging application is related to access control errors. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...
The vulnerability of the Mattermost instant messaging application, related to uncontrolled resource consumption, allows a hacker to cause a service failure.
The vulnerability of the Mattermost instant messaging application is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause a service failure by sending a specially crafted DOC file...
The vulnerability of the data protection software through backup using PowerProtect Data Domain for Dell EMC Data Domain Operating Systems allows a hacker to execute arbitrary commands with root privileges.
The vulnerability of the data protection software through PowerProtect Data Domain’s backup solution for Dell EMC Data Domain Operating Systems is related to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability could allow an attacker to execute arbitrary...
The vulnerability of the data protection software through backup using PowerProtect Data Domain for Dell EMC Data Domain Operating Systems allows a hacker to execute arbitrary commands with root privileges.
The vulnerability of the data protection software through PowerProtect Data Domain’s backup solution for Dell EMC Data Domain Operating Systems is related to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability could allow an attacker to execute arbitrary...
The vulnerability of the data protection software through backup using PowerProtect Data Domain for Dell EMC Data Domain Operating Systems allows attackers to gain unauthorized access to protected information.
The vulnerability of the data protection software through backup using PowerProtect Data Domain for Dell EMC Data Domain Operating Systems is related to improper session management. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of the data protection software through backup using PowerProtect Data Domain for Dell EMC Data Domain Operating Systems allows a hacker to execute arbitrary commands with root privileges.
The vulnerability of the data protection software through PowerProtect Data Domain’s backup solution for Dell EMC Data Domain Operating Systems is related to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability could allow a malicious actor to execute arbitrar...
The vulnerability of Google Chrome’s DevTools component, which allows a hacker to escalate their privileges
The vulnerability of Google Chrome’s DevTools component is related to a data protection mechanism flaw. Exploiting this vulnerability can allow an attacker, operating remotely, to gain increased privileges...
The vulnerability of the Mattermost instant messaging application, related to incorrect validation of the specified data type, allows a hacker to trigger a service failure.
The vulnerability of the Mattermost instant messaging application is related to improper validation of the specified data type. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the Mattermost instant messaging application, related to insufficient validation of requests on the server side, allows a hacker to perform an SSRF attack.
The vulnerability of the Mattermost instant messaging application is related to insufficient validation of requests on the server side. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...
The vulnerability of the Mattermost instant messaging application, related to access control errors, allows a malicious user to gain unauthorized access to protected information.
The vulnerability of the Mattermost instant messaging application is related to access control errors. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...
The vulnerability of the ungetc() function in the BDAT/CHUNKING component of the email server Exim, which allows a hacker to execute arbitrary code.
The vulnerability of the ungetc function in the BDAT/CHUNKING component of the email server Exim relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the data protection software through backup using PowerProtect Data Domain for Dell EMC Data Domain Operating Systems allows a intruder to gain unauthorized access to protected information.
The vulnerability of the data protection software through backup using PowerProtect Data Domain for Dell EMC Data Domain Operating Systems is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow an intruder to gain unauthorized access to protected...
The vulnerability of the data protection software through backup using PowerProtect Data Domain for Dell EMC Data Domain Operating Systems allows a hacker to execute arbitrary commands with root privileges.
The vulnerability of the data protection software through backup operations using PowerProtect Data Domain for Dell EMC Data Domain Operating Systems is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary...
The vulnerability of the data protection software through backup using PowerProtect Data Domain for Dell EMC Data Domain Operating Systems allows attackers to perform cross-site scripting attacks.
The vulnerability of the data protection software through backup using PowerProtect Data Domain for Dell EMC Data Domain Operating Systems is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site...
The vulnerability in the web interface of the Cisco Catalyst SD-WAN Manager allows a attacker to perform cross-site scripting attacks (XSS).
The vulnerability in the web interface of the Cisco Catalyst SD-WAN Manager relates to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...
The vulnerability in the web interface for controlling the Cisco Unity Connection integrated messaging system allows a perpetrator to execute arbitrary code.
The vulnerability in the web interface for managing the Cisco Unity Connection integrated messaging system is related to an incorrect restriction on the path name to the directory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the Cisco IoT Field Network Director software interface allows a hacker to gain access to confidential information or cause service failures.
The vulnerability of the Cisco IoT Field Network Director software interface is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability can allow a malicious actor to gain access to confidential information or cause service failures...
The vulnerability of the Axon Code Parser AI-tool for developing Axon Code Models allows a perpetrator to execute arbitrary code.
The vulnerability of Axon Code Parser AI-tool for developing Axon Code Models exists due to the incorrect use of incompatible command parsers shell-quote libraries based on Unix for analyzing commands on the Windows platform. Additionally, there are issues with the improper handling of escape...
The vulnerability of the data protection software through backup using PowerProtect Data Domain for Dell EMC Data Domain Operating Systems allows a hacker to execute arbitrary commands with root privileges.
The vulnerability of the data protection software through PowerProtect Data Domain’s backup solution for Dell EMC Data Domain Operating Systems is related to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability could allow an attacker to execute arbitrary...
The vulnerability of the data protection software through backup using PowerProtect Data Domain for Dell EMC Data Domain Operating Systems allows a hacker to execute arbitrary commands with root privileges.
The vulnerability of the data protection software through PowerProtect Data Domain’s backup solution for Dell EMC Data Domain Operating Systems is related to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability could allow a malicious actor to execute arbitrar...
The vulnerability of the data protection software through backup using PowerProtect Data Domain for Dell EMC Data Domain Operating Systems allows a hacker to execute arbitrary commands with root privileges.
The vulnerability of the data protection software through PowerProtect Data Domain’s backup solution for Dell EMC Data Domain Operating Systems is related to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability could allow a malicious actor to execute arbitrar...
The vulnerability of the data protection software through backup using PowerProtect Data Domain for Dell EMC Data Domain Operating Systems allows a hacker to execute arbitrary commands with root privileges.
The vulnerability of the data protection software through backup using PowerProtect Data Domain for Dell EMC Data Domain Operating Systems is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to execute arbitrary commands with root privileges...
The vulnerability of the Cisco IOS XE operating system’s loader allows a hacker to execute arbitrary code.
The vulnerability of the Cisco IOS XE operating system loader is related to a violation of the initial buffer boundary. Exploiting this vulnerability allows an attacker to execute arbitrary code...
The vulnerability in the web interface of the Cisco IOx software platform allows attackers to perform cross-site scripting attacks (XSS).
The vulnerability in the Cisco IOx software platform’s web interface is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability could allow a remote attacker to perform cross-site scripting attacks XSS...
The vulnerability of the data protection software through backup using PowerProtect Data Domain for Dell EMC Data Domain Operating Systems allows attackers to gain unauthorized access to protected information.
The vulnerability of the data protection software through backup using PowerProtect Data Domain for Dell EMC Data Domain Operating Systems is related to insufficient restrictions on authentication attempts. Exploiting this vulnerability could allow an attacker to gain unauthorized access to...
The vulnerability of the data protection software through backup using PowerProtect Data Domain for Dell EMC Data Domain Operating Systems allows attackers to enhance their privileges.
The vulnerability of the data protection software through backup using PowerProtect Data Domain for Dell EMC Data Domain Operating Systems is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges and gain unauthorized access to...
The vulnerability of the Cisco IOS XE operating system, which allows a perpetrator to access confidential information
The vulnerability of the Cisco IOS XE operating system is related to the transmission of critical information in plaintext. Exploiting this vulnerability can allow a remote attacker to gain access to confidential information...
The vulnerability of the Cisco IOS XE operating system’s TLS library allows attackers to trigger memory exhaustion or service failure.
The vulnerability of the Cisco IOS XE operating system’s TLS library is related to the absence of references to an active, allocated resource. Exploiting this vulnerability can allow a malicious actor to induce memory exhaustion or service failure from a remote perspective...
The vulnerability of the server function of the Cisco IOS XE operating system’s secure copying protocol allows a attacker to trigger a service failure.
The vulnerability of the server function of the Cisco IOS XE operating system’s secure copying protocol is related to the improper handling of additional parameters. Exploiting this vulnerability can allow attackers to cause service failures...
The vulnerability of the Cisco IOS XE operating system’s command-line interface allows a hacker to trigger a service failure.
The vulnerability of the Cisco IOS XE operating system’s command-line interface is related to the improper assignment of privileges. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability in the web interface for controlling the Cisco Unity Connection integrated messaging system allows a attacker to perform an SSRF attack.
The vulnerability in the web interface for managing the Cisco Unity Connection integrated messaging system is related to insufficient validation of requests on the server side. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...
The vulnerability of the Cisco IoT Field Network Director software interface allows a intruder to trigger a service failure.
The vulnerability of the Cisco IoT Field Network Director software interface is related to access control errors. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
The vulnerability of the Cisco IoT Field Network Director software interface allows a hacker to escalate their privileges.
The vulnerability of the Cisco IoT Field Network Director software interface is related to exceptions handling deficiencies. Exploiting this vulnerability can allow an attacker to enhance their privileges remotely...
The vulnerability of the H2O machine learning platform, related to deficiencies in the deserialization mechanism, allows attackers to bypass security restrictions, disclose sensitive information, and execute arbitrary code.
The vulnerability of the H2O machine learning platform is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a remote attacker to circumvent security restrictions, disclose sensitive information, and execute arbitrary code...