90509 matches found
The vulnerability of the PDF component in the Google Chrome web browser, which allows a hacker to trigger a service failure
The vulnerability of the PDF component in the Google Chrome web browser relates to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to cause a service failure using a specially created PDF file...
The vulnerability of the Azure SDK for Java development software package lies in its authentication procedures’ flaws, which allow attackers to circumvent security restrictions.
The vulnerability of the Azure SDK for Java development software package is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to circumvent security restrictions remotely...
The vulnerability of the Ancillary Function Driver for WinSock in Windows operating systems allows attackers to increase their privileges.
The vulnerability of the Ancillary Function Driver for WinSock operating systems in Windows relates to access to resources through incompatible types. Exploiting this vulnerability can allow attackers to increase their privileges...
The vulnerability of the AppID service for operating systems Windows allows attackers to increase their privileges.
The vulnerability of the AppID service for operating systems running on Windows lies in the fact that operations are performed outside of the buffer in memory. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the WebCodecs component in the Google Chrome web browser allows a hacker to gain access to confidential data or cause a service failure.
The vulnerability of the WebCodecs component in the Google Chrome web browser is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to gain access to confidential data or cause service failures through a specially creat...
The vulnerability of the TanStack library set, related to the presence of undeclared capabilities, allows a hacker to execute arbitrary code.
The vulnerability of the TanStack library set is related to the presence of undeclared features. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the KILL_CLIENT command in the PostgreSQL PgBouncer connection pool’s software allows a hacker to trigger a service failure.
The vulnerability of the KILLCLIENT command in the PostgreSQL PgBouncer connection pool software is related to the absence of authentication. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of the SAP S/4HANA software platform, related to the lack of measures taken to protect the SQL query structure, allows attackers to gain unauthorized access to protected information and trigger service failures.
The vulnerability of the SAP S/4HANA software platform is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to protected information and cause service failures by sending specially crafted S...
The vulnerability of the strlcat() function in PostgreSQL PgBouncer software allows a attacker to execute arbitrary code or cause service interruptions.
The vulnerability of the strlcat function in PostgreSQL PgBouncer software-related connectivity libraries is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code or cause service failur...
The vulnerability of the TCP/IP protocol implementation in Windows operating systems allows attackers to enhance their privileges.
The vulnerability of the TCP/IP protocol implementation in Windows operating systems is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the data protection software through backup using PowerProtect Data Domain for Dell EMC Data Domain Operating Systems allows a hacker to execute arbitrary commands with root privileges.
The vulnerability of the data protection software through PowerProtect Data Domain’s backup solution for Dell EMC Data Domain Operating Systems is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to execute arbitrary commands with root...
The vulnerability of the Mattermost instant messaging application, related to the lack of authentication, allows a intruder to gain unauthorized access to protected information.
The vulnerability of the Mattermost instant messaging application is related to the lack of authentication. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...
The vulnerability of the Mattermost instant messaging application, related to information disclosure, allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the Mattermost instant messaging application is related to the disclosure of information. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
Vulnerability of specialized cryptographic modules: BC Java bcpkix on All (API modules), BC Java bcprov on All (API modules), BCPKIX FIPS bcpkix-fips on All (API modules). Libraries from Bouncy Castle allow attackers to exploit these resources excessively.
The vulnerability of specialized cryptographic modules such as BC Java bcpkix in All API modules, BC Java bcprov in All API modules, and BCPKIX FIPS bcpkix-fips in All API modules is related to unlimited resource allocation. Exploiting this vulnerability can allow a remote attacker to excessively...
The vulnerability of the GetAlertData() function on the security monitoring and threat detection platform Wazuh allows a malicious actor to trigger a service failure.
The vulnerability of the GetAlertData function on the security monitoring and threat detection platform Wazuh is related to a violation of the buffer’s initial limit. Exploiting this vulnerability could allow an attacker to trigger a service failure...
The vulnerability of the Axon Code Parser AI-tool for developing Axon Code Models allows a perpetrator to execute arbitrary code.
The vulnerability of Axon Code Parser AI-tool for developing Axon Code Models exists due to the incorrect use of incompatible command parsers shell-quote libraries based on Unix for analyzing commands on the Windows platform. Additionally, there are issues with the improper handling of escape...
The vulnerability in the web interface for controlling the Cisco Unity Connection integrated messaging system allows a attacker to perform an SSRF attack.
The vulnerability in the web interface for managing the Cisco Unity Connection integrated messaging system is related to insufficient validation of requests on the server side. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...
The vulnerability of the file-xwd.c component of the GIMP graphic editor allows a hacker to cause a service failure.
The vulnerability of the file-xwd.c component of the GIMP graphic editor is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to cause a service failure using the malicious file...
The vulnerability of software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B lies in their uncontrolled resource consumption, which allows attackers to cause service interruptions.
The vulnerabilities of the software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B are related to uncontrolled resource consumption. Exploiting these vulnerabilities can allow attackers to cause service interruptions remotel...
The vulnerability of the microprogrammed network interface cards of SONICWALL series SMA 1000 allows a intruder to elevate their privileges to the level of an administrator.
The vulnerability of the microprogrammed network interface cards of SONICWALL series SMA 1000 is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability can allow an attacker to elevate their privileges to the level of administrator...
The vulnerability of the tplgdecode_control_mixer1 function in the library for interacting with kernel audio drivers from Alsa-lib, which allows a hacker to cause a service failure.
The vulnerability of the tplgDecodeControlmixer1 function in the library for interacting with kernel audio drivers is related to unvalidated array indexing. Exploiting this vulnerability could allow a malicious actor to cause service failures through a specially created file...
The vulnerability in the web interface for controlling the Cisco Unity Connection integrated messaging system allows a perpetrator to execute arbitrary code.
The vulnerability in the web interface for managing the Cisco Unity Connection integrated messaging system is related to an incorrect restriction on the path name to the directory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the Cisco IOS XE operating system’s command-line interface allows a hacker to trigger a service failure.
The vulnerability of the Cisco IOS XE operating system’s command-line interface is related to the improper assignment of privileges. Exploiting this vulnerability can allow an attacker to cause a service failure...
The software for email security from SonicWall has a vulnerability related to incorrect input validation. This allows attackers to gain unauthorized access to protected information.
The vulnerability of SonicWall Email Security’s email security software lies in the improper validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the Security component of the Oracle Java SE software platform, as well as the Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines, allows attackers to gain access to read, modify, and delete data.
The vulnerability of the Security component of the Oracle Java SE software platform, as well as of the Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines, is related to insufficient protection of operational data. Exploiting this vulnerability can allow an attacker to...
The vulnerability of the Cisco IOS XE operating system’s loader allows a hacker to execute arbitrary code.
The vulnerability of the Cisco IOS XE operating system loader is related to a violation of the initial buffer boundary. Exploiting this vulnerability allows an attacker to execute arbitrary code...
The vulnerability of the library that accesses HTTP servers via LibSoup allows a perpetrator to gain access to confidential data or cause service failures.
The vulnerability of the LibSoup library for HTTP servers is related to a countable loss of significance. Exploiting this vulnerability could allow an attacker to gain access to confidential data or cause service failures...
The vulnerability of the ClonePixelCacheRepository() function in the magick/cache.c component of the ImageMagick console graphics editor allows a hacker to cause a service failure.
The vulnerability of the ClonePixelCacheRepository function in the magick/cache.c component of the ImageMagick console graphics editor is related to pointer dereferencing errors. Exploiting this vulnerability could allow an attacker to cause a service failure through the use of a specially create...
The vulnerability of the MSLEndElement() function in the coders/msl.c component of the ImageMagick console graphics editor allows a hacker to cause a service failure.
The vulnerability of the MSLEndElement function in the ImageMagick console graphics editor’s coders/msl.c component is related to pointer dereferencing errors. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the SubtableUnicodesCache::create() function in the src/hb-ot-cmap-table.hh file of the HarfBuzz text conversion library allows a hacker to trigger a service failure.
The vulnerability of the SubtableUnicodesCache::create function in the src/hb-ot-cmap-table.hh file of the HarfBuzz text conversion library is related to pointer dereferencing errors. Exploiting this vulnerability could allow an attacker to cause service failures...
The vulnerability of the sch_teql component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the schteql component in the Linux operating system’s kernel is related to the dereferencing of a pointer whose validity has expired. Exploiting this vulnerability can allow an attacker to trigger a service failure...
The vulnerability of the Mattermost instant messaging application, related to access control errors, allows a malicious user to reduce the privileges of arbitrary users.
The vulnerability of the Mattermost instant messaging application is related to access control errors. Exploiting this vulnerability could allow a malicious actor to reduce the privileges of arbitrary users...
The vulnerability of the REST API interface of the H2O machine learning platform allows a perpetrator to execute arbitrary code.
The vulnerability of the REST API interface of the H2O machine learning platform is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Win32K component – ICOMP in Windows operating systems, which allows attackers to exploit their privileges.
The vulnerability of the Win32K component – ICOMP in Windows operating systems is related to access to resources through incompatible types. Exploiting this vulnerability can allow attackers to increase their privileges...
The vulnerability of DVB (Digital Video Broadcasting) plugins of the Gstreamer multimedia framework allows a hacker to execute arbitrary code.
The vulnerability of DVB Digital Video Broadcasting plugins of the Gstreamer multimedia framework is related to the lack of proper validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the libpng library, which allows a hacker to gain access to freed memory
The vulnerability of the libpng library lies in the transfer of a pointer obtained from functions like pnggetPLTE, pnggettRNS, or pnggethIST back to the corresponding function for setting values for the same pair of structures pngstruct and pnginfo. This causes reading from the freed memory and...
The vulnerability of the data protection software through backup using PowerProtect Data Domain for Dell EMC Data Domain Operating Systems allows attackers to gain unauthorized access to protected information.
The vulnerability of the data protection software through backup using PowerProtect Data Domain for Dell EMC Data Domain Operating Systems is related to insufficient restrictions on authentication attempts. Exploiting this vulnerability could allow an attacker to gain unauthorized access to...
The vulnerability of the software for centralized identity management systems like FreeIPA allows a perpetrator to gain access to confidential data.
The vulnerability of the FreeIPA identity management software is related to deficiencies in the authorization process. Exploiting this vulnerability could allow a perpetrator to gain access to confidential data...
Vulnerabilities in web browsers Firefox and Firefox ESR, as well as the Thunderbird email client, allow attackers to gain access to confidential data and compromise its integrity.
The vulnerabilities in web browsers Firefox and Firefox ESR, as well as the email client Thunderbird, are related to insufficient input data validation. Exploiting these vulnerabilities can allow an attacker to gain access to confidential data and compromise its integrity...
The vulnerability of the `tt_var_load_item_variation_store` function in the 2D component of the Oracle Java SE software platform, as well as in the Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines, allows a malicious actor to cause a service failure.
The vulnerability of the ttvarloaditemvariationstore function in the 2D component of the Oracle Java SE software platform, as well as in the Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines, relates to reading data beyond the allowed range of memory. Exploitation of...
The vulnerability of the JAXP component of the Oracle Java SE software platform, as well as of the Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines, allows attackers to gain unauthorized access to devices.
The vulnerability of the JAXP component in the Oracle Java SE software platform and the Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker, operating remotely, to...
The vulnerability of the JSE component of Oracle Java SE software, as well as of the Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines, allows attackers to trigger a service failure.
The vulnerability of the JSE component of Oracle Java SE software, as well as of the Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines, is related to a breach of data protection mechanisms. Exploiting this vulnerability can allow an attacker, operating remotely, to cau...
The vulnerability of the data protection software through backup using PowerProtect Data Domain for Dell EMC Data Domain Operating Systems allows a hacker to execute arbitrary commands with root privileges.
The vulnerability of the data protection software through PowerProtect Data Domain’s backup solution for Dell EMC Data Domain Operating Systems is related to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability could allow an attacker to execute arbitrary...
The vulnerability of the print spooler daemon on Windows operating systems allows attackers to escalate their privileges.
The vulnerability of the Windows Print Spooler in operating systems related to the print queue is associated with synchronization errors when using shared resources. Exploiting this vulnerability can allow attackers to increase their privileges...
The vulnerability of the Thunderbird email client, allowing a hacker to gain access to confidential data
The vulnerability of the Thunderbird email client is related to the lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability can allow a remote attacker to gain access to confidential data...
The vulnerability of the Cisco IOS XE operating system’s TLS library allows attackers to trigger memory exhaustion or service failure.
The vulnerability of the Cisco IOS XE operating system’s TLS library is related to the absence of references to an active, allocated resource. Exploiting this vulnerability can allow a malicious actor to induce memory exhaustion or service failure from a remote perspective...
The vulnerability of the LibreOffice office software package, related to writing beyond the buffer limit, allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the LibreOffice office software package is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
Vulnerabilities in web browsers Firefox and Firefox ESR, as well as the Thunderbird email client, allow attackers to trigger a service failure.
The vulnerabilities in web browsers Firefox and Firefox ESR, as well as the Thunderbird email client, are related to the use of memory after it is freed. Exploiting these vulnerabilities can allow an attacker to cause service interruptions remotely...
The vulnerability of the msl.c component in the console-based image editing tool ImageMagick allows a hacker to gain access to confidential data or cause a service failure.
The vulnerability of the msl.c component in the console-based image editing tool ImageMagick is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to gain access to confidential data or cause service interruptions...
The vulnerabilities of the `png_set_TRNX` and `png_set_PLTE` functions in the LIBPNG library allow attackers to execute arbitrary code or cause service interruptions.
The vulnerability of the pngsettRNS and pngsetPLTE functions in the LIBPNG library is related to improper memory management during data deallocation. Exploiting this vulnerability may allow an attacker to gain access to the freed memory area, which could lead to the execution of arbitrary code or...