90509 matches found
The vulnerability of the Mattermost instant messaging application, related to access control errors, allows a malicious user to reduce the privileges of arbitrary users.
The vulnerability of the Mattermost instant messaging application is related to access control errors. Exploiting this vulnerability could allow a malicious actor to reduce the privileges of arbitrary users...
The vulnerability of the REST API interface of the H2O machine learning platform allows a perpetrator to execute arbitrary code.
The vulnerability of the REST API interface of the H2O machine learning platform is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Win32K component – ICOMP in Windows operating systems, which allows attackers to exploit their privileges.
The vulnerability of the Win32K component – ICOMP in Windows operating systems is related to access to resources through incompatible types. Exploiting this vulnerability can allow attackers to increase their privileges...
The vulnerability of DVB (Digital Video Broadcasting) plugins of the Gstreamer multimedia framework allows a hacker to execute arbitrary code.
The vulnerability of DVB Digital Video Broadcasting plugins of the Gstreamer multimedia framework is related to the lack of proper validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the libpng library, which allows a hacker to gain access to freed memory
The vulnerability of the libpng library lies in the transfer of a pointer obtained from functions like pnggetPLTE, pnggettRNS, or pnggethIST back to the corresponding function for setting values for the same pair of structures pngstruct and pnginfo. This causes reading from the freed memory and...
The vulnerability of the data protection software through backup using PowerProtect Data Domain for Dell EMC Data Domain Operating Systems allows attackers to gain unauthorized access to protected information.
The vulnerability of the data protection software through backup using PowerProtect Data Domain for Dell EMC Data Domain Operating Systems is related to insufficient restrictions on authentication attempts. Exploiting this vulnerability could allow an attacker to gain unauthorized access to...
The vulnerability of the software for centralized identity management systems like FreeIPA allows a perpetrator to gain access to confidential data.
The vulnerability of the FreeIPA identity management software is related to deficiencies in the authorization process. Exploiting this vulnerability could allow a perpetrator to gain access to confidential data...
The vulnerability of the Mattermost instant messaging application, related to unlimited resource distribution, allows a hacker to cause a service failure.
The vulnerability of the Mattermost instant messaging application is related to unlimited resource distribution. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the mptcp_recvmsg() function in the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the mptcprecvmsg function in the Linux operating system is related to the lack of input validation for cyclic operations. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...
The vulnerability of the netfilter x_tables component in Linux operating systems allows attackers to compromise the confidentiality and accessibility of protected information.
The vulnerability of the netfilter xtables component in Linux operating systems is related to errors that occur when a line or array ends with a zero character. Exploiting this vulnerability can allow an attacker to compromise the confidentiality and accessibility of protected information...
The vulnerability in the `drivers/net/ethernet/cadence/macbpci.c` module of the Linux operating system allows a hacker to cause a service failure.
The vulnerability in the drivers/net/ethernet/cadence/macbpci.c module of the Linux operating system is related to the use of memory after it has been freed. Exploiting this vulnerability could allow an attacker to cause a service failure...
Vim text editor’s `:find` function vulnerability, allowing a hacker to execute arbitrary code or cause a service failure.
The vulnerability of the :find function in the text editor Vim is related to the failure to take measures to neutralize special elements. Exploiting this vulnerability can allow an attacker to execute arbitrary code or cause service interruptions...
The vulnerability of the RedisTimeSeries time series processing module in the Redis database management system allows a attacker to execute arbitrary code or cause a service failure.
The vulnerability of the RedisTimeSeries time series processing module in the Redis database management system is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code or cause a service failure...
The vulnerability of the multi-functional online image editor in PIXSO’s UI/UX design relates to access control errors, allowing attackers to create new openAPI applications accessible to administrators.
The vulnerability of the multi-functional online image editor in PIXSO’s UI/UX design is related to access control errors. Exploiting this vulnerability could allow a malicious actor to create new openAPI applications that are accessible to administrators...
The vulnerability of the multi-functional online image editor in PIXSO’s UI/UX design relates to access control errors, which allow attackers to redirect users through links to malicious resources, while pretending to be legitimate.
The vulnerability of the multi-functional online image editor in PIXSO’s UI/UX design is related to access control errors. Exploiting this vulnerability could allow a malicious actor to redirect users through links to malicious resources, while pretending to be legitimate...
The vulnerability of the exec_args_adjust_args() function in the operating system kernel of FreeBSD allows a hacker to exploit their privileges.
The vulnerability of the execargsadjustargs function in the FreeBSD operating system’s kernel is related to an operator precedence error. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the automated deployment and scaling service for managed Apache Cassandra Azure Managed Instances lies in the lack of access control mechanisms, allowing an attacker to execute arbitrary code.
The vulnerability of the automated deployment and scaling service for managed Apache Cassandra instances is related to access control errors. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the JavaFX (WebKitGTK) component of the Oracle Java SE software platform, which allows a hacker to trigger a system failure
The vulnerability of the JavaFX WebKitGTK component of the Oracle Java software platform is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service failures...
The vulnerability of the RxRPC module in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the RxRPC module in the Linux operating system’s kernel arises due to improper handling of fragmented packages and mechanisms for copying data into socket buffers. Exploiting this vulnerability allows an attacker to cause service failures...
The vulnerability of Cisco IOS and Cisco IOS XE operating system HTTP servers allows attackers to induce service failures.
The vulnerability of Cisco IOS and Cisco IOS XE operating systems’ HTTP servers is related to incorrect processing of syntaxically incorrect structures. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of the intermediate software ForwardAuth in the reverse proxy server Containous Traefik allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the intermediate software ForwardAuth in the reverse proxy server Containous Traefik is related to insufficient verification of data authenticity. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...
The vulnerability of the Dell ThinOS operating system for thin clients involves insufficient data cleaning at the management level, allowing attackers to execute arbitrary commands.
The vulnerability of the Dell ThinOS operating system for thin clients is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows an attacker to execute arbitrary commands...
The vulnerability of the Dell PowerScale OneFS operating system, related to insufficient protection of registration data, allows attackers to compromise the confidentiality and accessibility of data.
The vulnerability of the Dell PowerScale OneFS operating system is related to insufficient protection for registration data. Exploiting this vulnerability could allow an attacker to compromise the confidentiality and accessibility of data...
The vulnerability of the data protection software through backup using PowerProtect Data Domain for Dell EMC Data Domain Operating Systems allows a hacker to execute arbitrary commands with root privileges.
The vulnerability of the data protection software through PowerProtect Data Domain’s backup solution for Dell EMC Data Domain Operating Systems is related to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability could allow an attacker to execute arbitrary...
The vulnerability of the respond_request() function in the system for launching and managing large language models of LoLLMS (Lord of Large Language Multimodal Systems) allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the respondrequest function in the system for launching and managing large language models of LoLLMS is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to...
The vulnerability of the `tc_chain_fill_node()` function in Linux operating systems allows a hacker to gain unauthorized access to confidential information.
The vulnerability of the tcchainfillnode function in Linux operating systems is related to the use of uninitialized resources. Exploiting this vulnerability could allow an attacker to gain unauthorized access to confidential information...
The vulnerability of the regsafe() function in Linux operating system kernels allows attackers to disclose confidential information or cause service failures.
The vulnerability of the regsafe function in Linux operating system kernels is related to errors in determining the system’s state. Exploiting this vulnerability can allow an attacker to disclose confidential information or cause service failures...
The vulnerability of the ecam_encoder_compress_h264() function in the implementation of the remote desktop protocol FreeRDP allows a intruder to gain access to confidential data or trigger a service failure.
The vulnerability of the ecamencodercompressh264 function in the FreeRDP remote desktop protocol is related to the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data or cause service failures...
The vulnerability of the processCommandAndResetClient() function in the Redis database management system allows a attacker to execute arbitrary code.
The vulnerability of the processCommandAndResetClient function in the Redis database management system is related to the possibility of using memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
Vulnerability of the “Customized Feedback Form” module of the CMS system: Control over the download of dangerous files without restrictions, allowing attackers to execute arbitrary code.
Vulnerability of the “Custom Feedback Form” module of the CMS system: Website management involves unlimited uploading of dangerous files...
The vulnerability in the web interface of the Cisco IOS XE operating system allows attackers to enhance their privileges and gain access to the management API.
The vulnerability of the Cisco IOS XE operating system’s web interface is related to insufficient validation of input data. Exploiting this vulnerability can allow a remote attacker to enhance their privileges and gain access to the management API...
The vulnerability of the intermediate software ForwardAuth in the reverse proxy server Containous Traefik allows a hacker to bypass authentication with invalid credentials.
The vulnerability of the intermediate software ForwardAuth in the reverse proxy server Containous Traefik involves exploiting authentication through spoofing. Exploiting this vulnerability allows a malicious actor to bypass authentication with invalid credentials...
The vulnerability of the Cray operating system’s kernel, related to improper cleaning or release of resources, allows a perpetrator to trigger a service failure.
The vulnerability of the Cray operating system’s kernel is related to improper cleaning or release of resources. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the data protection software through backup using PowerProtect Data Domain for Dell EMC Data Domain Operating Systems allows a intruder to execute arbitrary commands.
The vulnerability of the data protection software through PowerProtect Data Domain’s backup solution for Dell EMC Data Domain Operating Systems is related to the lack of measures taken at the management level to clean data. Exploiting this vulnerability allows a malicious actor to execute arbitra...
The vulnerability of the system for launching and managing large language models in LoLLMS (Lord of Large Language Multimodal Systems) stems from deficiencies in access control. This allows attackers to enhance their privileges.
The vulnerability of the system for launching and managing large language models in LoLLMS Lord of Large Language Multimodal Systems is related to deficiencies in access control when processing JWT signatures. Exploiting this vulnerability can allow a malicious actor to enhance their privileges...
The vulnerability in the AppLollmsMessage class of the system, which is used to launch and manage large language models like LoLLMS, allows attackers to perform XSS attacks.
The vulnerability of the AppLollmsMessage class in the system for launching and managing large language models LoLLMS is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform XSS attacks remotely...
The vulnerability of the nf_conntrack_helper_unregister() function in Linux operating systems allows a hacker to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the nfconntrackhelperunregister function in Linux operating systems is related to incomplete cleanup of temporary or auxiliary resources. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected informati...
The vulnerability of the ctnetlink_alloc_expect() function in Linux operating systems allows a hacker to disclose confidential information.
The vulnerability of the ctnetlinkallocexpect function in Linux operating systems is related to access to an uninitialized pointer. Exploiting this vulnerability can allow an attacker to disclose confidential information...
The vulnerability of the nft_queue() function in Linux operating systems, which allows a hacker to cause a service failure
The vulnerability of the nftqueue function in Linux operating systems is related to improper handling of input data. Exploiting this vulnerability can allow an attacker to cause service failures...
The vulnerability in the net/core/skmsg.c module of the Linux operating system allows a hacker to cause a service failure.
The vulnerability in the net/core/skmsg.c module of the Linux operating system is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the set_cig_params_sync() function in the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the setcigparamssync function in the Linux operating system’s kernel is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerabilities of the React frontend building libraries React-server-dom-parcel, React-server-dom-turbopack, and React-server-dom-webpack allow attackers to cause service failures.
The vulnerability of the React frontend library packages react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack involves uncontrolled resource consumption. Exploiting this vulnerability can allow an attacker to cause service failures by sending specially crafted HTTP...
The vulnerabilities of the functions BaseHttpRequestHandler._post() and aseHttpRequestHandler.get_temp_root() in the httprequesthandler.py component, a library for loading dash-uploader files, allow a hacker to execute arbitrary code.
The vulnerability of the functions BaseHttpRequestHandler.post and aseHttpRequestHandler.gettemproot in the httprequesthandler.py component, a library for uploading dash-uploader files, is related to an incorrect pathname limitation. Exploiting this vulnerability could allow a remote attacker to...
The vulnerabilities of the sdl_Pointer_New() and sdl_Pointer_Free() functions in the implementation of the FreeRDP remote desktop protocol allow a intruder to cause a service failure.
The vulnerabilities of the sdlPointerNew and sdlPointerFree functions in the FreeRDP remote desktop protocol are related to the use of memory after it is freed. Exploiting these vulnerabilities can allow a malicious actor to cause service failure...
The vulnerability of the video_timer() function in the implementation of the remote desktop protocol FreeRDP allows a intruder to trigger a service failure.
The vulnerability of the videotimer function in the implementation of the remote desktop protocol FreeRDP is related to the use of memory after it is freed. Exploiting this vulnerability could allow a malicious actor to cause a service failure...
The vulnerability of the RESTORE command in the Redis database management system allows a hacker to execute arbitrary code.
The vulnerability of the RESTORE command in the Redis database management system is related to buffer overflows in the dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the RedisBloom data structure module of the Redis database management system allows a hacker to execute arbitrary code.
The vulnerability of the RedisBloom data structure module of the Redis database management system is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
The vulnerability of the multi-functional online image editor in PIXSO’s UI/UX design relates to access control errors, which allow attackers to compromise data integrity.
The vulnerability of the multi-functional online image editor in PIXSO’s UI/UX design is related to access control errors. Exploiting this vulnerability could allow an attacker to create threats to data integrity remotely...
The vulnerability of Redis’ Lua interpreter, a database management system, allows attackers to execute arbitrary code.
The vulnerability of Redis’ Lua interpreter for database management systems involves the possibility of exploiting memory after it is released. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the multi-functional online image editor in PIXSO’s UI/UX design lies in the lack of protection for the website structure, allowing attackers to execute arbitrary JavaScript code.
The vulnerability of the multi-functional online image editor in PIXSO’s UI/UX design is related to the lack of measures taken to protect the website’s structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code remotely...