90509 matches found
The vulnerability of the resetPromiseSpecies() function in the vm2 package manager’s NPM library allows a hacker to bypass the sandbox protection mechanisms and execute arbitrary commands.
The vulnerability of the resetPromiseSpecies function in the vm2 library of the NPM package manager is related to improper code generation. Exploiting this vulnerability could allow a remote attacker to bypass the sandbox’s security mechanisms and execute arbitrary commands...
The vulnerability of the Business Chat function in the Microsoft 365 Copilot intelligent virtual assistant allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Business Chat function in Microsoft 365 Copilot relates to the failure to take measures to neutralize special elements. Exploiting this vulnerability may allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the Business Chat function in Microsoft 365 Copilot allows a hacker to disclose protected information.
The vulnerability of the Business Chat function in Microsoft 365 Copilot is related to incorrect elimination of special elements in output data. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose protected information...
The vulnerability in the backend/routers/files.py script of the system for launching and managing large language models in LoLLMS (Lord of Large Language Multimodal Systems) allows a perpetrator to gain unauthorized access to protected information, upload arbitrary files, or cause service failures.
The vulnerability in the backend/routers/files.py script of the system for launching and managing large language models in LoLLMS Lord of Large Language Multimodal Systems is related to deficiencies in the authentication process when processing the /api/files/extract-text endpoint. Exploiting thi...
The vulnerability of the Kubernetes CRD reverse proxy server container “Traefik” allows a hacker to circumvent existing access restrictions.
The vulnerability of the Kubernetes CRD reverse proxy server of Containous Traefik is related to insufficient spatial partitioning. Exploiting this vulnerability could allow a malicious actor to circumvent existing access restrictions...
The vulnerability of the intermediate software StripPrefixRegex of the Containous Traefik reverse proxy server allows a hacker to access protected information.
The vulnerability of the intermediate software program StripPrefixRegex of the Containous Traefik reverse proxy server is related to the use of a name with an incorrect link. Exploiting this vulnerability can allow a remote attacker to gain access to protected information...
The vulnerability in the web interface of the Cisco IOx application management platform for the Cisco IOS XE operating system allows a perpetrator to manipulate data.
The vulnerability in the web interface of the Cisco IOx application management platform for the Cisco IOS XE operating system is related to the failure to eliminate CRLF sequences. Exploiting this vulnerability allows a remote attacker to manipulate data...
The vulnerability of the data protection software through backup using PowerProtect Data Domain for Dell EMC Data Domain Operating Systems allows attackers to gain unauthorized access to protected information.
The vulnerability of the data protection software through backup using PowerProtect Data Domain for Dell EMC Data Domain Operating Systems is related to errors in information processing. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of the data protection software through backup using PowerProtect Data Domain for Dell EMC Data Domain Operating Systems allows attackers to enhance their privileges.
The vulnerability of the data protection software through PowerProtect Data Domain’s backup process for Dell EMC Data Domain Operating Systems is related to errors in the certificate validation process. Exploiting this vulnerability can allow an attacker to increase their privileges remotely...
The vulnerability of the create_post() function in the system for launching and managing large language models of LoLLMS (Lord of Large Language Multimodal Systems) allows attackers to perform XSS attacks.
The vulnerability of the createpost function in the system for launching and managing large language models of LoLLMS Lord of Large Language Multimodal Systems is related to the lack of measures taken to protect the web page structure. Exploiting this vulnerability allows a malicious actor to...
The vulnerability in the backend/routers/files.py script of the system for launching and managing large language models in LoLLMS (Lord of Large Language Multimodal Systems) allows a hacker to write arbitrary files.
The vulnerability in the backend/routers/files.py script of the system for launching and managing large language models in LoLLMS Lord of Large Language Multimodal Systems involves unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to write any files they...
The vulnerability of the gso_features_check() function in Linux operating systems allows a hacker to gain unauthorized access to confidential information.
The vulnerability of the gsofeaturescheck function in Linux operating systems is related to the access to an uninitialized pointer. Exploiting this vulnerability could allow an attacker to gain unauthorized access to confidential information...
The vulnerability of the pn532_receive_buf() function in Linux operating systems allows a hacker to trigger a service failure.
The vulnerability of the pn532receivebuf function in Linux operating systems is related to incorrect input of configuration data. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the hci_cmd_sync_queue_once() function in Linux kernel allows a attacker to cause a service failure.
The vulnerability of the hcicmdsyncqueueonce function in Linux operating systems is related to the failure to release resources after their useful lifespan has ended. Exploiting this vulnerability can allow an attacker to cause service failures...
The vulnerability of the hci_le_remote_conn_param_req_evt() function in the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the hcileremoteconnparamreqevt function in the Linux operating system is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the Upload() function in the dash-uploader library allows a hacker to trigger a service failure.
The vulnerability of the Upload function in the dash-uploader library is related to an uncontrolled resource consumption when processing the maxfilesize parameter. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the ecam_channel_write() function in the implementation of the remote desktop protocol FreeRDP allows a intruder to trigger a service failure.
The vulnerability of the ecamchannelwrite function in the FreeRDP remote desktop protocol is related to the use of memory after it is freed. Exploiting this vulnerability could allow a malicious actor to cause a service failure...
The vulnerability of the software for working with Azure Machine Learning algorithms is related to the lack of protective measures for website structures, allowing attackers to perform spear-phishing attacks.
The vulnerability of the software for working with Azure Machine Learning algorithms is related to the lack of security measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform spear-phishing attacks remotely...
The vulnerability of the _download_image_to_temp() function in the system, which is used for launching and managing large language models in LoLLMS (Lord of Large Language Multimodal Systems), allows a hacker to perform an SSRF attack.
The vulnerability of the downloadimagetotemp function in the system for launching and managing large language multimodal systems LoLLMS is related to insufficient testing of requests on the server side. Exploiting this vulnerability could allow a malicious actor to perform an SSRF attack...
The vulnerability of the data protection software through backup using PowerProtect Data Domain for Dell EMC Data Domain Operating Systems allows a intruder to execute arbitrary commands.
The vulnerability of the data protection software through backup using PowerProtect Data Domain for Dell EMC Data Domain Operating Systems DD OS is related to the failure to take measures to neutralize specific elements. Exploiting this vulnerability can allow an attacker to execute arbitrary...
The vulnerability of the hci_cmd_sync_queue_once() function in Linux operating systems allows a attacker to compromise the confidentiality and accessibility of the protected information.
The vulnerability of the hcicmdsyncqueueonce function in Linux operating systems is related to the failure to release resources after their useful lifespan has ended. Exploiting this vulnerability can allow an attacker to compromise the confidentiality and accessibility of the protected informati...
The vulnerability of the `bnxt_hwrm_func_backing_store_qcaps_v2()` function in Linux kernels allows a hacker to trigger a service failure.
The vulnerability of the bnxthwrmfuncbackingstoreqcapsv2 function in Linux kernels is related to the use of a pointer offset that is out of range. Exploiting this vulnerability could allow an attacker to trigger a service failure...
The vulnerability in the crypto/authencesn.c module of Linux operating systems allows a hacker to trigger a service failure.
The vulnerability in the crypto/authencesn.c module of Linux operating systems is related to incorrect processing of structural elements. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability in the net/bluetooth/mgmt.c module of the Linux operating system allows a hacker to cause a service failure.
The vulnerability in the net/bluetooth/mgmt.c module of the Linux operating system is related to insufficient input data validation. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the hci_cmd_sync_queue_once() function in Linux kernel allows a attacker to cause a service failure.
The vulnerability of the hcicmdsyncqueueonce function in Linux operating systems is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability in the DevVGA_VBVA.cpp script of the Core component in the Oracle VM VirtualBox virtual machine allows a hacker to trigger a service failure.
The vulnerability in the DevVGAVBVA.cpp script of the Core component in the Oracle VM VirtualBox virtual machine is related to a numerical overflow resulting from pointer swapping. Exploiting this vulnerability can allow an attacker to cause a system failure...
The vulnerability of the pnm_load_raw() function in the file-pnm.c component of the GIMP graphic editor allows a hacker to cause a service failure.
The vulnerability of the pnmloadraw function in the file-pnm.c component of the GIMP graphic editor is related to integer overflow. Exploiting this vulnerability could allow an attacker to cause a system failure...
The vulnerability of the mod_md module in the Apache HTTP Server, related to pointer manipulation, allows attackers to trigger resource exhaustion or server failures.
The vulnerability of the modmd module in the Apache HTTP Server is related to pointer arithmetic errors. Exploiting this vulnerability can allow an attacker to cause resource exhaustion or server failures...
The vulnerability of the Python programming language interpreter, which allows attackers to compromise data integrity
The vulnerability of the Python interpreter is related to the failure to take measures to neutralize CRLF sequences. Exploiting this vulnerability allows a remote attacker to compromise data integrity...
The vulnerability of the xfrm component in the Linux operating system’s kernel allows a hacker to elevate their privileges to the level of root.
The vulnerability of the xfrm component in the Linux operating system’s kernel is related to the execution of operations outside the buffer boundaries. Exploiting this vulnerability can allow an attacker to elevate their privileges to the root level...
The vulnerability of the mod_proxy_ajp() module in the Apache HTTP Server allows a hacker to cause a service failure.
The vulnerability of the modproxyajp module in the Apache HTTP Server is related to buffer overflows in dynamic memory. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the ajp_parse_data() function in the Apache HTTP Server allows a hacker to disclose confidential information.
The vulnerability of the ajpparsedata function in the Apache HTTP Server is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to disclose confidential information remotely...
The vulnerability of the Jenkins GitHub plugin, related to the lack of protection for website structures, allows attackers to perform cross-site scripting attacks.
The vulnerability of the Jenkins GitHub plugin is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...
The vulnerability of Google Chrome’s Blink rendering module allows a hacker to replace the user interface.
The vulnerability of Google Chrome’s Blink rendering module involves bypassing authentication using a password that is controlled by the user. Exploiting this vulnerability allows an attacker to remotely replace the user’s interface...
The vulnerability of the Fullscreen component in the Google Chrome browser allows a hacker to bypass existing security restrictions.
The vulnerability of the Fullscreen component in Google Chrome browser relates to the ability to utilize memory after it is freed. Exploiting this vulnerability could allow a malicious actor to bypass existing security restrictions through a specially created HTML page...
Vulnerability of the adbd_tls_verify_cert() function in the Android operating system, allowing a hacker to execute arbitrary code
The vulnerability of the adbdtlsverifycert function in the Android operating system is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the NPM packet manager’s vm2 library, related to improper code generation management, allows an attacker to execute arbitrary code.
The vulnerability of the NPM package manager’s vm2 library is related to incorrect code generation management. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the espintcp_close() function in the Linux operating system allows a hacker to execute arbitrary code.
The vulnerability of the espintcpclose function in the Linux operating system is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the load_image() function in the plug-ins/common/file-jp2.c component of the GIMP graphic editor allows a hacker to induce a service failure.
The vulnerability of the loadimage function in the plug-ins/common/file-jp2.c component of the GIMP graphic editor is related to the execution of an operation outside the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause a system failure...
The vulnerability of Google Chrome browser’s Blink rendering module allows a hacker to execute arbitrary code.
The vulnerability of Google Chrome’s Blink rendering module is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially created HTML page...
The vulnerability of the InterestGroups component in the Google Chrome browser allows a hacker to elevate their privileges and execute arbitrary code.
The vulnerability of the InterestGroups component in the Google Chrome browser is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to enhance their privileges and execute arbitrary code...
The vulnerability of the Skia component in Google Chrome browser allows a hacker to execute arbitrary code.
The vulnerability of the Skia component in Google Chrome’s browser is related to the ability to utilize memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the Password component in the Google Chrome browser allows a hacker to redirect users to a malicious web page.
The vulnerability of the Password component in Google Chrome browser relates to the possibility of using memory after it is freed. Exploiting this vulnerability could allow a remote attacker to redirect users to malicious web pages...
The vulnerability of Google Chrome’s ServiceWorker component allows a hacker to redirect users to a malicious web page and execute arbitrary code.
The vulnerability of Google Chrome’s ServiceWorker component relates to the ability to utilize memory after it is released. Exploiting this vulnerability could allow a remote attacker to redirect users to malicious web pages and execute arbitrary code...
The vulnerability of the user interface of the universal monitoring system Zabbix allows a intruder to execute arbitrary JavaScript code.
The vulnerability of the user interface of the Zabbix monitoring system is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code remotely...
The vulnerability of the stb_image.h component in the C/C++ Libstb library, which implements the SIXEL Libsixel encoder/decoder, allows a hacker to cause a service failure.
The vulnerability of the stbimage.h component in the C/C++ Libstb library, which implements the SIXEL Libsixel encoder/decoder, is related to pointer dereferencing errors. Exploiting this vulnerability could allow an attacker to cause a service failure by using a specially created PICT file...
The vulnerability of the administration console of the broker’s messaging software platform Apache ActiveMQ allows a hacker to execute arbitrary code.
The vulnerability of the administration console of the broker’s software platform, Apache ActiveMQ, is related to deficiencies in the code generation management mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the Accessibility component in Google Chrome allows a perpetrator to execute arbitrary code.
The vulnerability of Google Chrome’s Accessibility component relates to access to resources through incompatible types. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the Skia component in Google Chrome browser allows a hacker to escape from an isolated software environment.
The vulnerability of the Skia component in Google Chrome browser relates to writing beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to escape from a isolated software environment through a specially created HTML page...
The vulnerability of the /etc/skel component in Demon allows for triggering of a service failure by other applications called Oddjob. This enables a hacker to cause a service failure.
The vulnerability of the /etc/skel component in the demon is related to the simultaneous execution using a shared resource with incorrect synchronization. Exploiting this vulnerability can allow an attacker to cause service failures...