The vulnerability of the distributed database management system Apache Cassandra, related to improper handling of privileges, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the distributed database management system Apache Cassandra is related to improper handling of privileges. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the Apache XML Graphics FOP transformation tool arises from improper restrictions on XML references to external objects, allowing attackers to execute XXE attacks.

The vulnerability of the Apache XML Graphics FOP transformation tool is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a remote attacker to perform XXE attacks...

The vulnerability of the Apache Pulsar IO Kafka Connector and the software Apache Pulsar IO Kafka Connect Adaptor lies in the insufficient protection of registration data, allowing attackers to disclose sensitive information.

The vulnerability of the Apache Pulsar IO Kafka Connector and the Apache Pulsar IO Kafka Connect Adapter software is related to insufficient protection of registration data. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...

The vulnerability of the `com.ilient.agentApi.LshwAgent#doPost` method in the SysAid hardware and software support and control automation software allows attackers to perform XXE attacks.

The vulnerability of the com.ilient.agentApi.LshwAgentdoPost method in SysAid’s automation software for supporting and controlling hardware and software systems is related to incorrect restrictions on XML links to external objects during the processing of the /lshw endpoint. Exploiting this...

The vulnerability of the GNOME graphical interface library libsoup allows a attacker to perform a “HTTP request hijacking” attack.

The vulnerability of the GNOME graphical interface’s libsoup library is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to carry out an “HTTP request hijacking” attack...

The vulnerability of the soup_auth_digest_authenticate() function in the GNOME graphical interface library allows a hacker to cause a service failure.

The vulnerability of the soupauthdigestauthenticate function in the GNOME graphical interface library libsoup is related to pointer dereferencing errors. Exploiting this vulnerability could allow a remote attacker to cause a service failure by sending a specially crafted POST request...

The vulnerability of the sample_conv regsub function in server-side HAProxy software arises from incorrect comparisons using erroneous factors, allowing attackers to compromise the accessibility of protected information.

The vulnerability of the sampleconv regsub function in HAProxy-related software is related to incorrect comparisons when error factors are used. Exploiting this vulnerability can allow a malicious actor to compromise the accessibility of protected information...

Vulnerability of the nla_put_notification_header() function in the drivers/block/drbd/drbd_nl.c module – This driver is part of the Linux kernel’s block device support mechanism. It allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

Vulnerability of the nlaputnotificationheader function in the drivers/block/drbd/drbdnl.c module – The Linux block device support driver is vulnerable due to the repeated use of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...

The vulnerability of the `make_aggr_tables_info` and `optimize_stage2` functions of the MariaDB database management system allows a hacker to cause service failures.

The vulnerability of the makeaggrtablesinfo and optimizestage2 functions in the MariaDB database management system is related to improper behavior. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

Vulnerability of the kmx61trigger_handler() function in the drivers/iio/imu/kmx61.c module – The driver supports various types of built-in sensors in the Linux operating system. An attacker could gain access to protected information or cause a service failure.

Vulnerability of the kmx61triggerhandler function in the drivers/iio/imu/kmx61.c module – The driver for supporting various types of built-in sensors in the Linux operating system relies on the use of an uninitialized resource. Exploiting this vulnerability could allow an attacker to access...

Vulnerability of the ads8688trigger_handler() function in the drivers/iio/adc/ti-ads8688.c module – This driver supports various types of built-in sensors in the Linux operating system. An attacker could exploit this vulnerability to gain access to protected information or cause service failures.

Vulnerability of the ads8688triggerhandler function in the drivers/iio/adc/ti-ads8688.c module – The Linux kernel driver for supporting various types of built-in sensors is vulnerable due to the use of an uninitialized resource. Exploiting this vulnerability could allow an attacker to access...

The vulnerability of the smc_listen_out() function in the net/smc/af_smc.c module of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the smclistenout function in the net/smc/afsmc.c module of the Linux operating system is related to the reutilization of previously released memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the...

The vulnerability of the led_tg_check() function in the net/netfilter/xt_LED.c module of the Linux operating system allows a hacker to compromise the confidentiality and accessibility of the protected information.

The vulnerability of the ledtgcheck function in the net/netfilter/xtLED.c module of the Linux operating system is related to reading beyond the buffer boundaries. Exploiting this vulnerability could allow an attacker to compromise the confidentiality and accessibility of the protected information...

The vulnerability of the browser’s Background Fetch API programming interface in Google Chrome, which allows a perpetrator to disclose protected information

The vulnerability of the Background Fetch API in Google Chrome browser’s software interface is related to the disclosure of information. Exploiting this vulnerability could allow a remote attacker to disclose sensitive information through a specially created HTML page...

The vulnerability of the Framework component of the Android operating system, which allows a hacker to increase their privileges

The vulnerability of the Framework component in the Android operating system relates to the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of the Framework component of the Android operating system, which allows a hacker to increase their privileges

The vulnerability of the Framework component in the Android operating system relates to the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of the Framework component of the Android operating system, which allows a hacker to increase their privileges

The vulnerability of the Framework component in the Android operating system relates to the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of the kubelet utility in the Kubernetes cluster management software allows a attacker to trigger a failure in the operation of the cluster.

The vulnerability of the kubelet utility in the Kubernetes cluster management software is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a attacker to cause a service failure due to the special HTTP packets sent intentionally...

The vulnerability of the library for implementing navigation in Android Jetpack Navigation Library lies in the improper definition of symbolic links before accessing a file. This allows attackers to bypass existing security restrictions, gain unauthorized access to the application, and inject arbitrary parameters into it.

The vulnerability of the Android Jetpack Navigation Library, which is used for navigation in applications, is related to incorrect definition of symbolic links before accessing the file. Exploiting this vulnerability can allow attackers to bypass existing security restrictions, gain unauthorized...

The vulnerability of the Siemens User Management Component (UMC) in products such as SIMATIC PCS neo, SINEC NMS, and Totally Integrated Automation Portal (TIA Portal) allows a attacker to trigger a service failure.

The vulnerability of the Siemens User Management Component UMC, which is found in products such as SIMATIC PCS neo, SINEC NMS, and Totally Integrated Automation Portal TIA Portal, relates to reading data outside the buffer boundaries in memory. Exploiting this vulnerability could allow a maliciou...

The vulnerability of the Siemens User Management Component (UMC) in products such as SIMATIC PCS neo, SINEC NMS, and Totally Integrated Automation Portal (TIA Portal) allows a attacker to trigger a service failure.

The vulnerability of the Siemens User Management Component UMC, which is found in products such as SIMATIC PCS neo, SINEC NMS, and Totally Integrated Automation Portal TIA Portal, relates to reading data outside the buffer boundaries in memory. Exploiting this vulnerability could allow a maliciou...

The vulnerability in the GetMdmMessage class of SysAid software allows attackers to perform XXE attacks.

The vulnerability in the GetMdmMessage class of SysAid support and control software relates to incorrect restrictions on XML links to external objects during the processing of the /mdm/checkin endpoint. Exploiting this vulnerability allows a remote attacker to perform XXE attacks...

The vulnerability of the ping tool in the web interface of the microprogramming software for routing and switching platform RUGGEDCOM ROX series, MX (MX5000, MX5000RE) and RX (RX1400, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, and RX5000), allows a hacker to execute arbitrary code.

The vulnerability of the ping tool in the web interface of the microprogramming software for routing and switching platform RUGGEDCOM ROX models series MX MX5000, MX5000RE and RX RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, and RX5000 is related to the absence of a mechanism to...

The vulnerability of the ping tool in the web interface of the microprogramming software for routing and switching platform RUGGEDCOM ROX series, MX (MX5000, MX5000RE) and RX (RX1400, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, and RX5000), allows a hacker to execute arbitrary code.

The vulnerability of the ping tool in the web interface of the microprogramming software for routing and switching platform RUGGEDCOM ROX models series MX MX5000, MX5000RE and RX RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536, and RX5000 is related to the absence of a mechanism to...

The vulnerability of the Siemens User Management Component (UMC) in products such as SIMATIC PCS neo, SINEC NMS, and Totally Integrated Automation Portal (TIA Portal) allows a attacker to trigger a service failure.

The vulnerability of the Siemens User Management Component UMC, which is found in products such as SIMATIC PCS neo, SINEC NMS, and Totally Integrated Automation Portal TIA Portal, relates to reading data outside the buffer boundaries in memory. Exploiting this vulnerability could allow a maliciou...

The vulnerability of the Desigo CC software platform lies in the lack of authentication for critical functions, allowing attackers to execute arbitrary code by sending specially crafted network requests.

The vulnerability of the Desigo CC software platform is related to the absence of authentication for a critical function. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted network requests...

The vulnerability of the “Sotbit: Extended Reviews” plugin, which stems from insufficient validation of input data, allows a hacker to execute arbitrary code.

The vulnerability of the “Sotbit: Extended Reviews” plugin is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the “Sotbit: Origami” plugin, which stems from insufficient validation of input data, allows a hacker to execute arbitrary code.

The vulnerability of the “Sotbit: Origami” plugin is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Apache InLong data integration platform, related to deficiencies in the deserialization mechanism, allows attackers to gain unauthorized access to protected information.

The vulnerability of the Apache InLong data integration platform is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to protected information by sending specially crafted data...

The vulnerability of the Apache Superset data visualization software lies in the lack of measures taken to protect the SQL query structure, allowing attackers to gain unauthorized access to the protected information.

The vulnerability of the Apache Superset data visualization software relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the protected information...

The vulnerability of the Apache OFBiz resource planning software lies in the lack of adequate protection measures for web page structures, allowing attackers to carry out XSS attacks.

The vulnerability of Apache OFBiz’s resource planning software is related to deficiencies in the security measures used to protect web page structures. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

The vulnerability of the Telnet protocol implementation in microcomputer-based Wi-Fi chips from Quantenna allows a intruder to gain unauthorized access to the device.

The vulnerability of the Telnet protocol implementation in Quantenna’s microprogrammable Wi-Fi chips lies in the lack of authentication for critical functions. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to the device...

The vulnerability of the QUIC protocol and CoreDNS server implementation allows a attacker to cause a service failure.

The vulnerability of the QUIC protocol and CoreDNS server lies in the unlimited distribution of resources. Exploiting this vulnerability could allow a malicious actor to cause service failures due to insufficient available RAM...

The vulnerability of the data processing driver (drivers/edac/bluefield_edac.c) in Linux operating systems allows a hacker to trigger a service failure.

The vulnerability of the data processing driver drivers/edac/bluefieldedac.c in Linux operating systems is related to integer overflow. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine allows attackers to execute arbitrary code or cause service interruptions.

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure...

The vulnerability of the function ieee80211_if_parse_active_links() in the net/mac80211/debugfs_netdev.c kernel module of Linux systems allows a hacker to cause a service failure.

The vulnerability of the function ieee80211ifparseactivelinks in the net/mac80211/debugfsnetdev.c module of the Linux kernel is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of the lzma_stream_decoder_mt() function in the liblzma library, a data compression package for XZ Utils, allows a hacker to cause a service failure.

The vulnerability of the lzmastreamdecodermt function in the liblzma library, a component of the XZ Utils data compression package, involves premature resource release due to pointer aliasing. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

The vulnerability of the amd_get_mmconfig_range() function in the arch/x86/kernel/amd_nb.c module of Linux’s operating systems allows a hacker to gain unauthorized access to protected information.

The vulnerability of the amdgetmmconfigrange function in the arch/x86/kernel/amdnb.c module of Linux operating systems is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

The vulnerability of the RP_checkCredentialsByBBS() function in the wireless signal amplifiers’ software from Linksys allows a hacker to execute arbitrary commands.

The vulnerability of the RPcheckCredentialsByBBS function in the Linksys wireless signal amplifiers’ software relates to the lack of measures taken to protect the website structure during the processing of the pwd parameter. Exploiting this vulnerability could allow a malicious actor to execute...

The vulnerability of the TarFile.extractall() and TarFile.extract() functions in the tarfile module of the Python programming language interpreter (CPython) allows attackers to write arbitrary files.

The vulnerability of the TarFile.extractall and TarFile.extract functions in the tarfile module of the CPython interpreter is related to an incorrect path name limitation for restricted access directories when processing the filter= parameter with a value of data or tar. Exploiting this...

The vulnerability of the SolarWinds DameWare Mini Remote Control software lies in its insecure management of privileges, allowing a malicious individual to escalate their privileges.

The vulnerability of the SolarWinds DameWare Mini Remote Control software-related remote access control tool is related to insecure management of privileges. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the qDecodeDataUrl() function in the QtCore module of the cross-platform software framework for developing Qt software, which allows a hacker to trigger a service failure.

The vulnerability of the qDecodeDataUrl function in the QtCore module of the cross-platform software framework for Qt development is related to insufficient validation of input data during the processing of the charset parameter. Exploiting this vulnerability could allow an attacker to cause...

The vulnerability in the built-in web server boa (/boafrm/formReflashClientTbl) of TOTOLINK X15 router microprogramming software allows a perpetrator to execute arbitrary commands or cause a service failure.

The vulnerability of the built-in web server software boa /boafrm/formReflashClientTbl of TOTOLINK X15 routers is related to the issue where the operation exceeds the buffer limits in memory when processing the submit-url parameter. Exploiting this vulnerability allows a remote attacker to execut...

The vulnerability of the built-in web server boa (/boafrm/formWsc) of TOTOLINK X15 router’s microprogramming software allows a intruder to execute arbitrary commands or cause a service failure.

The vulnerability of the built-in web server boa /boafrm/formWsc of TOTOLINK X15 routers is related to the issue where the operation’s output goes beyond the buffer in memory when processing the submit-url parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

The vulnerability of the built-in web server boa (/boafrm/formIpQoS) of TOTOLINK X15 router’s microprogramming software allows a intruder to execute arbitrary commands or cause a service failure.

The vulnerability of the built-in web server boa /boafrm/formIpQoS of TOTOLINK X15 router software is related to the issue of the operation exceeding the buffer in memory when processing the mac parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands or cau...

The vulnerability of the mptcp_pm_nl_append_new_local_addr() function in the net/mptcp/pm_netlink.c module of the Linux kernel allows a hacker to cause a service failure.

The vulnerability of the mptcppmnlAppendNewLocalAddr function in the net/mptcp/pmnetlink.c module of the Linux kernel is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

The vulnerability of the RP_UpgradeFWByBBS() function in the microprogrammed software for Linksys wireless signal amplifiers allows a intruder to execute arbitrary commands.

The vulnerability of the RPUpgradeFWByBBS function in the Linksys wireless signal amplifiers’ software relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary commands by sending a specially crafted...

The vulnerability of the Device Configuration component in the APIX application programming interface of the AXIS OS operating system allows a perpetrator to increase their privileges.

The vulnerability of the Device Configuration component in the APIX application programming interface of the AXIS OS operating system is related to incomplete filtering of specific elements. Exploiting this vulnerability can allow an attacker to increase their privileges remotely...

The vulnerability in the Jupyter Core environment for interactive code development and execution, related to an uncontrolled element in the search process, allows attackers to exploit their privileges.

The vulnerability in the Jupyter Core environment for interactive code development and execution is related to an uncontrolled element in the search process. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the sanitiseArg and sanitizeArg configuration in the network gateway for protecting web applications, ModSecurity, allows a attacker to cause a service failure.

The vulnerability of the sanitiseArg and sanitizeArg configuration functions in the network gateway for protecting web applications under ModSecurity is related to excessive resource consumption. Exploiting this vulnerability can allow an attacker to cause service interruptions...