90509 matches found
The vulnerability of the Windows Installer component on Windows operating systems allows a perpetrator to elevate their privileges.
The vulnerability of the Windows Installer component in Windows operating systems is related to improper handling of insufficient permissions or privileges. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the Windows Ancillary Function Driver for WinSock on Windows operating systems allows a hacker to increase their privileges.
The vulnerability of the Windows Ancillary Function Driver for WinSock operating systems is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to gain elevated privileges...
The vulnerability of the Windows Encrypting File System (EFS) component in Windows operating systems allows a perpetrator to elevate their privileges.
The vulnerability of the Windows Encrypting File System EFS component in operating systems involves the execution of operations outside the buffer boundaries. Exploiting this vulnerability can allow an attacker to gain elevated privileges...
The vulnerability of the icns_slurp() function in the Gimp image processing library allows a hacker to cause application failures or expose confidential information.
The vulnerability of the icnsslurp function in the Gimp image processing library is related to reading data beyond the allowable range in memory. Exploiting this vulnerability could allow an attacker to cause system failures or expose confidential information...
The vulnerability of the TIM image loader in the Gimp image processing library allows a hacker to induce a service failure.
The vulnerability of the TIM image loader in the Gimp image processing library is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the Gimp image processing library, related to integer overflow, allows attackers to execute arbitrary code or cause system failures.
The vulnerability of the Gimp image processing library is related to a numerical overflow condition. Exploiting this vulnerability can allow an attacker to execute arbitrary code or cause service interruptions...
The vulnerability of the AI agent OpenClaw (formerly known as ClawdBot or MoltBot) arises from the failure to take measures to neutralize special elements, allowing the intruder to execute arbitrary code.
The vulnerability of the AI agent OpenClaw formerly known as ClawdBot or MoltBot is related to the failure to take measures to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the onRegister() function in the Fastify framework, a Node.js software platform, allows attackers to compromise the confidentiality and integrity of the protected information.
The vulnerability of the onRegister function in the Fastify framework, a Node.js software platform, is related to the occurrence of interpretation conflicts when processing HTTP headers’ names and values. Exploiting this vulnerability allows an attacker to compromise the confidentiality and...
The vulnerability of the PowerShell command interpreter for Windows operating systems allows attackers to circumvent existing security restrictions.
The vulnerability of PowerShell command interpreters on Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow attackers to bypass existing security restrictions...
The vulnerability of the graphical user interface of Fortinet’s FortiNDR and FortiVoice software solutions for intrusion detection and prevention allows attackers to gain unauthorized access to protected information.
The vulnerability of the graphical user interface of Fortinet FortiNDR and FortiVoice, software solutions for corporate telephony, is related to errors in information processing. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected...
The vulnerability of the XWiki platform for creating collaborative web applications lies in the shortcomings of the security measures used to protect the structure of web pages. This allows attackers to compromise the confidentiality and integrity of the protected information.
The vulnerability of the XWiki Platform lies in the shortcomings of the security measures used to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality and integrity of the protected information...
The vulnerability of the FFmpeg multimedia library, related to integer overflows, allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the FFmpeg multimedia library is related to a potential overflow condition. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of the command-line interface of FortiWeb web applications, which allows a hacker to execute arbitrary code.
The vulnerability of the command-line interface of FortiWeb web applications is related to errors in the mechanism for handling relative pathnames to the directory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the graphical user interface of the software solution for coordinating the operation of cybersecurity systems and for managing real-time incident responses in Fortinet FortiSOAR allows attackers to compromise the confidentiality of the protected information.
The vulnerability of the graphical user interface of the software solution for coordinating the operation of cybersecurity systems and for managing real-time incident responses in Fortinet FortiSOAR is related to insufficient validation of requests on the server side. Exploiting this vulnerabilit...
The vulnerability of the ASUS DriverHub tool for installing and updating drivers is related to synchronization errors when using a shared resource (“Race Situation”). This vulnerability allows a hacker to gain increased privileges.
The vulnerability of the ASUS DriverHub tool for installing and updating drivers is related to synchronization errors when using a shared resource “Race Situation”. Exploiting this vulnerability can allow attackers to gain increased privileges...
The vulnerability of Fortinet FortiOS operating systems lies in the lack of authentication for critical functions, allowing attackers to execute derivative code or commands.
The vulnerability of Fortinet FortiOS operating systems is related to the lack of authentication for critical functions. Exploiting this vulnerability allows a malicious actor to execute derived code or commands using specially crafted packages...
The vulnerability of the graphical user interface of the network access control device FortiNAC-F allows a perpetrator to compromise the integrity of the protected information.
The vulnerability of the graphical user interface of the FortiNAC-F network access control device lies in the redirection of URLs to an unreliable website using a specially created CSV file. Exploiting this vulnerability allows a remote attacker to compromise the integrity of the protected...
The vulnerability of the Mattermost instant messaging application, related to synchronization errors when using a shared resource (“Race Situation”), allows a violator to compromise the confidentiality and integrity of the protected information.
The vulnerability of the Mattermost instant messaging application is related to synchronization errors when using a shared resource “Race Situation”. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality and integrity of the protected information...
The vulnerability of the syncCodeBase() function in the Composer dependency management tool allows a hacker to inject arbitrary commands.
The vulnerability of the syncCodeBase function in the Composer dependency management tool is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to inject arbitrary commands through specially created source URLs or URLs...
The vulnerability of the libp2p-rust library server allows a hacker to trigger a service failure.
The vulnerability of the libp2p-rust library server is related to the unlimited distribution of resources. Exploiting this vulnerability could allow a malicious actor to cause service failures by sending DISCOVER requests...
The software’s vulnerability regarding the coordination of security systems’ operations and the real-time management of incident responses in Fortinet FortiSOAR, related to the storage of passwords in a recoverable format, allows attackers to influence the confidentiality of protected information.
The vulnerability of the software for coordinating the operation of cybersecurity systems and for managing incident responses in real-time with Fortinet FortiSOAR lies in the storage of passwords in a recoverable format. Exploiting this vulnerability can allow an attacker, operating remotely, to...
The vulnerability of the Fortinet FortiClient Enterprise Management Server (EMS) server lies in the use of a strictly encrypted cryptographic key, which allows an attacker to compromise the confidentiality and integrity of the protected information.
The vulnerability of the Fortinet FortiClient Enterprise Management Server EMS server lies in the use of a strictly encrypted cryptographic key. Exploiting this vulnerability could allow an attacker to compromise the confidentiality and integrity of the protected information...
The vulnerability of the FortiSandbox threat detection and mitigation system, related to the use of files and directories accessible from external parties, allows a intruder to gain unauthorized access to protected information.
The vulnerability of the FortiSandbox threat detection and mitigation system lies in the use of files and directories accessible from external parties. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...
The vulnerability of the software for coordinating the operation of security systems and for managing real-time incident responses in Fortinet FortiSOAR lies in the lack of protection for website structures. This allows attackers to execute XSS attacks.
The vulnerability of the graphical user interface of the software solution for coordinating the operation of cybersecurity systems and for managing incident responses in real-time is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a...
The vulnerability of the application software interface of the Fortinet FortiSOAR solution for coordinating the operation of cybersecurity systems and for managing real-time incident responses allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the application software interface of the software platform for coordinating the operation of cybersecurity systems and for managing real-time incident responses in Fortinet FortiSOAR is related to deficiencies in authentication procedures. Exploiting this vulnerability could...
The vulnerability of the PowerChute Serial Shutdown software for managing uninterruptible power supplies is related to insufficient protection of registration data, allowing a intruder to gain unauthorized access to protected information.
The vulnerability of the PowerChute Serial Shutdown software for managing uninterruptible power sources is related to insufficient protection of registration data. Exploiting this vulnerability could allow an intruder to gain unauthorized access to the protected information...
The vulnerability of FortiWeb web applications, related to writing beyond the buffer boundary, allows attackers to execute arbitrary code.
The vulnerability of FortiWeb web applications is related to writing outside the buffer boundaries. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or commands using specially crafted HTTP requests...
The vulnerability of the software for coordinating the operation of cybersecurity systems and for managing real-time incident responses in Fortinet FortiSOAR arises from incorrect restrictions on the path to the catalog. This allows attackers to influence the confidentiality of the protected information.
The vulnerability of the software for coordinating the operation of cybersecurity systems and for managing incident responses in real-time with Fortinet FortiSOAR is related to an incorrect limitation on the path to the catalog. Exploiting this vulnerability could allow a malicious actor to...
The vulnerability of the graphical user interface of the software solution for coordinating the operation of cybersecurity systems and for managing real-time incident responses in Fortinet FortiSOAR allows a hacker to obtain passwords for the installed connectors.
The vulnerability of the graphical user interface of the software solution for coordinating the operation of cybersecurity systems and for managing real-time incident responses in Fortinet FortiSOAR is related to the storage of passwords in a recoverable format. Exploiting this vulnerability can...
The vulnerability of the endpoint of the M-Files Server API for document automation allows a perpetrator to trigger a service failure.
The vulnerability of the endpoint API of the M-Files Server automation platform for document processing is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the virtual storage device in the cloud backup system, created using the NetWorker software, allows a hacker to increase their privileges.
The vulnerability of the virtual storage device for backup stored using the NetWorker software, the Dell CloudBoost Virtual Appliance, involves unencrypted storage of critical information. Exploiting this vulnerability could allow a malicious actor to gain elevated privileges remotely...
The vulnerability of the Bluetooth interface of microprogrammed handheld barcode scanners and Honeywell Handheld Scanners allows a intruder to execute arbitrary code.
The vulnerability of the Bluetooth interface in microprogrammed handheld barcode scanners and Honeywell Handheld Scanners lies in the lack of authentication for a critical function. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
The vulnerability of the cupsd server daemon in the CUPS printing system allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the cupsd server daemon in the CUPS printing system is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the monitoring and surveillance system of the Grafana platform allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the monitoring and surveillance platform for Grafana relates to the disclosure of information. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the get_options function in the CUPS printing server allows a attacker to execute arbitrary code.
The vulnerability of the getoptions function in the CUPS printing server is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Fortinet FortiManager Cloud software for centralized device management, as well as the FortiAnalyzer Cloud software for security event monitoring and analysis, arises from a buffer overflow in the dynamic memory. This vulnerability allows an attacker to execute arbitrary code.
The vulnerability of the Fortinet FortiManager Cloud device management software and the FortiAnalyzer Cloud security event monitoring and analysis software is related to buffer overflow in the dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using special...
The vulnerability of the Microsoft.NET Framework, related to synchronization errors when using shared resources, allows a perpetrator to cause a service failure.
The vulnerability of the Microsoft.NET Framework is related to synchronization errors when using a shared resource “Race Condition”. Exploiting this vulnerability can allow an attacker to cause service failures...
The vulnerability of the CUPS printing server stems from incorrect restrictions on the path to the directory, allowing attackers to compromise the integrity and accessibility of the protected information.
The vulnerability of the CUPS printing server is related to an incorrect limit on the path to the directory during the processing of the notify-recipient-uri parameter. Exploiting this vulnerability allows a malicious actor to compromise the integrity and accessibility of the protected informatio...
The vulnerability of the Jenkins automation server relates to the lack of protective measures for the website structure, allowing attackers to execute arbitrary code.
The vulnerability of the Jenkins automation server relates to the lack of protective measures for the web page structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the FortiSandbox threat detection and mitigation system, related to the lack of protection for website structures, allows attackers to execute arbitrary commands or code.
The vulnerability of the FortiSandbox threat detection and mitigation system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands or code...
The vulnerability of the software for centralized device management of Fortinet’s FortiManager and FortiManager Cloud, as well as the security event monitoring and analysis tools Fortinet’s FortiAnalyzer and FortiAnalyzer Cloud, stems from incorrect restrictions on the path to the restricted directory. This allows attackers to delete any files they desire.
The vulnerability of the Fortinet FortiManager, FortiManager Cloud, and the Fortinet FortiAnalyzer/FortiAnalyzer Cloud devices for monitoring and analyzing security events lies in incorrect restrictions on the path name to the restricted directory. Exploiting this vulnerability could allow an...
The vulnerability of the GLPI system for managing requests, incidents, and inventory of computer equipment is related to lack of access control, which allows an intruder to increase their privileges.
The vulnerability of the GLPI system’s request, incident, and asset inventory management processes, related to insufficient access control. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of Adobe Connect web conference software, related to deficiencies in the deserialization mechanism, allows attackers to execute arbitrary code.
The vulnerability of Adobe Connect web conference software is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user...
The vulnerability of the ColdFusion interpreter lies in the incorrect limitation on the path name to the catalog, which allows attackers to read arbitrary files.
The vulnerability of the ColdFusion interpreter is related to incorrect restrictions on path names to the catalog. Exploiting this vulnerability allows an attacker who operates remotely to read arbitrary files...
The vulnerability of the driver for auxiliary functions in Windows Sockets operating systems allows attackers to increase their privileges.
The vulnerability of the WinSock auxiliary function driver in Windows operating systems relates to the possibility of using memory after it is freed. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the Google Chrome browser’s CSS component, which allows a hacker to execute arbitrary code.
The vulnerability of the Google Chrome browser’s CSS component is related to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code using a specially created HTML page...
The vulnerability of the forward-auth plugin for the Apache APISIX cloud API gateway allows a hacker to bypass existing security mechanisms and gain unauthorized access to protected information.
The vulnerability of the forward-auth plugin for the Apache APISIX cloud API lies in the improper handling of CRLF sequences. Exploiting this vulnerability allows an attacker to bypass existing security mechanisms and gain unauthorized access to protected information by sending specially crafted...
The vulnerability of the sub_401F80() function in the microprogramming software for Wavlink WL-WN579A3 allows attackers to carry out XSS attacks.
The vulnerability of the sub401F80 function in the microprogramming software for Wavlink WL-WN579A3 relates to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a remote attacker to perform XSS attacks...
The vulnerability of the Mattermost instant messaging application, related to the lack of authentication, allows a malicious user to gain unauthorized access and modify protected information.
The vulnerability of the Mattermost instant messaging application is related to the lack of authentication. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access and modify protected information...
The vulnerability of the enhanceRequest function in the Fastify Node.js software framework allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the enhanceRequest function in the Fastify Node.js software framework is related to the occurrence of interpretation conflicts when processing HTTP header names and values. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, an...