90509 matches found
The vulnerability of the IBM Tivoli Netcool Impact platform for automating work processes allows a perpetrator to influence the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the IBM Tivoli Netcool Impact automation platform lies in the ability to disclose information through registration files. Exploiting this vulnerability could allow attackers to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of the Microsoft SQL Server database management system lies in the lack of measures taken to protect SQL query structures, allowing attackers to enhance their privileges.
The vulnerability of the Microsoft SQL Server database management system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the Flare file-sharing platform, related to bypassing authentication using a user-controlled key, allows attackers to escalate their privileges.
The vulnerability of the Flare file-sharing platform relates to bypassing authentication using a user-controlled key. Exploiting this vulnerability allows a malicious actor to increase their privileges remotely...
The vulnerability of the Microsoft Management Console (MMC) on Windows operating systems, which allows a hacker to increase their privileges
The vulnerability of the Microsoft Management Console MMC on Windows operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the Windows Ancillary Function Driver for WinSock operating system allows attackers to increase their privileges.
The vulnerability of the Windows Ancillary Function Driver for WinSock operating system is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to gain increased privileges...
The vulnerability of D-Link DI-8003 router microprogramming software, related to buffer overflow in the stack, allows a hacker to trigger a service failure.
The vulnerability of D-Link DI-8003 router’s microprogramming software is related to buffer overflow in the stack when processing the customerror parameter. Exploiting this vulnerability allows an attacker to cause a service failure by sending a specially crafted GET request to the /user.asp...
The vulnerability of the Shell command shell in Windows operating systems allows attackers to bypass security restrictions.
The vulnerability of the Shell command shell in Windows operating systems is related to a breach of data protection mechanisms. Exploiting this vulnerability allows an attacker to circumvent security restrictions remotely...
The vulnerability of the TCP/IP protocol implementation in Windows operating systems allows a perpetrator to execute arbitrary code.
The vulnerability of the TCP/IP protocol implementation in Windows operating systems is related to synchronization errors when using shared resources. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Shell command shell in Windows operating systems, which allows attackers to exploit their privileges
The vulnerability of the Shell command shell in Windows operating systems is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to gain increased privileges...
The vulnerability of the encryption mechanism for flash memory (XTS-AES with pseudo-rounds) in the ESP32-C5 chip allows a hacker to recover the AES keys.
The vulnerability of the XTS-AES encryption mechanism with pseudo-rounds on the ESP32-C5 chip is related to the lack of protection for service data. Exploiting this vulnerability allows a hacker to recover the AES keys...
The vulnerability of the Function Discovery Service (fdwsd.dll) on Windows operating systems allows a perpetrator to escalate their privileges.
The vulnerability of the Function Discovery Service fdwsd.dll on Windows operating systems is related to buffer overflow in dynamic memory. Exploiting this vulnerability can allow an attacker to gain increased privileges...
The vulnerability in the implementation of the Internet Key Exchange (IKE) protocol in Windows operating systems allows a hacker to execute arbitrary code.
The vulnerability of the Internet Key Exchange IKE protocol implementation in Windows operating systems is related to a memory reclamation error. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
The vulnerability of the HTTP.sys driver on Windows operating systems, which allows a hacker to trigger a service failure
The vulnerability of the HTTP.sys driver on Windows operating systems is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
The vulnerability of the OpenShift Update Service, a service for updating corporate platform Red Hat OpenShift Container Platform, allows attackers to increase their privileges.
The vulnerability of the OpenShift Update Service, a component of the Red Hat OpenShift Container Platform corporate platform, is related to the improper use of standard permissions. Exploiting this vulnerability could allow an attacker to add a new user with any arbitrary UID and gain...
Vulnerability of Microsoft Office packages, 365 Apps for Enterprise, and Microsoft Excel spreadsheet editors, related to memory usage after it is released, allowing attackers to execute arbitrary code.
The vulnerability of Microsoft Office packages, 365 Apps for Enterprise, and Microsoft Excel spreadsheet editors is related to the use of memory after it is released. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the Gimp image processing library, related to integer overflow, allows an attacker to execute arbitrary code.
The vulnerability of the Gimp image processing library is related to a numerical overflow condition. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
The vulnerability of the Projected File System (ProjFS) file system in the Windows operating system, which allows a hacker to increase their privileges
The vulnerability of the Projected File System ProjFS in the Windows operating system is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the setFirewallType function (/cgi-bin/cstecgi.cgi) in the Totolink A7100RU router microprogramming software allows a hacker to bypass existing security restrictions and execute arbitrary commands.
The vulnerability of the setFirewallType function /cgi-bin/cstecgi.cgi of the Totolink A7100RU router software relates to the failure to eliminate special elements used in the operating system’s command for processing the firewallType parameter. Exploiting this vulnerability allows a remote...
The vulnerability of the Microsoft Teams integration package with the security platforms Cortex XSOAR and Cortex XSIAM arises from improper verification of the cryptographic signature. This allows an attacker to gain access to read and modify data.
The vulnerability of the Microsoft Teams integration package with the security platforms Cortex XSOAR and Cortex XSIAM is related to improper verification of the cryptographic signature. Exploiting this vulnerability can allow an attacker operating remotely to gain read and modify access to data...
The vulnerability of the network traffic analysis, network detection, and response capabilities of the Cortex XDR Agent for Windows operating systems arises from external system management or configuration settings, allowing attackers to disable the Cortex XDR Agent.
The vulnerability of the network traffic analysis, network detection, and response capabilities of the Cortex XDR Agent for Windows operating systems is related to external system management or configuration settings. Exploiting this vulnerability could allow attackers to disable the Cortex XDR...
The vulnerability of the itimer_delete() function in the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the itimerdelete function in the Linux operating system is related to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of open-source development environments for UEFI EDK2 lies in the disclosure of information, which allows attackers to enhance their privileges and gain unauthorized access to protected information.
The vulnerability of open-source development environments for UEFI EDK2 is related to the exposure of information. Exploiting this vulnerability can allow attackers to enhance their privileges and gain unauthorized access to protected information...
The vulnerability of the Git-based software platform for collaborative code development on GitLab arises from the use of a dangerous method or function that allows attackers to compromise the confidentiality and integrity of protected information.
The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to the use of a dangerous method or function. Exploiting this vulnerability can allow an attacker, operating remotely, to compromise the confidentiality and integrity of the protected...
The vulnerability of the Comindware Platform for business process management lies in the incorrect limitation of the path name to the restricted access catalog, allowing a hacker to execute arbitrary code.
The vulnerability of the Comindware Platform for business process management is related to an incorrect restriction on the path name to the restricted catalog. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability in the web interface of the software for managing Cisco Unified Contact Center Enterprise (Cisco Unified CCX) allows a attacker to execute arbitrary code.
The vulnerability in the web interface of the software for managing Cisco Unified Contact Center Enterprise Cisco Unified CCX is related to the lack of protective measures for the web page structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary codes remotely...
The vulnerability of the FortiAnalyzer and FortiAnalyzer-BigData software tools for monitoring and analyzing security events arises from the lack of protective measures for the SQL query structure. This allows attackers to execute arbitrary code.
The vulnerability of the FortiAnalyzer and FortiAnalyzer-BigData security event monitoring and analysis software lies in the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted netwo...
The vulnerability of the graphical user interface (GUI) of the FortiSIEM security management system allows attackers to perform cross-site scripting (XSS) attacks.
The vulnerability of the graphical user interface GUI of the FortiSIEM security management system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting XSS attacks by sending specially...
The vulnerability of the command-line interface (CLI) of the FortiClient for MAC security tool allows a perpetrator to increase their privileges.
The vulnerability of the command-line interface CLI of the Fortinet FortiClient security device is related to incorrect verification of the cryptographic signature. Exploiting this vulnerability can allow an attacker to enhance their privileges by sending specially created executable files...
The vulnerability of the graphical user interface (GUI) of the FortiOS operating system’s Node.js daemon, the FortiProxy proxy server for protecting against internet attacks, the FortiPAM identity management system, the FortiSRA software for secure remote access, and the FortiSwitchManager local management platform, allows a malicious actor to execute arbitrary code or commands.
The vulnerability of the graphical user interface GUI of the FortiOS operating system’s Node.js daemon, the FortiProxy proxy server for protecting against internet attacks, the FortiPAM identity management system, the FortiSRA software for secure remote access, and the FortiSwitchManager local...
The vulnerability of D-Link DI-8003 router microprogramming software, related to buffer overflow in the stack, allows a hacker to trigger a service failure.
The vulnerability of D-Link DI-8003 router microprogramming software is related to buffer overflow in the stack when processing the name parameter. Exploiting this vulnerability allows an attacker to cause a service failure by sending a specially crafted GET request to the /urlgroup.asp endpoint...
The vulnerability of the Agents component in Google Chrome and Microsoft Edge browsers allows a hacker to trigger a service failure.
The vulnerability of the Agents component in Google Chrome and Microsoft Edge relates to the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service interruptions through a specially crafted HTML page...
The vulnerability of the allowlist mode of the AI agent OpenClaw (formerly ClawdBot or MoltBot) allows a violator to execute arbitrary commands.
The vulnerability of the allowlist mode of the AI agent OpenClaw previously – ClawdBot or MoltBot is related to the failure to take measures to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the setScheduleCfg function (/cgi-bin/cstecgi.cgi) in the Totolink A7100RU router’s microprogramming software allows a hacker to circumvent existing security restrictions and execute arbitrary commands.
The vulnerability of the setScheduleCfg function /cgi-bin/cstecgi.cgi in the Totolink A7100RU router software lies in the lack of measures to neutralize special elements used in the operating system’s commands when processing the mode parameter. Exploiting this vulnerability allows a remote...
The vulnerability of the Dell PowerScale OneFS operating system, related to deficiencies in access control, allows attackers to escalate their privileges.
The vulnerability of the Dell PowerScale OneFS operating system is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to increase their privileges...
The vulnerability of the imaplib module in the Python interpreter allows a hacker to execute arbitrary code.
The vulnerability of the imaplib module in the Python interpreter is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the ASN.1 library Libtasn1, related to writing outside the buffer boundary, allows a attacker to cause a service failure.
The vulnerability of the ASN.1 library Libtasn1 is related to writing outside the buffer boundaries. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the MESCIUS ActiveReports.NET reporting tool, related to deficiencies in the deserialization mechanism, allows a perpetrator to execute arbitrary code.
The vulnerability of the MESCIUS ActiveReports.NET reporting tool is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
The vulnerability of the WebView component of Google Chrome’s browser allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the WebView component of Google Chrome’s browser involves the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information through a specially created HTML page...
The vulnerability of the NetAuth component in macOS operating systems allows a perpetrator to bypass security measures and compromise the integrity and accessibility of protected information.
The vulnerability of the NetAuth component in macOS operating systems arises due to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to gain control over the system and compromise the integrity and accessibility of the protected information...
The vulnerability of the Protobuf data serialization protocol, related to uncontrolled recursion, allows attackers to cause service failures.
The vulnerability of the Protobuf data serialization protocol is related to uncontrolled recursion. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...
The vulnerability of the TM2 Monitoring platform, related to deficiencies in the authentication process, allows attackers to disclose protected information.
The vulnerability of the TM2 Monitoring platform is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...
The vulnerability of the graphical user interface (GUI) of the FortiADC application controller allows a hacker to execute arbitrary code.
The vulnerability of the graphical user interface GUI of the FortiADC application delivery controller is related to the lack of measures taken to neutralize html tags. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially created URL address...
The vulnerability of the Emby Server, a management and multimedia transmission server, relates to the lack of a password recovery mechanism, allowing attackers to gain full access to the system.
The vulnerability of the Emby Server, a management and multimedia transmission server, is related to the lack of a password recovery mechanism. Exploiting this vulnerability could allow an attacker to gain full access to the system remotely...
The vulnerability of the Apache Tomcat application server, related to insufficient input validation, allows attackers to execute arbitrary code.
The vulnerability of the Apache Tomcat application server is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Apache Tomcat application server, related to insufficient input validation, allows attackers to execute arbitrary code.
The vulnerability of the Apache Tomcat application server is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the OCSP server component in Apache Tomcat allows a hacker to execute arbitrary code.
The vulnerability of the OCSP server component in Apache Tomcat is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the proc_readdir_de() function in the Linux operating system allows a hacker to execute arbitrary code or cause a service failure.
The vulnerability of the procreaddirde function in the Linux operating system is related to the possibility of using memory after it has been freed. Exploiting this vulnerability could allow an attacker to execute arbitrary code or cause service failures...
The vulnerability of the Linux operating system’s kernel’s IPv6 component allows attackers to compromise the integrity and accessibility of protected information.
The vulnerability of the Linux operating system’s IPv6 kernel component is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow attackers to compromise the integrity and accessibility of protected information...
The vulnerability of the memfd_secret() function in the Linux operating system’s kernel allows a hacker to induce a service failure.
The vulnerability of the memfdsecret function in the Linux operating system’s kernel relates to the possibility of exploiting memory after it is freed. Exploiting this vulnerability could allow a perpetrator to cause a service failure...
The vulnerability of the brelse() function in the Linux operating system’s kernel allows a attacker to compromise the integrity and accessibility of the protected information.
The vulnerability of the brelse function in the Linux operating system’s kernel is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow an attacker to compromise the integrity and accessibility of the protected information...