74701 matches found
The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to unlimited resource distribution, allows a hacker to cause a service failure.
The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures...
The vulnerability of the GNOME graphical interface library libsoup, related to the execution of a loop with an unreachable exit condition, allows a hacker to cause a service failure.
The vulnerability of the GNOME graphical interface library libsoup is related to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability could allow a remote attacker to cause a service failure...
The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to bypassing the authentication process by using an alternative path or channel, allows attackers to circumvent existing security restrictions.
The vulnerability of the Git-based software platform for collaborative code development on GitLab relates to bypassing the authentication process by using an alternative path or channel. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions remotely...
The vulnerability of the Broker VM platform’s security layer, Cortex XDR, arises from improper code generation management, allowing attackers to execute arbitrary code.
The vulnerability of the Broker VM platform’s security platform, Cortex XDR, is related to incorrect code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the GlobalProtect Gateway and GlobalProtect Portal operating system PAN-OS allows a perpetrator to execute cross-site scripting attacks.
The vulnerability of the GlobalProtect Gateway and GlobalProtect Portal operating system in PAN-OS is related to insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from deficiencies in access control. These flaws allow attackers to circumvent security restrictions and gain unauthorized access to protected information.
The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain unauthorized access to protected information...
The vulnerability of Adobe Connect’s instant messaging program lies in the insufficient protection of the website structure, which allows attackers to perform cross-site scripting attacks.
The vulnerability of the Adobe Connect instant messaging program is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
The vulnerability of Adobe Connect’s instant messaging program lies in the insufficient protection of the website structure, which allows attackers to perform cross-site scripting attacks.
The vulnerability of the Adobe Connect instant messaging program is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
The vulnerability of Adobe InDesign’s computer layout automation tool, related to the swapping of pointers, allows a hacker to trigger a service failure.
The vulnerability of Adobe InDesign’s computer layout automation tool is related to the use of pointers. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of Adobe Connect’s instant messaging program lies in the insufficient protection of the website structure, which allows attackers to perform cross-site scripting attacks.
The vulnerability of the Adobe Connect instant messaging program is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
The vulnerability of the Apache Tomcat application server arises from a lack of mechanisms for encoding or shielding output data. This allows attackers to influence the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Apache Tomcat application server is related to the lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability allows a malicious actor to influence the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of the Apache Tomcat application server arises from incomplete cleanup of temporary or auxiliary resources, allowing attackers to cause service failures.
The vulnerability of the Apache Tomcat application server is related to incomplete cleanup of temporary or auxiliary resources. Exploiting this vulnerability allows a malicious actor to cause service failures by sending a large number of specially crafted HTTP requests...
The vulnerability of the DIWEB virtual machine Dionis-NX allows a hacker to elevate their privileges to the root level and execute arbitrary code.
The vulnerability of the DIWEB virtual machine Dionis-NX relates to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a malicious actor to elevate their privileges to root level and execute arbitrary code by introducing special characters...
The vulnerability of the DIWEB virtual machine on the Dionis-NX system allows a hacker to elevate their privileges to the root level.
The vulnerability of the DIWEB virtual machine Dionis-NX relates to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a malicious actor to elevate their privileges to root level by executing a specially crafted command from an SSH client...
The vulnerability of the PHP programming language interpreter, related to deficiencies in handling HTTP request headers, allows attackers to send hidden HTTP requests (HTTP Request Smuggling attack).
The vulnerability of the PHP programming language interpreter is related to deficiencies in the processing of HTTP request headers. Exploiting this vulnerability allows a malicious actor to send hidden HTTP requests a type of HTTP Request Smuggling attack...
The vulnerability of the centralized network management system, Cisco Catalyst SD-WAN Manager (formerly Cisco SD-WAN vManage), arises from incorrect path name restrictions in the access-restricted directory. This allows attackers to write arbitrary files.
The vulnerability of the centralized network management system, Cisco Catalyst SD-WAN Manager formerly Cisco SD-WAN vManage, is related to incorrect restrictions on the path name to the restricted access directory. Exploiting this vulnerability allows a malicious actor to write arbitrary files...
The vulnerability of the control panel of microprogrammed software for routers GL-A1300, GL-AX1800, GL-AXT1800, GL-MT3000, GL-MT2500, GL-MT6000, GL-MT1300, GL-MT300N-V2, GL-AR750S, GL-AR750, GL-AR300M, and GL-B1300 allows a hacker to gain unauthorized access to protected information, execute arbitrary code, and gain full control over the device.
The vulnerability of the control panel of microprogrammed software for routers GL-A1300, GL-AX1800, GL-AXT1800, GL-MT3000, GL-MT2500, GL-MT6000, GL-MT1300, GL-MT300N-V2, GL-AR750S, GL-AR750, GL-AR300M, and GL-B1300 is related to deficiencies in authentication procedures. Exploiting this...
The vulnerability of the software development platform for endpoint protection, MetaDefender Endpoint Security SDK (formerly OESIS), and the software for secure remote access to data, Palo Alto Networks GlobalProtect App, for Windows operating systems, stems from deficiencies in access control. This allows attackers to enhance their privileges.
The vulnerability of the MetaDefender Endpoint Security SDK formerly OESIS and the Palo Alto Networks GlobalProtect App software for securing remote access to data on Windows operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhan...
The vulnerability of the AES-128-CCM encryption algorithm in the operating system PAN-OS of network interfaces from Palo Alto Networks, including models PA-7500, PA 5400, PA 5400f, PA 3400, PA 1400, and PA 400, allows attackers to disclose confidential information.
The vulnerability of the AES-128-CCM encryption algorithm in the networking interfaces of the PAN-OS operating system of Palo Alto Networks’ devices such as PA-7500, PA 5400, PA 5400f, PA 3400, PA 1400, and PA 400 relates to the transmission of confidential information in plaintext. Exploiting th...
The vulnerability in the web interface of the operating system PAN-OS allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the PAN-OS operating system’s web management interface is related to the lack of measures taken to neutralize the scenario in the web page attributes. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to protected information...
The vulnerability of the Broker VM platform’s security system, Cortex XDR, arises from the lack of authentication for a critical function. This allows attackers to bypass the authentication process and disable certain internal services.
The vulnerability of the Broker VM platform’s security platform, Cortex XDR, is related to the absence of authentication for a critical function. Exploiting this vulnerability allows a malicious actor to bypass the authentication process and disable certain internal services...
The vulnerability of the software for providing secure remote access to data through the Palo Alto Networks GlobalProtect App for operating systems macOS lies in its lack of access control mechanisms. This allows attackers to trigger a service failure.
The vulnerability of the software for providing secure remote access to data through the Palo Alto Networks GlobalProtect App for operating systems on macOS is related to deficiencies in access control. Exploiting this vulnerability could allow a attacker to cause service interruptions...
The vulnerability of Google Chrome’s DevTools component, which allows a hacker to trigger a service failure
The vulnerability of Google Chrome’s DevTools component is related to reading data beyond the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...
The vulnerability of Google Chrome’s DevTools component, which allows a hacker to trigger a service failure
The vulnerability of Google Chrome’s DevTools component is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures...
The vulnerability of the Google Chrome web browser component, which allows a hacker to trigger a service failure.
The vulnerability of the Google Chrome web browser’s HTML component is related to buffer overflow. Exploiting this vulnerability could allow a malicious actor to cause a service failure...
The vulnerability of the AngularJS JavaScript framework for developing single-page applications relates to incomplete filtering of special elements, allowing attackers to perform cross-site scripting attacks.
The vulnerability of the AngularJS JavaScript framework for developing single-page applications is related to incomplete filtering of special elements. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...
The vulnerability of Azure AI Document Intelligence, a cloud-based AI service, arises from an incorrect restriction on the path to the restricted access catalog. This allows attackers to escalate their privileges.
The vulnerability of Azure AI Document Intelligence cloud service is related to an incorrect restriction on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to enhance their privileges remotely...
The vulnerability of Microsoft SharePoint Server and SharePoint Enterprise Server’s software packages lies in their deserialization mechanism flaws, which allows attackers to execute arbitrary code.
The vulnerability of Microsoft SharePoint Server and SharePoint Enterprise Server packages is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of Microsoft SharePoint Server and SharePoint Enterprise Server’s software packages lies in their deserialization mechanism flaws, which allows attackers to execute arbitrary code.
The vulnerability of Microsoft SharePoint Server and SharePoint Enterprise Server packages is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the Remote Desktop Gateway (RD Gateway) for Windows operating systems allows a hacker to trigger a service failure.
The vulnerability of Remote Desktop Gateway RD Gateway for Windows operating systems relates to an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...
The vulnerability of the Branch Prediction Unit (BPU) in Intel Core Ultra microprogramming systems allows attackers to disclose protected information.
The vulnerability of the Branch Prediction Unit BPU in Intel Core Ultra microprogrammed software processors is related to incorrect initialization of resources. Exploiting this vulnerability can allow attackers to disclose protected information...
The vulnerability of the driver for the trusted interface of the Windows operating system allows a hacker to disclose protected information.
The vulnerability of the Windows operating system’s trusted interface driver is related to the use of an uninitialized resource. Exploiting this vulnerability can allow a hacker to disclose sensitive information that is protected by security measures...
The vulnerability of Microsoft Excel spreadsheet editors in Microsoft Office packages and Microsoft 365 Apps for Enterprise allows a perpetrator to execute arbitrary code.
The vulnerability of Microsoft Excel spreadsheets within Microsoft Office products and Microsoft 365 Apps for Enterprise exists due to the presence of invalid references or links in Microsoft Excel files. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of Microsoft Excel spreadsheet editors in Microsoft Office packages and Microsoft 365 Apps for Enterprise allows a perpetrator to execute arbitrary code.
The vulnerability of Microsoft Excel spreadsheet editors within the Microsoft Office and Microsoft 365 Apps for Enterprise software packages is related to data type mixing errors. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the FUN_0040fffc function in the microprogramming software for ZyXEL AMG1302-T10B allows a hacker to write arbitrary files.
The vulnerability of the FUN0040fffc function in the microprogramming software for ZyXEL AMG1302-T10B is related to an incorrect limitation on the path name when processing the SESSIONID parameter. Exploiting this vulnerability allows a remote attacker to write arbitrary files by sending speciall...
The vulnerability of the dlopen() function in the system library glibc, which allows a hacker to execute arbitrary code
The vulnerability of the dlopen function in the glibc system library is related to the use of an insecure path for searching executable programs when processing the LDLIBRARYPATH variable. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially...
The vulnerability of Google Chrome’s DevTools component, which allows a hacker to trigger a service failure
The vulnerability of Google Chrome’s DevTools component is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures...
The vulnerability of the UserGate Next-Generation Firewall (NGFW), which is managed by the UserGate Management Center (UGMC), along with the UserGate Log Analyzer (LogAn), UserGate Security Information and Event Management (SIEM), arises due to insufficient security checks on the protected connection. This allows attackers to execute arbitrary operating system commands.
The vulnerability of the UserGate Next-Generation Firewall NGFW, which is managed by the UserGate Management Center UGMC, the log collection system UserGate Log Analyzer LogAn, and the UserGate Security Information and Event Management SIEM system, is related to insufficient security checks for...
The vulnerability of the FactoryTalk Security platform, a manufacturing process management platform, allows attackers to circumvent security restrictions and enhance their privileges.
The vulnerability of the FactoryTalk Security platform for manufacturing process management is related to a flaw in the data protection mechanism. Exploiting this vulnerability allows an attacker to bypass security restrictions and gain increased privileges...
The vulnerability of the LogService.rem service in the FactoryTalk AssetCentre software platform allows a perpetrator to execute arbitrary commands.
The vulnerability of the LogService.rem service in the FactoryTalk AssetCentre centralized asset management software is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary commands...
The vulnerability of the ArchiveService.rem service in the FactoryTalk AssetCentre software platform allows a perpetrator to execute arbitrary commands.
The vulnerability of the ArchiveService.rem service in the FactoryTalk AssetCentre software platform is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary commands...
The vulnerability of the Naumen Service Management Platform, related to the use of dangerous methods or functions, allows a perpetrator to execute arbitrary code.
The vulnerability of the Naumen Service Management Platform is related to the use of dangerous methods or functions. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability in the set of VMware Tools relates to incorrect definition of the link before accessing the file, allowing an attacker to escalate their privileges.
The vulnerability of the VMware Tools utility is related to an incorrect definition of the link before accessing the file. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of programming tools for balancing and managing connections in Pgpool-II and HAProxy for PostgreSQL databases lies in their insecure resource initialization, which allows attackers to gain unauthorized access to the database.
The vulnerabilities of the Pgpool-II and HAProxy software for PostgreSQL databases in terms of connection balancing and management involve insecure resource initialization. Exploiting these vulnerabilities can allow an attacker, operating remotely, to gain unauthorized access to the database with...
The vulnerability in the implementation of the TACACS+ protocol for the proxy server used by FortiProxy, as well as the local management platform FortiSwitchManager and the operating system FortiOS, allows a perpetrator to bypass authentication procedures and gain access to the device.
The vulnerability of the TACACS+ protocol implementation of the proxy server used to protect FortiProxy against internet attacks, as well as the FortiSwitchManager local management platform and the FortiOS operating system, is related to the absence of authentication for a critical function...
The vulnerability of the Google ChromeOS operating system, related to the execution of operations beyond the buffer in memory, allows a hacker to execute arbitrary code.
The vulnerability of the Google ChromeOS operating system is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
The vulnerability of the Google ChromeOS operating system, related to the execution of operations beyond the buffer in memory, allows a hacker to execute arbitrary code.
The vulnerability of the Google ChromeOS operating system is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
The vulnerability of Visual Studio Code’s source editor lies in its use of files and directories accessible from external parties, which allows unauthorized access to protected information.
The vulnerability of Visual Studio Code’s source editor relates to the use of files and directories accessible from external parties. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...
The vulnerability of Microsoft SharePoint Server and SharePoint Enterprise Server’s software packages lies in their deserialization mechanism flaws, which allows attackers to execute arbitrary code.
The vulnerability of Microsoft SharePoint Server and SharePoint Enterprise Server packages is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the SSLManagerOpenSSL class in the MongoDB database management system allows a hacker to circumvent security restrictions.
The vulnerability of the SSLManagerOpenSSL class in the MongoDB database management system is related to the lack of verification for certificate revocation. Exploiting this vulnerability allows a malicious actor to circumvent security restrictions remotely...