90509 matches found
The vulnerability of the setNtpCfg function (/cgi-bin/cstecgi.cgi) in the Totolink A7100RU router’s microprogramming software allows a hacker to bypass existing security restrictions and execute arbitrary commands.
The vulnerability of the setNtpCfg function /cgi-bin/cstecgi.cgi in the Totolink A7100RU router’s microprogramming software is related to the failure to take measures to neutralize special elements used in the operating system’s processing of the tz parameter. Exploiting this vulnerability allows...
The vulnerability of the Rfc5424Layout component in the Apache Log4j Core library allows a attacker to influence the integrity of the protected information.
The vulnerability of the RFC5424Layout component in the Apache Log4j Core library is related to improper processing of output data for registration logs. Exploiting this vulnerability allows an attacker to influence the integrity of the protected information...
The vulnerability of the PowerProtect Agent Service software in the centralized backup and recovery management system, allowing attackers to expose confidential information.
The vulnerability of the PowerProtect Agent Service, a software component of the centralized backup and recovery management system PowerProtect Data Manager, is related to the improper assignment of permissions for critical resources. Exploiting this vulnerability could allow an attacker to...
The vulnerability of the OCSP server component in Apache Tomcat allows a hacker to execute arbitrary code.
The vulnerability of the OCSP server component in Apache Tomcat is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the proc_readdir_de() function in the Linux operating system allows a hacker to execute arbitrary code or cause a service failure.
The vulnerability of the procreaddirde function in the Linux operating system is related to the possibility of using memory after it has been freed. Exploiting this vulnerability could allow an attacker to execute arbitrary code or cause service failures...
The vulnerability of the itimer_delete() function in the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the itimerdelete function in the Linux operating system is related to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the tcm_loop_tpg_address_show() function in the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the tcmlooptpgaddressshow function in the Linux operating system is related to the assignment of the NULL pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the Protobuf data serialization protocol, related to uncontrolled recursion, allows attackers to cause service failures.
The vulnerability of the Protobuf data serialization protocol is related to uncontrolled recursion. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...
The vulnerability of the http.cookies.Morsel component in the Python programming language allows a attacker to compromise the accessibility of the protected information.
The vulnerability of the http.cookies.Morsel component in the Python interpreter is related to the failure to take measures to neutralize CRLF sequences. Exploiting this vulnerability can allow an attacker, operating remotely, to compromise the accessibility of protected information...
The vulnerability of the base64 module in the Python programming language allows a hacker to execute arbitrary code.
The vulnerability of the base64 module in the Python programming language is related to incorrect data type conversion. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the ASN.1 library pyasn1 in the Python programming language, related to unlimited resource distribution, allows attackers to cause service failures.
The vulnerability of the ASN.1 library pyasn1 in the Python programming language is related to the unlimited distribution of resources. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to bypassing authentication using a user-managed key, allows unauthorized access to protected information.
The vulnerability of the Git-based software platform for collaborative code development on GitLab relates to exploiting authentication bypass using a user-managed key. Exploiting this vulnerability could allow an intruder, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the network traffic analysis, network detection, and response capabilities of the Cortex XDR Agent for Windows operating systems arises from external system management or configuration settings, allowing attackers to disable the Cortex XDR Agent.
The vulnerability of the network traffic analysis, network detection, and response capabilities of the Cortex XDR Agent for Windows operating systems is related to external system management or configuration settings. Exploiting this vulnerability could allow attackers to disable the Cortex XDR...
The vulnerability of the sprintf() function in the prog.cgi script of the D-Link DIR-882 wireless router allows a hacker to execute arbitrary commands.
The vulnerability of the sprintf function in the prog.cgi script of the D-Link DIR-882 wireless router software is related to the lack of measures taken to neutralize special elements during the processing of the IPAddress parameter. Exploiting this vulnerability allows a remote attacker to execu...
The vulnerability of the Comindware Platform for business process management lies in the incorrect limitation of the path name to the restricted access catalog, allowing a hacker to execute arbitrary code.
The vulnerability of the Comindware Platform for business process management is related to an incorrect restriction on the path name to the restricted catalog. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the WebView component of Google Chrome’s browser allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the WebView component of Google Chrome’s browser involves the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information through a specially created HTML page...
The vulnerability of the TM2 Monitoring platform, related to deficiencies in the authentication process, allows attackers to disclose protected information.
The vulnerability of the TM2 Monitoring platform is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...
The vulnerability of the Emby Server, a management and multimedia transmission server, relates to the lack of a password recovery mechanism, allowing attackers to gain full access to the system.
The vulnerability of the Emby Server, a management and multimedia transmission server, is related to the lack of a password recovery mechanism. Exploiting this vulnerability could allow an attacker to gain full access to the system remotely...
The vulnerability of the backup server of the Veeam Backup & Replication software allows a perpetrator to execute arbitrary code. This vulnerability targets systems for cloud, virtual, and physical environments.
The vulnerability of the backup server of the Veeam Backup & Replication solution for cloud, virtual, and physical systems is related to access control errors. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the Liebert UNITY communication and device management platform, as well as the Liebert RDU101 communication card, stems from buffer overflows in the stack. This allows an attacker to execute arbitrary code.
The vulnerability of the Liebert UNITY communication and device management platform, as well as the Liebert RDU101 communication card, is related to buffer overflow in the stack. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the npm xrpl package on the Node.js software platform, related to malicious code embedded within it, allows attackers to gain unauthorized access to protected information.
The vulnerability of the npm xrpl package on the Node.js software platform is related to malicious code embedded within it. Exploiting this vulnerability could allow a remote attacker to gain unauthorized access to protected information...
The vulnerability of the NOOP Command Handler component of the Freefloat FTP Server allows a hacker to execute arbitrary commands.
The vulnerability of the NOOP Command Handler component in the Freefloat FTP Server lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the Gogs self-managed Git repository creation software lies in its insufficient verification of data authenticity, allowing a violator to re-archive LFS objects.
The vulnerability of the Gogs self-managed Git repository creation software is related to insufficient verification of data authenticity. Exploiting this vulnerability could allow a malicious actor, operating remotely, to re-archive LFS objects...
The vulnerability of the amdgpu_virt_rlcg_reg_rw() function in the Linux operating system’s drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c kernel module allows a hacker to cause a service failure.
The vulnerability of the amdgpuvirtrlcgregrw function in the drivers/gpu/drm/amd/amdgpu/amdgpuvirt.c file of the Linux kernel is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the IS-IS routing protocol implementation in Cisco IOS XR operating systems allows a attacker to cause service interruptions.
The vulnerability of the IS-IS routing protocol implementation in Cisco IOS XR operating systems is related to incorrect validation of certain types of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...
The vulnerability of the command-line interface (CLI) of the FortiClient for MAC protection tool allows a attacker to carry out the LaunchDaemon hijacking attack and execute arbitrary code or commands.
The vulnerability of the command-line interface CLI of the FortiClient for MAC security tool is related to the improper assignment of permissions for critical resources. Exploiting this vulnerability can allow an attacker to carry out a LaunchDaemon hijacking attack and execute arbitrary code or...
The vulnerability of the graphical user interface (GUI) of the FortiVoice corporate telephony software allows a hacker to delete files.
The vulnerability of the graphical user interface GUI of the FortiVoice corporate telephony software is related to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability could allow a malicious actor to delete files by sending specially crafted HTTP or HTT...
The vulnerability of the graphical user interface (GUI) of the FortiADC application controller allows a hacker to execute arbitrary code.
The vulnerability of the graphical user interface GUI of the FortiADC application delivery controller is related to the lack of measures taken to neutralize html tags. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially created URL address...
The vulnerability of Fortinet FortiClient Windows protection, related to an uncontrolled search path element, allows attackers to execute a DLL Hijacking attack.
The vulnerability of Fortinet FortiClient Windows protection lies in an uncontrolled element of the search process. Exploiting this vulnerability allows an attacker to execute a DLL Hijacking attack by deploying a malicious DLL library in the FortiClient Online Installer’s installation folder...
The vulnerability of the cloud platform for data protection, FortiDLP, stems from insufficient protection of registration data, allowing attackers to disclose the protected information.
The vulnerability of the FortiDLP data protection cloud platform lies in the insufficient protection of registration data. Exploiting this vulnerability could allow attackers to disclose protected information by reusing the registration code...
The vulnerability of the allowlist mode of the AI agent OpenClaw (formerly ClawdBot or MoltBot) allows a violator to execute arbitrary commands.
The vulnerability of the allowlist mode of the AI agent OpenClaw previously – ClawdBot or MoltBot is related to the failure to take measures to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the AI agent OpenClaw (formerly known as ClawdBot or MoltBot) arises from the uncontrolled modification of object prototypes’ attributes. This allows attackers to circumvent existing security mechanisms.
The vulnerability of the AI agent OpenClaw formerly known as ClawdBot or MoltBot relates to uncontrolled changes in the attributes of the object’s prototype. Exploiting this vulnerability can allow a malicious actor to bypass existing security mechanisms remotely...
The vulnerability of the setRemoteCfg function (/cgi-bin/cstecgi.cgi) in the Totolink A7100RU router software allows a hacker to bypass existing security restrictions and execute arbitrary commands.
The vulnerability of the setRemoteCfg function /cgi-bin/cstecgi.cgi in the Totolink A7100RU router software lies in the lack of measures to neutralize special elements used in the operating system’s command for processing the enable parameter. Exploiting this vulnerability allows a remote attacke...
The vulnerability of the Cockpit server management system, related to the failure to take measures to neutralize specific elements, allows a perpetrator to execute arbitrary code.
The vulnerability of the Cockpit server management system is related to the failure to take measures to neutralize specific elements. Exploiting this vulnerability allows a malicious actor operating remotely to execute arbitrary code...
The vulnerability of the maybe_fork_scalars() function in Linux operating systems allows a perpetrator to influence the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the maybeforkscalars function in the Linux operating system’s kernel is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow an attacker to influence the confidentiality, integrity, and accessibility of the protecte...
The vulnerability of the Nix packet manager in Unix operating systems arises from an incorrect definition of the link before accessing a file. This allows a malicious actor to gain administrative privileges.
The vulnerability of the Nix packet manager in Unix operating systems is related to an incorrect definition of the reference before accessing a file. Exploiting this vulnerability can allow an attacker to gain administrative privileges...
The vulnerability of the SSL/TLS WolfSSL library, related to errors in the certificate validation process, allows attackers to influence the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the SSL/TLS WolfSSL library is related to errors in the certificate authentication process. Exploiting this vulnerability could allow an attacker to influence the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of the Apache Tomcat application server, related to insufficient input validation, allows attackers to execute arbitrary code.
The vulnerability of the Apache Tomcat application server is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the encode_comp_t() function in the Linux operating system’s kernel allows a attacker to compromise the integrity of the protected information.
The vulnerability of the encodecompt function in the Linux operating system’s kernel is related to integer overflow. Exploiting this vulnerability could allow an attacker to compromise the integrity of the protected information...
The vulnerability of the brelse() function in the Linux operating system’s kernel allows a attacker to compromise the integrity and accessibility of the protected information.
The vulnerability of the brelse function in the Linux operating system’s kernel is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow an attacker to compromise the integrity and accessibility of the protected information...
The vulnerability of the `configfs_create_dir()` function in the Linux operating system allows a attacker to compromise the accessibility of protected information.
The vulnerability of the configfscreatedir function in the Linux operating system is related to the lack of memory release after the effective lifespan of the function has ended. Exploiting this vulnerability could allow an attacker to compromise the accessibility of protected information...
The vulnerability of the libcurl library in software tools for interacting with servers via cURL allows a hacker to induce a service failure.
The vulnerability of the libcurl library in software applications for interacting with servers via cURL is related to improper verification of certificate authenticity. Exploiting this vulnerability can allow an attacker to cause service failures...
The vulnerability of the plistlib module in the Python interpreter allows a hacker to trigger a system failure.
The vulnerability of the plistlib module in the Python interpreter is related to an uncontrolled resource consumption. Exploiting this vulnerability allows an attacker to cause a service failure...
The vulnerability of the poplib module in the Python programming language allows a hacker to execute arbitrary code.
The vulnerability of the poplib module, a programming language interpreter for Python, is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code...
The vulnerability of the DataHandler component in the Python programming language interpreter allows a attacker to compromise the integrity of the protected information.
The vulnerability of the DataHandler component in the Python programming language interpreter is related to the failure to take measures to neutralize CRLF sequences. Exploiting this vulnerability can allow an attacker to compromise the integrity of the protected information...
The vulnerability of the wordexp() function in the glibc system library, which allows a hacker to trigger a denial-of-service attack
The vulnerability of the wordexp function in the glibc system library is related to the use of uninitialized resources. Exploiting this vulnerability can allow a remote attacker to cause a service failure...
The vulnerability of the time and date handling module in the Rust programming language allows a attacker to trigger a service failure.
The vulnerability of the time module for handling dates and times in the Rust programming language is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of NetworkManager’s software for managing network connections, related to improper storage of permissions, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the NetworkManager software for managing network connections is related to improper storage of permissions. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of the special_keys() function in the src/netbeans.c file of the Vim text editor allows a hacker to execute arbitrary code.
The vulnerability of the specialkeys function in the src/netbeans.c file of the Vim text editor is related to the execution of an operation beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the ssh_get_hexa() function in the application programming interface of the libssh library, which allows a hacker to cause a service failure
The vulnerability of the sshgethexa function in the application programming interface of the libssh library is related to a breach of the buffer boundary. Exploiting this vulnerability could allow an attacker, operating remotely, to cause service failures...