90509 matches found
The vulnerability of the Gogs self-managed Git repository creation software lies in its insufficient verification of data authenticity, allowing a violator to re-archive LFS objects.
The vulnerability of the Gogs self-managed Git repository creation software is related to insufficient verification of data authenticity. Exploiting this vulnerability could allow a malicious actor, operating remotely, to re-archive LFS objects...
The vulnerability of the otool component in the Xcode integrated development environment for macOS operating systems allows a hacker to cause a system crash.
The vulnerability of the otool component in the Xcode integrated development environment for MacOS operating systems relates to reading beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to cause the system to terminate abnormally...
The vulnerability of the amdgpu_virt_rlcg_reg_rw() function in the Linux operating system’s drivers/gpu/drm/amd/amdgpu/amdgpu_virt.c kernel module allows a hacker to cause a service failure.
The vulnerability of the amdgpuvirtrlcgregrw function in the drivers/gpu/drm/amd/amdgpu/amdgpuvirt.c file of the Linux kernel is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the Diagnostics component in macOS operating systems allows attackers to modify secure parts of the file system.
The vulnerability of the Diagnostics component in macOS operating systems exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to modify secure parts of the file system...
The vulnerability of the Asus Headset Driver and Asus Mouse Driver, related to the loading of code without checking its integrity, allows a hacker to elevate their privileges to the SYSTEM level.
The vulnerability of the Asus Headset Driver and Asus Mouse Driver for controlling functions and settings of headsets and mice involves loading code without checking its integrity. Exploiting this vulnerability can allow an intruder to elevate their privileges to a SYSTEM level...
The vulnerability of the ASUS Business System Control Interface arises from reading data beyond the buffer in memory, allowing an intruder to gain unauthorized access to protected information.
The vulnerability of the ASUS Business System Control Interface relates to reading data outside the buffer in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information by sending a specially crafted IOCTL request...
The software of Fortinet FortiSOAR Agent Communication Bridge is vulnerable due to incorrect path name restrictions for the restricted access directory. This allows attackers to gain read, modify, or delete access to data.
The vulnerability of the Fortinet FortiSOAR Agent Communication Bridge software is related to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability could allow a malicious actor to gain read, modify, or delete access to data...
The vulnerability of the cloud platform for data protection, FortiDLP, stems from insufficient protection of registration data, allowing attackers to disclose the protected information.
The vulnerability of the FortiDLP data protection cloud platform lies in the insufficient protection of registration data. Exploiting this vulnerability could allow attackers to disclose protected information by reusing the registration code...
The vulnerability of the TextEncoding component in Google Chrome and Microsoft Edge browsers allows a perpetrator to trigger a service failure.
The vulnerability of the TextEncoding component in Google Chrome and Microsoft Edge relates to the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause a service failure by using a specially crafted HTML page, as a result of the...
The vulnerability of D-Link DI-8003 router microprogramming software, related to buffer overflow in the stack, allows a hacker to trigger a service failure.
The vulnerability of D-Link DI-8003 router microprogramming software is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker, operating remotely, to cause a service failure by sending a specially crafted GET request to the /urlrule.asp endpoint...
The vulnerability of the JetBrains Hub account management software, related to bypassing authentication through spoofing, allows attackers to circumvent existing security mechanisms.
The vulnerability of the JetBrains Hub account management software relates to the ability to bypass authentication through phising techniques. Exploiting this vulnerability allows a malicious actor to circumvent existing security measures remotely...
The vulnerability of the AI agent OpenClaw (formerly known as ClawdBot or MoltBot) arises from the uncontrolled modification of object prototypes’ attributes. This allows attackers to circumvent existing security mechanisms.
The vulnerability of the AI agent OpenClaw formerly known as ClawdBot or MoltBot relates to uncontrolled changes in the attributes of the object’s prototype. Exploiting this vulnerability can allow a malicious actor to bypass existing security mechanisms remotely...
The vulnerability of the setDdnsCfg function (/cgi-bin/cstecgi.cgi) in the Totolink A7100RU router’s microprogramming software allows a hacker to bypass existing security restrictions and execute arbitrary commands.
The vulnerability of the setDdnsCfg function /cgi-bin/cstecgi.cgi of the Totolink A7100RU router software relates to the failure to eliminate special elements used in the operating system’s command for processing the provider parameter. Exploiting this vulnerability allows a malicious actor to...
The vulnerability of the web_search() function in the AI agent OpenClaw (previously – ClawdBot or MoltBot) allows a violator to perform an SSRF attack.
The vulnerability of the websearch function in the AI agent OpenClaw previously known as ClawdBot or MoltBot is related to insufficient validation of requests on the server side. Exploiting this vulnerability could allow a malicious actor to perform an SSRF attack remotely...
The vulnerability of the setRemoteCfg function (/cgi-bin/cstecgi.cgi) in the Totolink A7100RU router software allows a hacker to bypass existing security restrictions and execute arbitrary commands.
The vulnerability of the setRemoteCfg function /cgi-bin/cstecgi.cgi in the Totolink A7100RU router software lies in the lack of measures to neutralize special elements used in the operating system’s command for processing the enable parameter. Exploiting this vulnerability allows a remote attacke...
The vulnerability of the Rfc5424Layout component in the Apache Log4j Core library allows a attacker to influence the integrity of the protected information.
The vulnerability of the RFC5424Layout component in the Apache Log4j Core library is related to improper processing of output data for registration logs. Exploiting this vulnerability allows an attacker to influence the integrity of the protected information...
The vulnerabilities of Dell Elastic Cloud Storage and Dell ObjectScale involve the exposure of information through registration files, allowing attackers to gain unauthorized access to protected data and enhance their privileges.
The vulnerability of Dell Elastic Cloud Storage and Dell ObjectScale storage platforms lies in the exposure of information through registration files. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information and enhance their privileges...
The vulnerability of the Dell PowerScale OneFS operating system, related to deficiencies in the error reporting mechanism, allows a perpetrator to disclose protected information.
The vulnerability of the Dell PowerScale OneFS operating system is related to deficiencies in the error reporting mechanism. Exploiting this vulnerability could allow attackers to disclose sensitive information that should be protected...
The vulnerability of the IBM Verify Identity Access access control system allows a perpetrator to influence the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the IBM Verify Identity Access access control system is related to errors in privilege management. Exploiting this vulnerability could allow an attacker to influence the confidentiality, integrity, and accessibility of protected information...
The vulnerability of the functions ah6_output_done() and ah6_output() in the Linux kernel’s net/ipv6/ah6.c file allows a attacker to cause a service failure.
The vulnerability of the functions ah6outputdone and ah6output in the Linux kernel’s net/ipv6/ah6.c file is related to incorrect calculation of buffer size. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the `sys_perf_event_open()` function in the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the sysperfeventopen function in the Linux operating system is related to the assignment of the NULL pointer. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the `configfs_create_dir()` function in the Linux operating system allows a attacker to compromise the accessibility of protected information.
The vulnerability of the configfscreatedir function in the Linux operating system is related to the lack of memory release after the effective lifespan of the function has ended. Exploiting this vulnerability could allow an attacker to compromise the accessibility of protected information...
The vulnerability of the poplib module in the Python programming language allows a hacker to execute arbitrary code.
The vulnerability of the poplib module, a programming language interpreter for Python, is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code...
The vulnerability of the email module in the Python programming language allows attackers to compromise the integrity of the protected information.
The vulnerability of the email module in the Python programming language interpreter is related to the failure to take measures to neutralize CRLF sequences. Exploiting this vulnerability can allow an attacker, operating remotely, to compromise the integrity of the protected information...
The vulnerability of the wordexp() function in the glibc system library, which allows a hacker to trigger a denial-of-service attack
The vulnerability of the wordexp function in the glibc system library is related to the use of uninitialized resources. Exploiting this vulnerability can allow a remote attacker to cause a service failure...
The vulnerability of the special_keys() function in the src/netbeans.c file of the Vim text editor allows a hacker to execute arbitrary code.
The vulnerability of the specialkeys function in the src/netbeans.c file of the Vim text editor is related to the execution of an operation beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the libssh library, related to the zero pointer swapping, allows a hacker to trigger a service denial.
The vulnerability of the libssh library is related to the handling of the null pointer. Exploiting this vulnerability could allow a malicious actor to cause a service failure remotely...
The vulnerability of the Git-based software platform for collaborative code development in GitLab Enterprise Edition (EE) involves improper authorization, allowing an intruder to gain read and edit access to data.
The vulnerability of the Git-based software platform for collaborative code development in GitLab Enterprise Edition is related to improper authentication. Exploiting this vulnerability can allow a malicious actor to gain read and edit access to data...
The vulnerability of the autonomous file-sharing platform Erugo arises from an incorrect limitation on the path name to the restricted access catalog, allowing a perpetrator to execute arbitrary code.
The vulnerability of the autonomous file-sharing platform Erugo is related to an incorrect limitation on the path name to the restricted access catalog. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Oracle Cloud Infrastructure Designer and Visualization Toolkit (OKIT) software allows a hacker to compromise the system.
The vulnerability of the Oracle Cloud Infrastructure Designer and Visualization Toolkit OKIT software relates to deficiencies in the deserialization mechanism. Exploiting this vulnerability can allow a malicious actor to compromise the system remotely...
The vulnerability of the backup server of the Veeam Backup & Replication software allows a perpetrator to execute arbitrary code. This vulnerability targets systems for cloud, virtual, and physical environments.
The vulnerability of the backup server of the Veeam Backup & Replication solution for cloud, virtual, and physical systems is related to access control errors. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the CUPS component on macOS operating systems, which allows a hacker to obtain root privileges
The vulnerability of the CUPS component in macOS systems arises from synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to gain root privileges a state of dominance...
The vulnerability of the Egress Packet Network Interface (EPNI) allows attackers to cause service interruptions on Cisco IOS XR operating systems.
The vulnerability of the Egress Packet Network Interface EPNI in Cisco IOS XR operating systems is related to improper cleaning during exception handling. Exploiting this vulnerability can allow a malicious actor to cause service failures...
The vulnerability of the command-line interface (CLI) of Cisco IOS XR operating systems allows a attacker to elevate their privileges to the root level and execute arbitrary code.
The vulnerability of the command-line interface CLI of Cisco IOS XR operating systems is related to the lack of measures taken to neutralize special elements. Exploiting this vulnerability can allow an attacker to elevate their privileges to the root level and execute arbitrary code...
The vulnerabilities of the FortiOS operating systems, the FortiProxy proxy server for protecting against internet attacks, and the scalable cloud-based security system FortiSASE involve redirecting URLs to unreliable websites, allowing attackers to perform cross-site scripting (XSS) attacks.
The vulnerabilities of the FortiOS operating systems, the FortiProxy proxy server for protecting against internet attacks, and the scalable cloud-based security system FortiSASE are related to the redirection of URLs to unreliable websites. Exploiting these vulnerabilities allows a malicious acto...
The vulnerability of the application programming interface (API) of FortiOS operating systems allows a perpetrator to trigger a crash in the HTTP daemon.
The vulnerability of the application programming interface API of FortiOS operating systems is related to the lack of checking for the return value. Exploiting this vulnerability allows a malicious actor to cause errors in the HTTP daemon by sending a specially crafted request...
The vulnerability of the graphical user interface (GUI) of the FortiVoice corporate telephony software allows a hacker to delete files.
The vulnerability of the graphical user interface GUI of the FortiVoice corporate telephony software is related to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability could allow a malicious actor to delete files by sending specially crafted HTTP or HTT...
The vulnerability of the command-line interface (CLI) of the Outlookproxy plugin on the cloud platform used for FortiDLP data protection, which allows a malicious actor to escalate their privileges.
The vulnerability of the command-line interface CLI of the Outlookproxy plugin on the cloud platform used for FortiDLP data protection is related to an incorrect limitation on the path name to the restricted directory. Exploiting this vulnerability could allow an attacker to elevate their...
The vulnerability of the SSL-VPN technology of the FortiOS operating system allows a hacker to gain unauthorized access to the device.
The vulnerability of the SSL-VPN technology for the FortiOS operating system is related to an incorrect session duration. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to the device by reusing the SAML token...
The vulnerability in the mime.php script of the web client for open-source SquirrelMail allows attackers to execute XSS attacks.
The vulnerability in the mime.php script of the email web client for the open-source SquirrelMail framework exists due to the lack of security measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to perform XSS attacks remotely...
The vulnerability of D-Link DI-8003 and DI-8003G router microprogramming software lies in the copying of buffers without checking the size of the input data. This allows a hacker to trigger a service failure.
The vulnerability of D-Link DI-8003 and DI-8003G router microprogramming software lies in the copying of buffers without checking the size of input data during the processing of the wanping parameter. Exploiting this vulnerability allows a malicious actor to cause service failure by sending a...
The vulnerability of D-Link DI-8003 router microprogramming software lies in the copying of buffers without checking the size of the input data. This allows a hacker to trigger a service failure.
The vulnerability of D-Link DI-8003 router microprogramming software lies in the copying of buffers without checking the size of input data during the processing of parameters such as name, en, userid, log, and time. Exploiting this vulnerability allows an attacker to cause a service failure by...
The vulnerability of D-Link DI-8003 router microprogramming software, related to buffer overflow in the stack, allows a hacker to trigger a service failure.
The vulnerability of D-Link DI-8003 router microprogramming software is related to buffer overflow in the stack when processing the name parameter. Exploiting this vulnerability allows an attacker to cause a service failure by sending a specially crafted GET request to the end-point /usbpaswd.asp...
The vulnerability of the WindowDialog component in Google Chrome and Microsoft Edge allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the WindowDialog component in Google Chrome and Microsoft Edge is related to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to compromise the rendering process and affect the confidentiality, integrity, and accessibility of protect...
The vulnerability of the CsteSystem (/cgi-bin/cstecgi.cgi) function in the Totolink A7100RU router software allows a hacker to bypass existing security restrictions and execute arbitrary commands.
The vulnerability of the CsteSystem /cgi-bin/cstecgi.cgi function in the Totolink A7100RU router microprogramming software is related to the failure to take measures to neutralize special elements used in the operating system’s command processing when handling the resetFlags parameter. Exploiting...
The vulnerability of the Cockpit server management system, related to the failure to take measures to neutralize specific elements, allows a perpetrator to execute arbitrary code.
The vulnerability of the Cockpit server management system is related to the failure to take measures to neutralize specific elements. Exploiting this vulnerability allows a malicious actor operating remotely to execute arbitrary code...
The vulnerability of the Nix packet manager in Unix operating systems arises from an incorrect definition of the link before accessing a file. This allows a malicious actor to gain administrative privileges.
The vulnerability of the Nix packet manager in Unix operating systems is related to an incorrect definition of the reference before accessing a file. Exploiting this vulnerability can allow an attacker to gain administrative privileges...
The vulnerability of the dst_dev_rcu() function in the sk_setup_caps() file of the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the dstdevrcu function in the sksetupcaps file of the Linux operating system is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the encode_comp_t() function in the Linux operating system’s kernel allows a attacker to compromise the integrity of the protected information.
The vulnerability of the encodecompt function in the Linux operating system’s kernel is related to integer overflow. Exploiting this vulnerability could allow an attacker to compromise the integrity of the protected information...
The vulnerability of the `tipc_mon_reinit_self()` function in the Linux operating system allows a hacker to execute arbitrary code or cause a service failure.
The vulnerability of the tipcmonreinitself function in the Linux operating system’s kernel relates to the possibility of using memory after it is freed. Exploiting this vulnerability could allow an attacker to execute arbitrary code or cause a service failure...