The vulnerability of the CoreGraphics component in macOS, tvOS, iPadOS, iOS, visionOS, and watchOS allows attackers to disclose sensitive information that is protected by these systems.

The vulnerability of the CoreGraphics component in macOS, tvOS, iPadOS, iOS, visionOS, and watchOS relates to operations where data is written beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a remote attacker to disclose sensitive information that is protected by...

The vulnerability of the nvJPEG2000 library in NVIDIA GPU graphics software allows a hacker to execute arbitrary code and rewrite data in the memory buffer.

The vulnerability of the nvJPEG2000 library in NVIDIA GPU graphics software is related to buffer overflows during the processing of the Ndecomp parameter. Exploiting this vulnerability allows a remote attacker to rewrite data in the memory buffer using a specially created malicious file...

The vulnerability of the net_sched component in the net/sched/sch_sfq.c module of the Linux operating system allows a hacker to execute arbitrary code.

The vulnerability of the netsched component in the net/sched/schsfq.c module of the Linux operating system is related to incorrect calculation of the index. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the nvJPEG2000 library in NVIDIA GPU graphics software allows a perpetrator to execute arbitrary code and rewrite data in the memory buffer.

The vulnerability of the nvJPEG2000 library in NVIDIA GPU graphics software relates to writing beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code and rewrite data in the memory buffer...

The vulnerability of the nvJPEG2000 library in NVIDIA GPU graphics software allows a hacker to rewrite data in the memory buffer.

The vulnerability of the nvJPEG2000 library in NVIDIA GPU graphics software is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability allows a remote attacker to rewrite data in the memory buffer using a specially created malicious file...

The vulnerability of the Deepin operating system’s dde-api-proxy component allows a hacker to gain root privileges.

The vulnerability of the dde-api-proxy component in the Deepin operating system is related to insufficient verification of the source of the communication channel. Exploiting this vulnerability can allow an attacker to gain root privileges...

The vulnerability of the application software interface for managing database content in SQL Directus, which allows a hacker to increase their privileges

The vulnerability of the application software interface for managing database content in SQL Directus is related to insecure management of privileges. Exploiting this vulnerability could allow a malicious actor to enhance their privileges by using certain administrative functions remotely...

The vulnerability of the Ace Editor web interactive query editor in Hue allows a hacker to read arbitrary files.

The vulnerability of the Ace Editor web interactive query editor in Hue is related to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability allows a malicious actor to read arbitrary files by sending specially crafted HTTP requests...

The vulnerability of the Device Admin App operating system ctrlX OS allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Device Admin App on the ctrlX OS platform is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information by sending specially crafted HTTP requests...

The vulnerability of the Backup & Restore module of the Device Admin app for the ctrlX OS operating system allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Backup & Restore module of the Device Admin app for the ctrlX OS operating system is related to insufficient protection of sensitive data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information by...

The vulnerability of the Storage Access API interface of Mozilla Firefox and the Thunderbird email client allows a perpetrator to perform CSRF attacks.

The vulnerability of the Storage Access API interface of Mozilla Firefox and the Thunderbird email client is related to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to perform a CSRF attack remotely...

The vulnerability of the “Copy as” function in Mozilla Firefox and Thunderbird’s email client allows a hacker to execute arbitrary code.

The vulnerability of the “Copy as” function in Mozilla Firefox and the Thunderbird email client is related to the lack of data cleaning measures at the management level. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B lies in synchronization errors when using shared resources. This allows attackers to circumvent existing security restrictions and gain unauthorized access to protected information.

The vulnerabilities of programming platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B are related to synchronization errors when using shared resources. Exploiting these vulnerabilities can allow remote attackers to bypass...

The vulnerability of Ivanti Connect Secure and Ivanti Policy Secure, which control network access, stems from the use of a strictly encrypted cryptographic key. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the Ivanti Connect Secure and Ivanti Policy Secure network access control tools lies in the use of a strictly encrypted cryptographic key. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

The vulnerability of software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B lies in the lack of protective measures for website structures, allowing attackers to perform cross-site scripting attacks (XSS).

The vulnerabilities of the software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B are related to the lack of measures taken to protect the website structure. Exploiting these vulnerabilities allows a malicious actor to...

The vulnerability of Adobe InDesign’s computer design automation tool lies in insufficient validation of input data, allowing attackers to trigger service failures.

The vulnerability of Adobe InDesign’s computer layout automation tool is related to insufficient validation of input data. Exploiting this vulnerability can allow attackers to trigger a service failure using a specially created malicious file...

The vulnerability of the Git-based software platform for collaborative code development on GitLab EE/CE lies in the incorrect expiration time of sessions, which allows attackers to gain unauthorized access to protected information.

The vulnerability of the Git-based software platform for collaborative code development in GitLab EE/CE is related to an incorrect session duration. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the Git-based software platform for collaborative code development in GitLab Enterprise Edition arises from incorrect elimination of certain elements in the output data. This allows attackers to circumvent existing security restrictions and gain unauthorized access to protected information.

The vulnerability of the Git-based software platform for collaborative code development in GitLab Enterprise Edition is related to the incorrect elimination of certain elements in the output data. Exploiting this vulnerability can allow an attacker, operating remotely, to bypass existing security...

The vulnerability of the Ivanti Connect Secure and Ivanti Policy Secure access control tools lies in their lack of measures to protect the website structure. This allows attackers to enhance their privileges and perform cross-site scripting attacks.

The vulnerability of the Ivanti Connect Secure and Ivanti Policy Secure access control tools is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to enhance their privileges and perform cross-site scripting attacks...

The vulnerability of software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B, related to lack of access control, allows attackers to bypass existing security restrictions and gain unauthorized access to protected information.

The vulnerabilities of the software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B are related to lack of access control mechanisms. Exploiting these vulnerabilities can allow unauthorized actors to bypass existing security...

The vulnerability of the microprogramming software of the KVM switch display device ATEN CL5708IM allows a intruder to execute arbitrary code.

The vulnerability of the KVM switch display microprogramming system of ATEN CL5708IM is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to execute arbitrary code remotely...

The vulnerability of SonicWall SMA 100 series network firewall microprogramming software lies in the lack of access control over critical files and directories. This allows a hacker to delete any file and reset the system to its factory settings.

The vulnerability of SonicWall SMA 100 network firewall microprogramming software is related to the lack of access control over critical files and directories. Exploiting this vulnerability could allow a remote attacker to delete any file and reset the system to its factory settings...

The vulnerability of the Certificates and Keys module of the Device Admin App for the ctrlX OS operating system allows a perpetrator to write arbitrary files.

The vulnerability of the Certificates and Keys module in the Device Admin app of the ctrlX OS operating system is related to an incorrect limitation on the path name to the directory. Exploiting this vulnerability allows a malicious actor to write arbitrary files by sending specially crafted HTTP...

The vulnerability of the Mozilla Firefox browser and the Thunderbird email client on Android operating systems arises from operations that occur outside of the buffer in memory. This allows attackers to gain unauthorized access to protected information.

The vulnerability of the Mozilla Firefox browser and the Thunderbird email client on Android operating systems is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

The vulnerability of the CP4I service (Cloud Pak for Integration) Keycloak Service, a software solution for managing containerized environments like IBM MQ Operator, allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the CP4I service Cloud Pak for Integration Keycloak Service, a software solution for managing containerized environments in IBM MQ Operator, is related to information leakage through the process environment. Exploiting this vulnerability could allow an attacker to gain...

The vulnerability of the cstecgi.cgi (/cgi-bin/cstecgi.cgi) script in the TOTOLINK A720R router’s microprogramming software allows a hacker to escalate their privileges.

The vulnerability of the cstecgi.cgi /cgi-bin/cstecgi.cgi script in the TOTOLINK A720R router software is related to errors in access control when processing the topicurl parameter. Exploiting this vulnerability allows a remote attacker to increase their privileges by sending specially crafted PO...

The vulnerability of Ivanti Connect Secure and Ivanti Policy Secure network access control tools lies in improper external management of file names or paths, allowing attackers to write arbitrary files.

The vulnerability of the Ivanti Connect Secure and Ivanti Policy Secure network access control tools is related to improper external management of file names or file paths. Exploiting this vulnerability allows a malicious actor to write arbitrary files...

The vulnerability of the ovpn-dco driver for Windows operating systems in the OpenVPN virtual private network creation software allows a hacker to induce a service failure.

The vulnerability of the ovpn-dco driver for Windows operating systems in the OpenVPN virtual private network creation software is related to pointer aliasing errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B, related to lack of access control, allows attackers to bypass existing security restrictions and gain unauthorized access to protected information.

The vulnerabilities of the software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B are related to lack of access control mechanisms. Exploiting these vulnerabilities can allow unauthorized actors to bypass existing security...

The vulnerability of Adobe InDesign’s computer layout automation tool, related to pointer naming errors, allows attackers to trigger a service failure.

The vulnerability of Adobe InDesign’s computer layout automation tool is related to errors in pointer assignment. Exploiting this vulnerability can allow an attacker to trigger a service failure using a specially created malicious file...

The vulnerability of the HTTP-Proxy software for network firewalls, the UserGate Next-Generation Firewall (NGFW), allows a hacker to read arbitrary files.

The vulnerability of the HTTP-Proxy software of the UserGate Next-Generation Firewall exists due to the lack of measures to check input data. Exploiting this vulnerability allows a remote attacker to read arbitrary files...

The vulnerability of Mozilla Firefox and Firefox ESR browsers, as well as the Thunderbird email client, stems from an operation that goes beyond the buffer boundaries in memory. This allows attackers to gain unauthorized access to protected information.

The vulnerabilities of Mozilla Firefox and Firefox ESR browsers, as well as the Thunderbird email client, are related to the issue of executing operations beyond the buffer boundaries in memory during the processing of XPath expressions. Exploiting this vulnerability can allow an attacker to gain...

The vulnerability of the Queue Manager, a software tool for managing containerized environments by IBM MQ Operator, allows a intruder to cause a service failure.

The vulnerability of the Queue Manager, a software tool for managing containerized environments in IBM MQ Operator, relates to the use of memory after it is released. Exploiting this vulnerability could allow an attacker to cause service interruptions...

The vulnerability of the SetVirtualServerSettings module in D-Link DIR-853 A1 router microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the SetVirtualServerSettings module in D-Link DIR-853 A1 router microprogramming software is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B, related to improper authentication procedures, allows attackers to bypass existing security restrictions and gain unauthorized access to protected information.

The vulnerabilities of software platforms for developing and managing online stores like Magento Open Source, Adobe Commerce, and Adobe Commerce B2B are related to improper authentication processes. Exploiting these vulnerabilities allows a malicious actor to bypass existing security restrictions...

The vulnerability of software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B relates to access control errors. These errors allow attackers to bypass existing security restrictions and gain unauthorized access to protected information.

The vulnerabilities of software platforms for developing and managing online stores like Magento Open Source, Adobe Commerce, and Adobe Commerce B2B are related to access control errors. Exploiting these vulnerabilities can allow attackers to bypass existing security restrictions and gain...

The vulnerability of the libpq library in the PostgreSQL database management system allows a hacker to cause a service failure.

The vulnerability of the libpq library in the PostgreSQL database management system is related to buffer overflows during the processing of PostgreSQL’s GB18030 encoding. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...

The vulnerability of software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B lies in synchronization errors when using shared resources. This allows attackers to circumvent existing security restrictions and gain unauthorized access to protected information.

The vulnerabilities of programming platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B are related to synchronization errors when using shared resources. Exploiting these vulnerabilities can allow remote attackers to bypass...

The vulnerability of the Crestron Automate VX video conference management system, related to the transmission of accounting data in unencrypted form, allows a intruder to disclose the transmitted accounting data and gain unauthorized access to the system.

The vulnerability of the Crestron Automate VX video conference system lies in the transmission of account information in an unencrypted form. Exploiting this vulnerability could allow a malicious actor to disclose the transmitted account information and gain unauthorized access to the system...

The vulnerability of the `nvmet_rdma_send_done()` function in the drivers/nvme/target/rdma.c module of the Linux kernel allows a hacker to trigger a service failure.

The vulnerability of the nvmetrdmasenddone function in the drivers/nvme/target/rdma.c kernel module of the Linux operating system is related to the assignment of a NULL pointer. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability in the cleanupTransaction() function of the fs/btrfs/transaction.c module of the btrfs file system support module in the Linux operating system allows a attacker to cause a service failure.

The vulnerability of the cleanupTransaction function in the fs/btrfs/transaction.c module of the btrfs file system support in the Linux operating system is related to the reutilization of previously released memory. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of the tcf_ct_handle_fragments() function in the net/sched/act_ct.c module of the net/sched/networking subsystem of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the tcfcthandlefragments function in the net/sched/actct.c module of the net/sched/networking subsystem of the Linux operating system is related to insufficient checking of exceptional states. Exploiting this vulnerability could allow an attacker to compromise the...

Vulnerability of the rtrs_clt_remove_path_from_sysfs() function in the drivers/infiniband/ulp/rtrs/rtrs-clt.c module – A driver for supporting RTRS server and client-side in the Linux operating system, which allows a hacker to cause service failure

Vulnerability of the rtrscltremovepathfromsysfs function in the drivers/infiniband/ulp/rtrs/rtrs-clt.c module – The driver for server and client support for the RTRS kernel in the Linux operating system is vulnerable due to the repeated use of previously freed memory. Exploiting this vulnerabilit...

Vulnerability of the mtk_iommu_hw_init() function in the drivers/iommu/mtk_iommu.c module – This driver for Linux’s IOMMU kernel allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the mtkiommuhwinit function in the drivers/iommu/mtkiommu.c module – Linux’s IOMMU kernel support driver is vulnerable due to the use of the NULL pointer assignment. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...

The vulnerability of the gaudi_memset_device_memory() function in the drivers/misc/habanalabs/gaudi/gaudi.c module of the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the gaudimemsetdevicememory function in the drivers/misc/habanalabs/gaudi/gaudi.c module of the Linux operating system is related to the repeated use of previously freed memory. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of the detachtasks() function in the kernel/sched/fair.c module of the Linux operating system’s resource management subsystem allows a attacker to compromise the confidentiality and accessibility of protected information.

The vulnerability of the detachtasks function in the kernel/sched/fair.c module of the Linux operating system’s resource management subsystem is related to reading beyond the buffer boundaries. Exploiting this vulnerability could allow an attacker to compromise the confidentiality and accessibili...

The vulnerability of the __pipelined_op() function in the ipc/mqueue.c module of the IPC inter-process communication subsystem of the Linux operating system allows a attacker to trigger a service failure.

The vulnerability of the pipelinedop function in the ipc/mqueue.c module of the Linux kernel’s interprocess communication subsystem is related to operations involving resources after their expiration. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of the f2fs_get_unusable_blocks() function in the fs/f2fs/f2fs.h module of the F2FS file system support in Linux kernel allows a attacker to compromise the integrity of protected information or cause service failures.

The vulnerability of the f2fsgetunusableblocks function in the fs/f2fs/f2fs.h module of the F2FS file system support in Linux’s operating system is related to incorrect input validation. Exploiting this vulnerability could allow an attacker to compromise the integrity of protected information or...

The vulnerability of the uclamp_bucket_id() function in the kernel/sched/core.c module, which is part of the Linux operating system’s resource management support mechanism, allows a hacker to gain access to protected information or cause service failures.

The vulnerability of the uclampbucketid function in the kernel/sched/core.c module related to the Linux operating system’s resource management support involves reading beyond the buffer boundaries. Exploiting this vulnerability could allow an attacker to access protected information or cause...

The vulnerability of the iControl REST component of the access control and remote authentication solution for BIG-IP allows a perpetrator to inject arbitrary commands.

The vulnerability of the iControl REST component of the access control and remote authentication solution for BIG-IP is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a malicious actor to inject arbitrary commands remotely...