74701 matches found
The vulnerability of the Proself Enterprise/Standard Edition, Proself Gateway Edition, and Proself Mail Sanitize Edition software lies in the improper limitation of XML references to external objects. This allows attackers to carry out XXE attacks.
The vulnerability of Proself Enterprise/Standard Edition, Proself Gateway Edition, and Proself Mail Sanitize Edition software products is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to perform XXE attacks remotely...
The vulnerability of the GeoWebCache component of the software for managing and publishing geospatial data on the OSGeo GeoServer server allows a perpetrator to execute arbitrary code.
The vulnerability of the GeoWebCache component of the software for managing and publishing geospatial data on the OSGeo GeoServer server is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the Cisco Secure Email Gateway security system’s operating system, Cisco AsyncOS, allows a hacker to circumvent existing security restrictions.
The vulnerability of the Cisco Secure Email Gateway security system’s operating system, Cisco AsyncOS, is related to access control errors. Exploiting this vulnerability could allow a malicious actor to bypass existing security restrictions remotely...
The vulnerability of the LockBufferingSettings method in the software for managing and monitoring removed objects in telemetry and telemechanics systems, allowing a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the LockBufferingSettings method in the software for managing and monitoring removed objects in telemetry and telemechanics systems related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability could allow an attacker to compromise th...
The vulnerability of Tenda AC15 router’s microprogramming software, related to reading data outside the buffer in memory, allows a hacker to cause a service failure.
The vulnerability of the Tenda AC15 router’s microprogramming software lies in the reading of data outside the buffer in memory when processing the SYSPS parameter. Exploiting this vulnerability can allow a malicious actor to cause a service failure by sending a specially crafted request...
The vulnerability of the TTF_RenderText_Solid() function in the SDL_ttf library allows attackers to influence the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the TTFRenderTextSolid function in the SDLttf library is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of the Telnet service of the TOTOLINK A810R router’s microprogramming system allows a intruder to disclose protected information.
The vulnerability of the Telnet service in the microprogramming software of TOTOLINK A810R routers is related to the use of strictly encrypted login credentials. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...
The vulnerability of the SSH protocol implementation in the JetBrains Toolbox, a set of development tools, allows attackers to expose protected information.
The vulnerability of the SSH protocol implementation in the JetBrains Toolbox suite of tools is related to the transmission of credentials in an unencrypted form. Exploiting this vulnerability could allow a perpetrator to disclose the protected information...
The vulnerability of the SSH plugin of the JetBrains Toolbox, a set of development tools, allows attackers to compromise the confidentiality and integrity of the protected information.
The vulnerability of the SSH plugin in the JetBrains Toolbox suite is related to incorrect verification of the certificate’s authenticity. Exploiting this vulnerability allows an attacker to compromise the confidentiality and integrity of the protected information...
The vulnerability of the SSH plugin of the JetBrains Toolbox, a set of development tools, allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the SSH plugin of the JetBrains Toolbox developer’s tools is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the SSH plugin of the JetBrains Toolbox, a set of development tools, allows a hacker to execute arbitrary commands.
The vulnerability of the SSH plugin of the JetBrains Toolbox developer’s tools is related to the lack of measures taken at the control level for data cleaning. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the integrated development environment for software, JetBrains RubyMine, arises from insecure resource initialization, allowing attackers to exploit it to disclose protected information.
The vulnerability of the integrated development environment for software, JetBrains RubyMine, is related to the insecure initialization of resources. Exploiting this vulnerability can allow a malicious actor to disclose protected information...
The vulnerability of the QXmlStreamReader class in the cross-platform framework for Qt software development allows a attacker to cause a service failure.
The vulnerability of the QXmlStreamReader class in the cross-platform framework for Qt software development is related to an incorrect restriction on recursive references to entities in the DTD. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the torch.load() function in the PyTorch machine learning framework allows a hacker to execute arbitrary code.
The vulnerability of the torch.load function in the PyTorch machine learning framework is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the formSetSafeWanWebMan() function in the microprogramming software for Tenda AC18 allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the formSetSafeWanWebMan function in the Tenda AC18 router microprogramming system is related to the operation of writing data outside the buffer during the processing of the remoteIp parameter. Exploiting this vulnerability allows an attacker to compromise the confidentialit...
The vulnerability of Tenda AC15 router’s microprogramming software, related to reading data outside the buffer in memory, allows a hacker to cause a service failure.
The vulnerability of the Tenda AC15 router’s microprogramming software is related to reading data outside the buffer in memory when processing the wepkey1 parameter. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of the NArchive::NZip::CInArchive::FindCd function of the p7zip archive tool can potentially affect the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the NArchive::NZip::CInArchive::FindCd function in the p7zip archive tool is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected...
The vulnerability of the xdg-mail utility, a tool for opening email clients, stems from insufficient validation of data entered by users. This allows attackers to influence the integrity of the protected information.
The vulnerability of the xdg-mail tool for opening email clients is related to insufficient validation of the data entered by users. Exploiting this vulnerability could allow a malicious actor to influence the integrity of the protected information...
The vulnerability of the `cardos_have_verifyrc_package` function in programming tools and libraries for working with OpenSC smart cards allows a perpetrator to trigger a service failure.
The vulnerability of the cardoshaveverifyrcpackage function in programming tools and libraries for working with OpenSC smart cards is related to the execution of operations outside the memory buffer boundaries. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the NCompress::NRar3::CDecoder::Code method in p7zip and 7-Zip archivers allows a hacker to trigger a service failure or execute arbitrary code.
The vulnerability of the NCompress::NRar3::CDecoder::Code method in p7zip and 7-Zip archivers is related to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a system failure or execute arbitrary code through the...
Vulnerability of the cgiSysUplinkCheckSet() function (Program:/bin/httpd) in Tenda W12 and i24 router microsoftware, allowing a hacker to execute arbitrary code
The vulnerability of the cgiSysUplinkCheckSet function Program:/bin/httpd in the Tenda W12 and i24 router microprogramming systems is related to buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to execute arbitrary code when processing the hostIp1 and hostIp2...
Vulnerability of the iwl_parse_tlv_firmware() function (drivers/net/wireless/intel/iwlwifi/iwl-drv.c) in the Linux kernel, allowing a hacker to cause a service failure
The vulnerability of the iwlparsetlvfirmware function drivers/net/wireless/intel/iwlwifi/iwl-drv.c in the Linux kernel is related to the execution of operations outside of the buffer in memory. Exploitation of this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the Exim mail server, related to the use of memory after it is freed, allows attackers to increase their privileges.
The vulnerability of the Exim mail server is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the web interface of the microprogramming software for routers EDIMAX BR-6478AC allows a hacker to elevate their privileges and execute arbitrary commands.
The vulnerability of the web interface of the microprogrammed software router EDIMAX BR-6478AC is related to the lack of measures taken for data cleaning at the management level. Exploiting this vulnerability can allow a malicious actor to enhance their privileges and execute arbitrary commands...
The vulnerability of the web interface of the microprogramming software for routers EDIMAX BR-6478AC allows a hacker to elevate their privileges and execute arbitrary commands.
The vulnerability of the web interface of the microprogrammed software router EDIMAX BR-6478AC is related to the lack of measures taken for data cleaning at the management level. Exploiting this vulnerability can allow a malicious actor to enhance their privileges and execute arbitrary commands...
The vulnerability of software for discrete event simulation and automation in Rockwell Automation Arena lies in the ability to write code beyond the buffer boundaries in memory, allowing an attacker to execute arbitrary code.
The vulnerability of software for discrete event simulation and automation in Rockwell Automation Arena lies in the writing beyond buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created DOE file...
The vulnerability of the UpdateConnectionVariables method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, allowing a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the UpdateConnectionVariables method in software for managing and monitoring deleted objects in telemetry and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to compromise the...
The vulnerability of the UpdateProjectConnections method in the software for managing and monitoring removed objects in telemetry and telemechanics systems, allowing a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the UpdateProjectConnections method in the software for managing and monitoring removed objects in telemetry and telemechanics systems, such as the TeleControl Server Basic, is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerabili...
The vulnerability of the form_fast_setting_wifi_set() function (/goform/fast_setting_wifi_set) in the Tenda AC6 router’s microprogramming software allows a hacker to trigger a service failure.
The vulnerability of the formfastsettingwifiset function /goform/fastsettingwifiset in the Tenda AC6 router’s microprogramming software is related to buffer overflow in the stack when processing the timeZone parameter. Exploiting this vulnerability could allow a remote attacker to cause a service...
The vulnerability of the SAP Commerce Cloud platform, related to the transmission of critical information in open text, allows attackers to disclose protected information.
The vulnerability of the SAP Commerce Cloud e-commerce platform lies in the transmission of critical information in plaintext. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...
The vulnerability of the Adobe Media Encoder application, related to buffer overflow in dynamic memory, allows an attacker to execute arbitrary code.
The vulnerability of the Adobe Media Encoder application relates to buffer overflow in dynamic memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the Adobe Media Encoder application, related to writing beyond the buffer boundaries in memory, allows a perpetrator to execute arbitrary code.
The vulnerability of the Adobe Media Encoder application relates to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the Adobe Bridge file manager, related to buffer overflows in dynamic memory, allows an attacker to execute arbitrary code.
The vulnerability of the Adobe Bridge file manager is related to buffer overflow in dynamic memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B lies in their lack of access control mechanisms. This allows attackers to circumvent existing security restrictions.
The vulnerabilities of the software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B are related to deficiencies in access control. Exploiting these vulnerabilities can allow attackers to bypass existing security restrictions...
The vulnerability of software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B lies in their lack of access control mechanisms. This allows attackers to circumvent existing security restrictions.
The vulnerabilities of the software platforms for developing and managing online stores such as Magento Open Source, Adobe Commerce, and Adobe Commerce B2B are related to deficiencies in access control. Exploiting these vulnerabilities can allow attackers to bypass existing security restrictions...
The vulnerability of the SAP KMC WPC knowledge management business application, related to deficiencies in the authentication process, allows unauthorized users to gain unauthorized access to protected information.
The vulnerability of the SAP KMC WPC knowledge management business application is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the component “koko” in the security audit system for the operation and maintenance of JumpServer, which allows a perpetrator to obtain a cluster token from Kubernetes.
The vulnerability of the koko component in the system for auditing security operations and maintenance of JumpServer is related to improper privilege assignment. Exploiting this vulnerability allows a malicious actor, operating remotely, to obtain a Kubernetes cluster token...
The vulnerability of the Authenticate method in software for managing and monitoring remote objects in telemetry and telemechanics systems, allowing a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the Authenticate method in software for managing and monitoring remote objects in telemetry and telemechanics systems related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to compromise the...
The vulnerability of the CreateTrace method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, allowing a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the CreateTrace method in software for managing and monitoring deleted objects in telemetry and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to compromise the confidentiality,...
The vulnerability of the SAP Solution Manager platform, related to deficiencies in the authentication process, allows a perpetrator to compromise the confidentiality of protected information.
The vulnerability of the SAP Solution Manager platform is related to deficiencies in the authentication process. Exploiting this vulnerability could allow attackers to compromise the confidentiality of the protected information...
The vulnerability of SAP NetWeaver and ABAP Platform software integration platforms, related to writing outside the buffer, allows attackers to execute arbitrary code.
The vulnerability of SAP NetWeaver and ABAP Platform software integration platforms lies in the issue of buffer overflow attacks. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of SAP Capital Yield Tax Management software lies in incorrect restrictions on the path to the catalog, allowing attackers to gain unauthorized access to protected information.
The vulnerability of the SAP Capital Yield Tax Management software relates to incorrect restrictions on the path name to the catalog. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information...
The vulnerability of the UpdateDatabaseSettings method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, allowing a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the UpdateDatabaseSettings method in software for managing and monitoring deleted objects in telemetry and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to compromise the...
The vulnerability of the UpdateUsers method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, allowing a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the UpdateUsers method in software for managing and monitoring removed objects in telemetry and telemechanics systems is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to compromise the confidentiality,...
The vulnerability of the ImportDatabase method in software for managing and monitoring deleted objects in telemetry and telemechanics systems allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the ImportDatabase method in software for managing and monitoring removed objects in telemetry and telemechanics systems related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to compromise the confidentiality,...
The vulnerability of the serde.py component in the BentoML library allows a hacker to execute arbitrary code on the server.
The vulnerability of the serde.py component in the BentoML library is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code on the server...
The vulnerability of ConneXium Network Manager software, related to insufficient validation of input data, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of ConneXium Network Manager software relates to insufficient verification of input data. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of the HTTPS protocol implementation in ConneXium Network Manager’s software for network management allows a perpetrator to carry out a “man-in-the-middle” attack.
The vulnerability of the HTTPS protocol implementation in ConneXium Network Manager software relates to the use of files and directories accessible to external parties. Exploiting this vulnerability could allow a malicious actor to carry out a “man-in-the-middle” attack...
The vulnerability of software for discrete event simulation and automation in Rockwell Automation Arena lies in the ability to write code beyond the buffer boundaries in memory, allowing an attacker to execute arbitrary code.
The vulnerability of software for discrete event simulation and automation in Rockwell Automation Arena lies in the writing beyond buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created DOE file...
The vulnerability of software for discrete event simulation and automation in Rockwell Automation Arena lies in the ability to write code beyond the buffer boundaries in memory, allowing an attacker to execute arbitrary code.
The vulnerability of software for discrete event simulation and automation in Rockwell Automation Arena lies in the writing beyond buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created DOE file...