ROS-20250624-07

A vulnerability in the Mercurial version control software tool is related to insufficient data cleansing, provided by the user. Exploitation of the vulnerability could allow an attacker acting remotely to perform cross-site scripting XSS attacks. remotely to perform cross-site scripting XSS attac...

The vulnerability of the cloud-based Self-Service Portal service allows unauthorized users and Cisco Duo devices to compromise the confidentiality and integrity of the protected information.

The vulnerability of the cloud-based Self-Service Portal service, which is designed to protect applications from unauthorized users and Cisco Duo devices, stems from the lack of data cleansing measures at the management level. Exploiting this vulnerability could allow a malicious actor to...

The vulnerability of the Git-based software platform for collaborative code development on GitLab EE/CE lies in insufficient data cleansing, which allows attackers to carry out XSS attacks.

The vulnerability of the Git-based software platform for collaborative code development in GitLab EE/CE relates to insufficient cleaning of data provided by users in the Asciidoctor render. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

The vulnerability of the Command Line Interface (CLI) of the Cisco Application Policy Infrastructure Controller allows a perpetrator to enhance their privileges and execute arbitrary commands.

The vulnerability of the Command Line Interface CLI of the Cisco Application Policy Infrastructure Controller management tool is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute...

The vulnerability of D-Link DIR-816 A2’s microprogrammed software, related to the lack of measures taken to clean data at the management level, allows a hacker to execute arbitrary code.

The vulnerability of the D-Link DIR-816 A2 router’s microprogramming software is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

ROS-20250505-04

The vulnerability of the Zabbix universal monitoring system is related to insufficient cleansing of user data passed via the "groupBy" parameter in include/classes/api/CApiService.php. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary SQL queries in the database...

ROS-20250505-05

The vulnerability of the Zabbix universal monitoring system is related to insufficient cleansing of user data passed via the "groupBy" parameter in include/classes/api/CApiService.php. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary SQL queries in the database...

The vulnerability of the SSH plugin of the JetBrains Toolbox, a set of development tools, allows a hacker to execute arbitrary commands.

The vulnerability of the SSH plugin of the JetBrains Toolbox developer’s tools is related to the lack of measures taken at the control level for data cleaning. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the CLI interface of HPE Aruba Networking Access Point software allows a perpetrator to execute arbitrary code.

The vulnerability of the CLI interface of HPE Aruba Networking Access Point software relates to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted packets to the UDP port...

The vulnerability of the BIG-IP Access Policy Manager, as well as software solutions such as BIG-IP Advanced Firewall Manager, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Domain Name System, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Inforcement Manager, BIG-IQ Centralized Management, lies in the lack of measures taken to perform data cleaning at the management level. This allows attackers to circumvent existing security restrictions.

The vulnerabilities of the BIG-IP Access Policy Manager, as well as of other software solutions such as BIG-IP Advanced Firewall Manager, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Domain Name System, BIG-IP Link Controller, BIG-IP Local...

The vulnerability of the Azure Arc software for connecting local infrastructure lies in the lack of data cleansing measures at the management level, allowing attackers to escalate their privileges.

The vulnerability of the Azure Arc software installer for local infrastructure is related to the lack of data cleansing measures at the management level. Exploiting this vulnerability can allow attackers to enhance their privileges...

ROS-20250121-02

A vulnerability in the koji RPM-based build system is related to insufficient cleansing of data provided by the by the user. Exploitation of the vulnerability could allow a remote attacker to perform cross-site scripting XSS attacks. Cross-site scripting XSS attacks...

ROS-20250109-03

Vulnerability of GLPI system of requests, incidents and inventory of computer equipment is related to Failure to take measures to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary code Vulnerability of the GLPI system...

The vulnerability of the command-line interface (CLI) of the Azure Service Connector allows a perpetrator to escalate their privileges.

The vulnerability of the Command Line Interface CLI of the Azure Service Connector relates to the lack of data cleansing measures at the management level. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...

The vulnerability of the web console of the automation process management tool for IT services, Ivanti Cloud Services Appliance, allows a perpetrator to execute arbitrary code.

The vulnerability of the web console of the Ivanti Cloud Services Appliance, which is used for automating IT service management processes, stems from the lack of data cleansing measures at the management level. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...

The vulnerability of the Cortex XSOAR CommonScripts package for security management, automation, and response solutions lies in the lack of data cleansing at the control level, allowing attackers to execute arbitrary commands.

The vulnerability of the Cortex XSOAR CommonScripts package for security management, automation, and response involves a lack of data cleansing measures at the control level. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary commands...

The vulnerability of the web-based console of the network device Ivanti Cloud Services Appliance allows a hacker to execute arbitrary code.

The vulnerability of the network device administrator web console of Ivanti Cloud Services Appliance is related to the lack of data cleansing measures at the management level. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the `requestLetsEncryptSslWithDnsChallenge` function in the NGINX Proxy Manager proxy server allows a attacker to execute arbitrary code.

The vulnerability of the requestLetsEncryptSslWithDnsChallenge function in the NGINX Proxy Manager proxy server is related to the lack of data cleansing measures at the management level. Exploiting this vulnerability could allow an attacker to execute arbitrary commands...

The vulnerability of the industrial server for serial devices of Korenix JetPort, related to the lack of measures taken to clean data at the management level, allows attackers to circumvent existing security restrictions.

The vulnerability of the industrial server for serial devices of Korenix JetPort is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions remotely...

The vulnerability of the SINEMA Remote Connect VPN service, related to the lack of data cleansing at the management level, allows a perpetrator to execute arbitrary codes.

The vulnerability of the SINEMA Remote Connect VPN service lies in the lack of measures taken at the management level for data cleansing. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with system privileges...