Advisory ROSA-SA-2026-3127

software: freerdp 2.11.7 OS: ROSA-CHROME CVE-ID: CVE-2025-4478 BDU-ID: 2025-12117 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the GNOME Remote Desktop service is related to pointer dereferencing errors. Exploitation of the vulnerability could allow an attacker acting remotely to compromise data...

ROS-20251111-11

Vulnerability of function ffaacsearchfortns in component libavcodec/aacenctns.c of multimedia library FFmpeg is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an intruder acting remotely to gain unauthorized access to protected...

EUVD-2023-53326

Malicious code in bioql PyPI...

ROS-20250922-02

The vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client is related to incorrect code generation control. code generation control. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code Vulnerability in Mozilla Firefox, Firefox ESR...

The vulnerability of the DDNS service in the D-Link DIR-816 A2 router software allows a hacker to compromise the integrity of the protected information.

The vulnerability of the DDNS service in the D-Link DIR-816 A2 router software lies in its lack of access control mechanisms. Exploiting this vulnerability allows a malicious actor to compromise the integrity of the protected information...

The vulnerability of the WebRTC component in Google Chrome browsers, related to recording beyond the buffer limit, allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the WebRTC component in the Google Chrome web browser is related to memory corruption beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to access sensitive data, compromise its integrity, and cause service interruptions...

CVE-2024-8285

A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perfor...

The vulnerability of the “Enter Package Data” component of the SAP Group Reporting Data Collection software allows a perpetrator to enhance their privileges and compromise the integrity of the data.

The vulnerability of the “Enter Package Data” component in the SAP Group Reporting Data Collection software relates to deficiencies in authentication procedures. Exploiting this vulnerability can allow attackers to enhance their privileges remotely and compromise the integrity of data...

The vulnerability of the server software HAProxy, related to deficiencies in HTTP request processing, allows attackers to compromise data integrity.

The vulnerability of the server software HAProxy is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a malicious actor to compromise data integrity from a remote location...

The vulnerability of the J-Web interface in Juniper Networks Junos OS-based EX series devices allows a attacker to compromise data integrity and execute arbitrary code.

The vulnerability of the J-Web interface in Juniper Networks Junos OS devices of the EX series involves unlimited loading of dangerous files. Exploiting this vulnerability allows a malicious actor to compromise data integrity and execute arbitrary code remotely...

The vulnerability of the WSGI server for Python Waitress, related to HTTP request processing flaws, allows attackers to compromise data integrity.

The vulnerability of the WSGI server for Python Waitress is related to the improper handling of the recurring Content-Length header. Exploiting this vulnerability allows an attacker to compromise data integrity remotely...

PT-2021-7610 · Cgal +1 · Cgal +1

Name of the Vulnerable Software and Affected Versions: CGAL versions prior to 5.1.1 Description: The issue is related to unverified array indexing in the SNC io parser::read vertex function of the Nef S2/SNC io parser.h component in the CGAL library. This can be exploited by a remote attacker usi...

Oracle Database Server Application Express Component Cross-Site Scripting Vulnerability (CNVD-2020-44292)

Oracle Database Server is the United States Oracle Oracle a set of relational database management system. The database management system provides data management, distributed processing and other functions. Application Express APEX, formerly known as HTML DB is one of the Web applications for the...

The vulnerability of Google Chrome browser developer tools allows a hacker to compromise data integrity.

The vulnerability of Google Chrome browser developer tools is related to improper control over access to critical resources. Exploiting this vulnerability allows a malicious actor to compromise data integrity through a specially created HTML page...

Oracle Marketing Unauthorized Access Vulnerability (CNVD-2020-26998)

Oracle E-Business Suite E-Business Suite is the United States Oracle Oracle company's set of fully integrated global business management software. The software provides customer relationship management, service management, financial management and other functions. marketing is one of the...

The vulnerability of Firefox browser, related to the lack of measures taken to protect the structure of web pages, allows attackers to compromise data integrity.

The vulnerability of Firefox browsers is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to compromise the integrity of data...

The vulnerability of the fly-admin-security-monitor component in the FLY operating system environment of the Astra Linux platform allows a perpetrator to compromise data integrity, gain unauthorized access to protected information, and cause service interruptions.

The vulnerability of the fly-admin-security-monitor component in the FLY operating environment of the Astra Linux system is related to the absence of blocking mechanisms for system commands, as well as the absence of a configuration status for the closed-programming-environment security system...

MongoDB 2.6.x < 2.6.9, 3.0.x < 3.0.14, 3.2.x < 3.2.8 mongod

The version of the remote MongoDB server is 2.6.x prior to 2.6.9, is 3.0.x 3.0.14 or is 3.2.x 3.2.8. It is, therefore, affected by multiple vulnerabilities. - A credentials disclosure vulnerability exists in the PEMKeyPassword, clusterPassword and Windows servicePassword. An unauthenticated local...

Unspecified Vulnerability in Oracle E-Business Suite Marketing (CNVD-2019-40798)

Oracle E-Business Suite E-Business Suite is a fully integrated set of Oracle's global business management software. marketing is one of the Internet-based marketing management components. An unspecified vulnerability exists in Oracle E-Business Suite Marketing. An attacker could exploit this...

Oracle One-to-One Fulfillment Security Bypass Vulnerability

Oracle E-Business Suite E-Business Suite is the United States Oracle Oracle company's set of fully integrated global business management software. The software provides customer relationship management, service management, financial management, etc. Oracle One-to-One Fulfillment is one of the...