Advisory ROSA-SA-2025-2655

Software: webkit4 2.44.1 OS: ROSA-CHROME packageevrstring: webkit4-2.44.1-1 CVE-ID: CVE-2023-28198 BDU-ID: 2023-04538 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the macOS operating system WebKit web page display module is associated with a post-release exploit error. Exploitation of the...

The vulnerability of the Core server component of Oracle WebLogic Server, a software platform of Oracle Fusion Middleware, allows an attacker to gain full access to the vulnerable software.

The vulnerability of the Core server component of Oracle WebLogic Server, a software platform of Oracle Fusion Middleware, is related to errors in processing input data. Exploiting this vulnerability allows an attacker, operating remotely, to gain full access to the vulnerable software by sending...

ROS-20241015-16

A vulnerability in the Networking component of Oracle GraalVM Enterprise Edition virtual machines, Oracle GraalVM for JDK and Oracle Java SE software platform is related to incorrect authorization. Exploitation of the vulnerability could allow an attacker acting remotely to impact data integrity ...

The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to execute arbitrary code.

The vulnerability of the Core component of the Oracle VM VirtualBox software is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the MMS interpreter in the WagoAppRTU library of the Wago Telecontrol configuration tool allows a perpetrator to cause a service failure.

The vulnerability of the MMS interpreter in the WagoAppRTU library of the Wago Telecontrol configuration tool is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures by sending specially crafted MMS...

The vulnerability of the web page rendering modules in WebKitGTK and WPE WebKit lies in errors in the processing of input data during syntax analysis of code. This allows an attacker to execute arbitrary code.

The vulnerability of the Web page rendering modules in WebKitGTK and WPE WebKit is related to errors in processing input data during syntax analysis of the code. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

The vulnerability of the setTracerouteCfg function in the microprogramming software of TOTOLINK EX1200L allows a intruder to execute arbitrary commands.

The vulnerability of the setTracerouteCfg function in TOTOLINK EX1200L router microprogramming systems is related to errors in processing input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary commands remotely...

The vulnerability of the file transfer protocol implementation of the Cisco NX-OS operating system for Cisco Nexus series 3000 and 9000 switches allows a perpetrator to upload or overwrite arbitrary files.

The vulnerability of the file transfer protocol implementation of the Cisco NX-OS operating system for Cisco Nexus series 3000 and 9000 switches is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to upload or re-write any files as desired...

The vulnerability of the SQFS file analyzer of the 7-Zip compressor allows a hacker to execute arbitrary code.

The vulnerability of the SQFS-file analyzer of the 7-Zip compressor is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by causing the user to open malicious links or files...

PT-2023-4051

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 11.0.19, 17.0.7, 20.0.1 Oracle GraalVM Enterprise Edition versions 20.3.10, 21.3.6, 22.3.2 Oracle GraalVM for JDK versions 17.0.7, 20.0.1 Description The issue is related to errors in processing input data in the Utilit...

PT-2023-3918 · Oracle · Oracle Solaris

Name of the Vulnerable Software and Affected Versions: Oracle Solaris affected versions not specified Description: The issue is related to errors in processing input data in the Device Driver Interface component of the Oracle Solaris operating system. Exploitation of this issue may allow an...

The vulnerability of the Microsoft Exchange Server, related to errors in processing input data in the OWA interface, allows a perpetrator to perform an SSRF attack.

The vulnerability of Microsoft Exchange Server is related to errors in processing input data in the OWA interface. Exploiting this vulnerability can allow a malicious actor to execute an SSRF attack remotely...

The vulnerability in the implementation of the Internet Key Exchange (IKE) protocol in Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the Internet Key Exchange IKE protocol implementation in Windows operating systems is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted IKEv1 packets...

The vulnerability of the Thunderbird email client, related to errors in processing input data, allows a hacker to circumvent existing security restrictions.

The vulnerability of the Thunderbird email client is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions by sending a specially crafted email with the iframe srcdoc attribute...

The vulnerability in the isolated iframe of the Thunderbird email client allows a hacker to circumvent existing security restrictions.

The vulnerability of the isolated iframe environment in the Thunderbird email client is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions by sending specially crafted electronic emails...

The vulnerability of the HTTP interface implementation for Zyxell network interfaces allows attackers to execute arbitrary commands.

The vulnerability of the HTTP interface implementation for Zyxell network interfaces relates to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely by introducing a specially crafted file...

The vulnerability of the DNS server service in Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the DNS server service in Windows operating systems is related to errors in processing input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the REST API implementation of the network management system’s data center management module allows a attacker to re-record any files on the device.

The vulnerability of the REST API interface of the Cisco Data Center Network Manager DCNM system is related to errors in processing input data. Exploiting this vulnerability allows an attacker to re-record any files on the device remotely...

The vulnerability of the REST API implementation of the network management system’s data center management module allows a attacker to gain access to protected information.

The vulnerability of the REST API interface of the Cisco Data Center Network Manager DCNM system is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to gain access to protected information remotely...

CVE-2020-3225

Multiple vulnerabilities in the implementation of the Common Industrial Protocol CIP feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service DoS condition. The vulnerabilities a...