ROS-20260514-73-0002

A vulnerability in the phparraymergewrapper function of the PHP programming language involves buffer copying without input validation. Exploitation of the vulnerability could allow a remote attacker to compromise data integrity and cause a denial of service...

The vulnerability of the RabbitMQ messaging broker lies in the failure to remove script-related HTML tags from web pages, allowing attackers to compromise data integrity.

The vulnerability of the RabbitMQ messaging broker is related to the failure to remove script-related HTML tags from web pages. Exploiting this vulnerability allows an attacker to compromise data integrity remotely...

ROS-20240704-08

A vulnerability in the curl program line utility is related to the storage of HSTS data in a file with a too long name, curl can delete the entire contents, causing subsequent requests using the file to be unaware of the HSTS status they should have used. file will be unaware of the status of the...

The vulnerability of the JavaFX component of the Oracle Java SE software platform and the Oracle GraalVM Enterprise Edition virtual machine allows attackers to compromise data integrity.

The vulnerability of the JavaFX component of Oracle Java SE and the Oracle GraalVM Enterprise Edition virtual machine is a flaw in the authentication process. Exploiting this vulnerability allows an attacker to compromise data integrity remotely...

The vulnerability of the Alternate Services component in the Firefox web browser, related to integer overflow, allows an attacker to compromise data integrity.

The vulnerability of the Alternative Services component in the Firefox web browser is related to a numerical overflow condition. Exploiting this vulnerability allows an attacker to compromise data integrity remotely...

The vulnerability of the Autofill function in Microsoft Edge and Google Chrome browsers allows attackers to compromise data integrity.

The vulnerability of the Autofill function in Microsoft Edge and Google Chrome browsers is related to improper security checks for standard elements. Exploiting this vulnerability can allow an attacker to compromise data integrity remotely...

The vulnerability of the Git-based software platform for collaborative code development on GitLab arises from insufficient neutralization of certain elements in the query, allowing an attacker to compromise data integrity.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to the insufficient neutralization of certain elements in the request. Exploiting this vulnerability allows a malicious actor to compromise data integrity remotely...

The vulnerability of TLS and SSL Mbed TLS implementations lies in errors in the certificate validation process, which allows attackers to compromise the integrity of data.

The vulnerability of TLS and SSL Mbed TLS implementations is related to the incorrect use of the revocationDate check. Exploiting this vulnerability allows a remote attacker to compromise the integrity of data...

The vulnerability of the Clipboard editing plugin for the CKEditor WYSIWYG editor allows a hacker to compromise data integrity.

The vulnerability of the Clipboard editing plugin of the CKEditor editor is related to improper handling of code generation. Exploiting this vulnerability allows an attacker to compromise data integrity remotely...

The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from the lack of protective measures for website structures, allowing attackers to compromise data integrity.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to the absence of markdown filtering. Exploiting this vulnerability allows a malicious actor to compromise data integrity remotely...

The vulnerability of the Midnight Commander file manager, related to deficiencies in authentication procedures, allows attackers to compromise data integrity.

The vulnerability of the Midnight Commander file manager is related to the lack of checks and display of server timestamps. Exploiting this vulnerability allows a malicious actor to compromise data integrity remotely...

The vulnerability of the RabbitMQ messaging broker, related to the lack of protective measures for the website structure, allows attackers to compromise data integrity.

The vulnerability of the RabbitMQ messaging broker is related to improper validation of user input. Exploiting this vulnerability allows a malicious actor to compromise data integrity remotely...

The vulnerability of the Tar.php file in the Archive_Tar package of the PHP PEAR library arises from an improper restriction on the path name of the directory. This allows a attacker to compromise data integrity.

The vulnerability of the Tar.php file in the ArchiveTar package from the PHP PEAR library is related to improper handling of symbolic links. Exploiting this vulnerability could allow an attacker to compromise data integrity remotely...

The vulnerability of the Google Chrome browser’s Payment function, related to deficiencies in authentication procedures, allows attackers to compromise data integrity.

The vulnerability of the Google Chrome browser’s Payment function is related to the insufficient implementation of security policies. Exploiting this vulnerability could allow a malicious actor to compromise data integrity remotely...

The vulnerability of Google Chrome’s full-screen mode, related to insufficient validation of input data, allows a hacker to compromise data integrity.

The vulnerability of the full-screen mode of the Google Chrome browser is related to the insufficient implementation of security policies. Exploiting this vulnerability can allow a malicious actor to compromise data integrity remotely...

The vulnerability of the Python programming language’s pip module relates to deficiencies in pathname restrictions for directories, allowing attackers to compromise data integrity.

The vulnerability of the Python programming language’s pip module is related to shortcomings in pathname restrictions when specifying software for installation via URLs. Exploiting this vulnerability allows an attacker to compromise data integrity remotely...

The vulnerability relates to the implementation of WebRTC in Google Chrome, Firefox, Firefox-ESR web browsers, and Thunderbird email client. It involves buffer overflow attacks, allowing attackers to compromise data integrity.

The vulnerability in WebRTC implementations of Google Chrome, Firefox, Firefox-ESR, and the Thunderbird email client is related to buffer overflow attacks. Exploiting this vulnerability can allow an attacker to compromise data integrity remotely...

The vulnerability of Google Chrome’s Content Security Policy component allows a perpetrator to compromise data integrity.

The vulnerability of Google Chrome’s Content Security Policy component is related to the lack of standard permission mechanisms. Exploiting this vulnerability could allow a malicious actor to compromise data integrity remotely...

The vulnerability of the vAnalytics function in the programmatically defined Cisco SD-WAN network allows a attacker to compromise data integrity.

The vulnerability of the vAnalytics function in the programmatically defined Cisco SD-WAN network is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to compromise data integrity from a remote location...

The vulnerability of the parsec inode permission module in the linux-astra-modules package, related to access control deficiencies for non-functional Unix sockets, allows a intruder to compromise data integrity.

The vulnerability of the parsec inode permission module in the linux-astra-modules package is related to deficiencies in access control for non-functional Unix sockets. Exploiting this vulnerability could allow a malicious actor to compromise data integrity from a remote location...