8159 matches found
ROS-2-1545
2.1545 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...
ROS-20230414-02
DNS server BIND vulnerability is related to reachable assertion in DNS query processing. Exploitation The vulnerability allows an attacker acting remotely to send repeated patterns of specific requests to servers with DNSSEC-Validated Cache synth-from-rom enabled. queries to servers with the...
ROS-20230324-01
Vulnerability of Samba networking software package is related to errors in symbolic links processing. links. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to the server's server file system Vulnerability of unwrapdes and unwrapdes3 functions of GSSAPI...
ROS-20221222-04
A vulnerability in the PHP programming language interpreter is related to boundary conditions in the function imageloadfont. Exploitation of the vulnerability could allow an attacker acting remotely to pass the specially crafted data to a web application, cause a read error outside of the boundar...
ROS-20221207-01
A vulnerability in the inflate.c component of the zlib library is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code...
ROS-20221103-02
PJSIP multimedia library vulnerability is related to a buffer overflow error in the PJSIP parser PJSIP parser, PJMEDIA RTP decoder and PJMEDIA SDP parser. Exploitation of the vulnerability could allow an attacker acting remotely to cause a flow failure and gain access to potentially sensitive...
ROS-20220701-02
A vulnerability in the Mozilla Firefox browser is related to improper handling of the CSP sandbox header without the the "allow scripts" parameter. Exploitation of the vulnerability could allow an attacker acting remotely to use an iframe to bypass an implemented CSP restriction and exploit it...
ROS-20220330-01
Vulnerability in the network block device implementation client library libnbd, related to the mechanism of error handling mechanism in the nbdcopy tool when executing multithreaded copies using asynchronous nbd nbd calls. Exploitation of the vulnerability could allow an attacker acting remotely ...
ROS-20220324-02
A vulnerability in the QEMU emulator is related to an incorrect implementation of the QEMU shared file system daemon virtio-fs virtiofsd. Exploitation of the vulnerability could allow an attacker, in a guest OS, to create files in directories shared by virtio-fs, with unintended group ownership i...
ROS-20220125-04
Apache Log4j2 Java program logging library vulnerability is related to the lack of additional JNDI access controls. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code using the JDBC Appender. remotely execute arbitrary code using the JDBC Appender...
ROS-2-1661
2.1661 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...
ROS-2-544
2.544 Multiple vulnerabilities in PostgreSQL CVE-2021-32027, CVE-2021-32028, CVE-2021-32029 1. Vulnerability Description: CVE-2021-32027 The vulnerability allows a remote attacker to execute arbitrary code on the target system. CVE-2021-32028, CVE-2021-32029 Vulnerability allows a remote user to...
ROS-2-1251
2.1251 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...
ROS-2-489
2.489 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...
ROS-2-456
2.456 Multiple vulnerabilities in Mozilla Thunderbird Mozilla Firefox CVE-2021-23953-CVE-2021-23965, CVE-2021-23991-CVE-2021-23993 1. Vulnerability Description: The vulnerability allows a remote attacker to gain access to potentially sensitive information. Vulnerability allows a remote attacker t...
ROS-2-569
2.569 Vulnerability in Mozilla Thunderbird email client CVE-2021-29964, CVE-2021-29967 1. Vulnerability description: CVE-2021-29964 A vulnerability in the Mozilla Thunderbird email client, is related to boundary conditions. Exploitation of the vulnerability could allow an attacker acting remotely...
ROS-2-795
2.795 Vulnerability in sudo CVE-2021-3156 1. Vulnerability Description: The vulnerability allows root access without authentication and without having the necessary credentials. The issue can be exploited by any user, regardless of their presence in system groups or the presence of an entry in th...
ROS-2-552
2.552 Vulnerability in Mozilla Firefox browser CVE-2021-29967 1. Vulnerability description: A vulnerability in the Mozilla Firefox browser that allows an attacker to execute arbitrary code on the target system.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia: 2...
ROS-2-669
2.669 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote attacke...
ROS-2-634
2.634 Vulnerability in Curl CVE-2020-8177 1. Vulnerability Description: The vulnerability allows a local file on the system to be overwritten when accessing an attacker-controlled server. The problem only occurs when the "-J" "--remote-header-name" and "-i" "--head" options are used...
ROS-2-830
2.830 Nettle library vulnerabilityCVE-2021-20305 1. Vulnerability Description: A Nettle library vulnerability involving the use of a failed cryptographic algorithm and allowing an unauthenticated remote attacker to execute arbitrary code.FSTEC Russia Information Security Threats Data Bank...
ROS-2-649
2.649 Multiple vulnerabilities in libwebp 1. Vulnerability description: CVE-2020-36332 A vulnerability in the libwebp library for encoding and decoding WebP images, is related to improper control of internal resource consumption. Exploitation of the vulnerability could allow an attacker acting...
ROS-2-973
2.973 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...
ROS-2-563
2.563 Nettle library vulnerabilityCVE-2021-20305 1. Vulnerability Description: A Nettle library vulnerability involving the use of a failed cryptographic algorithm and allowing an unauthenticated remote attacker to execute arbitrary code.FSTEC Russia Information Security Threats Data Bank...
ROS-2-652
2.652 OpenVPN Authentication Bypass CVE-2020-15078 1. Vulnerability Description: The vulnerability allows a remote attacker to bypass authentication and access restrictions to leak VPN configuration data. The issue only occurs on servers that are configured to use deferredauth. Under certain...
ROS-2-643
2.643 Vulnerability in PPPD CVE-2020-8597 1. Vulnerability Description: The issue CVE-2020-8597 is a stack buffer overflow vulnerability resulting from a logic error in the EAP Extensible Authentication Protocol packet parser in PPPD eaprequest and eapresponse functions in eap.c. The vulnerabilit...
ROS-2-474
2.474 Denial of Service in Libxml2 CVE-2021-3541 1. Vulnerability Description: The vulnerability allows a remote attacker to perform a denial of service DoS attack. The vulnerability exists due to insufficient validation of user input. A remote attacker can pass specially crafted input data to an...
ROS-20241129-02
A vulnerability in the openvswitch component of the Linux operating system kernel is related to incorrect input validation in the parseicmpv6 function in net/openvswitch/flow.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the cppccpufr...
ROS-20241107-01
A vulnerability in the imx component of the Linux kernel is associated with a memory leak in the function ipucscscalerrelease in drivers/staging/media/imx/imx-media-csc-scaler.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service Vulnerability in Linux kernel...
ROS-20241106-01
Vulnerability of the supply component of the Linux kernel is related to resource management errors in the bq27xxxbatteryi2cremove function in drivers/power/supply/bq27xxxbatteryi2c.c. Exploitation of the of the vulnerability could allow an attacker to cause a denial of service A vulnerability in...
ROS-20241021-07
Vulnerability of ssh-agent of OpenSSH cryptographic protection tool is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service or execute arbitrary code...
ROS-20240829-01
A vulnerability in the Core component of the Oracle VM VirtualBox virtualization software tool is related to resource release errors. resource release errors. Exploitation of the vulnerability could allow an attacker to cause a denial of service Vulnerability in the Core component of the Oracle V...
ROS-20240813-01
The vulnerability of the nftsetrbtree function net/netfilter/nftsetrbtree.c of the Netfilter component of the Linux operating system is related to the operation exceeding the memory buffer boundaries. component of the Netfilter component of the Linux operating system is related to an operation...
ROS-20240704-04
Vulnerability of the OpenSSL cryptographic library is related to a call of the OpenSSL API function SSLfreebuffers function, resulting in access to previously freed memory. Exploitation of the vulnerability could Allow an attacker acting remotely to cause a denial of service...
ROS-20240625-01
Vulnerability in tiff.c file of ImageMagick console graphics editor related to buffer overflow in the heap. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
ROS-20240619-01
A vulnerability in the OpenSSH ECDSA Key Handler component of the OpenSSH ECDSA Key Handler technology for signing and encrypting JavaScript objects in Python is related to the definition of a blacklist of prefixes for public keys. Exploitation of the vulnerability could allow an attacker acting...
ROS-20240527-04
A vulnerability in the Git distributed version control system exists due to a process control issue. Exploitation of the vulnerability could allow an attacker to execute arbitrary code when cloning specially crafted local repositories A vulnerability in the Git distributed version control system ...
ROS-20240514-01
The vulnerability of the file includes/specials/SpecialMovePage.php of the software tool for implementing the MediaWiki hypertext environment is related to incorrect resource clearing or freeing. Exploitation The vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20240507-08
Vulnerability of nghttp2 library in part of HTTP/2 protocol implementation is related to uncontrolled resource consumption as a result of incorrect header termination detection during CONTINUATION frames processing. resources as a result of incorrect header termination detection during CONTINUATI...
ROS-20240507-07
A vulnerability in the ProcRenderAddGlyphs function of the X Window System Xorg-server is related to the use of memory after it has been freed. Exploitation of the vulnerability could allow an attacker to execute arbitrary code using a specially crafted file Vulnerability of ProcXIPassiveGrabDevi...
ROS-20240503-03
A vulnerability in the Containerd container runtime environment is related to a flaw in the authentication procedure. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information. information...
ROS-20240423-11
A vulnerability in the Libvirt virtualization management daemon is related to memory re-release. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data, compromise its integrity, and cause a denial of service. integrity, and cause a denial of service...
ROS-20240423-02
Vulnerability of gnew0 function of Libvirt virtualization management library is related to incorrect checking of negative array length before memory allocation. checking for negative array length before allocating memory. Exploitation of the vulnerability could allow an attacker to cause a denial...
ROS-20240418-02
Vulnerabilities in Microsoft .NET Framework, .NET software platforms, and Microsoft Visual Studio software development tool are related to security settings errors. Microsoft Visual Studio software development tool is related to errors in security settings. Exploitation vulnerability could allow ...
ROS-20240411-06
A vulnerability in the xmalloc in function of the openvswitch module is related to a lack of memory release after an effective lifetime. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service...
ROS-20240410-16
A vulnerability in the xmlValidatePopElement function of the XML Reader Interface component of the Libxml2 library is related to the memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service using a specially...
ROS-20240410-05
The vulnerability of the Moby containerization software tool is related to the lack of validation of received requests. no validation of received requests. Exploitation of the vulnerability could allow an intruder, acting remotely, to gain unauthorized access to protected information...
ROS-20240404-14
The vulnerability of the library for controlling input/output to the terminal ncurses is related to the possibility of writing beyond the buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to impact the confidentiality, integrity, and availability of protected...
ROS-20240402-03
A vulnerability in the Redis database management system DBMS involves integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
ROS-20240402-05
Vulnerability of TiXmlDeclaration::Parse function in tinyxmlparser.cpp component of TinyXML XML-parser is related to the use of assert operator when processing 0 character after space. using assert operator when processing 0 character after a space. Exploitation vulnerability could allow an...