8157 matches found
ROS-2-562
2.562 Multiple vulnerabilities in ISC BIND CVE-2021-25216, CVE-2021-25215, CVE-2021-25214 1. Vulnerability Description: CVE-2021-25216 A vulnerability exists due to a boundary error in the GSS-TSIG extension. A remote attacker can send specially crafted requests to the server, trigger a buffer...
ROS-2-580
2.580 Multiple vulnerabilities in PostgreSQL CVE-2021-32027, CVE-2021-32028, CVE-2021-32029 1. Vulnerability Description: CVE-2021-32027 The vulnerability allows a remote attacker to execute arbitrary code on the target system. CVE-2021-32028, CVE-2021-32029 Vulnerability allows a remote user to...
ROS-2-533
2.533 Multiple vulnerabilities in libwebp 1. Vulnerability description: CVE-2020-36332 A vulnerability in the libwebp library for encoding and decoding WebP images, is related to improper control of internal resource consumption. Exploitation of the vulnerability could allow an attacker acting...
ROS-20230622-08
Mozilla Thunderbird email client vulnerability is related to a boundary error in FileReader::DoReadData when reading a file. Exploitation of the vulnerability could allow an attacker acting remotely to cause memory corruption and execute arbitrary code on the target system. memory corruption and...
ROS-20230620-06
Vulnerability of the GENERALNAMEcmp function of OpenSSL library is related to a flaw in the mechanism of data type conversion data type conversion mechanism when processing x400 addresses. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service A...
ROS-20230505-01
Mozilla Thunderbird email client vulnerability involves invalid free operation from code JavaScript. Exploitation of the vulnerability could allow an attacker acting remotely to force the victim to to visit a specially crafted web page, cause memory corruption, and execute arbitrary code. The...
ROS-20230428-05
A vulnerability in Python Packaging Authority installation tools is related to insufficient input validation when processing HTML content. Exploitation of the vulnerability could allow an attacker acting remotely to pass specially crafted data to an application and perform a denial of service...
ROS-20230419-03
The X.Org Server vulnerability is related to a post-release exploit bug where, when handling the deletion of a of a window, Xserver leaves a dangling pointer to that window in the CompScreen structure. Exploitation of the vulnerability could allow an attacker to cause a post-release usage error a...
ROS-20230417-05
A vulnerability in the curl program is related to a problem when processing multiple queries resulting in the ignoring HSTS support. Exploitation of the vulnerability could allow an attacker acting remotely, to cause HSTS functionality to fail by sequentially requesting multiple URLs...
ROS-20230417-01
The vulnerability in Redis database is related to integer overflow in "SRANDMEMBER" commands, "ZRANDMEMBER" and "HRANDFIELD." Exploitation of the vulnerability could allow an attacker to pass specially specially crafted data into an application, cause an integer overflow, and trigger a...
ROS-20230322-03
A vulnerability in the Git program is related to the input of processed input data - a path outside the working tree can be overwritten by a user running "git apply". Exploiting the vulnerability could allow an attacker acting remotely to run the affected command against a malicious or compromise...
ROS-20230315-01
Vulnerability in Mozilla Thunderbird email client related to notifications that are not displayed, when the browser is in full screen mode, allowing an attacker to trick the victim into visiting a malicious website and performing a spoofing attack. to visit a malicious website and perform a...
ROS-20230217-01
Vulnerability in driver management software for multipath access organization multipath-tools is related to privilege management errors. Exploitation of the vulnerability could allow an attacker to elevate privileges to root user...
ROS-20230117-02
A vulnerability in the Open vSwitch software tiered switch is related to loss of integer significance when parsing Auto Attach TLVs. integer when parsing Auto Attach TLVs. Exploitation of the vulnerability could allow an attacker acting remotely to send specially crafted LLDP messages. remotely,...
ROS-20221118-05
A vulnerability in Mozilla Thunderbird email client is related to a memory usage error after a release in the InputStream implementation. Exploitation of the vulnerability could allow an attacker acting remotely, cause a victim to visit a specially crafted website, trigger a post-release usage...
ROS-20220721-01
Vulnerability in the ProcXkbSetGeometry call handler of X.Org Server is related to improper protection of the of signal strength warnings during request length processing. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code or escalate privileges A...
ROS-20220622-02
Vulnerability of the library implementing Perl PCRE2 style regular expressions is related to boundary conditions in the compilexclassmatchingpath function of the pcre2jitcompile.c file. conditions in the compilexclassmatchingpath function of the pcre2jitcompile.c file. Exploitation of the...
ROS-20220620-01
A vulnerability in the program monitoring the communication between the container manager and the conmon runtime environment is related to the fact that the application does not properly monitor the consumption of internal resources within the request ExecSync. Exploitation of the vulnerability...
ROS-20220524-02
A vulnerability in the lightweight DNS, DHCP, and TFTP server Dnsmasq is related to a memory usage error after a release when processing DHCPv6 requests. Exploitation of the vulnerability could allow an attacker, acting remotely, send specially crafted DHCPv6 packets to a vulnerable application,...
ROS-2-1426
2.1426 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...
ROS-2-436
2.436 VLC vulnerability CVE-2021-3185 1. Vulnerability description: Vulnerability in the implementation of the h264parse module developed by the GStreamer project included in the gstreamer-plugins-bad set. The issue is caused by a buffer overflow in the gsth264sliceparsedecrefpicmarking function...
ROS-2-718
2.718 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...
ROS-2-623
2.623 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...
ROS-2-556
2.556 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability coul...
ROS-2-604
2.604 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...
ROS-2-567
2.567 Multiple Exim Server Vulnerabilities 1. Vulnerability description: CVE-2020-28007 A vulnerability in the Exim message forwarding agent, is related to a symbolic link in the Exim log directory. Exploitation of the vulnerability could allow an attacker to create a special symbolic link to a...
ROS-2-806
2.806 Vulnerability in firefox browser CVE-2020-6819 and CVE-2020-6820 1. Vulnerability description: Two critical vulnerabilities have been discovered that could lead to the execution of attacker code when processing specially formatted content. It is warned that facts of using these...
ROS-2-681
2.681 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote attacke...
ROS-2-647
2.647 Multiple vulnerabilities in Apache Tomcat CVE-2021-25122, CVE-2021-25329 1. Vulnerability Description: CVE-2021-25122 CVE-2021-25322 CVE-2021-25329 The vulnerability allows a remote attacker to gain access to sensitive information. The vulnerability exists due to mismanagement of internal...
ROS-2-1218
2.1218 Vulnerabilities in Squid Proxy Server 1. Vulnerability description: Problems are present in the code processing the "@" block at the beginning of a URL "user@host" and allow bypassing access restriction rules, poisoning cache contents and performing a cross-site scripting attack.Identifier...
ROS-2-840
2.840 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...
ROS-20241001-10
A vulnerability in the Parse function of the Go programming language is related to uncontrolled recursion. Exploitation exploitation of the vulnerability could allow a remote attacker to cause a denial of service. A vulnerability in the Decoder.Decode function of the Go programming language is...
ROS-20240828-05
Vulnerability in the Connector/J component of the MySQL Connectors driver of the Oracle database management system MySQL exists due to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to read, modify, add or delete data...
ROS-20240812-11
The GLPI Agent universal control agent vulnerability involves modifying GLPI-Agent code or allows a DLL to be used to modify the agent's logic. Exploitation of the vulnerability could allow an attacker to privilege escalation...
ROS-20240730-08
Eclipse Jetty servlet container vulnerability is related to errors in processing input data length parameters. data length parameters. Exploitation of the vulnerability could allow an attacker acting remotely to perform a "HTTP request smuggling" attack The Eclipse Jetty servlet container...
ROS-20240730-09
Vulnerability of NTLM New Technology LAN Manager protocol implementation in Exim mail server is related to operation exceeding buffer boundaries in memory when processing requests. Exploitation of the vulnerability could allow a remote intruder to gain unauthorized access to protected information...
ROS-20240729-21
Vulnerability of authorization plugins AuthZ of the software for automating deployment and management of applications in containerized environments Docker Engine is related to flaws in the AuthZ plugin. application management in containerization-enabled environments Docker Engine is associated wi...
ROS-20240701-03
Vulnerability in Moodle virtual learning environment related to improper validation of allowed event types in the calendar web service. events in the calendar web service. Exploitation of the vulnerability could allow an attacker acting remotely, to create events with types/audience for which the...
ROS-20240625-01
Vulnerability in tiff.c file of ImageMagick console graphics editor related to buffer overflow in the heap. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
ROS-20240618-01
A vulnerability in the SVG Handler component of the RoundCube email client is related to cross-site scripting attacks. Exploitation of the vulnerability could allow an attacker acting remotely to exploit XSS via the SVG animation attributes. Vulnerability in the User Preferences Handler component...
ROS-20240527-02
A vulnerability in the CONNECT v5 component of the Mosquitto message broker is related to a lack of memory release after an effective lifetime. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service A...
ROS-20240521-05
A vulnerability in the Hotspot component of the Oracle Java SE software platform and Oracle GraalVM Virtual Machine Enterprise Edition exists due to insufficient input validation. Exploitation of the vulnerability could Allow a remote attacker to disclose protected information A vulnerability in...
ROS-20240415-03
Vulnerability of aprbase64 function of Apache Portable Runtime APR library is related to the ability to to write outside the buffer, act remotely, execute arbitrary code...
ROS-20240411-04
Vulnerability of sessionReadRecord function of ext/session/sqlite3session.c file of database management system SQLite is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely to affect confidentiality, integrity, and availability...
ROS-20240410-18
The vulnerability of Runc's isolated container launch tool is related to a flaw in the delimitations of the controlled area of the system. Exploitation of the vulnerability could allow an attacker to execute arbitrary code outside the isolated program environment by overwriting executable files...
ROS-20240409-01
A vulnerability in the urllib.parse component of the Python programming language interpreter is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely, bypass URL blocking starting with empty characters A vulnerability in the Python...
ROS-20240408-08
Vulnerability of xorg-x11-server package is related to memory usage after it is freed when processing Button Action objects. Button Action objects. Exploitation of the vulnerability could allow an attacker to elevate his privileges and execute arbitrary code in root context The xorg-server packag...
ROS-20240408-01
Vulnerability in DecodeConfig component of Golang programming language is related to uncontrolled consumption of resources. resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial-of-service condition. denial of service A vulnerability in the...
ROS-20240408-21
A vulnerability in the smtp service of the Exim mail server is related to the injection of email messages with a spoofed MAIL FROM address, which allows bypassing the SPF protection mechanism. spoofed MAIL FROM address, which allows to bypass SPF protection mechanism. Exploitation of the...
ROS-20240408-11
A vulnerability in the HTTP Requests library of the Python Requests programming language is related to insufficient protection of service data. inadequate protection of proprietary data. Exploitation of the vulnerability could allow an attacker acting remotely, gain unauthorized access to protect...