8283 matches found
ROS-20231013-02
Vulnerability of the convertstrings function of the tinfo/readentry.c component of the Ncurses I/O control library is related to reading beyond the allowed data buffer boundaries. terminal Ncurses is related to reading outside the allowed data buffer boundaries. Exploitation of the vulnerability...
ROS-20230913-02
Nextcloud server vulnerability is related to improper access control. Exploitation of the vulnerability could allow an attacker acting remotely to access files within a subfolder of an accessible group folder, even if extended permissions block access to the subfolder. of a group folder, even if...
ROS-20230911-07
A vulnerability in the Moodle virtual learning environment is related to insufficient validation of user input data. data, an attacker could send a specially crafted HTTP request and make the application initiate requests to arbitrary systems. Exploitation of the vulnerability could allow an...
ROS-2-543
2.543 Multiple vulnerabilities in Squid CVE-2021-28651, CVE-2021-28662, CVE-2021-28652, CVE-2021-31806, CVE-2021-31808 1. Vulnerability Description: The vulnerability allows a remote attacker to execute a denial-of-service DoS attack.Identifier of the Information Security Threats Data Bank of the...
ROS-20230621-01
A vulnerability in the Django web application framework is related to the fact that the application does not perform file validation when using a single form field to upload multiple files. files when using a single form field to upload multiple files. Exploiting the vulnerability could allow an...
ROS-20230619-02
A vulnerability in the Redis database is related to insufficient validation of user-entered data, a user could use the HINCRBYFLOAT command to create an invalid hash field. Exploitation of the vulnerability could allow an attacker acting remotely to cause Redis to crash when accessing the affecte...
ROS-20230619-03
A vulnerability in Certifi's specialized certificate collection is related to the presence of a TrustCor certificate in the list of root certificates, the certificate was removed because TrustCor was also in the business of in the spyware business. Exploitation of the vulnerability could allow an...
ROS-20230616-04
Libxml2 library vulnerability is related to NULL pointer dereferencing error in the xmlSchemaFixupComplexType. Exploitation of the vulnerability could allow an attacker acting remotely, to transmit specially crafted data to an application and perform a denial of service attack. The Libxml2 librar...
ROS-20230615-01
LibRaw image processing library vulnerability is related to heap buffer overflow in raw2imageex. Exploitation of the vulnerability could allow an attacker acting remotely to cause an application to application crash due to a maliciously crafted input file...
ROS-20230213-01
A vulnerability in the ImageMagick graphical editor is related to errors in input data processing. Exploitation of the vulnerability may allow a remote intruder to gain access to protected information using the profile parameter. information using the profile parameter Vulnerability of ImageMagic...
ROS-20220407-01
Vulnerability of libsndfile audio file reading and writing library is related to memory leak in function cafreadheader. Exploitation of the vulnerability could allow an attacker acting remotely to force an application to incorrectly free memory before deleting the last link and executing an attac...
ROS-20220125-01
The HTTP client vulnerability for Python urllib3 is related to incorrect input validation when processing URLs with multiple "@" characters in the credentials component. Exploitation of the vulnerability could allow an attacker, remotely, cause resource exhaustion and perform a denial of service...
ROS-2-435
2.435 Open redirect in aiohttp CVE-2021-21330 1. Vulnerability Description: Vulnerability allows cross-site scripting and bypass of security restrictions.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia: BDU:2021-01528 2. Possible measures to eliminate the...
ROS-2-1352
2.1352 Multiple vulnerabilities in libwebp 1. Vulnerability description: CVE-2020-36332 A vulnerability in the libwebp library for encoding and decoding WebP images, is related to improper control of internal resource consumption. Exploitation of the vulnerability could allow an attacker acting...
ROS-2-1178
2.1178 Denial of Service in Open vSwitch CVE-2020-35498 1. Vulnerability Description: The vulnerability allows a remote attacker to execute a denial of service DoS attack.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia: BDU:2021-01134 2. Possible measures to...
ROS-2-809
2.809 Multiple Vulnerabilities in LibTIFF 1. Vulnerability description: CVE-2020-35524 CVE-2020-35523 CVE-2020-35522 CVE-2020-35522 CVE-2020-35521 The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a boundary error in TIFF...
ROS-2-714
2.714 Vulnerability in Mozilla Firefox browser CVE-2021-29967 1. Vulnerability description: Vulnerability in the Mozilla Firefox browser that allows an attacker to execute arbitrary code on the target system.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia: 2...
ROS-2-799
2.799 VLC vulnerability CVE-2020-13428 1. Vulnerability description: Vulnerability in VLC 3.0.11 player The vulnerability could cause a buffer overflow in the hxxxAnnexBtoxVC function. The vulnerability potentially allows to organize attacker's code execution when playing specially formatted vide...
ROS-2-449
2.449 Vulnerability in firefox browser CVE-2020-6819 and CVE-2020-6820 1. Vulnerability description: Two critical vulnerabilities have been discovered that could lead to the execution of attacker code when processing specially formatted content. It is warned that facts of using these...
ROS-2-807
2.807 Vulnerability in PPPD CVE-2020-8597 1. Vulnerability Description: The issue CVE-2020-8597 is a stack buffer overflow vulnerability resulting from a logic error in the EAP Extensible Authentication Protocol packet parser in PPPD eaprequest and eapresponse functions in eap.c. The vulnerabilit...
ROS-2-833
2.833 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote attacke...
ROS-2-633
2.633 Vulnerability in X.Org Server and libX11 CVE-2020-14347, CVE-2020-14344 1. Vulnerability Description: CVE-2020-14347 - Lack of memory initialization when allocating buffers for pixmaps using the AllocatePixmap call can cause the X client to leak the memory contents from the heap when the X...
ROS-2-451
2.451 Denial of Service in Open vSwitch CVE-2020-35498 1. Vulnerability Description: The vulnerability allows a remote attacker to perform a denial-of-service DoS attack.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia: BDU:2021-01134 2. Possible measures to...
ROS-2-698
2.698 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability coul...
ROS-2-694
2.694 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user-entered data when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the...
ROS-2-585
2.585 Denial of Service in libX11CVE-2021-31535 1. Vulnerability Description: The vulnerability allows a local user to execute a denial of service DoS attack. The vulnerability exists due to insufficient validation of color names in the XLookupColor function. A local user can launch a specially...
ROS-2-640
2.640 Vulnerability in Git CVE-2020-11008, CVE-2020-5260 1. Vulnerability Description: Vulnerability in Git. The vulnerability affects the "credential.helper" handlers and is exploited when a specially crafted URL containing a newline character, an empty host, or an unspecified request scheme is...
ROS-2-464
2.464 Multiple vulnerabilities in Mozilla Firefox CVE-2021-23994, CVE-2021-23995, CVE-2021-23996, CVE-2021-23997, CVE-2021-23998, CVE-2021-23999, CVE-2021-24000, CVE-2021-24001, CVE-2021-24002, CVE-2021-29945, CVE-2021-29947, CVE-2021-29946. 1. Vulnerability Description: Vulnerabilities allow a...
ROS-20260616-73-0038
The vulnerability in ImageMagick 7 is related to the lack of memory release after the effective lifespan of the component. Exploiting this vulnerability can allow an attacker to cause a service failure...
ROS-20250515-06
Vulnerability of HTTP/2 protocol implementation is related to the possibility of forming a request flow within an already established network connection without opening new network connections and without confirming receipt of requests. The vulnerability of the HTTP/2 protocol implementation is...
ROS-2-570
2.570 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability Description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...
ROS-20250214-02
A vulnerability in the go-git library is related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A vulnerability in the git-upload-pack method of the go-git library is related to argument injection or...
ROS-20241211-14
A vulnerability in the shell command of the IPython interactive computing shell command is related to access control errors. access delimitation errors. Exploitation of the vulnerability allows an attacker to gain access to sensitive data, compromise its integrity, and cause a denial of service...
ROS-20241119-01
A vulnerability in the ath11k component of the SUNRPC kernel of the Linux system is related to use-after-use errors release in the rpcclntremovepipedir and rpcsetuppipedir functions in net/sunrpc/clnt.c. Exploitation of the vulnerability could allow an attacker to escalate privileges on the syste...
ROS-20241108-01
A vulnerability in the mac80211 component of the Linux operating system kernel is related to information disclosure in the function stainfofree in net/mac80211/stainfo.c. Exploitation of the vulnerability could allow an attacker to gain access to confidential information A vulnerability in the As...
ROS-20241031-02
A vulnerability in the qcom component of the Linux operating system kernel is related to read errors outside of bounds in the F function in drivers/clk/qcom/gcc-ipq9574.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the mm/memory-failu...
ROS-20241015-12
A vulnerability in the tunnels component of the Linux operating system kernel is related to read errors outside the bounds in the iptunnelpmtudbuildicmpv6 function in net/ipv4/iptunnelcore.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in...
ROS-20241003-01
Vulnerability of dmaentryalloccheckleak function of dma-debug component of Linux operating system kernel is related to incorrect locking. Exploitation of the vulnerability could allow an attacker to cause a denial of denial of service Vulnerability in the vaddr-test component of the Linux operati...
ROS-20240917-09
Vulnerability of HTTP/2 protocol implementation is related to the possibility of forming a stream of requests within an already established network connection without opening new network connections and without confirming receipt of requests. The vulnerability of the HTTP/2 protocol implementatio...
ROS-20240916-12
Vulnerability in the crypto.setEngine method of the Node.js software platform is related to flaws in access delimitation access. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the existing security restrictions...
ROS-20240910-06
A vulnerability in the Zabbix universal monitoring system is related to improper code generation controls. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code Zabbix universal monitoring system vulnerability is related to the ability to directly...
ROS-20240904-08
Vulnerability in the MHDcreatepostprocessor function of the HTTP libmicrohttpd web server implementation is related to a improper parsing of the multipart/form-data boundary. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service...
ROS-20240902-12
The vulnerability in the retryablehttp package is related to the lack of purging cleared URLs when writing them to its log file. Exploitation of the vulnerability could allow an attacker to obtain sensitive credentials HTTP basic authentication credentials...
ROS-20240828-07
A vulnerability in the ice component of the Linux operating system kernel is related to the rapid removal and launch of VF Commit. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the kmalloc function in the iouring component of the Linux...
ROS-20240729-10
Vulnerability in HttpServletRequest.getParameter andHttpServletRequest.getParts functions of servlet container Eclipse Jetty is related to the allocation of unlimited memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service The Eclipse Jetty...
ROS-20240708-01
Vulnerability in the HTTP/2 network protocol implementation of the cURL command line utility is related to memory release errors. memory freeing errors. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service Vulnerability in the cURL command line...
ROS-20240606-10
Vulnerability of EVPPKEYparamcheck or EVPPKEYpubliccheck functions of cryptographic library OpenSSL is associated with uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20240529-03
A vulnerability in Git's distributed version control system is related to incorrect path name restriction to the to a restricted directory. Exploiting the vulnerability could allow an attacker acting remotely to execute arbitrary code. remotely to execute arbitrary code...
ROS-20240522-03
A vulnerability in the KUBE-APISERVER component of the virtual machine cluster management software tool Kubernetes is related to the use of containers with a populated envFrom field.Exploitation of the vulnerability could allow an attacker acting remotely to launch containers bypassing the securi...
ROS-20240521-07
Vulnerability in DecodeConfig component of Golang programming language is related to uncontrolled consumption of resources. resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial-of-service condition. denial of service...