8162 matches found
ROS-2-642
2.642 Vulnerability in firefox browser CVE-2020-6819 and CVE-2020-6820 1. Vulnerability description: Two critical vulnerabilities have been discovered that could lead to the execution of attacker code when processing specially formatted content. It is warned that facts of using these...
ROS-2-833
2.833 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote attacke...
ROS-2-453
2.453 Buffer Overflow in Python3 CVE-2021-3177 1. Vulnerability Description: CVE-2021-3177 The vulnerability is capable of causing code execution when processing unchecked floating point numbers in handlers that call C functions using the ctypes mechanism. 2. Possible measures to eliminate the...
ROS-2-451
2.451 Denial of Service in Open vSwitch CVE-2020-35498 1. Vulnerability Description: The vulnerability allows a remote attacker to perform a denial-of-service DoS attack.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia: BDU:2021-01134 2. Possible measures to...
ROS-2-977
2.977 VLC vulnerabilities with specially designed playlists 1. Vulnerability description: A remote user can create a specially crafted file that can cause various issues. It is possible to trigger remote code execution through a specially created playlist and trick the user into interacting with...
ROS-2-1180
2.1180 Buffer Overflow in Python3 CVE-2021-3177 1. Vulnerability Description: CVE-2021-3177 The vulnerability is capable of causing code execution when processing unchecked floating point numbers in handlers that call C functions using the ctypes mechanism. 2. Possible measures to eliminate the...
ROS-2-694
2.694 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user-entered data when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the...
ROS-2-441
2.441 Vulnerability in Curl CVE-2020-8177 1. Vulnerability Description: The vulnerability allows a local file on the system to be overwritten when accessing an attacker-controlled server. The problem only occurs when the "-J" "--remote-header-name" and "-i" "--head" options are used...
ROS-2-483
2.483 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...
ROS-2-532
2.532 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability Description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...
ROS-2-879
2.879 Nettle library vulnerabilityCVE-2021-20305 1. Vulnerability Description: A Nettle library vulnerability involving the use of a failed cryptographic algorithm and allowing an unauthenticated remote attacker to execute arbitrary code.FSTEC Russia Information Security Threats Data Bank...
ROS-20260524-73-0019
A vulnerability in the Security component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient protection of proprietary data. Exploitation of the vulnerability could allow an attacker to gain access to...
ROS-20260508-73-0014
Vulnerability in nodejs-minimatch related to the use of regular expression with inefficient computational complexity. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20241125-01
A vulnerability in the f2fs component of the Linux operating system kernel is related to a memory corruption in the function f2fsinitpagearraycache in f2fs/compress.c. Exploitation of the vulnerability could allow an attacker to gain access to confidential information A vulnerability in the sim...
ROS-20241115-02
A vulnerability in the octeontx2-pf component of the Linux kernel is related to a memory leak in the function otx2qosreadtxschqcfgtl in drivers/net/ethernet/marvell/octeontx2/nic/qos.c. Exploitation of the of the vulnerability could allow an attacker to cause a denial of service A vulnerability i...
ROS-20241031-01
A vulnerability in the nilfs2 component of the Linux operating system kernel is related to improper error handling in the nilfsgetblock function in fs/nilfs2/inode.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the nilfs2 component of...
ROS-20241028-03
The vulnerability of the quota component of the Linux kernel is related to the NULL pointer dereferencing in the functions dquotmarkdquotdirty, dquotallocspace, dquotallocinode, EXPORTSYMBOL, dquotclaimspacenodirty, dquotreclaimspacenodirty, dquotfreespace, dquotfreeinode, and dquottransfer in...
ROS-20240827-09
A vulnerability in GLPI's computer hardware requisition, incident, and inventory system is related to external file name or path control. Exploitation of the vulnerability could allow an attacker acting remotely, to upload a malicious PHP script and hijack the plugin loader to execute that...
ROS-20240821-02
Vulnerability of the seg6init function in the net/ipv6/seg6.c module of the IPv6 protocol implementation of the Linux kernel is related to the reuse of previously freed memory. Linux kernel is related to the reuse of previously freed memory. Exploitation of the vulnerability could allow an attack...
ROS-20240815-10
Vulnerability of the nsVacmAccessTable function in the OID Handler component of the Net-SNMP software suite of the Linux operating system is related to dereferencing of the NULL pointer. of Linux operating system is related to dereferencing of NULL pointer. Exploitation of the vulnerability could...
ROS-20240814-05
A vulnerability in the "Save As" function of Mozilla Firefox, Firefox ESR and Thunderbird email client on Windows operating systems is related to insufficient input data validation. Thunderbird email client of Windows operating systems is related to insufficient input data validation. Exploitatio...
ROS-20240806-17
The 389 Directory Server vulnerability is related to the creation of a special LDAP query, that has the potential to cause a failure on the directory server. Exploitation of the vulnerability could Allow an attacker acting remotely to cause a denial of service...
ROS-20240730-01
A vulnerability in the freempimage function of the free media player Mplayer is related to writing outside of memory boundaries memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service Vulnerability in free mpgetbits function of Mplayer media player is relate...
ROS-20240729-20
Squid proxy server vulnerability is related to writing beyond buffer boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20240703-12
An Apache Tomcat application server vulnerability is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using specially crafted HTTP/2 requests...
ROS-20240627-05
A vulnerability in the updatesctpchecksum function of the QEMU hardware emulator is related to a reachability assertion when attempting to calculate the checksum of a fragmented packet of small size. of reachability when attempting to compute the checksum of a fragmented small packet. Exploitatio...
ROS-20240620-17
Vulnerability of importmultispectralquantum function of ImageMagick console graphical editor is caused by by a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service Vulnerability in the ReadTIFFImage function of the ImageMagick...
ROS-20240611-15
Vulnerability in archive-zip component of Golang programming language is related to incorrect processing of zip files. zip files. Exploitation of the vulnerability could allow an attacker to create a potentially dangerous zip file A vulnerability in the net-netip component of the Golang programmi...
ROS-20240611-10
Vulnerability of uvgetaddrinfo function src/unix/getaddrinfo.c, src/win/getaddrinfo.c of libuv asynchronous I/O library is related to insufficient checking of incoming requests. libuv asynchronous I/O is due to insufficient checking of incoming requests. Exploitation of the vulnerability could...
ROS-20240527-03
Vulnerabilities in the idna.encode functions of the Internationalized Domain Names in Applications IDNA are associated with an uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of...
ROS-20240521-07
Vulnerability in DecodeConfig component of Golang programming language is related to uncontrolled consumption of resources. resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial-of-service condition. denial of service...
ROS-20240521-08
A vulnerability in the API interface of the Grafana web-based data representation tool is related to insecure privilege management. privilege management. Exploitation of the vulnerability could allow an attacker acting remotely, gain unauthorized access to restricted functions A vulnerability in...
ROS-20240507-05
Vulnerability of setKey function of minimist command line argument parsing library is related to uncontrolled change of object prototype attributes. Exploitation of the vulnerability could allow an attacker to implement a "prototype pollution" attack...
ROS-20240426-02
A vulnerability in the Microsoft .NET software platform is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20240423-03
Vulnerability in the /krb5/src/lib/rpc/pmaprmt.c component of the Kerberos network protocol implementation is related to memory freeing errors. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service Vulnerability in component...
ROS-20240422-09
Apache Tomcat application server vulnerability is related to incomplete cleanup of temporary or auxiliary resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service...
ROS-20240415-02
Vulnerability of udevListInterfacesByStatus function in module src/interface/interfacebackendudev.c of libvirt library is caused by an off-by-one error. module of the libvirt library has an off-by-one error. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
ROS-20240415-04
Wireshark computer network traffic analyzer vulnerability related to memory leak in USB dissector HID. Exploitation of the vulnerability could allow an attacker acting remotely to perform a denial of denial of service...
ROS-20240411-01
A vulnerability in the modauthzsvn module of the Subversion centralized version control system is related to incorrectly handling requests for non-existent URLs. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20240410-04
The vulnerability of the aresreadline function of the C-ares asynchronous DNS query library is related to the operation exceeding the buffer boundaries in memory. beyond the buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to cause a denial of denial of servi...
ROS-20240410-10
Vulnerability of vmm-sys-util module set is related to the lack of checking if the length, stored in the header matches the length of the flexible array. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service...
ROS-20240410-15
A vulnerability in the vim text editor is related to the call to sprintf to write to an error buffer, which is passed to the option callback functions. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
ROS-20240409-17
Vulnerability of linebytessplit function src/split.c of GNU Core Utilities GNU Coreutils is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
ROS-20240408-20
A vulnerability in the smtp service of the Exim mail server is related to the injection of email messages with a spoofed MAIL FROM address, which allows bypassing the SPF protection mechanism. spoofed MAIL FROM address, which allows to bypass SPF protection mechanism. Exploitation of the...
ROS-20240408-03
Vulnerability of derivatespatiallumavectorprediction function of h.265 Libde265 video codec implementation is related to with the ability to write beyond buffer boundaries in memory. Exploiting the vulnerability could allow an attacker, acting remotely, to affect the confidentiality, integrity an...
ROS-20240408-19
A vulnerability in the file include/logging/RightsLogFormatter.php of a software tool for implementing the MediaWiki hypertext environment is related to incorrect input neutralization during the creation of a web page. web page. Exploitation of the vulnerability could allow an attacker acting...
ROS-20240408-10
GNU FriBidi library vulnerability is caused by a buffer overflow on the stack. Exploiting the vulnerability could allow an attacker acting remotely to execute arbitrary code Vulnerability in the fribidicaprtltounicode function of the GNU FriBidi library is caused by a buffer overflow in dynamic...
ROS-20240405-09
A vulnerability in the gdevprnopenprinterseekable function of the gdevprnopenprinterseekable interpreter of the Ghostscript suite of software for Ghostscript document processing, conversion and generation software set interpreter is related to memory usage after its release. Exploitation of the...
ROS-20240405-05
A vulnerability in the D-Bus interprocessor communication system is related to the ability of unprivileged users to crash the dbus-daemon. users to crash the dbus-daemon. Exploitation of the vulnerability could allow an intruder, acting remotely, to cause a denial of service...
ROS-20240404-18
Vulnerability in the OpenVAS database management system's OpenVAS scanning and vulnerability management tool MariaDB is associated with uncontrolled resource consumption when connecting to ports 3306 and 4567. Exploitation exploitation of the vulnerability could allow a remote attacker to cause a...