8159 matches found
ROS-20230417-03
Vulnerability in ImageMagick graphic editor is related to improper management of internal resources within the application when parsing SVG files. within the application when parsing SVG files. Exploitation of the vulnerability could allow an attacker, acting remotely, to pass a specially crafted...
ROS-20230317-02
Squid vulnerability related to a bug in libntlmauth due to improper integer overflow protection integer overflow protection in Squid SSPI and SMB authentication helpers. Exploitation of the vulnerability could allow an attacker, acting remotely to disclose information or cause a denial of service...
ROS-20221122-01
Vulnerability of muttdecodeuuencoded function implementation in Mutt mail client is related to operation overflow out of memory buffer boundaries. Exploitation of the vulnerability could allow a remote intruder gain unauthorized access to protected information or cause a denial of service...
ROS-20221118-03
The vulnerability of Pixman library's rasterizeedges8 function is related to the possibility of writing beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
ROS-20221025-02
A vulnerability in the Redis database management system DBMS is associated with the sigsegvHandler function of the debug.c file of the Crash Report component. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service...
ROS-20220619-01
A vulnerability in the nftexprinit function net/netfilter/nftablesapi.c of the Netfilter packet filtering software of the Linux kernel is related to the possibility of memory usage after the packet filtering software has been installed. Netfilter packet filtering software of the Linux kernel is...
ROS-20220628-03
A vulnerability in the Squid caching proxy server is related to assertion reachability when processing responses to the from the Gopher server. Exploitation of the vulnerability could allow an attacker acting remotely to send a specially crafted response to the proxy server and perform a denial o...
ROS-20220209-01
A vulnerability in the BIND DNS server is related to improper consumption of internal resources during cache processing. Exploitation of the vulnerability could allow an attacker acting remotely to cause resource exhaustion and Perform a denial-of-service DoS attack...
ROS-2-808
2.808 Denial of Service in Open vSwitch CVE-2020-35498 1. Vulnerability Description: The vulnerability allows a remote attacker to perform a denial-of-service DoS attack.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia: BDU:2021-01134 2. Possible measures to...
ROS-2-879
2.879 Nettle library vulnerabilityCVE-2021-20305 1. Vulnerability Description: A Nettle library vulnerability involving the use of a failed cryptographic algorithm and allowing an unauthenticated remote attacker to execute arbitrary code.FSTEC Russia Information Security Threats Data Bank...
ROS-2-644
2.644 Denial of Service in Open vSwitch CVE-2020-35498 1. Vulnerability Description: The vulnerability allows a remote attacker to perform a denial-of-service DoS attack.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia: BDU:2021-01134 2. Possible measures to...
ROS-2-831
2.831 Denial of Service in Libxml2 CVE-2021-3541 1. Vulnerability Description: The vulnerability allows a remote attacker to perform a denial of service DoS attack. The vulnerability exists due to insufficient validation of user input. A remote attacker can pass specially crafted input data to an...
ROS-2-532
2.532 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability Description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...
ROS-2-1323
2.1323 Multiple Exim Server Vulnerabilities 1. Vulnerability description: CVE-2020-28007 A vulnerability in the Exim message forwarding agent, is related to a symbolic link in the Exim log directory. Exploitation of the vulnerability could allow an attacker to create a special symbolic link to a...
ROS-2-1336
2.1336 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...
ROS-2-819
2.819 Memory Leak in GNU Tar CVE-2021-20193 1. Vulnerability Description: The vulnerability allows a remote attacker to perform a DoS attack on a target system. The vulnerability exists due to a memory leak in the readheader function in list.c. A remote attacker could pass a specially crafted...
ROS-2-485
2.485 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...
ROS-2-582
2.582 Multiple vulnerabilities in ISC BIND CVE-2021-25216, CVE-2021-25215, CVE-2021-25214 1. Vulnerability Description: CVE-2021-25216 A vulnerability exists due to a boundary error in the GSS-TSIG extension. A remote attacker can send specially crafted requests to the server, trigger a buffer...
ROS-2-839
2.839 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability coul...
ROS-2-628
2.628 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability coul...
ROS-2-483
2.483 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...
ROS-20260616-73-0038
The vulnerability in ImageMagick 7 is related to the lack of memory release after the effective lifespan of the component. Exploiting this vulnerability can allow an attacker to cause a service failure...
ROS-20260512-73-0034
Vulnerability in c-ares related to memory usage after its release. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
ROS-2-442
2.442 VLC vulnerability CVE-2020-13428 1. Vulnerability description: Vulnerability in VLC 3.0.11 player The vulnerability could cause a buffer overflow in the hxxxAnnexBtoxVC function. The vulnerability potentially allows to organize attacker's code execution when playing specially formatted vide...
ROS-2-695
2.695 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...
ROS-2-687
2.687 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability coul...
ROS-20250424-04
The GPAC multimedia platform vulnerability involves uncontrolled resource consumption. Exploitation The vulnerability could allow an attacker to cause a denial of service A vulnerability in a function in gfm2tsprocesspmt of the GPAC multimedia platform is related to buffer copying without checkin...
ROS-20250317-01
Vulnerability of x86androidtabletprobe function in drivers/platform/x86/x86/x86-android-tablets/core.c of the Linux kernel is related to the reuse of previously freed memory. Exploitation of the vulnerability could allow an attacker to impact the confidentiality, integrity and availability of...
ROS-20241216-01
Vulnerability of zbxsnmpcachehandleengineid function of Universal Monitoring System proxy server Zabbix is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service Vulnerability in Zabbix...
ROS-20241203-19
Apache HTTP Server web server kernel vulnerability is related to the inclusion of functions from an invalid controlled area. Exploitation of the vulnerability could allow a remote attacker, execute arbitrary code by running local handlers through internal redirection A vulnerability in the...
ROS-20241011-01
A vulnerability in the NFSD component of the Linux operating system kernel is related to a READDIR buffer overflow. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the dbgfs component of the Linux operating system kernel is related to...
ROS-20241008-07
Vulnerability in DecodeConfig component of Golang programming language is related to uncontrolled consumption of resources. resources. The vulnerability can be exploited by the GLPI system of requests, incidents and inventory of computer equipment. GLPI computer hardware vulnerability is related ...
ROS-20241001-11
A vulnerability in the SSL Certifi certificate validation package is related to insufficient validation of the data authentication. Exploitation of the vulnerability could allow an attacker acting remotely to affect the system integrity...
ROS-20240830-01
Vulnerability of the rndissetresponse function in the rndis component of the Linux kernel is related to the "BufOffset + 8" operation, which can cause an integer overflow. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the drm/vrr compone...
ROS-20240826-09
The vulnerability in the Time library of the Ruby interpreter is related to the use of regular expression c inefficient computational complexity. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service Vulnerability in the URI component of the Ruby...
ROS-20240821-01
The vulnerability of the kobjectadd function in the md component of the Linux operating system kernel is related to the lack of releasing the previous state of a synchronization request before assigning a reference to a new one. Exploitation the vulnerability could allow an attacker to cause a...
ROS-20240815-15
A vulnerability in the Apache Commons FileUpload library is related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20240812-09
A vulnerability in the HttpStateData function of the Chunked decoder of the Squid proxy server is related to a buffer overflow on the stack as a result of uncontrolled recursion while processing HTTP messages. Exploitation of the vulnerability could allow an attacker acting remotely to cause a...
ROS-20240812-05
Squid proxy server followxforwardedfor function vulnerability is related to uncontrolled recursion when processing X-Forwarded-For HTTP request headers. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20240725-09
A vulnerability in the NVIDIA GPU Display Driver software driver for Linux is related to privilege management errors. Exploitation of the vulnerability could allow an attacker to disclose protected information and cause a denial of service A vulnerability in the NVIDIA GPU Display Driver for Linu...
ROS-20240806-17
The 389 Directory Server vulnerability is related to the creation of a special LDAP query, that has the potential to cause a failure on the directory server. Exploitation of the vulnerability could Allow an attacker acting remotely to cause a denial of service...
ROS-20240730-04
A vulnerability in the document processing, conversion and generation software suite Ghostscript is related to the introduction of a specially crafted pipe command. Exploitation of the vulnerability could Allow an attacker acting remotely to execute arbitrary code...
ROS-20240729-11
A vulnerability in the Cargo package manager of the Rust programming language involves the injection of arbitrary HTML after including it in a report generated by Cargo. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary code...
ROS-20240729-02
An implementation vulnerability in the EncryptInterceptor class of Apache Tomcat application server is related to incomplete program execution documentation. program execution documentation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20240723-05
A vulnerability in the Core component of the Oracle VM VirtualBox virtualization software tool is related to an insecure privilege management vulnerability. insecure privilege management. Exploitation of the vulnerability could allow an attacker to escalate their privileges A vulnerability in the...
ROS-20240718-03
Vulnerability of the JWE, JWS, JWT go-jose standards set implementation package for Go programming language is related to incorrect processing of highly compressed input data. Exploitation of the vulnerability could allow An attacker acting remotely to cause a denial of service...
ROS-20240628-01
A vulnerability in the Notes file of the distraction-free note-taking app for Nextcloud is related to the The ability to share a Notes folder with a new user before they are logged in. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive informatio...
ROS-20240625-06
Vulnerability in TCP Initial Sequence Number Handler component of Tianocore EDK2 library is related to buffer overflow. buffer overflow. Exploitation of the vulnerability allows an attacker acting remotely to gain unauthorized access to confidential data. Unauthorized access to confidential data...
ROS-20240606-03
Vulnerability of handlechopping function of Wireshark computer network traffic analyzer is related to a memory handling issue in EditCap. memory handling issue in EditCap. Exploitation of the vulnerability could allow an attacker to cause a denial of denial of service Vulnerability in MONGO and...
ROS-20240522-04
Vulnerability of OpenSSL cryptographic library is related to the use of non-standard option SSLOPNOTICKET option, in which case the session cache continues to grow indefinitely. Exploiting the vulnerability could Allow an attacker acting remotely to cause a denial of service...