8283 matches found
ROS-20240619-03
A vulnerability in the userinfo URI subcomponent of the GNU Wget download manager is related to an insecure behavior whereby in which data that should be in the userinfo subcomponent is misinterpreted as being part of the host subcomponent. Exploitation of the vulnerability could allow an attacke...
ROS-20240611-08
A vulnerability in the PushShortPixel function of a program for reading and editing files of multiple graphic formats, ImageMagick, is related to the passing of a specially created TIFF image file to ImageMagick for editing. of the ImageMagick program for reading and editing files of multiple...
ROS-20240606-03
Vulnerability of handlechopping function of Wireshark computer network traffic analyzer is related to a memory handling issue in EditCap. memory handling issue in EditCap. Exploitation of the vulnerability could allow an attacker to cause a denial of denial of service Vulnerability in MONGO and...
ROS-20240522-04
Vulnerability of OpenSSL cryptographic library is related to the use of non-standard option SSLOPNOTICKET option, in which case the session cache continues to grow indefinitely. Exploiting the vulnerability could Allow an attacker acting remotely to cause a denial of service...
ROS-20240503-12
Vulnerability in administration console of cross-platform real-time collaboration server Openfire is related to a path traversal capability. Exploitation of the vulnerability could allow an attacker, acting remotely to escalate their privileges...
ROS-20240503-07
A vulnerability in the Microsoft .NET software platform is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20240422-02
The pkcs12.serializekeyandcertificates function vulnerability is invoked with both a certificate whose public key which did not match the provided private key, and with a hmachash certificate set PrivateFormat.PKCS12.encryptionbuilder.hmachash..., which may have caused the pointer to be...
ROS-20240410-13
A vulnerability in the src/libgit2/revparse.c component of the C Libgit2 implementation of Git methods is related to an uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service...
ROS-20240410-24
A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to the algorithmic complexity and unrestricted resource allocation in the creation of a DNS zone. complexity and unrestricted resource allocation when creating a DNS zone. Exploitation of...
ROS-20240409-15
Vulnerability of the GnuTLS transport layer cryptographic library is related to errors in verification of the of cryptographic signatures. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service...
ROS-20240408-12
Vulnerability in src/gif.imageio/gifinput.cpp file of OpenImageIO image processing library is related to the ability to write beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service...
ROS-20240403-05
Vulnerability of grubfontconstructglyph function of Grub2 operating systems loader is related to the output of the operation outside the memory buffer when processing specially designed fonts in pf2 format. Exploitation of the vulnerability may allow an attacker to execute arbitrary code Grub2...
ROS-20240404-12
A vulnerability in the MediaWiki hypertext implementation software tool is related to the ability to to exploit XSS in partial block functions. Exploitation of the vulnerability could allow an attacker, acting remotely, to perform cross-site scripted attacks...
ROS-20240401-04
HAProxy server software vulnerability is related to forwarding empty headers Content-Length. Exploitation of the vulnerability could allow an attacker acting remotely to perform an HTTP request smuggling attack. an HTTP request smuggling attack...
ROS-2-903
2.903 Denial of Service in libX11CVE-2021-31535 1. Vulnerability Description: The vulnerability allows a local user to execute a denial of service DoS attack. The vulnerability exists due to insufficient validation of color names in the XLookupColor function. A local user can launch a specially...
ROS-2-894
2.894 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user-entered data when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the...
ROS-2-893
2.893 Multiple vulnerabilities in libwebp 1. Vulnerability description: CVE-2020-36332 A vulnerability in the libwebp library for encoding and decoding WebP images, is related to improper control of internal resource consumption. Exploitation of the vulnerability could allow an attacker acting...
ROS-20231110-02
The vulnerability of the functions EVPEncryptInitex2, EVPDecryptInitex2, EVPCipherInitex2 of the OpenSSL cryptographic library is related to manipulation of the keylen/ivelens argument. OpenSSL library is related to manipulation of the keylen/ivelens argument. Exploitation of the vulnerability...
ROS-20231009-01
PostgreSQL database management system vulnerability is related to the possibility of SQL injection in extensions, that use quoting constructs @extowner@, @extschema@, or @extschema:...@ inside parentheses dollar quoting, '', or "". Exploitation of the vulnerability could allow an attacker acting...
ROS-20230824-01
The Swarm Mode vulnerability of the dockerd daemon of the containerization software tool Moby and the Mirantis Container Runtime runtime is related to the use of the Swarm Mode of the dockerd daemon. Moby container isolation system and Mirantis Container Runtime is related to the use of an insecu...
ROS-20230621-02
A vulnerability in the LZWDecode function of the LibTIFF library is related to a null pointer dereferencing error in the libtiff/tiflzw.c file. Exploitation of the vulnerability could allow an attacker to create certain input data that could cause a program to dereference a NULL pointer when...
ROS-20230615-04
The vulnerability in Mozilla Firefox and Firefox ESR browsers is related to an operation exceeding buffer boundaries in memory. memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code Vulnerability in Mozilla Firefox browser is related to...
ROS-20230414-01
A vulnerability in the Ghostscript document processing toolkit is related to a buffer overflow in the BCPEncode, BCPDecode, TBCPEncode and TBCPDecode handlers. BCPEncode, BCPDecode, TBCPEncode and TBCPDecode handlers, in case when the write buffer is underfilled by one byte and then a shielded...
ROS-20230320-01
A vulnerability in the Vim text editor is related to a division by zero error in the scrolldown function in move.c. Exploitation of the vulnerability could allow an attacker acting remotely to perform a denial-of-service attack. denial-of-service attack...
ROS-20230217-02
A vulnerability in the Mozilla Firefox browser is related to a memory corruption bug. Exploitation of the vulnerability could allow a remote attacker to cause a buffer overflow and run arbitrary code...
ROS-20230117-01
Simple DirectMedia Layer SDL multimedia library vulnerability is related to a memory leak in the function GLESCreateTexture in the render/opengles/SDLrendergles.c file. Exploitation of the vulnerability could allow an attacker acting remotely to cause a memory leak and execute a denial of service...
ROS-20221103-05
Vulnerability of the ntfs-3g utility of the NTFS-3G driver set of the NTFS file system implementation is related to errors in metadata processing. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...
ROS-20221007-02
Vulnerability of lighttpd web server is related to memory leak in modfastcgi and modscgi modules while processing a large number of incorrect HTTP requests. a large number of malformed HTTP requests. Exploiting the vulnerability could allow an attacker, acting remotely, send multiple invalid HTTP...
ROS-20220929-02
A vulnerability in the Redis database management system DBMS XAUTOCLAIM command implementation is related to an integer overflow during COUNT argument processing. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...
ROS-20220705-01
Caribou on-screen keyboard vulnerability, related to buffer overflow in XkbSetDeviceInfo and SetDeviceIndicators. Exploitation of the vulnerability could allow an attacker, when invoking the functionality of the the on-screen keyboard functionality from the screen keeper, crash libcaribou, crash...
ROS-20220516-07
A vulnerability in the implementation of the xsxprtfree function of the Sun RPC Open Network Computing Remote Procedure Call kernel of Linux operating systems is related to state management errors. state management errors. Exploitation of the vulnerability could allow an attacker to cause a denia...
ROS-20220516-08
A vulnerability in the libxml2 XML document parsing library is related to an integer overflow in several buffer handling functions in buf.c xmlBuf and tree.c xmlBuffer. Exploitation of the vulnerability could allow an attacker acting remotely to pass a specially crafted multi-gigabyte XML file to...
ROS-2-889
2.889 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...
ROS-2-884
2.884 Vulnerability in Mozilla Firefox browser CVE-2021-29967 1. Vulnerability description: A vulnerability in the Mozilla Firefox browser that allows an attacker to execute arbitrary code on the target system.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia: 2...
ROS-2-658
2.658 Multiple vulnerabilities in Redis CVE-2021-29477,CVE-2021-29478 1. Vulnerability Description: A vulnerability exists due to an integer overflow in the STRALGO LCS command. A remote attacker can pass specially crafted data to an application, cause an integer overflow, and execute arbitrary...
ROS-2-684
2.684 Multiple vulnerabilities in ISC BIND CVE-2021-25216, CVE-2021-25215, CVE-2021-25214 1. Vulnerability Description: CVE-2021-25216 A vulnerability exists due to a boundary error in the GSS-TSIG extension. A remote attacker can send specially crafted requests to the server, trigger a buffer...
ROS-2-494
2.494 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...
ROS-2-641
2.641 Vulnerability in OpenVPN CVE-2020-11810 1. Vulnerability description: A corrective release of the OpenVPN 2.4.9 virtual private networking package has been generated. The new version addresses a vulnerability CVE-2020-11810 that allows a client session to be transferred to a new IP address...
ROS-2-458
2.458 Directory traversal in Apache Commons IO CVE-2021-29425 1. Vulnerability Description: The vulnerability allows a remote attacker to perform directory traversal attacks. The vulnerability exists due to an input validation error in the FileNameUtils.normalize method when processing directory...
ROS-2-1678
2.1678 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...
ROS-2-917
2.917 Vulnerability in Mozilla Thunderbird email client CVE-2021-29964, CVE-2021-29967 1. Vulnerability description: CVE-2021-29964 A vulnerability in the Mozilla Thunderbird email client, is related to boundary conditions. Exploitation of the vulnerability could allow an attacker acting remotely...
ROS-2-470
2.470 Multiple vulnerabilities in PostgreSQL CVE-2021-32027, CVE-2021-32028, CVE-2021-32029 1. Vulnerability Description: CVE-2021-32027 The vulnerability allows a remote attacker to execute arbitrary code on the target system. CVE-2021-32028, CVE-2021-32029 Vulnerability allows a remote user to...
ROS-2-683
2.683 Vulnerability in Mozilla Firefox browser CVE-2021-29967 1. Vulnerability description: A vulnerability in the Mozilla Firefox browser that allows an attacker to execute arbitrary code on the target system.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia: 2...
ROS-2-968
2.968 Vulnerability in Mozilla Firefox browser CVE-2021-29967 1. Vulnerability description: Vulnerability in the Mozilla Firefox browser that allows an attacker to execute arbitrary code on the target system.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia: 2...
ROS-2-837
2.837 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability Description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...
ROS-2-1387
2.1387 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability coul...
ROS-2-797
2.797 Vulnerability in X.Org Server and libX11 CVE-2020-14347, CVE-2020-14344 1. Vulnerability Description: CVE-2020-14347 - Failure to initialize memory when allocating buffers for pixmaps using the AllocatePixmap call could cause the X client to leak memory contents from the heap when the X...
ROS-2-500
2.500 Nettle library vulnerabilityCVE-2021-20305 1. Vulnerability Description: A Nettle library vulnerability involving the use of a failed cryptographic algorithm and allowing an unauthenticated remote attacker to execute arbitrary code.FSTEC Russia Information Security Threats Data Bank...
ROS-2-468
2.468 Multiple vulnerabilities in Squid CVE-2021-28651, CVE-2021-28662, CVE-2021-28652, CVE-2021-31806, CVE-2021-31808 1. Vulnerability Description: The vulnerability allows a remote attacker to execute a denial-of-service DoS attack.Identifier of the Information Security Threats Data Bank of the...
ROS-20260524-73-0013
A vulnerability in the Libraries component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a...