8283 matches found
ROS-20240328-13
A vulnerability in the mzpathresolve function in zlib-ng minizip-ng is related to a buffer overflow via the created file of the mzpathhasslash function in the mzos.c file. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code A vulnerability in the...
ROS-2-1372
2.1372 Vulnerability in Mozilla Thunderbird email client CVE-2021-29964, CVE-2021-29967 1. Vulnerability description: CVE-2021-29964 A vulnerability in the Mozilla Thunderbird email client, is related to boundary conditions. Exploitation of the vulnerability could allow an attacker acting remotel...
ROS-2-972
2.972 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability coul...
ROS-20231115-02
Vulnerability of the GetPacket function of VideoLAN VLC media player program is related to incorrect reading of the offset, which leads to heap buffer overflow in GetPacket function. Exploitation of the vulnerability could allow an attacker acting remotely to corrupt memory A vulnerability in the...
ROS-20231102-01
A buc Traceroute vulnerability related to improper handling of lines of code. Exploitation of the vulnerability could allow an attacker acting locally to execute arbitrary code...
ROS-20231024-01
Vulnerability of exfatgetuninamefromextentry function in fs/exfat/dir.c module of exFAT file system in Linux kernel is related to memory access outside the allocated buffer kernel of the Linux operating system is related to accessing memory outside of the allocated buffer. Exploitation of the...
ROS-20231016-01
Vulnerability of XpmCreateXpmImageFromBuffer function of libXpm image file library is related to a read error call. is related to a read error outside the valid range. Exploitation of the vulnerability could allow an intruder to gain unauthorized access to protected information...
ROS-20231013-06
Memory leak vulnerability in the RTPS dissector of the Wireshark computer network traffic analyzer. Exploitation of the vulnerability could allow an attacker acting remotely to perform a denial of denial of service by injecting packets or creating a capture file...
ROS-2-1199
2.1199 Multiple vulnerabilities in ISC BIND CVE-2021-25216, CVE-2021-25215, CVE-2021-25214 1. Vulnerability Description: CVE-2021-25216 A vulnerability exists due to a boundary error in the GSS-TSIG extension. A remote attacker can send specially crafted requests to the server, trigger a buffer...
ROS-2-501
2.501 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...
ROS-2-1176
2.1176 Vulnerability in firefox browser CVE-2020-6819 and CVE-2020-6820 1. Vulnerability description: Two critical vulnerabilities have been discovered that could lead to the execution of attacker code when processing specially formatted content. It is warned that facts of using these...
ROS-2-610
2.610 Multiple vulnerabilities in Mozilla Firefox CVE-2021-23994, CVE-2021-23995, CVE-2021-23996, CVE-2021-23997, CVE-2021-23998, CVE-2021-23999, CVE-2021-24000, CVE-2021-24001, CVE-2021-24002, CVE-2021-29945, CVE-2021-29947, CVE-2021-29946. 1. Vulnerability Description: Vulnerabilities allow a...
ROS-2-1209
2.1209 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability...
ROS-2-1482
2.1482 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability...
ROS-2-1389
2.1389 Nettle library vulnerabilityCVE-2021-20305 1. Vulnerability Description: A vulnerability in the Nettle library that involves the use of a failed cryptographic algorithm and allows a remote unauthenticated attacker to execute arbitrary code.Identifier of the Information Security Threats Dat...
ROS-2-1568
2.1568 Nettle library vulnerabilityCVE-2021-20305 1. Vulnerability Description: A vulnerability in the Nettle library that involves the use of a failed cryptographic algorithm and allows a remote unauthenticated attacker to execute arbitrary code.Identifier of the Information Security Threats Dat...
ROS-20230620-05
A vulnerability in the formatting functionality of the SQL parser module for Python Sqlparse is related to a regular expression that is vulnerable to reuse. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
ROS-20230620-01
Ffmpeg multimedia library vulnerability is related to NULL pointer dereferencing error in function decodemainheader in libavformat/nutdec.c. Exploitation of the vulnerability could allow an attacker, remotely, trick a victim into opening a specially crafted file and performing a denial-of-service...
ROS-20230620-04
The vulnerability of the traffic analysis program Wireshark is related to the failure to properly control the consumption of internal resources in the LISP dissector. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause resource exhaustion and perform a...
ROS-20230616-01
The npm package manager vulnerability is related to the npm package ignoring the file exclusion directives .gitignore and .npmignore root-level file exclusions when run in a workspace or with the workspace flag e.g., --workspaces, --workspace=. Exploitation of the vulnerability could allow an...
ROS-20230616-03
Vim text editor vulnerability is related to using pointer offset outside the allowed range in mbcharlen function in mbyte.c. range in the mbcharlen function in mbyte.c. Exploitation of the vulnerability could allow an attacker, remotely, trick the victim into opening a specially crafted file and...
ROS-20230616-07
Vim text editor vulnerability is related to the error of dereferencing NULL pointer in the function getregister in the register.c file. Exploitation of the vulnerability could allow an attacker acting remotely to trick a victim into opening a specially crafted file and remotely, trick the victim...
ROS-20230505-02
The vulnerability in the Mozilla Firefox browser is due to the fact that Mozilla's service desk handles blocking records when downloading updates from an SMB server. Exploitation of the vulnerability could allow an attacker to to apply an unsigned update file by pointing the service to an update...
ROS-20230322-01
A vulnerability in the HEIF and AVIF libheif file format decoder is related to the data parsing code of strided images in the emscripten wrapper for libheif. Exploitation of the vulnerability could allow an attacker acting remotely to use a specially crafted image file to cause a buffer overflow ...
ROS-20230127-01
A vulnerability in the Mozilla Thunderbird email client is related to the fact that the browser's full-screen notification could have been delayed or suppressed, which could lead to data spoofing. Exploitation of the vulnerability could allow an attacker acting remotely to direct a user to a...
ROS-20221229-03
A vulnerability in the Mozilla Thunderbird email client is related to the fact that a process can partially exit the sandbox and read arbitrary files using IPC messages associated with the clipboard. Exploitation of the vulnerability could allow an attacker acting remotely to open a given source...
ROS-20221118-01
A vulnerability in the LibTIFF set of libraries and utilities for viewing, editing and converting TIFF files is related to the TIFFReadRGBATileExt function of the libtiff/tifgetimage.c file Exploitation of the vulnerability could allow an attacker acting remotely to send a special file and perfor...
ROS-20221103-01
Vim text editor vulnerability is related to memory release error in qfupdatebuffer function in the quickfix.c file of the autocmd Handler component. Exploitation of the vulnerability could allow an attacker, acting remotely, trick the victim into opening a specially crafted file, causing a progra...
ROS-20220714-02
A vulnerability in the passdb account database of the Dovecot mail server is related to errors in the configuration. Exploitation of the vulnerability could allow an attacker acting remotely to escalate their privileges...
ROS-20220318-03
A vulnerability in the Polkit library is related to process file descriptor exhaustion in polkit. Exploitation exploitation of the vulnerability could allow an attacker to perform a denial of service DoS attack...
ROS-20220318-02
The vulnerability of OpenSSL function BNmodsqrt is related to execution of a loop without sufficiently limiting the number of its executions. limit the number of times it can be executed. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20220309-01
A vulnerability in the cyrus-sasl authentication mechanism implementation is related to insufficient password cleansing in the SQL plug-in provided with Cyrus SASL. Exploitation of the vulnerability could allow an attacker, acting remotely, send a specially crafted query to a vulnerable applicati...
ROS-2-874
2.874 Multiple vulnerabilities in Squid CVE-2021-28651, CVE-2021-28662, CVE-2021-28652, CVE-2021-31806, CVE-2021-31808 1. Vulnerability Description: The vulnerability allows a remote attacker to execute a denial-of-service DoS attack.Identifier of the Information Security Threats Data Bank of the...
ROS-2-646
2.646 Follow link in chrony CVE-2020-14367 1. Vulnerability Description: CVE-2020-14367 Vulnerability allows a remote attacker to compromise a target system due to issues with a symbolic link to a service.FSTEC Russia Information Security Threats Data Bank Identifier: BDU:2021-01809 2. Possible...
ROS-2-547
2.547 Multiple vulnerabilities in ClamAV antivirus package CVE-2021-1252, CVE-2021-1404, CVE-2021-1405 1. Vulnerability Description: CVE-2021-1252 - looping when processing specially formatted Excel XLM files. CVE-2021-1404 - process crash when processing specially formatted PDF documents...
ROS-2-686
2.686 Denial of Service in Libxml2 CVE-2021-3541 1. Vulnerability Description: The vulnerability allows a remote attacker to perform a denial of service DoS attack. The vulnerability exists due to insufficient validation of user input. A remote attacker can pass specially crafted input data to an...
ROS-2-1212
2.1212 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...
ROS-2-1260
2.1260 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...
ROS-2-1697
2.1697 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...
ROS-2-460
2.460 PostgreSQL update with vulnerability fixes CVE-2020-25695, CVE-2020-25694,CVE-2020-25696 1. Vulnerability Description: The CVE-2020-25695 vulnerability allows arbitrary SQL functions to be executed with administrator privileges with access to create persistent objects in any storage schema...
ROS-2-475
2.475 Denial of Service in libX11CVE-2021-31535 1. Vulnerability Description: The vulnerability allows a local user to execute a denial of service DoS attack. The vulnerability exists due to insufficient validation of color names in the XLookupColor function. A local user can launch a specially...
ROS-2-673
2.673 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability Description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...
ROS-2-853
2.853 Vulnerability in Mozilla Thunderbird email client CVE-2021-29964, CVE-2021-29967 1. Vulnerability description: CVE-2021-29964 A vulnerability in the Mozilla Thunderbird email client, is related to boundary conditions. Exploitation of the vulnerability could allow an attacker acting remotely...
ROS-2-1324
2.1324 Vulnerability in Mozilla Firefox browser CVE-2021-29967 1. Vulnerability description: Vulnerability in the Mozilla Firefox browser that allows an attacker to execute arbitrary code on the target system.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia: 2...
ROS-2-1228
2.1228 Buffer overflow in Python3 CVE-2021-3177 1. Vulnerability Description: CVE-2021-3177 The vulnerability is capable of causing code execution when processing unchecked floating point numbers in handlers that call C functions using the ctypes mechanism. 2. Possible measures to eliminate the...
ROS-2-954
2.954 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...
ROS-2-515
2.515 Multiple vulnerabilities in Mozilla Thunderbird CVE-2021-23994, CVE-2021-23995, CVE-2021-23998, CVE-2021-23961, CVE-2021-23999, CVE-2021-24002, CVE-2021-29945, CVE-2021-29946, CVE-2021-29948, CVE-2021-29950. 1. Vulnerability Description: Vulnerabilities allow a remote attacker to compromise...
ROS-2-551
2.551 Multiple Exim Server Vulnerabilities 1. Vulnerability description: CVE-2020-28007 A vulnerability in the Exim message forwarding agent, is related to a symbolic link in the Exim log directory. Exploitation of the vulnerability could allow an attacker to create a special symbolic link to a...
ROS-2-1219
2.1219 Vulnerability in FreeRDP 1. Vulnerability description: Eight vulnerabilities have been addressed. Five issues can cause a crash or data leak due to reads from areas outside the allocated buffer. One issue results in an integer overflow. Three issues can lead to buffer overflows in the...
ROS-2-1612
2.1612 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...