8414 matches found
ROS-2-1235
2.1235 PostgreSQL update with vulnerability fixes CVE-2020-25695, CVE-2020-25694,CVE-2020-25696 1. Vulnerability Description: The CVE-2020-25695 vulnerability allows arbitrary SQL functions to be executed with administrator privileges with access to create persistent objects in any storage schema...
ROS-2-910
2.910 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability coul...
ROS-2-1184
2.1184 Multiple vulnerabilities in ClamAV antivirus package CVE-2021-1252, CVE-2021-1404, CVE-2021-1405 1. Vulnerability Description: CVE-2021-1252 - looping when processing specially formatted Excel XLM files. CVE-2021-1404 - process crash when processing specially formatted PDF documents...
ROS-2-1804
2.1804 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...
ROS-2-941
2.941 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability Description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...
ROS-2-904
2.904 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote attacke...
ROS-2-798
2.798 Vulnerability in Curl CVE-2020-8177 1. Vulnerability Description: The vulnerability allows a local file on the system to be overwritten when accessing an attacker-controlled server. The problem only occurs when the "-J" "--remote-header-name" and "-i" "--head" options are used...
ROS-2-701
2.701 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...
ROS-2-612
2.612 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability could...
ROS-2-934
2.934 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability could...
ROS-2-1847
2.1847 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...
ROS-20260524-73-0018
A vulnerability in the Security component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient protection of proprietary data. Exploitation of the vulnerability could allow an attacker to gain access to...
ROS-20260524-73-0027
Vulnerability in docker-ce related to bypassing the authentication procedure by using an alternate path or channel. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security restrictions...
ROS-20260524-73-0036
A vulnerability in the zip.vim plugin of the vim text editor is related to an incorrect restriction of the path name of a restricted directory. Exploitation of the vulnerability could allow an attacker to execute arbitrary commands...
ROS-20260515-73-0044
A vulnerability in the implementation of the Resource Timing application programming interface of the Google Chrome browser is associated with incorrect protection of physical third-party channels. Exploitation of the vulnerability could allow a remote intruder to gain unauthorized access to...
ROS-20251203-15
Vulnerability in Go library for decoding common map values into structures and vice versa mapstructure is related to incorrect neutralization of output data for logs. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information...
ROS-20250514-01
A vulnerability in the iiosimpledummytriggerh function of driver drivers/iio/dummy/iiosimpledummybuffer.c of the Linux kernel's IIO stub driver support is related to the use of an uninitialized resource. an uninitialized resource. Exploitation of the vulnerability could allow an attacker to gain...
ROS-20241203-08
Vulnerability in Nextcloud cloud storage creation and utilization software Server is related to the ability to download larger-than-expected websites to find Open-Graph data. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information A...
ROS-20241203-16
A vulnerability in the ash.c file of the BusyBox set of UNIX command-line utilities is related to writing outside the buffer boundary in memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute an arbitrary code using specially crafted data. arbitrary code usin...
ROS-20241101-01
A vulnerability in the sysfs component of the Linux operating system kernel is related to excessive output in the sysfsbreakactiveprotection function in fs/sysfs/file.c. Exploitation of the vulnerability could allow an attacker to gain access to sensitive information Vulnerability in the clk...
ROS-20241024-01
A vulnerability in the net/http module of the Go programming language is related to improper input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20241002-01
A vulnerability in the btsdioremove function of the drivers\bluetooth\btsdio.c module of the Bluetooth driver of the kernel of the of the Linux operating system is related to the reuse of previously freed memory due to the state of the race. Exploitation of the vulnerability could allow an attack...
ROS-20240917-02
A vulnerability in the PyFindObjects function of the PyFindObjects library for the open-source Python programming language scipy is related to memory usage after release. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality, integrity, and...
ROS-20240916-02
The vulnerability of the sql/itemcmpfunc.cc component of the MariaDB DBMS is related to a flaw in the use of the function assert. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service The vulnerability of the Createtmptable::finalize component of the...
ROS-20240904-01
Vulnerability of the getedge function of the ospfte.c file of the OSPF Daemonr component of the software tool for implementing network routing on Unix-like systems FRRouting is related to resource release errors. network routing on Unix-like systems FRRouting is related to resource release errors...
ROS-20240827-14
A vulnerability in the Pydantic data validation library involves the use of regular expressions. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20240826-07
A vulnerability in the SafeList.preserveRelativeLinks parameter of the Java library for analyzing, retrieving, and manipulating data in HTML jsoup documents is related to failure to take measures to protect the structure of a web page. Exploitation of the vulnerability could allow an attacker to...
ROS-20240826-08
A vulnerability in the source/blender/imbuf/intern/dds/DirectDrawSurface.cpp component of the Blender software suite of the Blender 3D computer graphics software suite is related to an incorrect assumption about the thread size. thread size. Exploitation of the vulnerability allows an attacker...
ROS-20240826-02
Vulnerability of passwordverify function of PHP programming language interpreter is related to flaws in the authentication procedure. of the authentication procedure. Exploitation of the vulnerability could allow an attacker acting remotely Bypass the authentication process and gain unauthorized...
ROS-20240826-20
Vulnerability in archive-zip package of Golang programming language is related to incorrect processing of zip files. zip files. Exploitation of the vulnerability could allow an attacker to create an arbitrary zip file Vulnerability of net/http and net/http2 libraries of Go programming language in...
ROS-20240823-02
A vulnerability in the Host Authorization Middleware Action Pack component of the Ruby on Rails software platform is related to the creation of "X-Forwarded-Host" headers in combination with certain "authorized host" formats. host." Exploitation of the vulnerability could allow an attacker acting...
ROS-20240815-14
A vulnerability in the urllib.parse component of the Python programming language interpreter is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely, bypass URL blocking starting with empty characters...
ROS-20240814-01
Vulnerability of the nftablesnewtable function of Linux kernel operating systems is related to the operation exceeding the buffer boundaries in memory. Exploitation of the vulnerability may allow an intruder to gain unauthorized access to protected information...
ROS-20240812-02
A vulnerability in the GLPI plugin that allows the creation of custom Formcreator forms is related to the the use of FULLFORM for rendering. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary javascript code...
ROS-20240812-03
The vulnerability in GLPI's asset and data center management software is related to the the injection of commands into a specific workflow that an agent would run with the privileges it uses privileges. Exploitation of the vulnerability could allow an attacker acting remotely to escalate its...
ROS-20240806-09
Gstreamer multimedia framework vulnerability is related to stacked buffer overflow. Exploitation The vulnerability could allow a remote attacker to execute arbitrary code using specially crafted H265 encoded files. specially crafted H265 encoded files Gstreamer multimedia framework vulnerability ...
ROS-20240805-07
Vulnerability of oghttp codec in the part of HTTP/2 protocol implementation of Envoy proxy server is related to the bug request reset when header size limits are exceeded as a result of missing ENDHEADERS flag when processing CONTINUATION frames. Exploitation of the vulnerability could allow an...
ROS-20240730-07
A vulnerability in the PHP interpreter is related to improper input validation. Exploitation of the vulnerability could allow an attacker acting remotely to install a standard, unsafe cookie in the victim's browser. insecure cookie...
ROS-20240723-02
Vulnerability in Pygments library's SMLLexer function is related to entering an infinite loop. Exploitation The vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20240708-02
A vulnerability in the TPMLPCRSELECTION functions of the source repository for Trusted Platform Module tools TPM2.0 is related to improper mapping of PCR slots, providing a misleading TPM state. Exploitation of the vulnerability could allow an attacker acting remotely to manipulate output data...
ROS-20240626-10
A vulnerability in the getUnpushedChanges function of the dependency manager for PHP Composer is related to the use of the status and reinstall commands. status, reinstall and remove commands. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary command...
ROS-20240614-02
The vulnerability in the Python programming language interpreter is related to errors in the conversion of int and str data types. int and str data types. Exploitation of the vulnerability could allow an attacker to cause a denial of service due to the algorithmic complexity...
ROS-20240613-02
The vulnerability of the RelinquishDCMInfo function of the dcm.c component of the ImageMagick console graphic editor is related to memory usage after its release. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive data, as well as cause a denial ...
ROS-20240611-05
The vulnerability of the Zabbix Workstation universal monitoring system server is related to errors in input data processing. of input data. Exploitation of the vulnerability could allow a remote attacker to execute an arbitrary code by injecting a specially crafted SQL query. arbitrary code by...
ROS-20240607-05
The vulnerability of the system views pgstatsext, pgstatsextexprs of the PostgreSQL DBMS is related to errors in privilege management. in privilege management. Exploitation of the vulnerability could allow an attacker acting remotely, escalate privileges...
ROS-20240606-09
A vulnerability in the HTTP2 protocol implementation network/access/http2/hpacktable.cpp of the cross-platform Qt software development framework is related to an integer overflow resulting from a a change in the typical order of expressions in a conditional statement "Yoda conditions". Exploitati...
ROS-20240521-03
Vulnerability in DecodeConfig component of Golang programming language is related to uncontrolled consumption of resources. resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial-of-service condition. denial of service...
ROS-20240507-04
A vulnerability in the Temp File Handler component of rc is related to the creation of temporary files. Exploitation The exploitation of the vulnerability may allow an intruder to gain unauthorized access to protected information...
ROS-20240503-08
Vulnerability in the ECDSA private key signature generation component of the client software for various Putty remote access protocols is related to the possibility of secret key recovery. key. Exploitation of the vulnerability could allow a remote intruder to hijack a session by recovering the...
ROS-20240425-03
Vulnerability in the node::http2::Http2Session::Http2Session HTTP/2-server function of the software platform Node.js is related to uncontrolled resource consumption as a result of incorrect definition of the end of the header when processing CONTINUATION frames. Exploitation of the vulnerability...