8157 matches found
ROS-20240826-20
Vulnerability in archive-zip package of Golang programming language is related to incorrect processing of zip files. zip files. Exploitation of the vulnerability could allow an attacker to create an arbitrary zip file Vulnerability of net/http and net/http2 libraries of Go programming language in...
ROS-20240826-19
Vulnerability in Wheel Python Packaging Authority package installation tools is related to uncontrolled resource consumption. resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20240820-08
A vulnerability in the filtervar function of the PHP programming language interpreter is related to insufficient data authentication. data authentication. Exploitation of the vulnerability could allow an attacker acting remotely, spoof URLs with erroneous data...
ROS-20240820-04
Vulnerability in XML parser library libexpat is related to uncontrolled consumption of resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service...
ROS-20240807-10
BIND DNS server vulnerability is related to uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service by sending multiple DNS messages over TCP The BIND DNS server vulnerability involves sending a large number of clie...
ROS-20240807-09
A vulnerability in the V8 JavaScript script handler of the Google Chrome browser is related to an improperly implemented security checks for the standard. Exploitation of the vulnerability could allow an attacker, acting remotely, to perform a sandbox exit using a specially crafted HTML page A...
ROS-20240805-02
A vulnerability in the implementation of the application program interface of the Rust programming language interpreter for Windows operating systems is related to the introduction or modification of arguments. Windows operating systems is related to the introduction or modification of arguments...
ROS-20240805-07
Vulnerability of oghttp codec in the part of HTTP/2 protocol implementation of Envoy proxy server is related to the bug request reset when header size limits are exceeded as a result of missing ENDHEADERS flag when processing CONTINUATION frames. Exploitation of the vulnerability could allow an...
ROS-20240805-08
A vulnerability in the golang package of the Debian GNU/Linux operating system is related to a lack of protection for service data. data. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information A vulnerability in the golang package of the...
ROS-20240729-12
A vulnerability in the Eclipse Jetty servlet container is related to length overflow errors. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20240729-16
A vulnerability in the github.com/containers/image library is related to the fact that an attacker can initiate unexpected authenticated registry accesses on behalf of a victim user. Exploitation of the vulnerability could allow an attacker acting remotely to cause resource depletion, local path...
ROS-20240725-03
A vulnerability in Google Chrome browser's JavaScript script handler V8 is related to reading outside the boundaries of memory. Exploitation of the vulnerability could allow an attacker, acting remotely, to perform access outside the outside of the allocated memory space using a specially crafted...
ROS-20240709-01
Vulnerability of the function UnicodeString::doAppend unistr.cpp of the International Components for Unicode library is related to integer overflow of the data structure. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to sensitive data, cause...
ROS-20240711-03
Vulnerability of NTFS file handler NtfsHandler.cpp of 7-Zip archiver is related to the possibility of heap-based buffer overflow of a heap-based buffer overflow. Exploitation of the vulnerability could allow an attacker, acting remotely, execute arbitrary code A vulnerability in the NTFS file...
ROS-20240704-05
Vulnerability in the OpenSearch software package related to incorrectly restricting reference to an external XML entity. Exploitation of the vulnerability could allow an attacker to conduct XXE attacks...
ROS-20240704-11
A vulnerability in the GnuTLS cryptographic library is related to the use of incorrect cryptography to encryption of a session ticket. Exploitation of the vulnerability could allow an attacker acting remotely, bypass TLS authentications and gain access to sensitive data...
ROS-20240614-02
The vulnerability in the Python programming language interpreter is related to errors in the conversion of int and str data types. int and str data types. Exploitation of the vulnerability could allow an attacker to cause a denial of service due to the algorithmic complexity...
ROS-20240613-02
The vulnerability of the RelinquishDCMInfo function of the dcm.c component of the ImageMagick console graphic editor is related to memory usage after its release. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive data, as well as cause a denial ...
ROS-20240607-02
Vulnerability of closealtfile function for text terminals of UNIX-like Less systems is related to skipping Shellquote calls for LESSCLOSE in filename.c file. Exploitation of the vulnerability could allow an attacker to execute arbitrary commands...
ROS-20240606-09
A vulnerability in the HTTP2 protocol implementation network/access/http2/hpacktable.cpp of the cross-platform Qt software development framework is related to an integer overflow resulting from a a change in the typical order of expressions in a conditional statement "Yoda conditions". Exploitati...
ROS-20240507-01
Vulnerability of ANSI Escape Sequence Handler component of WinRAR file archiver is related to errors in input data processing. input data processing errors. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service or tamper with screen output...
ROS-20240507-04
A vulnerability in the Temp File Handler component of rc is related to the creation of temporary files. Exploitation The exploitation of the vulnerability may allow an intruder to gain unauthorized access to protected information...
ROS-20240425-08
The OpenSearch software family vulnerability is related to a bug in the parser where an input string of small size can cause it to use an undefined amount of memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20240425-03
Vulnerability in the node::http2::Http2Session::Http2Session HTTP/2-server function of the software platform Node.js is related to uncontrolled resource consumption as a result of incorrect definition of the end of the header when processing CONTINUATION frames. Exploitation of the vulnerability...
ROS-20240423-10
Unbound's DNS server vulnerability is related to an incorrect session expiration date. Exploiting the vulnerability allows a remote attacker to gain access to confidential data Unbound DNS server vulnerability is related to insufficient input data validation. Exploitation of the vulnerability cou...
ROS-20240422-07
A vulnerability in the Iperf3 network bandwidth measurement tool is related to the fact that a client can send less than the expected amount of data to the iperf server, which could cause the server to will indefinitely wait for the remainder or until the connection is is closed. Exploitation of...
ROS-20240418-07
A vulnerability in the idxd: component of the Linux operating system kernel is related to pasid writing when the device. Exploitation of the vulnerability could allow an attacker to impact the integrity of the protected information A vulnerability in the nftables: component of the Linux kernel is...
ROS-20240410-02
Vulnerability in the HTTP/3 QUIC module of NGINX Plus, NGINX OSS web servers that allows an attacker to cause a denial of service. denial of service Vulnerability of ngxhttpv3module module of NGINX and NGINX Plus servers is related to memory usage after its release. memory after it has been freed...
ROS-20240410-22
Vulnerability of chroot build environment manager for creating RPM packages Mock is related to insufficient validation of the of input data. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
ROS-20240410-19
The MinIO object storage server vulnerability is related to flaws in access differentiation based on the UpdateServiceAccountAdminAction policy. Exploitation of the vulnerability could allow an attacker, acting remotely to escalate their privileges...
ROS-20240410-12
The vulnerability in the SAML PySAML2 standard is related to the XML signature packaging variant, as it does not validate the SAML document against the XML schema. Exploitation of the vulnerability could allow an attacker, remotely bypass signature validation and gain access to protected informat...
ROS-20240410-14
A vulnerability in the Django web application software platform is associated with uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20240409-13
A vulnerability in the python-eventlet library of the OpenStack Platform cloud building platform is related to incorrect resource sweeping or freeing. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20240409-07
A vulnerability in the shadow-utils package is related to requesting the password twice and not clearing the memory buffer. Exploitation of the vulnerability could allow an attacker to gain access to the device...
ROS-20240408-09
GdkPixbuf image loading library vulnerability is related to writing beyond buffer boundaries. Exploitation exploitation of the vulnerability could allow a remote attacker to gain access to sensitive data, compromise its integrity, and cause a denial of service via a specially crafted GIF file. A...
ROS-20240405-07
Vulnerability in slicesegmentheader function of Libde265 video codec implementation is related to copying the buffer without checking the input size. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service...
ROS-20240403-03
A vulnerability in the libtirpc package is related to the exhaustion of process file descriptors. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20240404-15
A vulnerability in the libwebp library is related to writing beyond buffer boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to write data outside of the buffer boundaries through a crafted HTML page. HTML page...
ROS-2-1617
2.1617 Multiple vulnerabilities in libwebp 1. Vulnerability description: CVE-2020-36332 A vulnerability in the libwebp library for encoding and decoding WebP images, is related to improper control of internal resource consumption. Exploitation of the vulnerability could allow an attacker acting...
ROS-2-1422
2.1422 Multiple vulnerabilities in ISC BIND CVE-2021-25216, CVE-2021-25215, CVE-2021-25214 1. Vulnerability Description: CVE-2021-25216 A vulnerability exists due to a boundary error in the GSS-TSIG extension. A remote attacker can send specially crafted requests to the server, trigger a buffer...
ROS-2-950
2.950 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability could...
ROS-2-482
2.482 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability coul...
ROS-2-990
2.990 Vulnerability in Mozilla Thunderbird email client CVE-2021-29964, CVE-2021-29967 1. Vulnerability description: CVE-2021-29964 A vulnerability in the Mozilla Thunderbird email client, is related to boundary conditions. Exploitation of the vulnerability could allow an attacker acting remotely...
ROS-2-1404
2.1404 Multiple vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...
ROS-2-1173
2.1173 Vulnerability in VLC CVE-2019-19721, CVE-2020-6071, CVE-2020-6072, CVE-2020-6073, CVE-2020-6077, CVE-2020-6078, CVE-2020-6079 1. Vulnerability Description: The vulnerability allows a remote user to: - create a customized image file that can cause an out-of-bounds read, - send a specially...
ROS-2-1356
2.1356 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...
ROS-20231024-03
The OAuth2 token vulnerability of the cloud-based software for creating and utilizing Nextcloud storage Nextcloud data storage software is related to the storage of OAuth2 tokens in plaintext. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to the server a...
ROS-20231023-01
Vulnerability in libtom function of libtommath library is related to integer overflow. Exploitation exploitation of the vulnerability could allow a remote attacker to execute arbitrary code...
ROS-20230926-01
Vulnerability of the gfbifsflushcommandlist function of the GPAC multimedia platform is related to incorrect use of dynamic memory during program operation. use of dynamic memory during program operation. Exploitation of the vulnerability could allow an attacker acting remotely to pass arbitrary...
ROS-20230914-08
GPAC multimedia platform vulnerability is related to integer sign overflow in the filters/muxisom.c:5716:20. Exploitation of the vulnerability could allow an attacker to cause the application to crash. The GPAC multimedia platform vulnerability is related to null pointer dereferencing in function...