8244 matches found
ROS-20241015-07
Vulnerability in HashiCorp's Vault and Vault Enterprise enterprise information archiving platforms is related to errors in applying policies related to the converged encryption feature. Exploitation of the of the vulnerability could allow an attacker acting remotely to decrypt arbitrary encrypted...
ROS-20241009-03
A vulnerability in the ksmbd component of the Linux kernel is related to NULL pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the vcap component of the Linux operating system kernel is related to memory usage after...
ROS-20241001-02
Vulnerability of html/template package of Golang programming language is related to incorrect handling of <script> occurrences of <script>, <!--> and </script> in JS literals in <script> contexts. Exploitation vulnerability could allow an attacker acting remotely to perform an...
ROS-20240916-04
A vulnerability in the PrivateDecrypt function of the cryptographic library of the Node.js software platform is related to the following use of hidden side channels as a result of time discrepancy between decryption of valid and invalid encrypted texts based on the PKCS1 v1.5.5 cryptography...
ROS-20240827-07
Vulnerability in UnlinkedWikibase extension of a software tool for implementing hypertext environments MediaWiki is related to improper input neutralization during web page creation. Exploitation The vulnerability could allow an attacker acting remotely to perform cross-site scripting attacks XSS...
ROS-20240826-19
Vulnerability in Wheel Python Packaging Authority package installation tools is related to uncontrolled resource consumption. resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20240820-08
A vulnerability in the filtervar function of the PHP programming language interpreter is related to insufficient data authentication. data authentication. Exploitation of the vulnerability could allow an attacker acting remotely, spoof URLs with erroneous data...
ROS-20240820-04
Vulnerability in XML parser library libexpat is related to uncontrolled consumption of resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service...
ROS-20240820-09
Vulnerability of mutexunlock function in spi component of Linux kernel is related to memory usage after mutex addlock is released. Exploitation of the vulnerability could allow an intruder to affect confidentiality, integrity and availability of protected information The vulnerability of the...
ROS-20240807-09
A vulnerability in the V8 JavaScript script handler of the Google Chrome browser is related to an improperly implemented security checks for the standard. Exploitation of the vulnerability could allow an attacker, acting remotely, to perform a sandbox exit using a specially crafted HTML page A...
ROS-20240807-10
BIND DNS server vulnerability is related to uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service by sending multiple DNS messages over TCP The BIND DNS server vulnerability involves sending a large number of clie...
ROS-20240805-08
A vulnerability in the golang package of the Debian GNU/Linux operating system is related to a lack of protection for service data. data. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information A vulnerability in the golang package of the...
ROS-20240805-02
A vulnerability in the implementation of the application program interface of the Rust programming language interpreter for Windows operating systems is related to the introduction or modification of arguments. Windows operating systems is related to the introduction or modification of arguments...
ROS-20240729-16
A vulnerability in the github.com/containers/image library is related to the fact that an attacker can initiate unexpected authenticated registry accesses on behalf of a victim user. Exploitation of the vulnerability could allow an attacker acting remotely to cause resource depletion, local path...
ROS-20240723-01
A vulnerability in the Key Distribution Center KDC component of the Kerberos network authentication protocol is associated with the NULL pointer dereferencing. Exploitation of the vulnerability allows an attacker acting remotely, cause a denial of service...
ROS-20240717-01
Vulnerability of clientsendparams function in lib/ext/presharedkey.c component of GnuTLS transport layer security library is related to memory usage after its release. of GnuTLS transport layer is related to memory usage after its release. Exploitation exploitation of the vulnerability could allo...
ROS-20240709-01
Vulnerability of the function UnicodeString::doAppend unistr.cpp of the International Components for Unicode library is related to integer overflow of the data structure. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to sensitive data, cause...
ROS-20240711-03
Vulnerability of NTFS file handler NtfsHandler.cpp of 7-Zip archiver is related to the possibility of heap-based buffer overflow of a heap-based buffer overflow. Exploitation of the vulnerability could allow an attacker, acting remotely, execute arbitrary code A vulnerability in the NTFS file...
ROS-20240704-05
Vulnerability in the OpenSearch software package related to incorrectly restricting reference to an external XML entity. Exploitation of the vulnerability could allow an attacker to conduct XXE attacks...
ROS-20240704-06
Vulnerability of logback receiver component of logging library logback is related to recovery of inaccurate data in memory inaccurate data. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
ROS-20240704-11
A vulnerability in the GnuTLS cryptographic library is related to the use of incorrect cryptography to encryption of a session ticket. Exploitation of the vulnerability could allow an attacker acting remotely, bypass TLS authentications and gain access to sensitive data...
ROS-20240507-01
Vulnerability of ANSI Escape Sequence Handler component of WinRAR file archiver is related to errors in input data processing. input data processing errors. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service or tamper with screen output...
ROS-20240422-07
A vulnerability in the Iperf3 network bandwidth measurement tool is related to the fact that a client can send less than the expected amount of data to the iperf server, which could cause the server to will indefinitely wait for the remainder or until the connection is is closed. Exploitation of...
ROS-20240418-07
A vulnerability in the idxd: component of the Linux operating system kernel is related to pasid writing when the device. Exploitation of the vulnerability could allow an attacker to impact the integrity of the protected information A vulnerability in the nftables: component of the Linux kernel is...
ROS-20240410-02
Vulnerability in the HTTP/3 QUIC module of NGINX Plus, NGINX OSS web servers that allows an attacker to cause a denial of service. denial of service Vulnerability of ngxhttpv3module module of NGINX and NGINX Plus servers is related to memory usage after its release. memory after it has been freed...
ROS-20240410-22
Vulnerability of chroot build environment manager for creating RPM packages Mock is related to insufficient validation of the of input data. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
ROS-20240409-13
A vulnerability in the python-eventlet library of the OpenStack Platform cloud building platform is related to incorrect resource sweeping or freeing. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20240405-07
Vulnerability in slicesegmentheader function of Libde265 video codec implementation is related to copying the buffer without checking the input size. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service...
ROS-20240403-03
A vulnerability in the libtirpc package is related to the exhaustion of process file descriptors. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20240404-15
A vulnerability in the libwebp library is related to writing beyond buffer boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to write data outside of the buffer boundaries through a crafted HTML page. HTML page...
ROS-2-1617
2.1617 Multiple vulnerabilities in libwebp 1. Vulnerability description: CVE-2020-36332 A vulnerability in the libwebp library for encoding and decoding WebP images, is related to improper control of internal resource consumption. Exploitation of the vulnerability could allow an attacker acting...
ROS-2-1422
2.1422 Multiple vulnerabilities in ISC BIND CVE-2021-25216, CVE-2021-25215, CVE-2021-25214 1. Vulnerability Description: CVE-2021-25216 A vulnerability exists due to a boundary error in the GSS-TSIG extension. A remote attacker can send specially crafted requests to the server, trigger a buffer...
ROS-2-1356
2.1356 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...
ROS-2-990
2.990 Vulnerability in Mozilla Thunderbird email client CVE-2021-29964, CVE-2021-29967 1. Vulnerability description: CVE-2021-29964 A vulnerability in the Mozilla Thunderbird email client, is related to boundary conditions. Exploitation of the vulnerability could allow an attacker acting remotely...
ROS-2-1404
2.1404 Multiple vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...
ROS-2-1173
2.1173 Vulnerability in VLC CVE-2019-19721, CVE-2020-6071, CVE-2020-6072, CVE-2020-6073, CVE-2020-6077, CVE-2020-6078, CVE-2020-6079 1. Vulnerability Description: The vulnerability allows a remote user to: - create a customized image file that can cause an out-of-bounds read, - send a specially...
ROS-2-482
2.482 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability coul...
ROS-20231024-03
The OAuth2 token vulnerability of the cloud-based software for creating and utilizing Nextcloud storage Nextcloud data storage software is related to the storage of OAuth2 tokens in plaintext. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to the server a...
ROS-20231023-01
Vulnerability in libtom function of libtommath library is related to integer overflow. Exploitation exploitation of the vulnerability could allow a remote attacker to execute arbitrary code...
ROS-20230926-01
Vulnerability of the gfbifsflushcommandlist function of the GPAC multimedia platform is related to incorrect use of dynamic memory during program operation. use of dynamic memory during program operation. Exploitation of the vulnerability could allow an attacker acting remotely to pass arbitrary...
ROS-20230914-08
GPAC multimedia platform vulnerability is related to integer sign overflow in the filters/muxisom.c:5716:20. Exploitation of the vulnerability could allow an attacker to cause the application to crash. The GPAC multimedia platform vulnerability is related to null pointer dereferencing in function...
ROS-20230911-04
A vulnerability in the GPAC multimedia platform is related to read out of bounds. Exploitation of the vulnerability could allow an attacker to read sensitive information from other memory locations or cause a a glitch...
ROS-20230911-01
A vulnerability in the traffic analysis software Wireshark is related to insufficient validation of user input in the iSCSI dissector. user input to the iSCSI dissector. Exploitation of the vulnerability could allow an attacker, acting remotely, pass specially crafted input data to the applicatio...
ROS-2-1208
2.1208 Multiple vulnerabilities in libwebp 1. Vulnerability description: CVE-2020-36332 A vulnerability in the libwebp library for encoding and decoding WebP images, is related to improper control of internal resource consumption. Exploitation of the vulnerability could allow an attacker acting...
ROS-2-855
2.855 Multiple vulnerabilities in libwebp 1. Vulnerability description: CVE-2020-36332 A vulnerability in the libwebp library for encoding and decoding WebP images, is related to improper control of internal resource consumption. Exploitation of the vulnerability could allow an attacker acting...
ROS-2-1290
2.1290 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...
ROS-2-1004
2.1004 Denial of Service in libX11CVE-2021-31535 1. Vulnerability Description: The vulnerability allows a local user to execute a denial of service DoS attack. The vulnerability exists due to insufficient validation of color names in the XLookupColor function. A local user can launch a specially...
ROS-2-1585
2.1585 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...
ROS-20230622-07
The vulnerability in the libx11 library is due to the fact that the functions in src/InitExt.c in libX11 do not check that the the values provided for request, event, or error identifiers are within the boundaries of the of the arrays to which these functions write, using these identifiers as arr...
ROS-20230619-01
The vulnerability in the GLPI web application is related to insufficient cleansing of user data in the administration panel of the administration panel, a user could inject and execute arbitrary HTML code and script in the browser of a user's browser in the context of a vulnerable website...