ROS-20250212-05

Vulnerability in Mozilla Firefox, Mozilla Firefox ESR, Mozilla Thunderbird email client is related to incorrect limitation of operations within the memory buffer. with incorrect limitation of operations within the memory buffer. Exploitation of the vulnerability could allow an attacker acting...

ROS-20250402-01

The vulnerability of the urllib.parse.urlsplit and urlparse functions of the Python programming language interpreter is related to the fact that urllib.parse.urlsplit and urlparse accept domain names with square brackets. Exploiting the vulnerability could allow an attacker to escalate their...

ROS-20250402-09

The libexpat XML file parsing library vulnerability is related to boundary errors in the processing of XML content. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code on the target system...

ROS-20220225-01

Expat parsing library vulnerability, related to integer overflow in copyString. Exploitation vulnerability could allow an attacker acting remotely to pass specially crafted data to an application, cause an integer overflow, and cause a denial of service condition on the target system. data, trigg...

ROS-20250311-05

PQescapeLiteral, PQescapeIdentifier, PQescapeString and PQescapeStringConn functions are vulnerable to vulnerability libpq library of PostgreSQL database management system is related to failure to take measures to protect SQL query structure. Exploitation of the vulnerability could allow an...

ROS-20250311-04

PQescapeLiteral, PQescapeIdentifier, PQescapeString and PQescapeStringConn functions are vulnerable to vulnerability libpq library of PostgreSQL database management system is related to failure to take measures to protect SQL query structure. Exploitation of the vulnerability could allow an...

ROS-20250307-05

A vulnerability in the OpenSSL library is related to a temporary side-channel in the ECDSA signature computation. Exploitation of the vulnerability could allow a remote attacker to recover the private key...

ROS-20250307-11

A vulnerability in the src/main.c file of the vim text editor is related to manipulation of the -log argument, resulting in memory corruption. Exploitation of the vulnerability could allow an attacker to cause a denial of denial of service A vulnerability in the strtoreg function of the src/main....

ROS-20250219-04

A vulnerability in Git's distributed version control system is related to a flaw in the mechanism for encoding or shielding of output data. Exploitation of the vulnerability allows a remote attacker, gain access to sensitive data Vulnerability in the ANSI Escape Sequence Handler component of the...

ROS-20230905-01

A vulnerability in the Bluetooth permission verification subsystem of the Linux kernel is associated with errors in the processing of input data. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary commands by sending specially crafted requests...

ROS-20220317-01

Apache HTTP Server web server vulnerability is related to a bounds error in LimitXMLRequestBody. Exploitation vulnerability could allow an attacker acting remotely to cause memory corruption and execute arbitrary code on the target system Apache HTTP Server web server vulnerability is related to...

ROS-20250307-08

The vulnerability of the objdump.c file of the GNU Binutils development tool is related to bounds errors in the disassemblebytes function in binutils/objdump.c in the nm binary. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...

ROS-20250307-13

A vulnerability in the VerifyHostKeyDNS component of the OpenSSH cryptographic protection tool is related to flaws in error handling during host key verification. in error handling during host key verification. Exploitation of the vulnerability could allow an attacker, acting remotely, to conduct...

ROS-20250212-17

A vulnerability in the Mark-of-the-Web protection mechanism of the 7-Zip archiver is related to a breach of the data protection mechanism. data protection mechanism. Exploitation of the vulnerability could allow an attacker to execute arbitrary code in the context of the current user...

ROS-20250212-12

A vulnerability in the hbcairoglyphsfrombuffer function of the Harfbuzz text transformation library is related to the bounds errors in the hbcairoglyphsfrombuffer function in hb-cairo.cc. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code on the...

ROS-20211223-04

Apache HTTP server vulnerability is related to buffer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to send a special HTTP request to a vulnerable web server, cause a buffer overflow, and execute arbitrary code on the target system. buffer overflow and execut...

ROS-20250307-01

A vulnerability in the readline.sh component of the socket forwarding utility from the host machine is related to the use of a predictable temporary file name in readline.sh. the use of a predictable temporary file name in readline.sh. Exploitation of the vulnerability could allow an attacker...

ROS-20250307-02

A vulnerability in the Subversion centralized version control system is related to insufficient validation of file names when serving repositories via moddavsvn. file names when serving repositories via moddavsvn. Exploitation of the vulnerability could allow an attacker acting remotely to cause ...

ROS-20250226-10

Vulnerabilities in the Hotspot components of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines are related to flaws in the authorization mechanism. for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to a flaw...

ROS-20250212-13

Vulnerability in the ntpd daemon implementation of the NTP time synchronization protocol is related to insufficient validation of user input during NTP packet processing. user input during NTP packet processing. Exploitation of the vulnerability could allow an attacker acting remotely to cause a...

ROS-20250307-10

Vulnerability in nginx software is related to TLS session resumption when processing client certificate client certificate authentication. Exploitation of the vulnerability could allow an attacker acting remotely, an attacker could bypass the authentication process...

ROS-20250226-11

Vulnerabilities in the Hotspot components of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines are related to flaws in the authorization mechanism. for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to a flaw...

ROS-20250226-08

A vulnerability in the OpenJPEG image encoding and decoding library is related to memory boundary errors. memory boundary errors. Exploitation of the vulnerability could allow an attacker to execute arbitrary code A vulnerability in the OpenJPEG image encoding and decoding library is related to a...

ROS-20250212-03

A vulnerability in the cpython module of the Python programming language is related to improper input validation in module venv module when creating a virtual environment. Exploitation of the vulnerability allows an attacker to execute arbitrary code...

ROS-20230407-03

A vulnerability in the OpenSSL cryptographic library is related to the validation of X.509 certificate chains that include policy restrictions. Exploitation of the vulnerability could allow an attacker acting remotely, to create a malicious certificate chain that triggers exponential utilization ...

ROS-20230112-02

A vulnerability in the Vim text editor is related to a boundary error in the msgputsprintf0 function in message.c. Exploitation of the vulnerability could allow an attacker acting remotely to trick the victim into to open a specially crafted file, cause a heap buffer overflow, and execute arbitra...

ROS-20230112-01

A vulnerability in the Squid caching proxy server is related to inconsistent processing of internal URIs. Exploitation of the vulnerability could allow an attacker acting remotely to bypass ACL manager protections and gain access to cache manager information, which includes records about the...

ROS-20250311-01

A vulnerability in the f2fs component of the Linux operating system kernel is related to an incorrect lock in the function f2fshandlecriticalerror in fs/f2fs/super.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service Vulnerability in rtl2830pidfilter function ...

ROS-20250226-14

A vulnerability in the gzipdowrite function of the zlib compression library of the cURL command-line utility is related to an integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely, bypass the ASLR protection mechanism, execute arbitrary code, or cause a denia...

ROS-20250212-06

A vulnerability in the oggvorbis.c component of the libsndfile audio file reading and writing library is related to a boundary condition violation in the vorbisanalysiswrote function in oggvorbis.c. a boundary condition violation in the vorbisanalysiswrote function in oggvorbis.c. Exploitation of...

ROS-20250109-01

A NetworkManager network connection management vulnerability involves the injection of corrupted LLDP packets. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20220919-01

A vulnerability in the Linux kernel's implementation of the CAN BCM protocol is caused by synchronization errors when utilizing a shared resource. Exploitation of the vulnerability could allow an attacker to escalate their privileges Vulnerability of the legacyparseparam function of the Linux...

ROS-20250417-04

A vulnerability in the numbers.ct file of the libxslt library is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker to execute arbitrary code Vulnerability in libxslt library's xsltGetInheritedNsList function is related to memory usage after...

ROS-20230210-04

A vulnerability in the Redis database management system DBMS is related to the setrange and sort ro commands. Exploitation of the vulnerability could allow an attacker acting remotely to cause an integer overflow, resulting in the allocation of unacceptable amounts of memory...

ROS-20220407-03

A vulnerability in the Python client library is related to insufficient validation of user input data in the FTP File Transfer Protocol library when used in PASV passive mode in the FTP File Transfer Protocol library when it is used in PASV passive mode. Exploitation the vulnerability could allow...

ROS-20221222-02

A vulnerability in the cURL command-line utility is related to a bounds error in parsing the .netrc file. Exploitation vulnerability could allow an attacker acting remotely to transfer a specially crafted file, cause a stack-based buffer overflow, and perform a denial of service DoS attack The cU...

ROS-20211223-01

Vulnerability in the JNDI component of Apache Log4j2 Java program logging library is related to errors in the data deserialization errors. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code Vulnerability in Log4j Java program logging library exists d...

ROS-20240329-20

Vulnerability in the virNWFilterObjListNumOfNWFilters method of the Libvirt virtualization management library is due to with insufficient blocking. Exploitation of the vulnerability allows an attacker acting remotely, cause a denial of service Vulnerability in virStoragePoolLookupByTargetPath API...

ROS-20220628-01

A vulnerability in the Apache HTTP web server is related to insufficient validation of user-entered data during the HTTP requests to the lua script that calls r:parsebody0. Exploitation of the vulnerability could allow an attacker acting remotely to send a very large HTTP request to a vulnerable...

ROS-20230619-05

A vulnerability in the pip module of the Python programming language is related to incorrect input validation in the Policy component python-pip in Oracle Communications Cloud Native Core Policy. Exploitation The vulnerability could allow an attacker acting remotely to manipulate data. The...

ROS-20230210-03

Vulnerability of GNU C Libraryglibc system calls and basic functions library is related to buffer overflow in monstartup function of Call Graph Monitor component in gmon.c file. buffer overflow in monstartup function of gmon.c file of Call Graph Monitor component. Exploiting the vulnerability cou...

ROS-20230414-03

The curl program vulnerability is related to the handling of IDN characters in hostnames, the HSTS mechanism can be bypassed, if the hostname in the specified URL first uses IDN characters that are replaced with ASCII analogs during IDN conversion, then in a subsequent request it does not detect...

ROS-20230210-02

The X.Org Server vulnerability is related to the fact that after calling free a pointer bound to the buffer did not have the NULL sign, which led to further access to the buffer after its freeing use-after-free in the DeepCopyPointerClasses function used in the X Input extension...

ROS-20220413-01

Vulnerability in drivers/usb/gadget/composite.c driver of Linux kernel is related to an operation exceeding the memory buffer boundaries. operation outside of a buffer in memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code Vulnerability in the implementatio...

ROS-20250424-03

Vulnerability of the executefilterdelta function of the archivereadsupportformatrar.c component of the Libarchive archiving library is related to reading beyond the allowed data buffer boundaries. of Libarchive archiving library is related to reading outside the allowed data buffer boundaries...

ROS-20250424-08

A vulnerability in the containerd container runtime environment is related to an integer overflow when processing a UID:GID that exceeds the maximum 32-bit signed integer. Exploitation of the vulnerability could Allow an attacker to cause a denial of service...

ROS-20221108-01

A vulnerability in the cURL command line utility is related to an error in parsing URLs with IDN characters that are replaced by ASCII analogs during IDN conversion. Exploitation of the vulnerability could allow an attacker acting remotely to bypass curl's HSTS inspection and force it to Use the...

ROS-20220920-01

The grubscriptfunctioncreate function of the Grub configuration file has a vulnerability due to a function override error. function override error while this function is already executed. Exploitation of the vulnerability allows an attacker to gain access to confidential data, compromise its...

ROS-20220516-05

A vulnerability in the Git distributed version control system is related to the fact that the uninstaller binary downloads DLLs in an unsafe manner from the current working directory. uninstaller binary loads DLLs in an insecure manner from the current working directory. Exploitation of the...

ROS-20220330-02

Vulnerability in the XML streaming parser library libexpat, related to an integer integer overflow in doProlog function, allowing a remote attacker to pass specially crafted data to an application, cause an integer overflow, and execute arbitrary code in the target application. specially crafted...