8162 matches found
ROS-20240617-01
The strongSwan daemon vulnerability is related to certificate validation errors in TLS-based EAP methods. Exploitation of the vulnerability could allow an attacker acting remotely to perform a denial of denial of service...
ROS-20240614-01
Vulnerability of UnRAR file unzipping tool is related to incorrect restriction of the path name to the directory with restricted access. Exploitation of the vulnerability could allow a remote attacker, Overwrite arbitrary files using a specially crafted archive...
ROS-20240613-03
Vulnerability in program/lib/Roundcube/rcubestringreplacer.php component of RoundCube mail client Webmail exists due to failure to take measures to protect the structure of the web page. Exploitation of the vulnerability could allow a remote attacker to conduct a cross-site scripting XSS attack...
ROS-20240607-03
A vulnerability in the lrzip.c:initializecontrol component of the Irzip software tool is caused by a buffer overflow in dynamic memory. buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely, affect confidentiality, integrity and availability ...
ROS-20240524-02
A vulnerability in the rlsafeeval function of the ReportLab library is related to incorrect code generation control. Exploitation of the vulnerability could allow a remote attacker to bypass security restrictions and execute arbitrary code. security restrictions and execute arbitrary code...
ROS-20240521-02
Vulnerability in HTTP Digest Authentication handler of Squid proxy server is related to uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service or other impact. remotely to cause a denial of service or other impact...
ROS-20240426-01
A vulnerability in the pesign daemon of the systemd service initialization and management subsystem is related to the ability to path traversal. Exploitation of the vulnerability could allow an attacker to escalate his privileges...
ROS-20240422-01
Vulnerability in the OpenSC smart card software toolkit and libraries is related to a bug in the AuthentIC driver and occurs during card registration using pkcs15-init. a bug in the AuthentIC driver and occurs during the card registration process using pkcs15-init, when a user or administrator...
ROS-20240422-05
The golang package vulnerability is related to errors returned from MarshalJSON methods containing data, controlled by the user. Exploitation of the vulnerability could allow an attacker acting remotely, exploit these errors to disrupt the contextual behavior of the automatic output of the packag...
ROS-20240404-16
Vulnerability of builtin.c component of Gawk template reformatting component is related to operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an intruder to gain unauthorized access to protected information or cause denial of service...
ROS-20230403-14
The ZeroMQ asynchronous messaging library vulnerability is related to causing a stack buffer overflow on the server by sending specially crafted topic subscription requests and then unsubscribing. Exploitation of the of the vulnerability could allow an attacker acting remotely to cause a denial o...
ROS-20240402-15
A vulnerability in the virtuoso-opensource web application development platform is related to the invocation of a denial of Denial of Service DoS using specially crafted SQL statements. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A...
ROS-20240328-02
A vulnerability in the gagrowinner function of the vim text editor, protocol for software Unix is caused by an by an integer overflow. Exploitation of the vulnerability could allow an attacker to cause a denial of denial of service...
ROS-2-1355
2.1355 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability coul...
ROS-2-994
2.994 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...
ROS-2-992
2.992 Multiple vulnerabilities in libwebp 1. Vulnerability description: CVE-2020-36332 A vulnerability in the libwebp library for encoding and decoding WebP images, is related to improper control of internal resource consumption. Exploitation of the vulnerability could allow an attacker acting...
ROS-2-1316
2.1316 Multiple vulnerabilities in PostgreSQL CVE-2021-32027, CVE-2021-32028, CVE-2021-32029 1. Vulnerability Description: CVE-2021-32027 The vulnerability allows a remote attacker to execute arbitrary code on the target system. CVE-2021-32028, CVE-2021-32029 Vulnerability allows a remote user to...
ROS-2-970
2.970 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability Description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...
ROS-2-1337
2.1337 Multiple Exim Server Vulnerabilities 1. Vulnerability description: CVE-2020-28007 A vulnerability in the Exim message forwarding agent, is related to a symbolic link in the Exim log directory. Exploitation of the vulnerability could allow an attacker to create a special symbolic link to a...
ROS-20230914-06
Vulnerability of Iperf3 network bandwidth measurement tool is related to integer overflow when processing field lengths. Exploitation of the vulnerability could allow an intruder, acting remotely to cause a denial of service...
ROS-20230830-01
The vulnerability of the Floating Frames component of the LibreOffice office software package is related to flaws in access control. in access control. Exploiting the vulnerability could allow an attacker to perform a spoofing attack using a specially crafted file A vulnerability in the Spreadshe...
ROS-20230807-01
A vulnerability in the OpenLDAP protocol implementation is related to the failure to take measures to protect the SQL query structure. Exploitation of the vulnerability may allow a remote attacker to affect confidentiality, integrity, and availability of protected information by using a specially...
ROS-2-1584
2.1584 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...
ROS-2-1237
2.1237 Memory Leak in GNU Tar CVE-2021-20193 1. Vulnerability Description: The vulnerability allows a remote attacker to perform a DoS attack on a target system. The vulnerability exists due to a memory leak in the readheader function in list.c. A remote attacker could pass a specially crafted...
ROS-2-999
2.999 Multiple vulnerabilities in PostgreSQL CVE-2021-32027, CVE-2021-32028, CVE-2021-32029 1. Vulnerability Description: CVE-2021-32027 The vulnerability allows a remote attacker to execute arbitrary code on the target system. CVE-2021-32028, CVE-2021-32029 Vulnerability allows a remote user to...
ROS-2-1444
2.1444 Multiple Exim Server Vulnerabilities 1. Vulnerability description: CVE-2020-28007 A vulnerability in the Exim message forwarding agent, is related to a symbolic link in the Exim log directory. Exploitation of the vulnerability could allow an attacker to create a special symbolic link to a...
ROS-20220530-01
A vulnerability in the Vim text editor is related to boundary conditions in the getonesourceline function. Exploitation of the vulnerability could allow an attacker acting remotely to trick the victim into to open a specially crafted file, cause a read error outside the boundary conditions, and...
ROS-20220125-05
A vulnerability in the GNU Mailman email distribution management package is related to insufficient validation of the source of an HTTP request. the source of the HTTP request. Exploitation of the vulnerability could allow a remote attacker, cause a victim to visit a customized web page and perfo...
ROS-2-1463
2.1463 Denial of Service in libX11CVE-2021-31535 1. Vulnerability Description: The vulnerability allows a local user to execute a denial of service DoS attack. The vulnerability exists due to insufficient validation of color names in the XLookupColor function. A local user can launch a specially...
ROS-2-1548
2.1548 Vulnerability in Mozilla Thunderbird email client CVE-2021-29964, CVE-2021-29967 1. Vulnerability description: CVE-2021-29964 A vulnerability in the Mozilla Thunderbird email client, is related to boundary conditions. Exploitation of the vulnerability could allow an attacker acting remotel...
ROS-2-1518
2.1518 Multiple vulnerabilities in libwebp 1. Vulnerability Description: CVE-2020-36332 A vulnerability in the libwebp library for encoding and decoding WebP images, is related to improper control of internal resource consumption. Exploitation of the vulnerability could allow an attacker acting...
ROS-2-508
2.508 Multiple vulnerabilities in libwebp 1. Vulnerability description: CVE-2020-36332 A vulnerability in the libwebp library for encoding and decoding WebP images, is related to improper control of internal resource consumption. Exploitation of the vulnerability could allow an attacker acting...
ROS-2-1277
2.1277 Multiple vulnerabilities in ISC BIND CVE-2021-25216, CVE-2021-25215, CVE-2021-25214 1. Vulnerability Description: CVE-2021-25216 A vulnerability exists due to a boundary error in the GSS-TSIG extension. A remote attacker can send specially crafted requests to the server, trigger a buffer...
ROS-2-1224
2.1224 Vulnerability in firefox browser CVE-2020-6819 and CVE-2020-6820 1. Vulnerability description: Two critical vulnerabilities have been discovered that could lead to the execution of attacker code when processing specially formatted content. It is warned that facts of using these...
ROS-2-1326
2.1326 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability Description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...
ROS-2-976
2.976 Remote code execution in Mozilla Firefox CVE-2021-29952 1. Vulnerability Description: The vulnerability is caused by a race condition in the Web Render components and could potentially be exploited for malicious code execution.Identifier of the Information Security Threats Data Bank of the...
ROS-2-803
2.803 Vulnerability in VLC CVE-2019-19721, CVE-2020-6071, CVE-2020-6072, CVE-2020-6073, CVE-2020-6077, CVE-2020-6078, CVE-2020-6079 1. Vulnerability Description: The vulnerability allows a remote user to: - create a customized image file that can cause an out-of-bounds read, - send a specially...
ROS-2-892
2.892 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability Description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...
ROS-2-1009
2.1009 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability Description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...
ROS-2-1183
2.1183 Multiple vulnerabilities in Mozilla Thunderbird Mozilla Firefox CVE-2021-23953-CVE-2021-23965, CVE-2021-23991-CVE-2021-23993 1. Vulnerability Description: The vulnerability allows a remote attacker to gain access to potentially sensitive information. Vulnerability allows a remote attacker...
ROS-2-1267
2.1267 Memory Leak in GNU Tar CVE-2021-20193 1. Vulnerability description: The vulnerability allows a remote attacker to perform a DoS attack on a target system. The vulnerability exists due to a memory leak in the readheader function in list.c. A remote attacker could pass a specially crafted...
ROS-2-1241
2.1241 VLC vulnerabilities with specially designed playlists 1. Vulnerability description: A remote user can create a specially crafted file that can cause various issues. It is possible to trigger remote code execution through a specially created playlist and trick the user into interacting with...
ROS-2-820
2.820 Multiple vulnerabilities in Mozilla Thunderbird CVE-2021-23994, CVE-2021-23995, CVE-2021-23998, CVE-2021-23961, CVE-2021-23999, CVE-2021-24002, CVE-2021-29945, CVE-2021-29946, CVE-2021-29948, CVE-2021-29950. 1. Vulnerability Description: Vulnerabilities allow a remote attacker to compromise...
ROS-2-793
2.793 VLC vulnerability CVE-2021-3185 1. Vulnerability description: Vulnerability in the implementation of the h264parse module developed by the GStreamer project included in the gstreamer-plugins-bad set. The issue is caused by a buffer overflow in the gsth264sliceparsedecrefpicmarking function...
ROS-2-648
2.648 Follow link in chrony CVE-2020-14367 1. Vulnerability Description: CVE-2020-14367 Vulnerability allows a remote attacker to compromise a target system due to issues with a symbolic link to a service.FSTEC Russia Information Security Threats Data Bank Identifier: BDU:2021-01809 2. Possible...
ROS-2-571
2.571 Multiple vulnerabilities in libwebp 1. Vulnerability description: CVE-2020-36332 A vulnerability in the libwebp library for encoding and decoding WebP images, is related to improper control of internal resource consumption. Exploitation of the vulnerability could allow an attacker acting...
ROS-2-493
2.493 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability could...
ROS-2-952
2.952 Multiple vulnerabilities in libwebp 1. Vulnerability description: CVE-2020-36332 A vulnerability in the libwebp library for encoding and decoding WebP images, is related to improper control of internal resource consumption. Exploitation of the vulnerability could allow an attacker acting...
ROS-2-579
2.579 Multiple vulnerabilities in Mozilla Thunderbird CVE-2021-29957, CVE-2021-29956 1. Vulnerability Description: The vulnerability allows a remote attacker to bypass security restrictions imposed.FSTEC Russia Information Security Threat Data Bank Identifier: BDU:2021-02725, BDU:2021-02726 2...
ROS-2-1170
2.1170 Vulnerabilities in Squid Proxy Server 1. Vulnerability description: Issues are present in the code processing the "@" block at the beginning of a URL "user@host" and allow bypassing access restriction rules, poisoning cache contents and performing a cross-site scripting attack.Identifier o...