8110 matches found
ROS-20240902-04
A vulnerability in the xmlattr filter of the Jinja2 templating engine for the Python programming language is related to the failure to take measures to protect the structure of a web page. to protect the structure of a web page. Exploitation of the vulnerability could allow an attacker acting...
ROS-20240902-20
A vulnerability in the KeePass password manager is related to unencrypted storage of critical information. Exploitation of the vulnerability could allow an attacker to obtain passwords in clear form...
ROS-20240902-03
Intel processor firmware vulnerability is related to errors in interpretation of redundant prefixes. of redundant prefixes. Exploitation of the vulnerability could allow an attacker to escalate privileges from third to zero ring of protection CPL0, gain access to sensitive information, or cause a...
ROS-20240828-04
A vulnerability in OpenVPN software is related to the lack of uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
ROS-20240827-04
A vulnerability in the CGI component of the Ruby programming language is related to the occurrence of an interpretation conflict when inserting unreliable input data into HTTP response header. Exploitation of the vulnerability allows an attacker acting remotely to gain access to confidential data...
ROS-20240826-11
Vulnerability of Connector/J component of MySQL Connectors driver is related to insufficient input data validation. data. Exploitation of the vulnerability could allow a remote attacker to affect the confidentiality, integrity, and availability of protected information. confidentiality, integrity...
ROS-20240826-13
A vulnerability in the protojson.Unmarshal function of the golang-google-protobuf package of the Golang programming language is related to an infinite loop when anmarshaling certain JSON forms. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service ...
ROS-20240816-01
A vulnerability in the Portainer container management platform is related to a difference in authentication user authentication response time. Exploitation of the vulnerability could allow an attacker acting remotely to determine whether a username is valid or invalid. remotely, whether the...
ROS-20240816-08
A vulnerability in the PHP programming language is related to the random number generator's use of a narrower range of values. Exploitation of the vulnerability could allow an attacker acting remotely to gain access sensitive data A vulnerability in the PHP interpreter phardirread function is...
ROS-20240725-13
A vulnerability in the NVIDIA GPU Display Driver software driver for Linux is related to privilege management errors. Exploitation of the vulnerability could allow an attacker to disclose protected information and cause a denial of service A vulnerability in the NVIDIA GPU Display Driver for Linu...
ROS-20240807-03
The vulnerability of PJSIPHEADER function of Asterisk and Certified Asterisk IP telephony management systems is related to with operation exceeding the buffer boundaries in memory when processing the update argument. Exploitation of the vulnerability could allow an attacker acting remotely to cau...
ROS-20240806-05
A vulnerability in the AbstractSessionListener component of the Symfony web application development and management platform is related to an incorrect authorization procedure. Symfony web application development and management platform is related to incorrect authorization procedure. Exploitation...
ROS-20240806-21
Vulnerability of JDBC driver pgjdbc for connecting Java programs to PostgreSQL database is related to Lack of verification of the class implementation of the expected interface. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code through the...
ROS-20240731-01
A vulnerability in the lib-src/etags.c file of the ctags component of the EMACS text editor is related to improper neutralization of special elements. Exploitation of the vulnerability could allow an attacker to execute arbitrary code Vulnerability in the org-babel-execute:latex function of the...
ROS-20240729-13
Vulnerability of cJSONInsertItemInArray function of JSON-C library for JSON-C JSON processing is related to pointer dereferencing errors. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service...
ROS-20210716-02
A vulnerability in the DICOM DCMTK library is related to pointer dereferencing errors. Exploitation of the vulnerability allows an attacker to cause a denial of service Vulnerability of the library for working with DICOM DCMTK format is related to allocation of heap memory for parsing the data, b...
ROS-20240703-11
A vulnerability in the cloud-init virtual machine configuration package for Linux family operating systems is related to the fact that sensitive data could be exposed in cloud-init logs. Exploitation the vulnerability could allow an attacker to gain unauthorized access to the protected informatio...
ROS-20240626-15
Vulnerability of avahishostnameresolverstart function of Avahi local network service discovery system is related to pointer dereferencing errors. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
ROS-20240626-13
Vulnerability of ExtractImageSection function of LibTIFF library is related to buffer copying without checking the the size of the input. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service using a crafted Tiff file...
ROS-20240626-14
Vulnerability of REFRESH MATERIALIZED VIEW CONCURRENTLY function of PostgreSQL database management system is related to privilege management errors in processing and checking command line parameters. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary SQ...
ROS-20240529-02
A vulnerability in the LibreOffice office suite is related to uncontrolled script execution in the graphics linking scripts by clicking on them. Exploitation of the vulnerability could allow an attacker to execute scripts embedded in LibreOffice...
ROS-20240524-03
A vulnerability in Ruby Sinatra web application development framework is related to code loading without checking its integrity. of its integrity. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
ROS-20240424-03
A vulnerability in the Serialization component of the Oracle Java SE software platform and Oracle Virtual Machine GraalVM Enterprise Edition is related to the recovery of invalid data in memory. Exploitation exploitation of the vulnerability could allow a remote attacker to cause a denial of...
ROS-20240522-07
A vulnerability in the Firebird database management system is related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a long CHAR instruction...
ROS-20240522-06
A vulnerability in the protojson.Unmarshal function of the Golang programming language is related to an infinite loop when unmarshaling of certain JSON forms. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20240521-04
Vulnerability of the lysparsemem function parser and data modeling language toolkit for YANG libyang is related to the lack of a check if the value mod-revision is NULL. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20240507-06
A vulnerability in the xdg-desktop-portal interface of the Flatpak application and environment management tool is related to the injection or modification of arguments. Exploitation of the vulnerability could allow an attacker to to exit an isolated program environment and access files on the...
ROS-20240423-04
A vulnerability in the libreswan software is related to the fact that in some IKEv2 scenarios retransmit a connection configured to use PreSharedKeys authby=secret and this connection fails to can't find the corresponding customized secret. Exploiting the vulnerability could allow an attacker,...
ROS-20240418-04
The exfatprogs user-space utility vulnerability is related to allowing memory accesses outside the boundaries, such as in readfiledentryset. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
ROS-20240415-01
A vulnerability in the jbig2error function of the jbig2.c file of the Jbig2dec image compression format decoder is related to the SEGV vulnerability. SEGV vulnerability. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20240412-05
A vulnerability in the gfisomnewgenericsampledescription function of the GPAC multimedia platform is related to the buffer copying without checking the input size. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
ROS-20240412-03
Atril document viewer vulnerability is related to incorrect path restriction to a restricted directory. Exploitation of the vulnerability could allow an attacker to write arbitrary files anywhere in the file system...
ROS-20240411-03
A vulnerability in the bsonutf8validate function of the MongoDB database management system is related to a loop with an unreachable exit condition. unreachable exit condition. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service...
ROS-20240410-07
A vulnerability in the Podman OCI container management and startup software tool is related to errors in the in privilege management. Exploitation of the vulnerability could allow an attacker acting remotely, escalate their privileges...
ROS-20240409-10
A vulnerability in IEEE 1609.2 plug-in dissector of Wireshark computer network traffic analyzer is related to pointer dereferencing errors. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service Vulnerability in GVCP dissector of Wireshark computer...
ROS-20240409-03
Vulnerability of ImageMagick console graphical editor is related to memory usage after memory freeing when processing BMP files. when processing BMP files. Exploitation of the vulnerability could allow an attacker to cause a denial of service denial of service...
ROS-20240404-19
A vulnerability in the PNG optimization software tool OptiPNG is related to a buffer overflow via the 'buffer' variable in gifread.c. Exploitation of the vulnerability could allow an attacker to cause a denial of denial of service...
ROS-20240329-03
Vulnerability in InstalledVersions.php and install.php scripts of dependency manager for PHP Composer is related to the inclusion of functions from an invalid controlled scope. with the inclusion of functions from an invalid controlled scope. Exploitation of the vulnerability could allow an...
ROS-20240329-17
A vulnerability in the sdhci.c component of the QEMU hardware emulator is related to a single offset. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-2-1185
2.1185 Directory traversal in Apache Commons IO CVE-2021-29425 1. Vulnerability Description: The vulnerability allows a remote attacker to perform directory traversal attacks. The vulnerability exists due to an input validation error in the FileNameUtils.normalize method when processing directory...
ROS-2-1417
2.1417 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability coul...
ROS-2-995
2.995 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability could...
ROS-2-959
2.959 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability Description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...
ROS-2-827
2.827 Multiple vulnerabilities in PostgreSQL CVE-2021-32027, CVE-2021-32028, CVE-2021-32029 1. Vulnerability Description: CVE-2021-32027 The vulnerability allows a remote attacker to execute arbitrary code on the target system. CVE-2021-32028, CVE-2021-32029 Vulnerability allows a remote user to...
ROS-2-8
2.8 Notification of the update of the OPERATION SYSTEM "RED OS" MIS RED SOFT LLC notifies about renewal of the previously obtained certificate of conformity of FSTEC of Russia №4060 till 12.01.2029 of the operating system "RED OS", decimal number RU.29926343.02.01-01. You can contact the technica...
ROS-2-1202
2.1202 Denial of Service in libX11CVE-2021-31535 1. Vulnerability Description: The vulnerability allows a local user to execute a denial of service DoS attack. The vulnerability exists due to insufficient validation of color names in the XLookupColor function. A local user can launch a specially...
ROS-2-1315
2.1315 Multiple vulnerabilities in Mozilla Thunderbird CVE-2021-29957, CVE-2021-29956 1. Vulnerability Description: The vulnerability allows a remote attacker to bypass security restrictions imposed.FSTEC Russia Information Security Threat Data Bank Identifier: BDU:2021-02725, BDU:2021-02726 2...
ROS-2-1285
2.1285 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability Description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...
ROS-2-967
2.967 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...
ROS-20231019-01
Vulnerability in Nextcloud cloud storage creation and utilization software is related to lack of protection and allows password mining in WebDAV API. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to confidential information...