ROS-20220217-01

MariaDB database management system vulnerability, related to a formatted string error in the in the implementation of the CONNECT function. Exploitation of the vulnerability could allow an attacker acting remotely, send a specially crafted SQL query containing format string specifiers and execute...

ROS-20211223-07

BusyBox command line utility suite vulnerability is related to reading beyond memory boundaries. Exploitation The vulnerability could allow an attacker acting remotely to cause a read outside bounds error and read the contents of memory on the system or perform a denial of service DoS attack. A...

ROS-20250424-05

Vulnerability in the netrc file handler of the cURL command line utility is related to insufficient protection of the of service data. Exploitation of the vulnerability could allow an attacker acting remotely to access credentials with HTTP redirection to another resource. access to credentials...

ROS-20250424-10

A vulnerability in the libtar package is related to the initiation of a malloc0 call for the gnulonglink variable. Exploitation The vulnerability could allow a remote attacker to gain access to sensitive information. information The libtar package vulnerability is related to the initiation of a...

ROS-20240329-07

A vulnerability in the Picture-in-Picture PiP technology of the Google Chrome browser is related to errors in the presentation of errors in the presentation of information by the user interface. Exploitation of the vulnerability could allow an attacker, acting remotely, to conduct spoofing attack...

ROS-20220323-02

A vulnerability in the glibc system library is related to a boundary error in the clntcreate function in module sunrpc module. Exploitation of the vulnerability could allow an attacker acting remotely to pass specially crafted input data to an application using a vulnerable version of the library...

ROS-20220318-01

A vulnerability in the Webmin administration software suite is related to incorrect access restrictions in the File Manager module. Exploitation of the vulnerability could allow a remote attacker to bypass the security restrictions and compromise a vulnerable system. security restrictions and...

ROS-20230911-06

Vulnerability of ssh-agent of OpenSSH cryptographic protection tool is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker, acting remotely, to affect the confidentiality, integrity, and availability of protected information...

ROS-20230411-02

Liblouis braille translator vulnerability is related to copying to buffer without checking the size of input data data. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of with the compileTranslationTable.c and lousetDataPath functions. The Liblouis...

ROS-20230411-03

The Minio object store vulnerability is related to a user with console administrator privileges who could potentially create a user that matches the root access key, once this user is successfully created, root credentials will stop working properly. Exploitation of the of the vulnerability could...

ROS-20220524-01

OpenSSL cryptographic library vulnerability is related to incorrect input validation in the script crehash. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary OS commands with script privileges A vulnerability in the OpenSSL cryptographic library is...

ROS-20220125-10

A vulnerability in the Node.js software platform is related to the formatting logic of the console.table function. Exploitation of the vulnerability could allow an attacker acting remotely to send a special request and assign an empty string to the prototype object's numeric keys A vulnerability ...

ROS-20211223-03

Vulnerability in an open source implementation of the OpenLDAP protocol is related to a reachability assertion. Exploitation exploitation of the vulnerability could allow an attacker acting remotely to send a specially crafted packet with a short timestamp to slapd and perform a denial of service...

ROS-2-502

2.502 Denial of Service in libX11CVE-2021-31535 1. Vulnerability Description: The vulnerability allows a local user to execute a denial of service DoS attack. The vulnerability exists due to insufficient validation of color names in the XLookupColor function. A local user can launch a specially...

ROS-20230407-02

The Redis DBMS vulnerability is related to a command injection error that exists due to a reachable assertion when processing the MSETNX command. Exploitation of the vulnerability could allow an attacker, acting remotely, to send a specially crafted MSETNX command, causing a denial of service,...

ROS-20220929-01

BIND DNS server vulnerability is related to boundary conditions when reusing HTTP connection when requesting statistics from a statistics channel. Exploitation of the vulnerability could allow an attacker, acting remotely, using a managed DNS server to cause a read error outside the boundary...

ROS-20220208-01

Samba network file system vulnerability, related to insecure link clicks. Exploitation vulnerability could allow an attacker acting remotely to create a symbolic link to determine whether a file or directory exists in the file system area of the server Samba network file system vulnerability,...

ROS-20250424-07

Vulnerability of xmlPatMatch function in pattern.c file of libxml2 library is related to null pointer dereferencing. pointer. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. denial of service A vulnerability in the libxml2 library is related...

ROS-20230210-01

The vulnerability of the GNU Less utility for UNIX-like UNIX text terminals is due to the fact that calling "less -R" will not filter ANSI control sequences sent to the terminal. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges on the system...

ROS-20220329-02

Vulnerability in the Moodle course management system, related to insufficient cleansing of user data in the Badges criteria code. Exploitation of the vulnerability could allow an attacker acting remotely, send a specially crafted query to the affected application and execute arbitrary SQL command...

ROS-20220516-09

Vulnerability in the cURL command line utility is related to OAUTH2 connection reuse errors for SASL-enabled protocols such as SMPTPS, IMAPS, POP3S, and LDAPS openldap only. Exploitation of the vulnerability could allow an attacker acting remotely to reuse the OAUTH2 authenticated connections...

ROS-2-447

2.447 Vulnerability in Git CVE-2020-11008, CVE-2020-5260 1. Vulnerability Description: Vulnerability in Git. The vulnerability affects the "credential.helper" handlers and is exploited when a specially crafted URL containing a newline character, an empty host, or an unspecified request scheme is...

ROS-2-438

2.438 Vulnerability in sudo CVE-2021-3156 1. Vulnerability Description: The vulnerability allows root access without authentication and without having the necessary credentials. The issue can be exploited by any user, regardless of their presence in system groups or the presence of an entry in th...

ROS-20230621-05

OpenSSL cryptographic library vulnerability is related to the use of OBJobj2txt directly or the using any of the OpenSSL OCSP, PKCS7/SMIME, CMS, CMP/CRMF, or TS subsystems without limiting the message size. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denia...

ROS-20220309-02

The vulnerability in the XSLT parameter of Mozilla Firefox and Focus browsers is related to memory usage after its freeing. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code A vulnerability in the WebGPU 3D graphics processing and computing softwa...

ROS-20240816-11

A vulnerability in the procopen function of the PHP programming language interpreter exists due to a failure to take measures to neutralize special elements used by the operating system. to neutralize special elements used in the operating system command. Exploitation exploitation of the...

ROS-20220524-03

The cURL command-line utility vulnerability is related to the -no-clobber toolkit, which is used in conjunction with --remove-on-error. Exploitation of the vulnerability could allow an attacker acting remotely, trick the victim into connecting to a malicious server and forcing the command-line to...

ROS-20220516-04

Vulnerability of QuerySet.explain function of Django web application software platform is related to failure to take measures to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker, acting remotely, to affect the confidentiality, integrity and availability o...

ROS-20231024-02

A vulnerability in the xrdppainter.c component of the XRDP server is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to protected information information...

ROS-20221220-01

A vulnerability in the ath9khtcwaitfortarget function of the Atheros wireless adapter driver of the kernel of the operating system Linux kernel is associated with a post-release usage error. Exploitation of the vulnerability could allow an attacker to access kernel memory by typing a specially...

ROS-20221121-02

A vulnerability in the FreeRDP remote desktop protocol implementation is related to the fact that there is no range check for the input offset index in the ZGFX decoder. Exploitation of the vulnerability could allow an attacker acting remotely to read the associated data and attempt to decode it...

ROS-20221110-01

A vulnerability in the libxml2 XML document parsing library is related to an integer overflow in parse.c during content processing when the XMLPARSEHUGE parameter is set. Exploitation of the vulnerability could allow an attacker acting remotely to pass specially crafted data to the application,...

ROS-20240403-11

Vulnerability in the urllib3 module of the Python programming language interpreter is related to the lack of protection of the of service data. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information...

ROS-20230411-01

The CairoSVG SVG converter vulnerability is related to insufficient validation of user input during the SVG file processing. Exploitation of the vulnerability could allow an attacker acting remotely, access sensitive data located on a local network or send malicious requests to other servers from...

ROS-20220210-01

A vulnerability in Mozilla Thunderbird email client and Firefox browser is related to incorrect handling of extension updates. Exploitation of the vulnerability could allow an attacker acting remotely to trick the victim into install a particular type of browser extension and, during automatic...

ROS-20220524-04

The vulnerability in the Moodle course management system is due to a problem in the logic used to count of failed login attempts. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the account lockout threshold. remotely to bypass the account lockout threshold A...

ROS-20220204-01

A vulnerability in the Django web application framework is related to an infinite loop when parsing files . Exploitation of the vulnerability could allow an attacker acting remotely to upload a specially a specially crafted file to a server, utilize all available system resources, and cause a...

ROS-20220128-02

A vulnerability in the Python Pillow image library is related to buffer re-reading during the ImagePath.Path initialization in the pathgetbbox function in path.c. Exploitation of the vulnerability could allow an attacker acting remotely to pass a specially crafted file to a vulnerable library and...

ROS-20220125-08

The Sendmail mail transfer agent vulnerability is related to a logical error in the TLS implementation when working with different protocols but using compatible certificates such as multi-domain or wildcard certificates. wildcard certificates. Exploitation of the vulnerability could allow an...

ROS-20220112-01

A vulnerability in the X.Org Server - X Window System server implementation is caused by an out-of-memory write in the SProcScreenSaverSuspend function in the Screen Saver extension. Exploitation of the vulnerability could allow an attacker to send a specially crafted suspend request, initiate an...

ROS-20220412-02

Vulnerability in Mozilla Firefox browser, due to the fact that regex for Rust does not control properly internal resource consumption when parsing unreliable input data. Exploitation of the vulnerability could allow a remote attacker to pass specially crafted data to an application and perform a...

ROS-20220322-01

Vulnerability in Mozilla Thunderbird email client, related to a memory usage error upon release when processing HTML content. Exploitation of the vulnerability could allow an attacker, acting remotely, to activate the post-release usage by forcing text to be recomposed in a SVG object and executi...

ROS-20220314-01

Vulnerability in Mozilla Firefox browser, related to a logic error in iframe processing. Exploitation the vulnerability could allow an attacker acting remotely and who has the ability to control the contents of an isolated iframe program environment , allow-popups, but not allow-scripts, could...

ROS-20250430-13

HAProxy server software vulnerability is related to bounds errors in regsub function in src/sample.c. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service...

ROS-20240425-01

Vulnerability of Apache HTTP Server web server in the part of HTTP/2 protocol implementation is related to uncontrolled resource consumption due to incorrect header termination detection during CONTINUATION frame processing. CONTINUATION frames. Exploitation of the vulnerability could allow an...

ROS-20220706-02

The Rubygem Rack web application development interface vulnerability is related to incorrect input validation when processing data transmitted through the Rack Lint middleware and CommonLogger middleware. Exploitation of the vulnerability could allow an attacker acting remotely to send specially...

ROS-20220518-03

A vulnerability in the pjproject multimedia communication library is related to an infinite loop when parsing a of a WAV file. Exploitation of the vulnerability could allow an attacker acting remotely to consume all available system resources and cause denial of service conditions A vulnerability...

ROS-20220518-01

A vulnerability in the Mozilla Firefox browser is related to improper permission management in the application. Exploitation of the vulnerability could allow an attacker acting remotely to create a web page that Bypasses the existing browser hint and inherits top-level permissions improperly The...

ROS-20220516-11

Vim text editor vulnerability is related to NULL pointer dereferencing error in function vimregexecstring in regexp.c. Exploitation of the vulnerability could allow an attacker acting remotely to trick a victim into accessing the Vim text editor. remotely, trick the victim into opening a speciall...

ROS-20220114-01

Vulnerability in Firefox browser, related to incorrect processing of user data. of user data. Exploitation of the vulnerability could allow an attacker acting remotely to mislead, by showing an incorrect origin when requesting to run a program and processing an external URL protocol Firefox brows...