7975 matches found
ROS-20220516-09
Vulnerability in the cURL command line utility is related to OAUTH2 connection reuse errors for SASL-enabled protocols such as SMPTPS, IMAPS, POP3S, and LDAPS openldap only. Exploitation of the vulnerability could allow an attacker acting remotely to reuse the OAUTH2 authenticated connections...
ROS-20211223-03
Vulnerability in an open source implementation of the OpenLDAP protocol is related to a reachability assertion. Exploitation exploitation of the vulnerability could allow an attacker acting remotely to send a specially crafted packet with a short timestamp to slapd and perform a denial of service...
ROS-20220524-01
OpenSSL cryptographic library vulnerability is related to incorrect input validation in the script crehash. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary OS commands with script privileges A vulnerability in the OpenSSL cryptographic library is...
ROS-20220330-02
Vulnerability in the XML streaming parser library libexpat, related to an integer integer overflow in doProlog function, allowing a remote attacker to pass specially crafted data to an application, cause an integer overflow, and execute arbitrary code in the target application. specially crafted...
ROS-20220309-02
The vulnerability in the XSLT parameter of Mozilla Firefox and Focus browsers is related to memory usage after its freeing. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code A vulnerability in the WebGPU 3D graphics processing and computing softwa...
ROS-20220217-01
MariaDB database management system vulnerability, related to a formatted string error in the in the implementation of the CONNECT function. Exploitation of the vulnerability could allow an attacker acting remotely, send a specially crafted SQL query containing format string specifiers and execute...
ROS-20250424-03
Vulnerability of the executefilterdelta function of the archivereadsupportformatrar.c component of the Libarchive archiving library is related to reading beyond the allowed data buffer boundaries. of Libarchive archiving library is related to reading outside the allowed data buffer boundaries...
ROS-20250424-08
A vulnerability in the containerd container runtime environment is related to an integer overflow when processing a UID:GID that exceeds the maximum 32-bit signed integer. Exploitation of the vulnerability could Allow an attacker to cause a denial of service...
ROS-20240329-07
A vulnerability in the Picture-in-Picture PiP technology of the Google Chrome browser is related to errors in the presentation of errors in the presentation of information by the user interface. Exploitation of the vulnerability could allow an attacker, acting remotely, to conduct spoofing attack...
ROS-20230411-02
Liblouis braille translator vulnerability is related to copying to buffer without checking the size of input data data. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of with the compileTranslationTable.c and lousetDataPath functions. The Liblouis...
ROS-20230407-02
The Redis DBMS vulnerability is related to a command injection error that exists due to a reachable assertion when processing the MSETNX command. Exploitation of the vulnerability could allow an attacker, acting remotely, to send a specially crafted MSETNX command, causing a denial of service,...
ROS-20230210-01
The vulnerability of the GNU Less utility for UNIX-like UNIX text terminals is due to the fact that calling "less -R" will not filter ANSI control sequences sent to the terminal. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges on the system...
ROS-20220516-05
A vulnerability in the Git distributed version control system is related to the fact that the uninstaller binary downloads DLLs in an unsafe manner from the current working directory. uninstaller binary loads DLLs in an insecure manner from the current working directory. Exploitation of the...
ROS-20220323-02
A vulnerability in the glibc system library is related to a boundary error in the clntcreate function in module sunrpc module. Exploitation of the vulnerability could allow an attacker acting remotely to pass specially crafted input data to an application using a vulnerable version of the library...
ROS-20250424-05
Vulnerability in the netrc file handler of the cURL command line utility is related to insufficient protection of the of service data. Exploitation of the vulnerability could allow an attacker acting remotely to access credentials with HTTP redirection to another resource. access to credentials...
ROS-20230911-06
Vulnerability of ssh-agent of OpenSSH cryptographic protection tool is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker, acting remotely, to affect the confidentiality, integrity, and availability of protected information...
ROS-20230621-05
OpenSSL cryptographic library vulnerability is related to the use of OBJobj2txt directly or the using any of the OpenSSL OCSP, PKCS7/SMIME, CMS, CMP/CRMF, or TS subsystems without limiting the message size. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denia...
ROS-20220318-01
A vulnerability in the Webmin administration software suite is related to incorrect access restrictions in the File Manager module. Exploitation of the vulnerability could allow a remote attacker to bypass the security restrictions and compromise a vulnerable system. security restrictions and...
ROS-20251203-13
A vulnerability in the checkout and pull functions of the Git extension for version control of large Git LFS files is related to incorrect definition of symbolic links during file access. Exploitation of the vulnerability could allow an attacker acting remotely to gain write access to arbitrary...
ROS-20250424-07
Vulnerability of xmlPatMatch function in pattern.c file of libxml2 library is related to null pointer dereferencing. pointer. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. denial of service A vulnerability in the libxml2 library is related...
ROS-20250424-10
A vulnerability in the libtar package is related to the initiation of a malloc0 call for the gnulonglink variable. Exploitation The vulnerability could allow a remote attacker to gain access to sensitive information. information The libtar package vulnerability is related to the initiation of a...
ROS-2-438
2.438 Vulnerability in sudo CVE-2021-3156 1. Vulnerability Description: The vulnerability allows root access without authentication and without having the necessary credentials. The issue can be exploited by any user, regardless of their presence in system groups or the presence of an entry in th...
ROS-20230411-03
The Minio object store vulnerability is related to a user with console administrator privileges who could potentially create a user that matches the root access key, once this user is successfully created, root credentials will stop working properly. Exploitation of the of the vulnerability could...
ROS-20220329-02
Vulnerability in the Moodle course management system, related to insufficient cleansing of user data in the Badges criteria code. Exploitation of the vulnerability could allow an attacker acting remotely, send a specially crafted query to the affected application and execute arbitrary SQL command...
ROS-20220208-01
Samba network file system vulnerability, related to insecure link clicks. Exploitation vulnerability could allow an attacker acting remotely to create a symbolic link to determine whether a file or directory exists in the file system area of the server Samba network file system vulnerability,...
ROS-2-502
2.502 Denial of Service in libX11CVE-2021-31535 1. Vulnerability Description: The vulnerability allows a local user to execute a denial of service DoS attack. The vulnerability exists due to insufficient validation of color names in the XLookupColor function. A local user can launch a specially...
ROS-20240816-11
A vulnerability in the procopen function of the PHP programming language interpreter exists due to a failure to take measures to neutralize special elements used by the operating system. to neutralize special elements used in the operating system command. Exploitation exploitation of the...
ROS-20220518-03
A vulnerability in the pjproject multimedia communication library is related to an infinite loop when parsing a of a WAV file. Exploitation of the vulnerability could allow an attacker acting remotely to consume all available system resources and cause denial of service conditions A vulnerability...
ROS-20220516-04
Vulnerability of QuerySet.explain function of Django web application software platform is related to failure to take measures to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker, acting remotely, to affect the confidentiality, integrity and availability o...
ROS-20220125-10
A vulnerability in the Node.js software platform is related to the formatting logic of the console.table function. Exploitation of the vulnerability could allow an attacker acting remotely to send a special request and assign an empty string to the prototype object's numeric keys A vulnerability ...
ROS-20220530-03
Vulnerability of Array method of Mozilla Firefox and Mozilla Firefox ESR browsers and Thunderbird mail client is related to code generation errors. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary JavaScript code. remotely to execute arbitrary...
ROS-20231024-02
A vulnerability in the xrdppainter.c component of the XRDP server is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to protected information information...
ROS-20220524-03
The cURL command-line utility vulnerability is related to the -no-clobber toolkit, which is used in conjunction with --remove-on-error. Exploitation of the vulnerability could allow an attacker acting remotely, trick the victim into connecting to a malicious server and forcing the command-line to...
ROS-20230411-01
The CairoSVG SVG converter vulnerability is related to insufficient validation of user input during the SVG file processing. Exploitation of the vulnerability could allow an attacker acting remotely, access sensitive data located on a local network or send malicious requests to other servers from...
ROS-20221110-01
A vulnerability in the libxml2 XML document parsing library is related to an integer overflow in parse.c during content processing when the XMLPARSEHUGE parameter is set. Exploitation of the vulnerability could allow an attacker acting remotely to pass specially crafted data to the application,...
ROS-20220204-01
A vulnerability in the Django web application framework is related to an infinite loop when parsing files . Exploitation of the vulnerability could allow an attacker acting remotely to upload a specially a specially crafted file to a server, utilize all available system resources, and cause a...
ROS-2-447
2.447 Vulnerability in Git CVE-2020-11008, CVE-2020-5260 1. Vulnerability Description: Vulnerability in Git. The vulnerability affects the "credential.helper" handlers and is exploited when a specially crafted URL containing a newline character, an empty host, or an unspecified request scheme is...
ROS-20221121-02
A vulnerability in the FreeRDP remote desktop protocol implementation is related to the fact that there is no range check for the input offset index in the ZGFX decoder. Exploitation of the vulnerability could allow an attacker acting remotely to read the associated data and attempt to decode it...
ROS-20220524-04
The vulnerability in the Moodle course management system is due to a problem in the logic used to count of failed login attempts. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the account lockout threshold. remotely to bypass the account lockout threshold A...
ROS-20220516-06
A vulnerability in the high-level Ruby programming language is related to a type conversion bug in the some conversion methods, such as KernelFloat and Stringtof. Exploitation of the vulnerability could allow an attacker acting remotely to pass specially crafted data to a vulnerable application,...
ROS-20220210-01
A vulnerability in Mozilla Thunderbird email client and Firefox browser is related to incorrect handling of extension updates. Exploitation of the vulnerability could allow an attacker acting remotely to trick the victim into install a particular type of browser extension and, during automatic...
ROS-20220128-02
A vulnerability in the Python Pillow image library is related to buffer re-reading during the ImagePath.Path initialization in the pathgetbbox function in path.c. Exploitation of the vulnerability could allow an attacker acting remotely to pass a specially crafted file to a vulnerable library and...
ROS-20250515-04
The vulnerability of the docker CLI plugin that extends Buildx build capabilities is related to the fact that the software stores sensitive information in log files. software stores sensitive information in log files. Exploiting the vulnerability could allow an attacker to gain access to sensitiv...
ROS-20240403-11
Vulnerability in the urllib3 module of the Python programming language interpreter is related to the lack of protection of the of service data. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information...
ROS-20230904-01
The vulnerability of the qfqchangeclass function of the Linux kernel is related to the operation exceeding the buffer boundaries in memory while processing the QFQMINLMAX value. buffer boundaries in memory when processing the QFQMINLMAX value. Exploitation of the vulnerability could allow an...
ROS-20220516-11
Vim text editor vulnerability is related to NULL pointer dereferencing error in function vimregexecstring in regexp.c. Exploitation of the vulnerability could allow an attacker acting remotely to trick a victim into accessing the Vim text editor. remotely, trick the victim into opening a speciall...
ROS-20240823-01
Vulnerability of amdgpurasgetcontext function in drm/amdgpu component of Linux operating system kernel is related to null pointer dereferencing on drmcvtmode failure. Exploitation of the vulnerability could allow an attacker to cause a denial of service Vulnerability of brcmfnotifyescancomplete...
ROS-20231107-01
Vulnerability of HTTP/2 protocol implementation is related to the possibility of forming a stream of requests within an already established network connection without opening new network connections and without confirming receipt of requests. The vulnerability of the HTTP/2 protocol implementatio...
ROS-20220706-02
The Rubygem Rack web application development interface vulnerability is related to incorrect input validation when processing data transmitted through the Rack Lint middleware and CommonLogger middleware. Exploitation of the vulnerability could allow an attacker acting remotely to send specially...
ROS-20220518-01
A vulnerability in the Mozilla Firefox browser is related to improper permission management in the application. Exploitation of the vulnerability could allow an attacker acting remotely to create a web page that Bypasses the existing browser hint and inherits top-level permissions improperly The...