8220 matches found
ROS-2-1193
2.1193 VLC vulnerabilities with specially designed playlists 1. Vulnerability description: A remote user can create a specially crafted file that can cause various issues. It is possible to trigger remote code execution through a specially created playlist and trick the user into interacting with...
ROS-2-1498
2.1498 Multiple Exim Server Vulnerabilities 1. Vulnerability description: CVE-2020-28007 A vulnerability in the Exim message forwarding agent, is related to a symbolic link in the Exim log directory. Exploitation of the vulnerability could allow an attacker to create a special symbolic link to a...
ROS-2-1491
2.1491 Multiple vulnerabilities in PostgreSQL CVE-2021-32027, CVE-2021-32028, CVE-2021-32029 1. Vulnerability Description: CVE-2021-32027 The vulnerability allows a remote attacker to execute arbitrary code on the target system. CVE-2021-32028, CVE-2021-32029 Vulnerability allows a remote user to...
ROS-2-835
2.835 Vulnerability in Mozilla Firefox browser CVE-2021-29967 1. Vulnerability description: A vulnerability in the Mozilla Firefox browser that allows an attacker to execute arbitrary code on the target system.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia: 2...
ROS-2-1181
2.1181 Multiple vulnerabilities in Apache Tomcat CVE-2021-25122, CVE-2021-25329 1. Vulnerability Description: CVE-2021-25122 CVE-2021-25322 CVE-2021-25329 The vulnerability allows a remote attacker to gain access to sensitive information. The vulnerability exists due to mismanagement of internal...
ROS-2-1196
2.1196 Multiple vulnerabilities in Mozilla Thunderbird CVE-2021-29957, CVE-2021-29956 1. Vulnerability Description: The vulnerability allows a remote attacker to bypass the security restrictions imposed.FSTEC Russia Information Security Threat Data Bank Identifier: BDU:2021-02725, BDU:2021-02726...
ROS-2-1754
2.1754 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...
ROS-2-1357
2.1357 Vulnerability in Mozilla Firefox browser CVE-2021-29967 1. Vulnerability description: Vulnerability in the Mozilla Firefox browser that allows an attacker to execute arbitrary code on the target system.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia: 2...
ROS-20260617-73-0004
The vulnerability in ImageMagick 7 is related to the assignment of the null pointer. Exploiting this vulnerability can allow an attacker to cause a service failure...
ROS-20260526-73-0003
A vulnerability in the libexpat XML file parsing library is related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
ROS-20260526-73-0010
Vulnerability in python-relenv related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
ROS-20260526-73-0021
A vulnerability in the libpng library is related to the failure to check for sufficient input pixels when processing the last partial portion in the ARM/AArch64 Neon optimized palette expansion path. Exploitation of the vulnerability could allow a remote attacker to disclose protected information...
ROS-20260524-73-0035
A vulnerability in the vim text editor is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability may allow an intruder to affect the integrity of protected information...
ROS-20260524-73-0003
A vulnerability in the JSSE component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is associated with a breach of the data protection mechanism. Exploitation of the vulnerability could allow an attacker acting remotely to...
ROS-20260524-73-0010
A vulnerability in the JGSS component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is associated with a breach of the data protection mechanism. Exploitation of the vulnerability could allow a remote attacker to gain...
ROS-20260520-73-0025
A vulnerability in the V8 JavaScript script handler of Google Chrome and Microsoft Edge browsers is related to data type mixing errors. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...
ROS-20260520-73-0044
A vulnerability in the WebUSB protocol implementation of Google Chrome browser is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information using a specially crafted HTML page...
ROS-20260520-73-0004
A vulnerability in the V8 JavaScript script handler of Google Chrome and Microsoft Edge browsers is related to improper code generation control. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code using a specially crafted HTML page...
ROS-20260515-73-0042
A vulnerability in the Picture In Picture technology of Google Chrome browser is associated with incorrect restriction of visualized user interface layers. Exploitation of the vulnerability could allow an attacker acting remotely to affect the integrity of protected information using a specially...
ROS-20260508-73-0018
A vulnerability in the ngxmailsmtpmodule module of the NGINX Plus and NGINX Open Source HTTP server is related to the failure to take measures to neutralize CRLF sequences. Exploitation of the vulnerability may allow a remote intruder to affect the integrity of protected information...
ROS-20260320-73-0012
Vulnerability in glpi due to failure to take measures to protect the structure of a web page. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
ROS-20260129-73-0064
A vulnerability in the HostnameError.Error function of the crypto/x509 package of the Go programming language is related to incorrect resource sweep or release. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20250528-01
A vulnerability in the acpi component of the Linux kernel is related to the dereferencing of a NULL pointer in the acpiskipsetwakeupaddress function in drivers/acpi/sleep.c. Exploitation of the vulnerability could allow an an attacker to cause a denial of service A vulnerability in the net...
ROS-2-574
2.574 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability could...
ROS-2-506
2.506 Vulnerability in Mozilla Thunderbird email client CVE-2021-29964, CVE-2021-29967 1. Vulnerability description: CVE-2021-29964 A vulnerability in the Mozilla Thunderbird email client, is related to boundary conditions. Exploitation of the vulnerability could allow an attacker acting remotely...
ROS-20250113-02
Vulnerability of sessionuser function in fs/ksmbd/smb2pdu.c module of KSMBD file system of Linux kernel is related to reading data outside the allocated buffer. Linux kernel file system KSMBD is related to reading data outside the allocated buffer. Exploitation of the vulnerability could allow an...
ROS-20250110-01
A vulnerability in the Core component of the Oracle VM VirtualBox virtualization software tool is associated with authorization errors due to a buffer overrun. authorization errors as a result of an operation exceeding the buffer boundaries in memory. Exploitation of the vulnerability could allow...
ROS-20241212-02
Vulnerability of addRelatedObjects function of Zabbix universal monitoring system is related to failure to take measures to protect SQL query structure. to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges by...
ROS-20241203-07
Nextcloud mail client vulnerability is related to incorrect automatic configuration. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality Nextcloud mail client vulnerability is related to insufficient access control. Exploitation of the...
ROS-20241202-01
A vulnerability in the hns3 component of the Linux kernel is related to memory leaks in the function hns3pmuirqregister in drivers/perf/hisilicon/hns3pmu.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the openrisc component of the Linu...
ROS-20241112-06
The XML toolkit vulnerability for Ruby REXML is related to inefficient regular expression complexity expressions. Exploitation of the vulnerability could allow an attacker acting remotely to perform a denial of service attack using regular expressions. denial-of-service attack using regular...
ROS-20241112-11
A vulnerability in the index.php component of Enterprise Server, a cloud-based software package for creating and using Nextcloud Server data storage is related to an access control flaw. Exploitation of the vulnerability could allow an attacker acting remotely to modify or delete VCards in the...
ROS-20241001-15
A vulnerability in the configuration implementation of the HTML cleanup tool for Rails Rails Rails Html Sanitizer applications is related to incorrect use of select and style elements when overriding allowed tags. Exploitation of the vulnerability could allow an attacker acting remotely to perfor...
ROS-20240923-07
NBD protocol vulnerability in libnbd library is related to incorrect verification of NBD server certificate when using TLS to connect to NBD server. using TLS to connect to the NBD server. Exploitation of the vulnerability could allow an attacker, acting remotely, to affect the integrity of the...
ROS-20240918-16
A vulnerability in the deserialize JavaScript library function for Jwcrypto is related to an uncontrolled resource consumption. uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service by transmitting a specially...
ROS-20240910-05
Nomad application orchestrator vulnerability related to vulnerability to write outside of catalog distribution during migration. Exploitation of the vulnerability could allow an attacker acting remotely, to impact the confidentiality, integrity, and availability of the...
ROS-20240906-01
Vulnerability of ip6tnlrcv function in net/ipv6/ip6tunnel.c module of Linux kernel IPv6 protocol implementation is related to use of uninitialized memory. of the Linux operating system is related to the use of uninitialized memory. Exploitation of the vulnerability could allow a remote attacker t...
ROS-20240904-06
A vulnerability in the yasmintnumcopy function of the YASM assembler is related to the lack of memory release after the effective lifetime. Exploitation of the vulnerability could allow an attacker to gain access to the sensitive data...
ROS-20240827-08
Vulnerability in FontForge font editing software exists due to failure to take measures to neutralization of special elements. Exploitation of the vulnerability could allow an attacker to execute arbitrary commands...
ROS-20240816-03
Vulnerability of HTTP Daemon is related to inconsistent interpreting of HTTP requests when processing 'Content-Length' string values. when processing 'Content-Length' string values. Exploitation of the vulnerability could allow an attacker, acting remotely, to escalate their privileges by sending...
ROS-20240815-03
Vulnerability in the handleipDefaultTTL function of the Net-SNMP software suite of the operating system Linux is related to a NULL Pointer Exception error, which can be exploited to crash an instance with a specially crafted UDP packet. Exploitation of the vulnerability could allow an attacker...
ROS-20240815-13
A vulnerability in the configuration implementation of the HTML cleanup tool for Rails Rails Html Sanitizer applications is related to content injection if the application developer overrides the allowed tags "math" and "style" or "svg" and "style". Exploitation of the vulnerability could allow a...
ROS-20240812-12
Vulnerability of GLPI system of requests, incidents and inventory of computer equipment is related to Failure to take measures to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary SQL queries...
ROS-20240808-03
A vulnerability in the HTTP server of the Node.js software platform is related to uncontrolled resource consumption as a result of reading an unlimited number of bytes from a single connection while processing HTTP requests. as a result of reading an unlimited number of bytes from a single...
ROS-20240806-12
Vulnerability of CPAN.pm component of Perl programming language is related to errors in the procedure of TLS certificate authentication. of TLS certificate authentication. Exploitation of the vulnerability could allow an attacker acting remotely, gain access to confidential data, compromise its...
ROS-20240730-05
Vulnerability of search filter ldbmsearch.c of 389 Directory Server is related to access delimitation flaws. Exploitation of the vulnerability could allow an intruder acting remotely to gain unauthorized access to protected information...
ROS-20240729-06
A vulnerability in the TLS and SSL protocol implementation of the Mbed TLS software is related to the ability to of writing outside of the buffer. Exploitation of the vulnerability could allow an attacker acting remotely, overwrite data in the memory buffer and recover a private RSA key...
ROS-20240724-02
A vulnerability in the Dawn component of Microsoft Edge and Google Chrome browsers is related to memory usage after it has been freed. Exploitation of the vulnerability could allow a remote attacker, execute arbitrary code using a specially crafted HTML page A vulnerability in the SwiftShader...
ROS-20240719-01
A vulnerability in the github.com/containers/image library is related to the fact that an attacker can initiate unexpected authenticated registry accesses on behalf of a victim user. Exploitation of the vulnerability could allow an attacker acting remotely to cause resource depletion, local path...
ROS-20240716-01
OpenSearch software package vulnerability related to unintentional access to resources of of users in the Dashboards Reports plugin. Exploitation of the vulnerability could allow an attacker to compromise the integrity of data. impact data integrity OpenSearch software package vulnerability relat...