8110 matches found
ROS-20250226-07
Apache Tomcat application server vulnerability is related to synchronization errors when using a shared resource due to lack of case-sensitivity when writing servlets to the file system. as a result of file system case insensitivity when writing servlets. Exploitation exploitation of the...
ROS-20250214-06
A vulnerability in the iio component of the Linux operating system kernel is related to incorrect input validation in the afe4403readraw function in drivers/iio/health/afe4403.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the netfilte...
ROS-20250211-01
Vulnerability of the qethl2br2devworker function in the drivers/s390/net/qethl2main.c module of the drivers/s390/net/qethl2main.c kernel of the Linux operating system on the s390 platform is related to the reuse of previously released memory of the s390 Linux kernel is related to the reuse of...
ROS-20250110-01
A vulnerability in the Core component of the Oracle VM VirtualBox virtualization software tool is associated with authorization errors due to a buffer overrun. authorization errors as a result of an operation exceeding the buffer boundaries in memory. Exploitation of the vulnerability could allow...
ROS-20250110-12
Apache Tomcat application server vulnerability is related to synchronization errors when using a shared resource "Race Situation". "Race Situation". Exploitation of the vulnerability could allow a remote attacker, execute arbitrary code by downloading specially crafted JSP files Apache Tomcat...
ROS-20240203-05
Apache Tomcat application server vulnerability is related to an unchecked error condition. Exploitation The vulnerability could allow an attacker acting remotely to bypass the authentication process and cause a denial of service Apache Tomcat application server vulnerability is related to...
ROS-20241202-01
A vulnerability in the hns3 component of the Linux kernel is related to memory leaks in the function hns3pmuirqregister in drivers/perf/hisilicon/hns3pmu.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the openrisc component of the Linu...
ROS-20241127-01
A vulnerability in the bna component of the Linux operating system kernel is related to out-of-bounds read errors in the bnaddebugfswriteregrd and bnaddebugfswriteregwr functions in the drivers/net/ethernet/brocade/bna/bnaddebugfs.c. Exploitation of the vulnerability could allow an attacker to...
ROS-20241125-02
A vulnerability in the hns3 component of the Linux operating system kernel is related to out-of-bounds read errors in the hns3getcoalinfo function in drivers/net/ethernet/hisilicon/hns3/hns3debugfs.c. Exploitation of the of the vulnerability could allow an attacker to cause a denial of service A...
ROS-20241121-06
A vulnerability in the Consul service configuration tool is related to the use of URL paths in L7 traffic. Exploitation of the vulnerability could allow an attacker acting remotely to bypass access rules based on HTTP request paths. HTTP request paths The vulnerability in the Consul service...
ROS-20241112-06
The XML toolkit vulnerability for Ruby REXML is related to inefficient regular expression complexity expressions. Exploitation of the vulnerability could allow an attacker acting remotely to perform a denial of service attack using regular expressions. denial-of-service attack using regular...
ROS-20241112-08
A vulnerability in the Raft Consensus Algorithm of the Raft data distribution algorithm of the Integrated storage Raft storage of HashiCorp Vault and Vault Enterprise platforms for archiving corporate information is associated with unlimited resource consumption as a result of nodes incorrectly...
ROS-20241113-02
A vulnerability in the HDMA component of the Linux operating system kernel is related to race conditions in the functions dwhdmav0corewritechunk and dwhdmav0corestart in drivers/dma/dw-edma/dw-hdma-v0-core.c. Exploitation of the vulnerability could allow an attacker to escalate privileges on the...
ROS-20241029-04
A vulnerability in the containers-common library of the Golang programming language is related to incorrect handling of certain file paths due to incorrect validation. certain file paths due to improper validation. Exploitation of the vulnerability could allow an attacker acting remotely to explo...
ROS-20241023-02
Vulnerability of the BufWinLeave function of the vim text editor is related to memory usage after its release. Exploitation of the vulnerability could allow an attacker to gain access to confidential information. information...
ROS-20241023-09
Vulnerability of the BufWinLeave function of the vim text editor is related to memory usage after its release. Exploitation of the vulnerability could allow an attacker to gain access to confidential information. information...
ROS-20241008-05
A vulnerability in the ProcXkbGetKbdByName function of the xkb/xkb.c component of the Wayland protocol implementation for X.Org XWayland, an implementation of the X Window System X.Org Server is related to incorrect memory freeing before deleting the last link. Exploitation of the vulnerability...
ROS-20241001-15
A vulnerability in the configuration implementation of the HTML cleanup tool for Rails Rails Rails Html Sanitizer applications is related to incorrect use of select and style elements when overriding allowed tags. Exploitation of the vulnerability could allow an attacker acting remotely to perfor...
ROS-20240923-07
NBD protocol vulnerability in libnbd library is related to incorrect verification of NBD server certificate when using TLS to connect to NBD server. using TLS to connect to the NBD server. Exploitation of the vulnerability could allow an attacker, acting remotely, to affect the integrity of the...
ROS-20240918-16
A vulnerability in the deserialize JavaScript library function for Jwcrypto is related to an uncontrolled resource consumption. uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service by transmitting a specially...
ROS-20240918-02
A vulnerability in the WebKitGTK web page display module is related to disclosure of information in an erroneous data area of data. Exploitation of the vulnerability allows an attacker acting remotely to gain access to the sensitive data...
ROS-20240916-08
Vulnerability of MongoDB database management system is related to errors in TLS certificate validation procedure. of TLS certificate authentication. Exploitation of the vulnerability could allow an attacker acting remotely, establish an unauthorized connection to the MongoDB server...
ROS-20240910-05
Nomad application orchestrator vulnerability related to vulnerability to write outside of catalog distribution during migration. Exploitation of the vulnerability could allow an attacker acting remotely, to impact the confidentiality, integrity, and availability of the...
ROS-20240827-08
Vulnerability in FontForge font editing software exists due to failure to take measures to neutralization of special elements. Exploitation of the vulnerability could allow an attacker to execute arbitrary commands...
ROS-20240827-05
The Unbound DNS server vulnerability is related to the ability of a process outside of the unbound group to reconfigure the of the unbound execution environment. Exploitation of the vulnerability allows an attacker acting remotely to impact the integrity and availability of the system. Impact the...
ROS-20240815-13
A vulnerability in the configuration implementation of the HTML cleanup tool for Rails Rails Html Sanitizer applications is related to content injection if the application developer overrides the allowed tags "math" and "style" or "svg" and "style". Exploitation of the vulnerability could allow a...
ROS-20240815-03
Vulnerability in the handleipDefaultTTL function of the Net-SNMP software suite of the operating system Linux is related to a NULL Pointer Exception error, which can be exploited to crash an instance with a specially crafted UDP packet. Exploitation of the vulnerability could allow an attacker...
ROS-20240812-13
A vulnerability in GLPI's asset and data center management software involves server-side request forgery. Exploitation of the vulnerability could allow an attacker acting remotely to perform an SSRF-based attack using the creation of an arbitrary object. remotely to execute an SSRF-based attack...
ROS-20240808-03
A vulnerability in the HTTP server of the Node.js software platform is related to uncontrolled resource consumption as a result of reading an unlimited number of bytes from a single connection while processing HTTP requests. as a result of reading an unlimited number of bytes from a single...
ROS-20240806-12
Vulnerability of CPAN.pm component of Perl programming language is related to errors in the procedure of TLS certificate authentication. of TLS certificate authentication. Exploitation of the vulnerability could allow an attacker acting remotely, gain access to confidential data, compromise its...
ROS-20240730-05
Vulnerability of search filter ldbmsearch.c of 389 Directory Server is related to access delimitation flaws. Exploitation of the vulnerability could allow an intruder acting remotely to gain unauthorized access to protected information...
ROS-20240729-06
A vulnerability in the TLS and SSL protocol implementation of the Mbed TLS software is related to the ability to of writing outside of the buffer. Exploitation of the vulnerability could allow an attacker acting remotely, overwrite data in the memory buffer and recover a private RSA key...
ROS-20240729-04
A vulnerability in the JsonErrorReportValve class of the Apache Tomcat application server is related to a flaw in the mechanism of for encoding or escaping output data. Exploitation of the vulnerability could allow an attacker, acting remotely, to affect the integrity of protected information...
ROS-20240724-02
A vulnerability in the Dawn component of Microsoft Edge and Google Chrome browsers is related to memory usage after it has been freed. Exploitation of the vulnerability could allow a remote attacker, execute arbitrary code using a specially crafted HTML page A vulnerability in the SwiftShader...
ROS-20240711-01
Vulnerability The frames.html file is a tool for creating documentation for the Ruby programming language YARD is related to improper handling of user-controlled data obtained from a URL hash in the embedded JavaScript code in the "frames.erb" template file. Exploitation of the vulnerability coul...
ROS-20240704-03
Vulnerability in gnome Vte terminal is related to escape-sequence window resizing. Exploitation The vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20240702-05
A vulnerability in the qstr method in the adodb library PDO driver is associated with the ability for remote attackers to to conduct SQL injection attacks using vectors associated with misquoted vectors. Exploitation of the vulnerability could allow an attacker acting remotely to conduct an attac...
ROS-20240702-04
A vulnerability in the DecodeConfig component of the Golang programming language is related to the possibility that certain characters in the subject alternative name fields in TLS certificates are mistakenly allowed to have a special value in regular expressions. value in regular expressions...
ROS-20240606-04
A vulnerability in the OTP component of the Erlang programming language is related to flaws in the authentication procedure. Exploitation of the vulnerability allows a remote attacker to gain access to sensitive data, compromise its integrity, and cause a denial of service. data, compromise its...
ROS-20240603-02
A vulnerability in the Format Detection component of the Mojolicious module for Perl is related to errors in releasing resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service A vulnerability in the securecompare function of the...
ROS-2-1440
2.1440 Nettle library vulnerabilityCVE-2021-20305 1. Vulnerability Description: A vulnerability in the Nettle library that involves the use of a failed cryptographic algorithm and allows a remote unauthenticated attacker to execute arbitrary code.Identifier of the Information Security Threats Dat...
ROS-2-1299
2.1299 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability...
ROS-2-1503
2.1503 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user-entered data when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the...
ROS-2-1000
2.1000 Multiple Vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...
ROS-20230911-09
A vulnerability in the XML document merge mechanism XInclude of the vector graphics rendering library librsvg is related to incorrect restriction of path name to restricted directory when processing element xi:include. Exploitation of the vulnerability may allow an intruder to gain unauthorized...
ROS-20230904-02
Vulnerability of the dojournalend function in the fs/reiserfs/journal.c module of the reiserfs file system of the Linux kernel is related to a buffer overrun. of the Linux operating system is related to a buffer overrun. Exploitation of the vulnerability could allow an attacker to cause a denial ...
ROS-2-1465
2.1465 Multiple Exim Server Vulnerabilities 1. Vulnerability description: CVE-2020-28007 A vulnerability in the Exim message forwarding agent, is related to a symbolic link in the Exim log directory. Exploitation of the vulnerability could allow an attacker to create a special symbolic link to a...
ROS-2-1686
2.1686 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability coul...
ROS-2-1436
2.1436 Multiple vulnerabilities in Mozilla Thunderbird CVE-2021-29957, CVE-2021-29956 1. Vulnerability Description: The vulnerability allows a remote attacker to bypass the security restrictions imposed.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia :...
ROS-2-872
2.872 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...