8181 matches found
ROS-20250226-07
Apache Tomcat application server vulnerability is related to synchronization errors when using a shared resource due to lack of case-sensitivity when writing servlets to the file system. as a result of file system case insensitivity when writing servlets. Exploitation exploitation of the...
ROS-20250214-06
A vulnerability in the iio component of the Linux operating system kernel is related to incorrect input validation in the afe4403readraw function in drivers/iio/health/afe4403.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the netfilte...
ROS-20250213-01
A vulnerability in the iavf component of the Linux kernel is related to an incorrect locking in the function iavfinitmodule in drivers/net/ethernet/intel/iavf/iavfmain.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service Vulnerability in...
ROS-20250211-01
Vulnerability of the qethl2br2devworker function in the drivers/s390/net/qethl2main.c module of the drivers/s390/net/qethl2main.c kernel of the Linux operating system on the s390 platform is related to the reuse of previously released memory of the s390 Linux kernel is related to the reuse of...
ROS-20250117-07
A vulnerability in the dmaengine component of the Linux operating system kernel is related to the transfer of private resources. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the powerpc/fixmap component of the Linux kernel is related to...
ROS-20250110-12
Apache Tomcat application server vulnerability is related to synchronization errors when using a shared resource "Race Situation". "Race Situation". Exploitation of the vulnerability could allow a remote attacker, execute arbitrary code by downloading specially crafted JSP files Apache Tomcat...
ROS-20241216-04
A vulnerability in the Single sign-on SSO authentication mechanism of the Zabbix universal monitoring system is related to authentication bypass via spoofing. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security restrictions and elevate their...
ROS-20240203-05
Apache Tomcat application server vulnerability is related to an unchecked error condition. Exploitation The vulnerability could allow an attacker acting remotely to bypass the authentication process and cause a denial of service Apache Tomcat application server vulnerability is related to...
ROS-20241127-01
A vulnerability in the bna component of the Linux operating system kernel is related to out-of-bounds read errors in the bnaddebugfswriteregrd and bnaddebugfswriteregwr functions in the drivers/net/ethernet/brocade/bna/bnaddebugfs.c. Exploitation of the vulnerability could allow an attacker to...
ROS-20241125-02
A vulnerability in the hns3 component of the Linux operating system kernel is related to out-of-bounds read errors in the hns3getcoalinfo function in drivers/net/ethernet/hisilicon/hns3/hns3debugfs.c. Exploitation of the of the vulnerability could allow an attacker to cause a denial of service A...
ROS-20231121-04
Vulnerability in Nextcloud cloud storage creation and utilization software is related to improper access controls. Exploitation of the vulnerability could allow an intruder, acting remotely, to gain access to sensitive information Nextcloud cloud storage creation and utilization software...
ROS-20241121-06
A vulnerability in the Consul service configuration tool is related to the use of URL paths in L7 traffic. Exploitation of the vulnerability could allow an attacker acting remotely to bypass access rules based on HTTP request paths. HTTP request paths The vulnerability in the Consul service...
ROS-20241113-02
A vulnerability in the HDMA component of the Linux operating system kernel is related to race conditions in the functions dwhdmav0corewritechunk and dwhdmav0corestart in drivers/dma/dw-edma/dw-hdma-v0-core.c. Exploitation of the vulnerability could allow an attacker to escalate privileges on the...
ROS-20241112-08
A vulnerability in the Raft Consensus Algorithm of the Raft data distribution algorithm of the Integrated storage Raft storage of HashiCorp Vault and Vault Enterprise platforms for archiving corporate information is associated with unlimited resource consumption as a result of nodes incorrectly...
ROS-20241029-04
A vulnerability in the containers-common library of the Golang programming language is related to incorrect handling of certain file paths due to incorrect validation. certain file paths due to improper validation. Exploitation of the vulnerability could allow an attacker acting remotely to explo...
ROS-20241029-05
A vulnerability in the Podman OCI container management and startup software tool is related to bugs in the option bind-propagation of the Dockerfile RUN --mount instruction. Exploitation of the vulnerability could allow an attacker to gain access to sensitive information...
ROS-20241023-09
Vulnerability of the BufWinLeave function of the vim text editor is related to memory usage after its release. Exploitation of the vulnerability could allow an attacker to gain access to confidential information. information...
ROS-20241023-02
Vulnerability of the BufWinLeave function of the vim text editor is related to memory usage after its release. Exploitation of the vulnerability could allow an attacker to gain access to confidential information. information...
ROS-20241008-05
A vulnerability in the ProcXkbGetKbdByName function of the xkb/xkb.c component of the Wayland protocol implementation for X.Org XWayland, an implementation of the X Window System X.Org Server is related to incorrect memory freeing before deleting the last link. Exploitation of the vulnerability...
ROS-20241004-02
Vulnerability of the mremap function of Linux kernel operating systems is related to memory usage after its release as a result of a race situation when processing the rmap memory management structure. Exploitation of the vulnerability could allow an attacker to cause a denial of service or eleva...
ROS-20241002-04
A vulnerability in the xenvifgetrequests function in the drivers/net/xen-netback/netback.c module of the cross-platform Xen hypervisor of the Linux kernel is related to the null pointer dereferencing in the function xenvifgetrequests. Exploiting the vulnerability could allow an attacker to cause ...
ROS-20240927-02
A vulnerability in the Google Chrome browser is related to the execution of certain user interface gestures Exploitation of the vulnerability could allow an attacker acting remotely to perform a spoofed the user interface using a specially crafted HTML page A vulnerability in Google Chrome browse...
ROS-20240918-02
A vulnerability in the WebKitGTK web page display module is related to disclosure of information in an erroneous data area of data. Exploitation of the vulnerability allows an attacker acting remotely to gain access to the sensitive data...
ROS-20240917-08
Vulnerability of classes ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address and ipaddress.IPv6Network of the ipaddress module of the Python programming language interpreter CPython is related to the incorrect IP address range validation. Exploitation of the vulnerability could...
ROS-20240916-08
Vulnerability of MongoDB database management system is related to errors in TLS certificate validation procedure. of TLS certificate authentication. Exploitation of the vulnerability could allow an attacker acting remotely, establish an unauthorized connection to the MongoDB server...
ROS-20240916-07
A vulnerability in the fetch function of the Node.js software platform involves uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service DoS...
ROS-20240911-08
The vulnerability of the configobj ini file reader and writer is related to the placement of a malicious value into a server-side configuration file by a developer. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20240902-16
The vulnerability in the retryablehttp package is related to the lack of purging cleared URLs when writing them to its log file. Exploitation of the vulnerability could allow an attacker to obtain sensitive credentials HTTP basic authentication credentials A vulnerability in the net/http module o...
ROS-20240827-05
The Unbound DNS server vulnerability is related to the ability of a process outside of the unbound group to reconfigure the of the unbound execution environment. Exploitation of the vulnerability allows an attacker acting remotely to impact the integrity and availability of the system. Impact the...
ROS-20240827-11
Vulnerability in the HTTP2 Stream Handler component of Apache Tomcat application server is related to insufficient exceptional state handling. exceptional state handling. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a...
ROS-20240827-02
Vulnerability of rfbClientCleanup function of libvncclient component of LibVNCServer cross-platform library is related to a memory leak. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service...
ROS-20240828-02
A vulnerability in GLPI's asset and data center management software is related to the CSV file injection by creating a file with a spoofed header. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive data...
ROS-20240815-04
A vulnerability in the ieeewritefile component of the Netwide Assembler NASM is related to a segmentation violation in the ieeewritefile component in /output/outieee.c segmentation in the ieeewritefile component in /output/outieee.c. Exploitation of the vulnerability could allow an attacker to...
ROS-20240812-06
A vulnerability in GLPI's asset management and data center software is related to the The introduction of a malicious link by an unauthenticated user. Exploitation of the vulnerability could allow an attacker acting remotely to conduct an XSS attack Vulnerability in GLPI's request, incident and...
ROS-20240812-01
The vulnerability in the Kerberos 5 Heimdal implementation is due to bugs in the Heimdal PKI certificate checks, affecting KDC via PKINIT and kinit via PKINIT, as well as any third-party applications, that utilize libhx509 Heimdal. Exploitation of the vulnerability could allow an attacker acting...
ROS-20240812-13
A vulnerability in GLPI's asset and data center management software involves server-side request forgery. Exploitation of the vulnerability could allow an attacker acting remotely to perform an SSRF-based attack using the creation of an arbitrary object. remotely to execute an SSRF-based attack...
ROS-20240807-04
MuPDF PDF viewer's fznewpixmapfromfloatdata function vulnerability is related to the division by zero. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service Vulnerability in bmpdecompressrle4 function of MuPDF PDF viewer is related to division by...
ROS-20240805-06
An Envoy proxy vulnerability is related to incorrect validation of an erroneous pointer value. Exploitation of the vulnerability could allow an attacker acting remotely to cause the application to crash. application crash...
ROS-20240730-02
Lasso library vulnerability is related to insecure privilege management. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality, integrity and availability of protected information...
ROS-20240729-04
A vulnerability in the JsonErrorReportValve class of the Apache Tomcat application server is related to a flaw in the mechanism of for encoding or escaping output data. Exploitation of the vulnerability could allow an attacker, acting remotely, to affect the integrity of protected information...
ROS-20240726-06
The vulnerability in the WebKitGTK and WPE WebKit web page display modules is related to the existence of a method of limited sandbox traversal, which allows an isolated process to trick host processes into thinking that the isolated process is not sandboxed. them into thinking that the isolated...
ROS-20231019-02
A vulnerability in Nextcloud cloud storage creation and utilization software is related to gaining write/read privileges on any file share. Exploitation of the vulnerability could allow an attacker acting remotely to escalate privileges...
ROS-20240711-01
Vulnerability The frames.html file is a tool for creating documentation for the Ruby programming language YARD is related to improper handling of user-controlled data obtained from a URL hash in the embedded JavaScript code in the "frames.erb" template file. Exploitation of the vulnerability coul...
ROS-20240704-03
Vulnerability in gnome Vte terminal is related to escape-sequence window resizing. Exploitation The vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20240702-05
A vulnerability in the qstr method in the adodb library PDO driver is associated with the ability for remote attackers to to conduct SQL injection attacks using vectors associated with misquoted vectors. Exploitation of the vulnerability could allow an attacker acting remotely to conduct an attac...
ROS-20240611-11
A vulnerability in the CDP PDU Packet Handler component of the LLDP protocol implementation under Unix Lldpd is related to an uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to confidential information. remotely to gain...
ROS-20240611-06
A vulnerability in the OpenSSL Handler component of the Iperf3 network bandwidth measurement tool is related to the use of synchronization side-channel in RSA decryption operations. Exploitation of the vulnerability could allow a remote attacker to gain access to confidential information...
ROS-2-1440
2.1440 Nettle library vulnerabilityCVE-2021-20305 1. Vulnerability Description: A vulnerability in the Nettle library that involves the use of a failed cryptographic algorithm and allows a remote unauthenticated attacker to execute arbitrary code.Identifier of the Information Security Threats Dat...
ROS-2-1598
2.1598 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability coul...
ROS-2-1000
2.1000 Multiple Vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...