8283 matches found
ROS-20250515-10
A vulnerability in Apache Tomcat software is related to insufficient error handling for certain invalid HTTP priority headers. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service Apache Tomcat software vulnerability is related to insufficient...
ROS-2-596
2.596 Multiple vulnerabilities in ISC BIND CVE-2021-25216, CVE-2021-25215, CVE-2021-25214 1. Vulnerability Description: CVE-2021-25216 A vulnerability exists due to a boundary error in the GSS-TSIG extension. A remote attacker can send specially crafted requests to the server, trigger a buffer...
ROS-2-557
2.557 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...
ROS-20250505-02
A vulnerability in the Wayland protocol implementation of X.Org XWayland, an implementation of the X Window System X.Org Server Server is related to the use of memory after it has been freed. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data, compromise it...
ROS-20250424-12
A vulnerability in the eval function of the Cloud Deployment and Query Tool modules of the database management tool pgAdmin 4 is related to incorrect code generation control when processing endpoints /sqleditor/querytool/download and /cloud/deploy with querycommitted and highavailability...
ROS-20250417-08
A vulnerability in the net/http package of the Go programming language is related to a flaw in HTTP request handling. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
ROS-20250402-04
Vulnerability of the GLPI system of requests, incidents and inventory of computer equipment is related to improperly restricting access to the "install/update.php" file. Exploitation of the vulnerability could allow An attacker acting remotely could gain access to confidential information A...
ROS-20250326-10
A vulnerability in the Nextcloud calendar cloud software application for creating and utilizing a Nextcloud data warehouse is related to the failure to clean up line breaks and special characters in the email value in a JSON request. Exploitation of the vulnerability could allow an attacker actin...
ROS-20250319-02
A vulnerability in the dm cache component of the Linux operating system kernel is related to a read error outside the bounds in the canresize function in drivers/md/dm-cache-target.c. Exploitation of the vulnerability could allow an an attacker to cause a denial of service Vulnerability in the...
ROS-20250226-07
Apache Tomcat application server vulnerability is related to synchronization errors when using a shared resource due to lack of case-sensitivity when writing servlets to the file system. as a result of file system case insensitivity when writing servlets. Exploitation exploitation of the...
ROS-20250214-06
A vulnerability in the iio component of the Linux operating system kernel is related to incorrect input validation in the afe4403readraw function in drivers/iio/health/afe4403.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the netfilte...
ROS-20250213-01
A vulnerability in the iavf component of the Linux kernel is related to an incorrect locking in the function iavfinitmodule in drivers/net/ethernet/intel/iavf/iavfmain.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service Vulnerability in...
ROS-20250117-07
A vulnerability in the dmaengine component of the Linux operating system kernel is related to the transfer of private resources. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the powerpc/fixmap component of the Linux kernel is related to...
ROS-20250110-12
Apache Tomcat application server vulnerability is related to synchronization errors when using a shared resource "Race Situation". "Race Situation". Exploitation of the vulnerability could allow a remote attacker, execute arbitrary code by downloading specially crafted JSP files Apache Tomcat...
ROS-20241216-04
A vulnerability in the Single sign-on SSO authentication mechanism of the Zabbix universal monitoring system is related to authentication bypass via spoofing. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security restrictions and elevate their...
ROS-20240203-05
Apache Tomcat application server vulnerability is related to an unchecked error condition. Exploitation The vulnerability could allow an attacker acting remotely to bypass the authentication process and cause a denial of service Apache Tomcat application server vulnerability is related to...
ROS-20241127-01
A vulnerability in the bna component of the Linux operating system kernel is related to out-of-bounds read errors in the bnaddebugfswriteregrd and bnaddebugfswriteregwr functions in the drivers/net/ethernet/brocade/bna/bnaddebugfs.c. Exploitation of the vulnerability could allow an attacker to...
ROS-20241125-02
A vulnerability in the hns3 component of the Linux operating system kernel is related to out-of-bounds read errors in the hns3getcoalinfo function in drivers/net/ethernet/hisilicon/hns3/hns3debugfs.c. Exploitation of the of the vulnerability could allow an attacker to cause a denial of service A...
ROS-20231121-04
Vulnerability in Nextcloud cloud storage creation and utilization software is related to improper access controls. Exploitation of the vulnerability could allow an intruder, acting remotely, to gain access to sensitive information Nextcloud cloud storage creation and utilization software...
ROS-20241121-06
A vulnerability in the Consul service configuration tool is related to the use of URL paths in L7 traffic. Exploitation of the vulnerability could allow an attacker acting remotely to bypass access rules based on HTTP request paths. HTTP request paths The vulnerability in the Consul service...
ROS-20241113-02
A vulnerability in the HDMA component of the Linux operating system kernel is related to race conditions in the functions dwhdmav0corewritechunk and dwhdmav0corestart in drivers/dma/dw-edma/dw-hdma-v0-core.c. Exploitation of the vulnerability could allow an attacker to escalate privileges on the...
ROS-20241112-08
A vulnerability in the Raft Consensus Algorithm of the Raft data distribution algorithm of the Integrated storage Raft storage of HashiCorp Vault and Vault Enterprise platforms for archiving corporate information is associated with unlimited resource consumption as a result of nodes incorrectly...
ROS-20241029-05
A vulnerability in the Podman OCI container management and startup software tool is related to bugs in the option bind-propagation of the Dockerfile RUN --mount instruction. Exploitation of the vulnerability could allow an attacker to gain access to sensitive information...
ROS-20241029-04
A vulnerability in the containers-common library of the Golang programming language is related to incorrect handling of certain file paths due to incorrect validation. certain file paths due to improper validation. Exploitation of the vulnerability could allow an attacker acting remotely to explo...
ROS-20241023-09
Vulnerability of the BufWinLeave function of the vim text editor is related to memory usage after its release. Exploitation of the vulnerability could allow an attacker to gain access to confidential information. information...
ROS-20241023-02
Vulnerability of the BufWinLeave function of the vim text editor is related to memory usage after its release. Exploitation of the vulnerability could allow an attacker to gain access to confidential information. information...
ROS-20241008-05
A vulnerability in the ProcXkbGetKbdByName function of the xkb/xkb.c component of the Wayland protocol implementation for X.Org XWayland, an implementation of the X Window System X.Org Server is related to incorrect memory freeing before deleting the last link. Exploitation of the vulnerability...
ROS-20241004-02
Vulnerability of the mremap function of Linux kernel operating systems is related to memory usage after its release as a result of a race situation when processing the rmap memory management structure. Exploitation of the vulnerability could allow an attacker to cause a denial of service or eleva...
ROS-20241002-04
A vulnerability in the xenvifgetrequests function in the drivers/net/xen-netback/netback.c module of the cross-platform Xen hypervisor of the Linux kernel is related to the null pointer dereferencing in the function xenvifgetrequests. Exploiting the vulnerability could allow an attacker to cause ...
ROS-20240927-02
A vulnerability in the Google Chrome browser is related to the execution of certain user interface gestures Exploitation of the vulnerability could allow an attacker acting remotely to perform a spoofed the user interface using a specially crafted HTML page A vulnerability in Google Chrome browse...
ROS-20240918-02
A vulnerability in the WebKitGTK web page display module is related to disclosure of information in an erroneous data area of data. Exploitation of the vulnerability allows an attacker acting remotely to gain access to the sensitive data...
ROS-20240917-08
Vulnerability of classes ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address and ipaddress.IPv6Network of the ipaddress module of the Python programming language interpreter CPython is related to the incorrect IP address range validation. Exploitation of the vulnerability could...
ROS-20240916-07
A vulnerability in the fetch function of the Node.js software platform involves uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service DoS...
ROS-20240916-08
Vulnerability of MongoDB database management system is related to errors in TLS certificate validation procedure. of TLS certificate authentication. Exploitation of the vulnerability could allow an attacker acting remotely, establish an unauthorized connection to the MongoDB server...
ROS-20240911-08
The vulnerability of the configobj ini file reader and writer is related to the placement of a malicious value into a server-side configuration file by a developer. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20240902-16
The vulnerability in the retryablehttp package is related to the lack of purging cleared URLs when writing them to its log file. Exploitation of the vulnerability could allow an attacker to obtain sensitive credentials HTTP basic authentication credentials A vulnerability in the net/http module o...
ROS-20240827-02
Vulnerability of rfbClientCleanup function of libvncclient component of LibVNCServer cross-platform library is related to a memory leak. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service...
ROS-20240827-05
The Unbound DNS server vulnerability is related to the ability of a process outside of the unbound group to reconfigure the of the unbound execution environment. Exploitation of the vulnerability allows an attacker acting remotely to impact the integrity and availability of the system. Impact the...
ROS-20240827-11
Vulnerability in the HTTP2 Stream Handler component of Apache Tomcat application server is related to insufficient exceptional state handling. exceptional state handling. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a...
ROS-20240815-04
A vulnerability in the ieeewritefile component of the Netwide Assembler NASM is related to a segmentation violation in the ieeewritefile component in /output/outieee.c segmentation in the ieeewritefile component in /output/outieee.c. Exploitation of the vulnerability could allow an attacker to...
ROS-20240812-06
A vulnerability in GLPI's asset management and data center software is related to the The introduction of a malicious link by an unauthenticated user. Exploitation of the vulnerability could allow an attacker acting remotely to conduct an XSS attack Vulnerability in GLPI's request, incident and...
ROS-20240812-01
The vulnerability in the Kerberos 5 Heimdal implementation is due to bugs in the Heimdal PKI certificate checks, affecting KDC via PKINIT and kinit via PKINIT, as well as any third-party applications, that utilize libhx509 Heimdal. Exploitation of the vulnerability could allow an attacker acting...
ROS-20240812-13
A vulnerability in GLPI's asset and data center management software involves server-side request forgery. Exploitation of the vulnerability could allow an attacker acting remotely to perform an SSRF-based attack using the creation of an arbitrary object. remotely to execute an SSRF-based attack...
ROS-20240807-04
MuPDF PDF viewer's fznewpixmapfromfloatdata function vulnerability is related to the division by zero. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service Vulnerability in bmpdecompressrle4 function of MuPDF PDF viewer is related to division by...
ROS-20240805-06
An Envoy proxy vulnerability is related to incorrect validation of an erroneous pointer value. Exploitation of the vulnerability could allow an attacker acting remotely to cause the application to crash. application crash...
ROS-20240730-02
Lasso library vulnerability is related to insecure privilege management. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality, integrity and availability of protected information...
ROS-20240729-04
A vulnerability in the JsonErrorReportValve class of the Apache Tomcat application server is related to a flaw in the mechanism of for encoding or escaping output data. Exploitation of the vulnerability could allow an attacker, acting remotely, to affect the integrity of protected information...
ROS-20240726-06
The vulnerability in the WebKitGTK and WPE WebKit web page display modules is related to the existence of a method of limited sandbox traversal, which allows an isolated process to trick host processes into thinking that the isolated process is not sandboxed. them into thinking that the isolated...
ROS-20231019-02
A vulnerability in Nextcloud cloud storage creation and utilization software is related to gaining write/read privileges on any file share. Exploitation of the vulnerability could allow an attacker acting remotely to escalate privileges...
ROS-20240711-01
Vulnerability The frames.html file is a tool for creating documentation for the Ruby programming language YARD is related to improper handling of user-controlled data obtained from a URL hash in the embedded JavaScript code in the "frames.erb" template file. Exploitation of the vulnerability coul...