8110 matches found
ROS-20260520-73-0015
A vulnerability in the Blink rendering engine of Google Chrome and Microsoft Edge browsers is related to the ability to use memory after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...
ROS-20260520-73-0033
A vulnerability in the WebAudio component of Google Chrome browser is related to writing outside of buffer boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...
ROS-20260520-73-0005
A vulnerability in the WebGL component of the Google Chrome browser is related to reading outside of the allowed range in memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...
ROS-20260515-73-0048
A vulnerability in the Skia graphics library of Google Chrome browser is associated with a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow a remote attacker to affect the confidentiality, integrity and availability of protected information...
ROS-20260512-73-0019
A vulnerability in the Core component of the Oracle VM VirtualBox virtual machine is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker to gain full control over the application...
ROS-20260512-73-0002
Vulnerability in python-PyPDF2 related to execution of a loop with an unreachable exit condition. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
ROS-20260505-73-0073
A vulnerability in the tarfile module of the Python programming language interpreter CPython is related to incorrect parsing of the file header. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20260408-73-0026
A vulnerability in the drivers/soc/qcom/mdtloader.c component of the Linux kernel is related to buffer copying without input data validation. Exploitation of the vulnerability allows an intruder to gain unauthorized access to protected information...
ROS-20251203-05
A vulnerability in the Java library for handling Apache Commons Configuration files is related to the fact that, the application does not properly control internal resource consumption when loading a specially crafted configuration file. created configuration file. Exploitation of the vulnerabili...
ROS-20251203-02
A vulnerability in the Pulpcore component of the Pulp software package management platform Pulp is related to with a bug in the puppet-pulpcore configuration when using Gunicorn versions prior to 22.0. Exploitation of this vulnerability could allow an attacker acting remotely to bypass the...
ROS-20251110-04
A vulnerability in the qtdemuxparsetrak function of the Gstreamer multimedia framework is related to a boundary condition in the MOV/MP4 demultiplexer. Exploitation of the vulnerability could allow an attacker acting remotely, gain access to potentially sensitive information A vulnerability in th...
ROS-20250515-01
A vulnerability in the PHP Twig template language is due to sandbox security checks not being executed under certain circumstances. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the implemented security restrictions. remotely to bypass the implemented securit...
ROS-20250515-07
Vulnerability of RevertAction.Php, ApiFileRevert.Php files of MediaWiki hypertext environment implementation software is related to incorrect permissions saving. MediaWiki hypertext environment is related to incorrect permissions saving. Exploitation of the vulnerability could allow a remote...
ROS-20250515-08
A vulnerability in the Thunderbird email client is related to the presence of multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, when hovering over any attachment, only the the last link. Exploiting this vulnerability allows remote attackers, perform a...
ROS-2-137
2.137 Notification on update of the RAND OPERATION SYSTEM "RED OS" No RU.29926343.02.01-01-23 Due to quality improvement and bug fixing, an updated version of MIS Operating System "RED OS" 7.3 has been released. You can contact the technical support service within the framework of your existing...
ROS-2-678
2.678 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...
ROS-2-1
2.1 Notification on the update of the OPERATION SYSTEM "RED OS" MIS RED SOFT LLC notifies about renewal of the previously obtained certificate of conformity of FSTEC of Russia 4060 till 12.01.2029 of the operating system "RED OS", decimal number RU.29926343.02.01-01. You can contact the technical...
ROS-20250513-01
Vulnerability of directory publishing application in domain sharedirectory is related to the lack of verification of the of a user accessing the D-Bus service. Exploitation of the vulnerability could allow an attacker to to execute arbitrary operating system commands. Information about the...
ROS-20250430-11
The vulnerability in the PHP programming language interpreter is related to flaws in header processing of of HTTP requests. Exploitation of the vulnerability could allow an attacker acting remotely to send a hidden HTTP request HTTP Request Smuggling attack. A hidden HTTP request HTTP Request...
ROS-20250417-02
Vulnerability of /settings/store API endpoint of pgAdmin database management tool is related to failure to take measures to protect the structure of a web page. Exploitation of the vulnerability could allow an attacker, acting remotely, to perform a cross-site scripted attack Server mode...
ROS-20250303-05
A vulnerability in the Wi-Fi driver rtl8712 of the Linux operating system kernel is related to the use of memory after its after memory has been freed. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
ROS-20250220-01
Vulnerability of tunfreenetdev function of virtual network drivers TUN/TAP of kernel operating systems Linux is related to repeated freeing of previously freed memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service or escalate privileges A vulnerability in...
ROS-20250219-05
A vulnerability in the Core component of Oracle VM VirtualBox is related to a flaw in the authorization mechanism. authorization mechanism. Exploitation of the vulnerability could allow an attacker to gain privileged access to the infrastructure A vulnerability in the Core component of the Oracle...
ROS-20250203-08
Vulnerability in numexpr library of framework for creating applications based on combining languages and models LangChain is related to incorrect code generation control. LangChain models is related to improper code generation control. Exploitation of the vulnerability could allow an attacker...
ROS-20250128-01
A firmware vulnerability in Intel Core Ultra processors is related to improper isolation of shared resources between trusted and untrusted agents. shared resources between trusted and untrusted agents. Exploitation of the vulnerability could allow an attacker to escalate privileges...
ROS-20250128-03
A vulnerability in the Go programming language is related to the fact that the application does not properly control the consumption of internal resources in several Parse functions. Exploitation of the vulnerability could allow An attacker acting remotely to cause a denial of service...
ROS-20250121-03
Vulnerability The contentsecuritypolicy function of the Ruby interpreter's Action Pack extension is related to a vulnerability in the dynamically set Content-Security-Policy CSP headers. Content-Security-Policy CSP dynamically set headers vulnerability. Exploitation The vulnerability could allow ...
ROS-20250117-07
A vulnerability in the dmaengine component of the Linux operating system kernel is related to the transfer of private resources. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the powerpc/fixmap component of the Linux kernel is related to...
ROS-20250114-06
A vulnerability in the Serialization component of Oracle GraalVM Enterprise Edition virtual machines, Oracle GraalVM for JDK and Oracle Java SE software platform is related to incorrect clearing or freeing of resources. resources. Exploitation of the vulnerability could allow an attacker acting...
ROS-20250110-13
MinIO object storage server vulnerability is related to insecure privilege management. Exploitation exploitation of the vulnerability could allow an attacker acting remotely to elevate their privileges to root...
ROS-20241203-15
Go programming language vulnerability is related to errors in handling whitespace characters in context JavaScript. Exploitation of the vulnerability could allow a remote attacker to affect the confidentiality, integrity, and availability of protected information. affect the confidentiality,...
ROS-20241203-02
A vulnerability in the streamformatter moby package is related to running multiple simultaneous write operations. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service The moby package vulnerability is related to running concurrent builds that call...
ROS-20241203-06
Vulnerability of coretable/dynamic module of Moodle virtual learning environment is related to access control flaws in access control. Exploitation of the vulnerability could allow an attacker acting remotely, gain unauthorized access to protected information...
ROS-20241203-11
A vulnerability in the ngxhttpv4module module of the NGINX Plus and NGINX OSS web servers is related to reading out-of-bounds memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
ROS-20241108-03
Vulnerability of multiqtune function of schmultiq component of Linux kernel is related to writing outside of dynamic memory buffer boundaries. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary code in kernel mode by executing specially specially...
ROS-20241029-07
The vulnerability in Buildah container image management tool is related to input validation errors in the directory traversal sequences in cache mounts. Exploitation of the vulnerability could allow an infringing user to escalate privileges on the system...
ROS-20241023-06
Vulnerability of the BufWinLeave function of the vim text editor is related to memory usage after its release. Exploitation of the vulnerability could allow an attacker to gain access to confidential information. information...
ROS-20241023-07
Vulnerability of the BufWinLeave function of the vim text editor is related to memory usage after its release. Exploitation of the vulnerability could allow an attacker to gain access to confidential information. information...
ROS-20241021-06
A vulnerability in the ASGI Starlette toolkit for creating asynchronous Python web services is related to the following the ability for a remote unauthenticated user to view files in a web service. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensiti...
ROS-20241021-05
Vulnerability in Sentry SDK real-time crash reporting software is related to a leak of sensitive cookie values. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information...
ROS-20241008-06
Vulnerability of the XTestSwapFakeInput function of the X Window System X.Org Server implementation, an implementation of the Wayland Wayland protocol for X.Org XWayland is related to writing outside buffer boundaries. Exploitation of the vulnerability allows an attacker acting remotely to gain...
ROS-20241001-13
A vulnerability in the Botan C++ cryptographic library is related to asymmetric resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A vulnerability in the C++ Botan cryptographic library is related to errors in parsing...
ROS-20240923-04
A vulnerability in the Node.js software platform is related to flaws in HTTP request processing. Exploitation vulnerability could allow an attacker acting remotely to send a covert HTTP request HTTP Request Smuggling attack. HTTP Request Smuggling...
ROS-20240918-09
A vulnerability in the Compositing component of Google Chrome browser is related to improper access control. Exploitation of the vulnerability could allow an attacker acting remotely to spoof the user's security interface using a specially crafted HTML page. security interface using a specially...
ROS-20240917-04
A vulnerability in the crypto.X509Certificate function of the Node.js software platform is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service...
ROS-20240902-02
A vulnerability in the implementation of the INVD processor instruction for virtual machines running on servers with AMD processors is associated with loss or omission of information. AMD processors is associated with information loss or skipping. Exploitation of the vulnerability could allow An...
ROS-20240902-16
The vulnerability in the retryablehttp package is related to the lack of purging cleared URLs when writing them to its log file. Exploitation of the vulnerability could allow an attacker to obtain sensitive credentials HTTP basic authentication credentials A vulnerability in the net/http module o...
ROS-20240828-01
A vulnerability in the koji RPM-based build system is related to improper neutralization of input data during the during web page generation. Exploitation of the vulnerability could allow an attacker to conduct XSS attacks using a specially crafted web interface. using a specially crafted web...
ROS-20240827-20
The vulnerability in the Ruby interpreter is related to improper neutralization of input data during generation of the of a web page. Exploitation of the vulnerability could allow an attacker acting locally to conduct cross-site scripting Vulnerability in the Active Storage component of the Ruby...
ROS-20240820-14
A vulnerability in the JavaFX component of Oracle GraalVM Enterprise Edition virtual machine and Oracle Java SE software platform is related to insufficient input validation. Oracle Java SE platform is related to insufficient input data validation. Exploitation of the vulnerability could allow an...