8046 matches found
ROS-20220412-02
Vulnerability in Mozilla Firefox browser, due to the fact that regex for Rust does not control properly internal resource consumption when parsing unreliable input data. Exploitation of the vulnerability could allow a remote attacker to pass specially crafted data to an application and perform a...
ROS-20220412-03
Vulnerability in Mozilla Thunderbird email client, related to a memory freeing error when processing HTML content after the VR process is destroyed. Exploitation of the vulnerability could allow an attacker, acting remotely, create a specially crafted web page, trick the victim into opening it,...
ROS-20220322-01
Vulnerability in Mozilla Thunderbird email client, related to a memory usage error upon release when processing HTML content. Exploitation of the vulnerability could allow an attacker, acting remotely, to activate the post-release usage by forcing text to be recomposed in a SVG object and executi...
ROS-20220314-01
Vulnerability in Mozilla Firefox browser, related to a logic error in iframe processing. Exploitation the vulnerability could allow an attacker acting remotely and who has the ability to control the contents of an isolated iframe program environment , allow-popups, but not allow-scripts, could...
ROS-20220125-08
The Sendmail mail transfer agent vulnerability is related to a logical error in the TLS implementation when working with different protocols but using compatible certificates such as multi-domain or wildcard certificates. wildcard certificates. Exploitation of the vulnerability could allow an...
ROS-20220112-04
A vulnerability in the Django web application framework is related to excessive data output by the application during the processing error conditions. Exploitation of the vulnerability could allow an attacker acting remotely, to obtain sensitive system information. Django web application framewor...
ROS-20240813-03
Vulnerability of the usersdmatxadd function of the Infiniband driver of the Linux kernel is related to a pointer dereferencing error. pointer dereferencing error. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code Vulnerability of the i2cputadapter...
ROS-20240425-01
Vulnerability of Apache HTTP Server web server in the part of HTTP/2 protocol implementation is related to uncontrolled resource consumption due to incorrect header termination detection during CONTINUATION frame processing. CONTINUATION frames. Exploitation of the vulnerability could allow an...
ROS-20240403-01
A vulnerability in the column.title and cellLinkTooltip components of the Grafana web-based data presentation tool is related to insufficient protection of the web page structure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate privileges A vulnerability in t...
ROS-20221013-01
A vulnerability in the D-Bus interprocess communication system is related to the reachability of an assertion in debug builds caused by a syntactically invalid type signature with improperly nested brackets and curly braces. Exploitation of the vulnerability could allow an attacker to execute a...
ROS-20220112-03
The vsftpd FTP server vulnerability is related to a provenance check error in the TLS implementation when working with different protocols. different protocols. Exploitation of the vulnerability could allow an attacker acting remotely and capable of performing a MitM attack at the TCP/IP level,...
ROS-20230627-01
The vulnerability in the Moodle virtual learning environment is related to insufficient cleansing of data submitted by users, in the external Wiki method for listing pages, a user can send a specially crafted query to the affected application and execute limited SQL commands on the application's...
ROS-20230406-01
A vulnerability in the curl program is related to the incorrect replacement of the tilde character when used as a prefix in the first path element, in addition to its intended use as the first element to specify a path relative to a user's home directory. element to specify a path relative to the...
ROS-20220329-01
A vulnerability in the zlib data compression library is related to incorrect limitation of operations within the memory buffer due to insufficient validation of user input during data compression. memory due to insufficient validation of user-entered data during data compression. Exploitation...
ROS-20220112-01
A vulnerability in the X.Org Server - X Window System server implementation is caused by an out-of-memory write in the SProcScreenSaverSuspend function in the Screen Saver extension. Exploitation of the vulnerability could allow an attacker to send a specially crafted suspend request, initiate an...
ROS-20250515-03
Vulnerability of flacbuffercopy function of libsndfile library is related to reading data outside the buffer boundaries in memory. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to protected information and cause a denial of service. unauthorized acces...
ROS-20221103-06
Apache Tomcat application server vulnerability is related to incorrect implementation of read/write locking. writes. Exploitation of the vulnerability could allow an attacker acting remotely to cause a concurrency error and force client connections to share an instance of Http11Processor...
ROS-20221013-02
The vulnerability in the Moodle course management system is related to the fact that the H5P attempted action report does not group permissions are not taken into account when displaying to non-editing teachers information about attempts/users in groups to which they should not have access. about...
ROS-20220304-01
Vulnerability in snapd's snap packet management daemon, related to insufficient validation of interface snapd content and layout paths. Exploitation of the vulnerability could allow an attacker to enforce arbitrary AppArmor policy rules through a corrupted content interface and layout declaration...
ROS-20220202-01
Vulnerability in the GLPI request and incident handling system, related to insufficient clearing of the of user data in the reset button. Exploitation of the vulnerability could allow an attacker, acting remotely, to force a victim to click on a specially crafted link and execute arbitrary HTML a...
ROS-20250430-13
HAProxy server software vulnerability is related to bounds errors in regsub function in src/sample.c. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service...
ROS-20220926-01
A vulnerability in the Vim text editor is related to a boundary error in the utfcptr2len function in mbyte. Exploitation of the vulnerability could allow an attacker acting remotely to trick the victim into to open a specially crafted file, cause a heap buffer overflow, and execute arbitrary code...
ROS-20220125-13
Vulnerability of PostgreSQL database management system is related to failure to take measures to encrypt protected data of protected data. Exploitation of the vulnerability could allow a remote attacker, realize a man-in-the-middle attack Vulnerability in libpq library of PostgreSQL database...
ROS-20220125-11
A vulnerability in the Http2MultiplexHandler class of the Netty networking software is related to incorrect request processing when converting HTTP/2 stream to HTTP/1.1. The exploitation of the vulnerability could allow an attacker acting remotely to affect data integrity. an attacker acting...
ROS-20220128-03
A vulnerability in the standard util-linux command line utility package is related to incorrect parsing of the /proc/self/mountinfo file in libmount. parsing of the /proc/self/mountinfo file in libmount. Exploitation of the vulnerability could allow an attacker to, unmount other users' filesystem...
ROS-20220114-01
Vulnerability in Firefox browser, related to incorrect processing of user data. of user data. Exploitation of the vulnerability could allow an attacker acting remotely to mislead, by showing an incorrect origin when requesting to run a program and processing an external URL protocol Firefox brows...
ROS-20250430-04
A vulnerability in the libsoup library of the GNOME GUI is related to an infinite loop when reading WebSocket data. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service GNOME GUI libsoup library vulnerability is related to NULL pointer dereferenci...
ROS-20240212-01
A vulnerability in the PKCS11 function of the ssh-agent component of the OpenSSH cryptographic security tool is related to the following the use of an insecure search path. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code. remotely to execute...
ROS-20220518-02
A vulnerability in Mozilla Thunderbird email client is related to incorrect processing of user input data when processing signed and encrypted attached messages. user input when processing signed and encrypted attached messages. Exploitation exploitation of the vulnerability could allow a remote...
ROS-20220225-02
Vulnerability in the Drupal content management system, related to incorrect access restrictions in the in the quick edit module. Exploitation of the vulnerability could allow an attacker acting remotely, to view content restricted by other means A vulnerability in Drupal's content management...
ROS-20220125-17
A vulnerability in the QEMU hardware emulator is related to a single offset error when emulating a SCSI device in QEMU. Exploitation of the vulnerability could allow an attacker acting remotely, cause QEMU to crash The QEMU hardware emulator vulnerability is related to a memory usage error after ...
ROS-2-517
2.517 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote attacke...
ROS-20240924-03
Vulnerability of the ice component of the Linux kernel is related to the NULL pointer dereferencing in the kzalloc. Exploitation of the vulnerability could allow an attacker to cause a denial of service Vulnerability of the arm64/mm component of the Linux kernel is related to incorrect handling o...
ROS-20231115-04
Visual Studio Coden source code editor vulnerability related to improper control of code generation. code generation. Exploitation of the vulnerability may allow an attacker to execute arbitrary code Visual Studio Code source code editor vulnerability is related to insufficient protection of...
ROS-20230203-01
A vulnerability in the GNU Tar archiver is related to the fromheader function in list.c via the V7 archive, in which mtime contains approximately 11 whitespace characters. Exploitation of the vulnerability could allow an attacker, acting remotely, to transmit special data to the application and...
ROS-20240423-01
Apache HTTP Server vulnerability is related to blocking HTTP/2 connection processing if it was opened with 0 initial sliding window size. was opened with the initial sliding window size set to 0. Exploitation of the vulnerability could Allow an attacker acting remotely to cause a denial of servic...
ROS-20240402-12
A vulnerability in Nextcloud cloud storage creation and utilization software Server is related to the ability to update any personal or global external storage, making it inaccessible to everyone else. Exploitation of the vulnerability could allow an attacker, acting remotely, to bypass existing...
ROS-20240402-08
Vulnerability of HTTP/2 protocol implementation is related to the possibility of forming a stream of requests within an already established network connection without opening new network connections and without confirming receipt of requests. The vulnerability of the HTTP/2 protocol implementatio...
ROS-20230929-01
Vulnerability in the URI component of the Ruby programming language, related to improper handling of invalid URLs containing certain characters. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service Vulnerability in the...
ROS-20220322-02
A vulnerability in the libarchive archiving library is related to a symbolic link when extracting files from an archive. Exploitation of the vulnerability could allow an attacker to create a specially crafted symbolic link to a critical file on the system, place it in an archive, and change the...
ROS-20250731-01
Vulnerability in the implementation of OAuth request signing logic for Python OAuthLib is due to insufficient user data validation in urivalidate functions. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20250515-05
A vulnerability in the Poppler PDF display library is related to a floating-point exception in the PSStack::roll function. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the Poppler PDF mapping library is related to improper signature...
ROS-20250515-15
A vulnerability in the WPE WebKit and WebKitGTK web page display modules is related to writing beyond buffer boundaries. Exploitation of the vulnerability could allow a remote attacker to gain access to sensitive data, compromise its integrity, and cause a denial of service. confidential data,...
ROS-20250505-10
A vulnerability in the libxml2 library is related to out-of-bounds reads that occur in Python APIs Python bindings due to an invalid return value. Exploitation of the vulnerability could allow An attacker acting remotely to cause a denial of service...
ROS-20250430-14
The vulnerability of ASP.NET Core software platform and Microsoft's software development tool Visual Studio is related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20250430-05
Vulnerability of Erlang programming language OTP library set is related to improper packet handling SFTP. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. denial of service Vulnerability of SSH protocol implementation from Erlang/OTP library...
ROS-20250430-15
Vulnerability of sshd service of OpenSSH cryptographic protection tool is related to inconsistency with the functionality of the DisableForwarding directive stated in the DisableForwarding directive functionality stated in the documentation. Exploitation of the vulnerability could allow an intrud...
ROS-20241021-09
A vulnerability in the ntfs3 component of the Linux operating system kernel is related to read errors outside the bounds in the ntfslistea function in fs/ntfs3/xattr.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the qedr component of...
ROS-20240611-07
A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to the algorithmic complexity and unrestricted resource allocation in the creation of a DNS zone. complexity and unrestricted resource allocation when creating a DNS zone. Exploitation of...
ROS-20240411-08
The Jenkins Automation Server vulnerability involves the creation of temporary files with insecure permissions. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to read, modify, or delete files A vulnerability in the args4j library of the Jenkins Git server...