8419 matches found
ROS-20250402-02
A vulnerability in the WebTransport component of Mozilla Firefox, Firefox ESR and Thunderbird email client browsers is related to the possibility of memory usage after release. Thunderbird is related to the possibility of memory usage after release. Exploitation of the vulnerability could allow a...
ROS-20250326-01
Pidgin instant messaging vulnerability is related to DNS response spoofing and redirecting client connections to a malicious server. redirecting client connections to a malicious server. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service to an...
ROS-20250326-05
A vulnerability in the sysexec function of MariaDB software is related to insecure permissions. Exploitation of the vulnerability could allow an attacker to execute arbitrary commands with elevated privileges...
ROS-20250307-06
A vulnerability in the OpenSSL library is related to a temporary side-channel in the ECDSA signature computation. Exploitation of the vulnerability could allow a remote attacker to recover the private key...
ROS-20250203-08
Vulnerability in numexpr library of framework for creating applications based on combining languages and models LangChain is related to incorrect code generation control. LangChain models is related to improper code generation control. Exploitation of the vulnerability could allow an attacker...
ROS-20250130-02
Vulnerability of the nftverdictinit function in the net/netfilter/nftablesapi.c module of the operating system kernel Linux is related to the reuse of previously freed memory. Exploitation of the vulnerability could allow an attacker to affect the confidentiality, integrity, and availability of...
ROS-20250121-01
A vulnerability in the sqlparse.parse function of the SQL parser module for Python Sqlparse is related to uncontrolled recursion when processing a highly nested list. recursion when processing a highly nested list. Exploiting the vulnerability allows an attacker, acting remotely, to cause a denia...
ROS-20250121-03
Vulnerability The contentsecuritypolicy function of the Ruby interpreter's Action Pack extension is related to a vulnerability in the dynamically set Content-Security-Policy CSP headers. Content-Security-Policy CSP dynamically set headers vulnerability. Exploitation The vulnerability could allow ...
ROS-20250121-09
Vulnerability of the compiler of the html-template tool jinja is related to the failure to neutralize the special controls when processing f-lines. Exploitation of the vulnerability could allow an attacker to bypass the sandbox protection mechanism, execute arbitrary code, or cause a denial of...
ROS-20250114-06
A vulnerability in the Serialization component of Oracle GraalVM Enterprise Edition virtual machines, Oracle GraalVM for JDK and Oracle Java SE software platform is related to incorrect clearing or freeing of resources. resources. Exploitation of the vulnerability could allow an attacker acting...
ROS-20250113-01
A vulnerability in the OpenSSL library is related to reading the wrong address in memory when comparing subject names otherName of an X.509 certificate. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service...
ROS-20250110-13
MinIO object storage server vulnerability is related to insecure privilege management. Exploitation exploitation of the vulnerability could allow an attacker acting remotely to elevate their privileges to root...
ROS-20250110-10
A vulnerability in the asyncio.SelectorSocketTransport.writelines function of the Python programming language is associated with an uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker to cause a denial of service denial of service...
ROS-20241218-01
Vulnerability of the kmallocreserve function in the net/core/skbuff.c module of the network subsystem of the Linux kernel is related to integer overflow. Linux kernel subsystem is related to integer overflow. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
ROS-20241203-03
The HTTP request interpretation vulnerability in HAProxy is related to the ability to access a path that is restricted by an ACL access control list installed on the product. Exploitation of the vulnerability could Allow an attacker acting remotely to obtain sensitive information...
ROS-20241203-15
Go programming language vulnerability is related to errors in handling whitespace characters in context JavaScript. Exploitation of the vulnerability could allow a remote attacker to affect the confidentiality, integrity, and availability of protected information. affect the confidentiality,...
ROS-20241112-01
An implementation vulnerability in the Simple Authentication and Security Layer GNU SASL framework is related to reading outside the outside the allocated space on the GNU SASL libgsasl server side using a malicious authenticated GSS-API client. Exploitation of the vulnerability could allow an...
ROS-20241108-03
Vulnerability of multiqtune function of schmultiq component of Linux kernel is related to writing outside of dynamic memory buffer boundaries. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary code in kernel mode by executing specially specially...
ROS-20241029-07
The vulnerability in Buildah container image management tool is related to input validation errors in the directory traversal sequences in cache mounts. Exploitation of the vulnerability could allow an infringing user to escalate privileges on the system...
ROS-20241021-06
A vulnerability in the ASGI Starlette toolkit for creating asynchronous Python web services is related to the following the ability for a remote unauthenticated user to view files in a web service. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensiti...
ROS-20241001-13
A vulnerability in the Botan C++ cryptographic library is related to asymmetric resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A vulnerability in the C++ Botan cryptographic library is related to errors in parsing...
ROS-20241002-02
Vulnerability of the tcindex indexing filter net/sched/clstcindex.c in the kernel of the of the Linux operating system is related to incorrect filter management, which leads to the repeated freeing previously freed memory. Exploitation of the vulnerability could allow an attacker to elevate...
ROS-20240924-02
Vulnerability in Thunderbird email client and Firefox browsers, Firefox ESR is related to writing outside the boundaries of the buffer in memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code Vulnerability in Firefox ESR, Firefox web browsers...
ROS-20240923-04
A vulnerability in the Node.js software platform is related to flaws in HTTP request processing. Exploitation vulnerability could allow an attacker acting remotely to send a covert HTTP request HTTP Request Smuggling attack. HTTP Request Smuggling...
ROS-20240917-04
A vulnerability in the crypto.X509Certificate function of the Node.js software platform is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service...
ROS-20240916-11
Vulnerability of the sssctl command of the remote directory access control service and authentication mechanism SSSD is related to the lack of input data cleanup measures. Exploitation of the vulnerability could allow a remote attacker to gain access to sensitive data, compromise its integrity, a...
ROS-20240916-05
A vulnerability in the email module of the Python programming language interpreter is due to insufficient inadequate input validation. Exploitation of the vulnerability could allow an attacker acting remotely, bypass the security mechanism...
ROS-20240911-03
A vulnerability in the HTTP Requests library of the Python Requests programming language is related to ignoring the certificate validation. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data...
ROS-20240827-18
Vulnerability of the actionpack/lib/actiondispatch/middleware/templates/routes/table.html.erb file of Ruby interpreter is related to incorrect neutralization of input data during generation of a web page. web page. Exploitation of the vulnerability could allow an attacker acting locally to conduc...
ROS-20240827-20
The vulnerability in the Ruby interpreter is related to improper neutralization of input data during generation of the of a web page. Exploitation of the vulnerability could allow an attacker acting locally to conduct cross-site scripting Vulnerability in the Active Storage component of the Ruby...
ROS-20240828-08
Vulnerability of ANGLE library in Mozilla Firefox, Firefox ESR and Thunderbird email client is related to using uninitialized resource. is related to the use of an uninitialized resource. Exploitation of the vulnerability could allow an attacker to disclose protected information Vulnerability in...
ROS-20240826-05
Vulnerability in FontForge font editing software exists due to failure to take measures to neutralization of special elements. Exploitation of the vulnerability could allow an attacker to execute arbitrary commands...
ROS-20240820-07
Vulnerability of subselect component of MariaDB database management system is related to the operation exceeding the buffer boundaries in memory. Exploitation of the vulnerability could allow a remote intruder, affect confidentiality, integrity, availability of protected information Vulnerability...
ROS-20240820-14
A vulnerability in the JavaFX component of Oracle GraalVM Enterprise Edition virtual machine and Oracle Java SE software platform is related to insufficient input validation. Oracle Java SE platform is related to insufficient input data validation. Exploitation of the vulnerability could allow an...
ROS-20240808-04
A vulnerability in the phpCAS::setUrl function of the phpCAS authentication library is related to the use of HTTP headers to determine the URL of a service used to validate tickets. HTTP to determine the URL of the service used to validate tickets, allowing the control of the host header and use ...
ROS-20240807-02
Vulnerability of CountVowelPosition function of Espeak compact free software speech synthesizer is related to stack buffer overflow. with a stack buffer overflow. Exploitation of the vulnerability could allow an attacker to cause a denial of service SetUpPhonemeTable compact free software speech...
ROS-20240729-14
A vulnerability in the logentryattr function of the 389-ds-base component is related to a buffer overflow in the heap. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
ROS-20240709-04
The vulnerability in the C++ Botan cryptographic library is related to resource allocation without constraints and regulation. Exploitation of the vulnerability could allow an attacker acting remotely to forge a an ECDSA X.509 certificate...
ROS-20240627-02
A vulnerability in the VPN protocol library using the "IPsec" libreswan is related to a statement of reachability when processing IKEv1 packets without specifying the esp string. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20240411-11
A vulnerability in the bsonutf8validate function of the MongoDB database management system is related to a loop with an unreachable exit condition. unreachable exit condition. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service...
ROS-2-1636
2.1636 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability Description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...
ROS-2-1681
2.1681 Vulnerability in Mozilla Thunderbird email client CVE-2021-29964, CVE-2021-29967 1. Vulnerability description: CVE-2021-29964 A vulnerability in the Mozilla Thunderbird email client, is related to boundary conditions. Exploitation of the vulnerability could allow an attacker acting remotel...
ROS-2-123
2.123 Notification on the update of the Red OS OPERATION SYSTEM MIS RED SOFT LLC notifies of the renewal of the previously obtained certificate of conformity of FSTEC of Russia №4060 until 12.01.2029 of the operating system "RED OS", decimal number RU.29926343.02.01-01. You can contact the...
ROS-2-224
2.224 Notification on the update of the Red OS OPERATION SYSTEM MIS RED SOFT LLC notifies about renewal of the previously obtained certificate of conformity of FSTEC of Russia 4060 till 12.01.2029 of the operating system "RED OS", decimal number RU.29926343.02.01-01. You can contact the technical...
ROS-2-1582
2.1582 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...
ROS-2-30
2.30 Notification on the update of the Red OS OPERATIONAL SYSTEM MIS RED SOFT LLC notifies of the renewal of the previously obtained certificate of conformity of FSTEC of Russia №4060 until 12.01.2029 of the operating system "RED OS", decimal number RU.29926343.02.01-01. You can contact the...
ROS-2-1374
2.1374 Multiple vulnerabilities in libwebp 1. Vulnerability description: CVE-2020-36332 A vulnerability in the libwebp library for encoding and decoding WebP images, is related to improper control of internal resource consumption. Exploitation of the vulnerability could allow an attacker acting...
ROS-2-1457
2.1457 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...
ROS-2-1438
2.1438 Multiple vulnerabilities in Moodle CVE-2021-32472 - CVE-2021-32478 1. Vulnerability Description: CVE-2021-32478 A vulnerability exists due to insufficient cleansing of user-provided data at the LTI authorization endpoint. A remote attacker could trick a victim into clicking a specially...
ROS-2-1577
2.1577 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability...