8159 matches found
ROS-20250409-01
A vulnerability in the NFSD component of the Linux kernel is related to the dereferencing of a NULL pointer in the nfsd4processcbupdate function in fs/nfsd/nfs4callback.c. Exploitation of the vulnerability could allow an an attacker to cause a denial of service A vulnerability in the ALSA compone...
ROS-20250403-02
A vulnerability in the QPDF PDF conversion command line utility is related to the creation of a .pdf file with the PlASCII85Decoder::write parameter in libqpdf. .pdf file with the PlASCII85Decoder::write parameter in libqpdf. Exploitation of the vulnerability could allow an attacker to execute...
ROS-20250402-05
A vulnerability in the configuration implementation of the HTML cleanup tool for Rails Html Sanitizer applications is related to with insufficient cleaning of user-supplied data. Exploitation of the vulnerability could allow An attacker acting remotely could conduct cross-site scripting attacks...
ROS-20250402-03
A vulnerability in the WebTransport component of Mozilla Firefox, Firefox ESR and Thunderbird email client browsers is related to the possibility of memory usage after release. Thunderbird is related to the possibility of memory usage after release. Exploitation of the vulnerability could allow a...
ROS-20250402-06
Vulnerability of pamsmauthenticate function of PAM-PKCS11 authentication module of Linux operating systems is related to authentication errors. Exploitation of the vulnerability could allow an attacker acting remotely, bypass the authentication procedure and gain unauthorized access to protected...
ROS-20250326-02
A vulnerability in the document-oriented MongoDB database management system is related to the lack of authorization checks. authorization checks. Exploitation of the vulnerability could allow a remote intruder gain unauthorized access to protected information...
ROS-20250311-02
PQescapeLiteral, PQescapeIdentifier, PQescapeString and PQescapeStringConn functions are vulnerable to vulnerability libpq library of PostgreSQL database management system is related to failure to take measures to protect SQL query structure. Exploitation of the vulnerability could allow an...
ROS-20250307-12
Nomad application orchestrator vulnerability related to customization of wildcard namespace usage. namespace. Exploitation of the vulnerability could allow an attacker acting remotely to bypass ACL policy by allowing reads from other namespaces. ACL policy by allowing reads from other namespaces...
ROS-20250219-03
A vulnerability in the git-upload-pack method of the go-git library is related to argument injection or modification. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality, integrity, and availability of protected information A vulnerability in th...
ROS-20250203-06
A vulnerability in the LibreOffice office suite is related to insufficient protection of proprietary data. Exploitation of the vulnerability could allow an attacker to disclose confidential information LibreOffice office suite vulnerability is related to incorrect path name restriction to a...
ROS-20250203-13
A vulnerability in the Active Record component of the Ruby on Rails software platform is related to the possibility of injecting SQL code through comments. SQL code through comments. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code Vulnerability of...
ROS-20250130-02
Vulnerability of the nftverdictinit function in the net/netfilter/nftablesapi.c module of the operating system kernel Linux is related to the reuse of previously freed memory. Exploitation of the vulnerability could allow an attacker to affect the confidentiality, integrity, and availability of...
ROS-20250128-09
A vulnerability in the Container Storage Interface CSI component of the Nomad application orchestrator is related to an improper authorization. Exploitation of the vulnerability could allow an attacker acting remotely, Affect the integrity of protected information...
ROS-20250127-03
A vulnerability in the drm/lima components of the Linux operating system kernel is related to incorrect calculation in the virtualncidevwrite function in drivers/nfc/virtualncidev.c. Exploitation of the vulnerability could allow an an attacker to cause a denial of service A vulnerability in an x8...
ROS-20250122-01
A vulnerability in the SUNRPC component of the Linux operating system kernel is related to an incorrect lock in the xsgetsrcport function in net/sunrpc/xprtsock.c, in rpcsysfsxprtsrcaddrshow function in net/sunrpc/sysfs.c. Exploitation of the vulnerability could allow an attacker to cause a denia...
ROS-20250117-01
Exiv2 media metadata management library vulnerability is related to the use of an uninitialized resource. of an uninitialized resource. Exploitation of the vulnerability could allow an attacker to gain unauthorized access to protected information...
ROS-20250115-01
A vulnerability in Mozilla Firefox, Firefox ESR, and Thunderbird email client is related to improper permission persistence. exploitation of the vulnerability could allow a remote attacker to affect the confidentiality of protected information, to affect the confidentiality of protected informati...
ROS-20250114-04
The incognito mode vulnerability in Mozilla Firefox, Firefox ESR browsers is due to the application not properly impose security restrictions. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the implemented security restrictions Incognito mode vulnerability in...
ROS-20250114-08
A vulnerability in the Serialization component of Oracle GraalVM Enterprise Edition virtual machines, Oracle GraalVM for JDK and Oracle Java SE software platform is related to incorrect clearing or freeing of resources. resources. Exploitation of the vulnerability could allow an attacker acting...
ROS-20250114-02
LibreOffice office suite vulnerability is related to incorrect cryptographic signature verification. signature. Exploitation of the vulnerability could allow an attacker to create a specially crafted document, which, upon recovery, would report the valid status of the electronic signature A...
ROS-20241220-04
Vulnerability of ServerConfig.PublicKeyCallback function of the library for Go crypto programming language is related to a flaw in the authorization procedure for key processing. Exploitation of the vulnerability could allow an attacker acting remotely to bypass security restrictions...
ROS-20241218-01
Vulnerability of the kmallocreserve function in the net/core/skbuff.c module of the network subsystem of the Linux kernel is related to integer overflow. Linux kernel subsystem is related to integer overflow. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
ROS-20241211-03
CREATE POLICY row-protected table security policy vulnerability in the PostgreSQL database management system PostgreSQL is related to a lack of consistency between independent views of shared state. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary...
ROS-20241204-01
A vulnerability in the libstub component of the Linux kernel is related to the use of an uninitialized resource in the uninitialized resource in the efifree function in drivers/firmware/efi/libstub/fdt.c. Exploitation of the of the vulnerability could allow an attacker to cause a denial of servic...
ROS-20241203-21
The vulnerability of drawio diagramming software is related to improper neutralization of the of special elements used in the OS command. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary commands...
ROS-20241112-05
A vulnerability in the XkbSetCompatMap function of the X Window System X.Org Server implementation is related to a buffer overflow in dynamic memory. buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker to escalate privileges...
ROS-20241112-09
A vulnerability in the Consul service configuration tool is related to input validation errors when processing catalog traversal sequences. Exploitation of the vulnerability could allow an attacker acting remotely to send a specially crafted HTTP request and read arbitrary files on the system...
ROS-20241107-02
A vulnerability in the x86/mmu components of the Linux operating system kernel is related to incorrect calculations in the kvmtdpmmutrysplithugepages, kvmtdpmmucleardirtyslot, and cleardirtyptmasked functions in the arch/x86/kvm/mmu/tdpmmu.c. Exploitation of the vulnerability could allow an...
ROS-20241028-02
The vulnerability of the net-netip component of Golang programming language is related to incorrect operation of Is methods IsPrivate, IsLoopback, etc. methods. Exploitation of the vulnerability can allow an intruder to bypass the existing access restriction policy...
ROS-20241017-06
A vulnerability in the PeCoffLoaderRelocateImage function of the Tianocore EDK2 library is related to the invocation of memory corruption memory due to overflow through a contiguous network. Exploitation of the vulnerability allows an attacker acting remotely to gain unauthorized access to...
ROS-20241017-02
Vulnerability in the "CONNECT", "DISCONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" components of the message broker Eclipse Mosquitto is related to segmentation errors. Exploitation of the vulnerability could allow an attacker, acting remotely, to gain access to sensitive...
ROS-20241015-01
Vulnerability in the Image Element Handler component of the Haskell library for conversion from markup formats Pandoc is related to the provision of a specially crafted image element as input when creating files using the --extract-media parameter or outputting to PDF. file creation using the...
ROS-20241008-03
A vulnerability in the TLS protocol implementation of Apache Tomcat application server is associated with uncontrolled consumption of resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. denial of service...
ROS-20240905-01
Vulnerability of the bgpattrencap function in the bgpd/bgpattr.c file of the software tool for implementing network routing on Unix-like systems FRRouting is related to the lack of verification of actual remaining routing on Unix-like systems FRRouting is related to the lack of checking the actua...
ROS-20240827-03
Vulnerability of the file actionpack/lib/actiondispatch/middleware/templates/routes/table.html.erb of Ruby interpreter is related to incorrect neutralization of input data during generation of a web page. web page. Exploitation of the vulnerability could allow an attacker acting locally to conduc...
ROS-20240827-10
A vulnerability in the File Name Handler component of the vim text editor exists due to a bug in the use of pointers after memory release in the dialogchanged function. pointers after memory release in dialogchanged function. Exploitation of the vulnerability could allow an an attacker to cause a...
ROS-20240826-23
A vulnerability in the Blender three-dimensional computer graphics software suite is related to the lack of validation for values less than 0. Exploitation of the vulnerability allows an attacker acting remotely to gain access to sensitive data, compromise its integrity, and cause a denial of...
ROS-20240826-27
A vulnerability in the Hotspot component of Oracle GraalVM Enterprise Edition virtual machines, Oracle GraalVM for JDK and Oracle Java SE software platform is associated with insufficient protection of service data. Exploitation of the vulnerability could allow an attacker acting remotely to gain...
ROS-20240815-16
Vulnerability in authentication and authorization module for Apache 2.x HTTP server Modauthopenidc is related to an uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service...
ROS-20240806-02
A vulnerability in the XML Handler component of the cross-platform messenger for the Jabber Gajim protocol is related to the the creation of XML strophs, allowing messages that were not sent by other users. Exploitation of the vulnerability could allow an attacker acting remotely to have an Impac...
ROS-20240801-03
A vulnerability in the JSSE component of the Java SE software platform and Oracle GraalVM for JDK virtual machine is related to errors in certificate authentication procedure. Exploitation of the vulnerability could allow a remote attacker to cause a denial of service A vulnerability in the CORBA...
ROS-20240801-04
A vulnerability in the JSSE component of the Java SE software platform and Oracle GraalVM for JDK virtual machine is related to errors in certificate authentication procedure. Exploitation of the vulnerability could allow a remote attacker to cause a denial of service A vulnerability in the CORBA...
ROS-20240731-02
A vulnerability in the application programming interface of the libcue library is related to an operation exceeding the boundaries of the of a buffer in memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code by downloading a control table from ...
ROS-20240613-04
Vulnerability of RelinquishDCMInfo function of dcm.c component of ImageMagick console graphic editor is related to memory usage after its release. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive data, as well as cause a denial of service via a...
ROS-20240611-03
A vulnerability in the MIME-tools component of the open-source content filter for Amavis email is related to an interpretation conflict when a MIME email message has multiple boundary parameters. Exploitation of the vulnerability could allow an attacker acting remotely to elevate the privileges...
ROS-20240529-04
A vulnerability in the ImageIO component of the Oracle Java SE software platform and the Oracle GraalVM Virtual Machine Enterprise Edition is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a partial denial of service Vulnerability i...
ROS-20240521-11
A vulnerability in the JSSE component of the Oracle Java SE software platform and Oracle GraalVM virtual machine. Enterprise Edition is related to the lack of message integrity checking. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information or...
ROS-20240514-11
The vulnerability of the file includes/specials/SpecialMovePage.php of the software tool for implementing the MediaWiki hypertext environment is related to incorrect resource clearing or freeing. Exploitation The vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20240503-14
A vulnerability in the PSA Crypto API of the Mbed TLS and Mbed Crypto software is related to a insufficient spatial separation. Exploitation of the vulnerability could allow an attacker to have an impact the confidentiality, integrity, and availability of data Vulnerability in the...
ROS-20240503-17
A vulnerability in the PSA Crypto API of the Mbed TLS and Mbed Crypto software is related to a insufficient spatial separation. Exploitation of the vulnerability could allow an attacker to have an impact the confidentiality, integrity, and availability of data Vulnerability in the...