8283 matches found
ROS-20241211-07
CREATE POLICY row-protected table security policy vulnerability in the PostgreSQL database management system PostgreSQL is related to a lack of consistency between independent views of shared state. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary...
ROS-20241211-11
A vulnerability in the HTTP client library for Python urllib3 is related to the fact that the Prox-Authorization header is not removed during source-to-source redirection when using proxy server support urllib3 with ProxyManager . Exploitation of the vulnerability could allow an attacker acting...
ROS-20241209-05
The vulnerability of Salt's configuration management and remote execution system is related to the fact that the application does not cause a crash when bad column data is detected. Exploitation of the vulnerability could allow an attacker acting remotely to use the default value from state inste...
ROS-20241205-01
The vulnerability of the asm-bug component of the Linux operating system kernel is related to incorrect error handling in arch/arm64/include/asm/asm-bug.h. Exploitation of the vulnerability could allow an attacker to cause a denial of denial of service A vulnerability in the sr component of the...
ROS-20241203-18
An open source RDP server vulnerability is related to ineffective operation of the configuration parameter, that limits the maximum number of login attempts. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
ROS-20241023-03
A vulnerability in HashiCorp's Vault and Vault Enterprise enterprise information archiving platforms is related to improper privilege assignment. Exploitation of the vulnerability could allow an attacker, acting remotely to escalate privileges...
ROS-20241017-10
Dovecot mail server vulnerability is related to unrestricted resource allocation. Exploitation The vulnerability could allow an attacker acting remotely to perform a denial of service...
ROS-20241008-01
Vulnerability in the DWARF Object Handler component of the library for providing access to debugging information DWARF libdwarf is associated with a re-release vulnerability. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a memory leak...
ROS-20241008-02
A vulnerability in the Portainer container management platform is related to an improperly used algorithm encryption algorithm in the AesEncrypt function. Exploitation of the vulnerability could allow an attacker acting remotely to compromise the confidentiality, integrity, and availability of...
ROS-20241004-06
A vulnerability in the ksmbd component of the Linux operating system kernel is related to a link reset after using the opinfo. Exploitation of the vulnerability could allow an attacker to escalate his privileges...
ROS-20240927-15
A vulnerability in the Hotspot component of the Oracle Java SE software platform, Oracle GraalVM virtual machines Enterprise Edition and Oracle GraalVM for JDK is related to writes beyond buffer boundaries in memory. Exploitation of the of the vulnerability could allow an attacker acting remotely...
ROS-20240927-04
A vulnerability in the Hotspot component of the Oracle Java SE software platform, Oracle GraalVM virtual machines Enterprise Edition and Oracle GraalVM for JDK is related to writes beyond buffer boundaries in memory. Exploitation of the of the vulnerability could allow an attacker acting remotely...
ROS-20240918-05
A vulnerability in the net component of the Golang programming language is related to the execution of a loop with an inaccessible exit condition. exit condition. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20240904-10
A vulnerability in the Clojure dynamic programming language is related to the deserialization of untrusted data. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A vulnerability in the Clojure dynamic programming language is related to the...
ROS-20240902-21
Vulnerability in Mozilla Firefox, Mozilla Firefox ESR, Mozilla Thunderbird email client is related to memory security flaws. with memory security flaws. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code. remotely to execute arbitrary code...
ROS-20240902-07
A vulnerability in the cpio binary archiver is related to regression when using the command line parameter --no-absolute-filenames. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service...
ROS-20240902-06
Vulnerability of swfgetstring function of GPAC multimedia platform, is related to the operation exceeding the boundaries of the buffer in memory. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information Vulnerability in the gfdashsetupperio...
ROS-20240807-01
Vulnerability in the implementation of ColladaParser::ExtractDataObjectFromChannel function of the Open Asset Import Library Assimp 3D models Open Asset Import Library Assimp is related to memory usage after release. Exploitation of the vulnerability could allow an attacker acting remotely to gai...
ROS-20240730-16
A vulnerability in the Hotspot component of the Oracle Java SE software platform and Oracle GraalVM Virtual Machines for JDK and Oracle GraalVM Enterprise Edition exists due to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to impact the...
ROS-20240711-04
A vulnerability in the github.com/containers/image library is related to the fact that an attacker can initiate unexpected authenticated registry accesses on behalf of a victim user. Exploitation of the vulnerability could allow an attacker acting remotely to cause resource depletion, local path...
ROS-20240521-09
A vulnerability in the JSSE component of the Oracle Java SE software platform and Oracle GraalVM virtual machine. Enterprise Edition is related to the lack of message integrity checking. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information or...
ROS-20240514-13
The vulnerability of the file includes/specials/SpecialMovePage.php of the software tool for implementing the MediaWiki hypertext environment is related to incorrect cleanup or release of resources. MediaWiki hypertext environment is related to incorrect resource clearing or freeing. Exploitation...
ROS-20240408-24
A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection negotiation process and remove an arbitrary number of SSH service messages. during the connection negotiation process and cause an arbitrary number of SSH service...
ROS-20240408-23
A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection negotiation process and remove an arbitrary number of SSH service messages. during the connection negotiation process and cause an arbitrary number of SSH service...
ROS-2-204
2.204 Notification on the update of OPERATION SYSTEM "RED OS" MIS RED SOFT LLC notifies of the renewal of the previously obtained certificate of conformity of FSTEC of Russia 4060 until 12.01.2029 of the operating system "RED OS", decimal number RU.29926343.02.01-01. You can contact the technical...
ROS-2-51
2.51 Notification on the update of OPERATION SYSTEM "RED OS" MIS RED SOFT LLC notifies of the renewal of the previously obtained certificate of conformity of FSTEC of Russia №4060 until 12.01.2029 of the operating system "RED OS", decimal number RU.29926343.02.01-01. You can contact the technical...
ROS-2-1354
2.1354 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...
ROS-2-373
2.373 Notification on the update of the Red OS OPERATION SYSTEM MIS RED SOFT LLC notifies of the renewal of the previously obtained certificate of conformity of FSTEC of Russia 4060 until 12.01.2029 of the operating system "RED OS", decimal number RU.29926343.02.01-01. You can contact the technic...
ROS-2-1894
2.1894 Multiple Exim Server Vulnerabilities 1. Vulnerability description: CVE-2020-28007 A vulnerability in the Exim message forwarding agent, is related to a symbolic link in the Exim log directory. Exploitation of the vulnerability could allow an attacker to create a special symbolic link to a...
ROS-2-1048
2.1048 Notification on the update of the Red OS OPERATION SYSTEM MIS update RED SOFT LLC notifies of the renewal of the previously obtained certificate of conformity of FSTEC of Russia 4060 until 12.01.2029 of the operating system "RED OS", decimal number RU.29926343.02.01-01. You can contact the...
ROS-2-56
2.56 Notification on the update of the Red OS OPERATION SYSTEM MIS RED SOFT LLC notifies of the renewal of the previously obtained certificate of conformity of FSTEC of Russia 4060 until 12.01.2029 of the operating system "RED OS", decimal number RU.29926343.02.01-01. You can contact the technica...
ROS-2-405
2.405 Notification on the update of the Red OS OPERATION SYSTEM MIS RED SOFT LLC notifies of the renewal of the previously obtained certificate of conformity of FSTEC of Russia 4060 until 12.01.2029 of the operating system "RED OS", decimal number RU.29926343.02.01-01. You can contact the technic...
ROS-2-386
2.386 Notification on the update of the Red OS OPERATION SYSTEM MIS RED SOFT LLC notifies of the renewal of the previously obtained certificate of conformity of FSTEC of Russia 4060 until 12.01.2029 of the operating system "RED OS", decimal number RU.29926343.02.01-01. You can contact the technic...
ROS-2-1766
2.1766 Multiple vulnerabilities in libwebp 1. Vulnerability description: CVE-2020-36332 A vulnerability in the libwebp library for encoding and decoding WebP images, is related to improper control of internal resource consumption. Exploitation of the vulnerability could allow an attacker acting...
ROS-2-343
2.343 Notification on update of the Red OS OPERATION SYSTEM No RU.29926343.02.01-01-23 Due to quality improvement and bug fixing, an updated version of MIS Operating System "RED OS" 7.3 has been released. You can contact the technical support service within the framework of your existing technica...
ROS-2-1583
2.1583 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability coul...
ROS-2-1739
2.1739 Vulnerability in Mozilla Firefox browser CVE-2021-29967 1. Vulnerability description: A vulnerability in the Mozilla Firefox browser that allows an attacker to execute arbitrary code on the target system.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia : 2...
ROS-2-129
2.129 Notification on update of the RAND OPERATION SYSTEM "RED OS" No RU.29926343.02.01-01-23 Due to quality improvement and bug fixing, an updated version of MIS Operating System "RED OS" 7.3 has been released. You can contact the technical support service within the framework of your existing...
ROS-2-2062
2.2062 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...
ROS-2-131
2.131 Notification on update of the RAND OPERATION SYSTEM "RED OS" No RU.29926343.02.01-01-23 Due to quality improvement and bug fixing, an updated version of MIS Operating System "RED OS" 7.3 has been released. You can contact the technical support service within the framework of your existing...
ROS-2-1822
2.1822 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...
ROS-2-1361
2.1361 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability...
ROS-20220210-03
Vulnerability of HTTP client library httplib2, is related to the fact that the application does not properly control the consumption of internal resources. internal resource consumption. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause resource exhaustion by...
ROS-20220114-02
Vulnerability in Mozilla Thunderbird email client, related to memory usage after memory freeing due to a race condition when playing audio files. Exploitation of the vulnerability could allow an attacker acting remotely to create a specially crafted audio shell, trigger a post-release usage error...
ROS-2-913
2.913 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...
ROS-2-1667
2.1667 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability...
ROS-2-794
2.794 Multiple Vulnerabilities in Moodle 1. Vulnerability description: The vulnerability discovered allows a remote attacker to perform cross-site scripting XSS attacks. The vulnerability allows a remote user to gain unauthorized access to other restricted features. Vulnerability allows a remote...
ROS-2-2169
2.2169 Denial of service in libX11CVE-2021-31535 1. Vulnerability Description: The vulnerability allows a local user to execute a denial of service DoS attack. The vulnerability exists due to insufficient validation of color names in the XLookupColor function. A local user can launch a specially...
ROS-2-2187
2.2187 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...
ROS-2-1363
2.1363 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability coul...