7975 matches found
ROS-20221007-04
Vulnerabilities in Firefox, Firefox ESR web browsers and Thunderbird email client are related to errors in the in the presentation of information by the user interface. Exploitation of the vulnerability could allow An attacker acting remotely could disclose protected information Vulnerability in...
ROS-20220608-01
The vulnerability of the ClamAV antivirus software package is related to a boundary error in the module of database loading signatures. Exploitation of the vulnerability could allow an attacker acting remotely to transfer specially crafted data to an application, cause a buffer overflow in dynami...
ROS-20220329-04
Vulnerability in nbd network block device implementation, related to stack-based buffer overflow during NBDOPTINFO or NBDOPTGO messages. Exploitation of the vulnerability could allow an attacker, acting remotely and not authenticated, to pass specially crafted data to an application, causing a...
ROS-2-850
2.850 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote attacke...
ROS-2-472
2.472 Multiple vulnerabilities in ISC BIND CVE-2021-25216, CVE-2021-25215, CVE-2021-25214 1. Vulnerability Description: CVE-2021-25216 A vulnerability exists due to a boundary error in the GSS-TSIG extension. A remote attacker can send specially crafted requests to the server, trigger a buffer...
ROS-2-600
2.600 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote attacke...
ROS-2-792
2.792 Open redirect in aiohttp CVE-2021-21330 1. Vulnerability Description: Vulnerability allows cross-site scripting and bypass of security restrictions.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia: BDU:2021-01528 2. Possible measures to eliminate the...
ROS-20240801-01
A vulnerability in the modrewrite function of Apache HTTP Server is related to access control weaknesses. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
ROS-20240726-05
Apache HTTP Server web server vulnerability is related to failure to take measures to handle sequences of CRLF sequences in HTTP headers. Exploitation of the vulnerability could allow an attacker acting remotely, Perform HTTP response splitting attacks Apache HTTP Server vulnerability is related ...
ROS-20240411-07
A vulnerability in the UEFI shim bootloader is related to errors in the MZ binary format. Exploitation of the vulnerability could allow an attacker to cause a denial of service The shim UEFI bootloader vulnerability is related to out-of-bounds read errors when attempting to check the SBAT...
ROS-20240409-06
A vulnerability in SaltStack Salt's configuration management and remote operations execution system is related to receiving multiple bad packets to the server equal to the number of worker threads, Salt will stop responding back requests before restarting. Exploitation of the vulnerability could...
ROS-20240328-06
A vulnerability in the libssh library is related to NULL pointer dereferencing. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A vulnerability in the ProxyCommand/ProxyJump component of the libssh library is related to improper control of co...
ROS-20231114-01
A vulnerability in the Blink Media component of the Google Chrome browser is related to memory usage after it has been after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code A vulnerability in the Blink Frames component of Goog...
ROS-20231109-01
Go programming language vulnerability is related to insecure external control of critical state data state when processing the setuid and setgid attributes. Exploitation of the vulnerability could allow an attacker, acting remotely, escalate their privileges and gain access to read, modify, or...
ROS-20231013-05
Vulnerability of prfunctiontype function in prdbg.c file of GNU Binutils development tool is related to a memory leak. Exploitation of the vulnerability could allow an attacker to cause a denial of denial of service A vulnerability in the parsestabstructfields function of the GNU development tool...
ROS-2-618
2.618 Multiple vulnerabilities in ISC BIND CVE-2021-25216, CVE-2021-25215, CVE-2021-25214 1. Vulnerability Description: CVE-2021-25216 A vulnerability exists due to a boundary error in the GSS-TSIG extension. A remote attacker can send specially crafted requests to the server, trigger a buffer...
ROS-20221222-03
A vulnerability in the Moodle course management system is related to insufficient validation of user-entered data in the LTI vendor library. data in the LTI vendor's library. Exploitation of the vulnerability could allow an attacker acting remotely to send a specially crafted HTTP request and tri...
ROS-20221123-01
The vulnerability of qfbufaddline function of Vim text editor is related to memory usage after its release. Exploitation of the vulnerability may allow an intruder to affect the confidentiality, integrity and availability of protected information Vulnerability of the inscompladd function of the...
ROS-20221007-05
Firefox browser vulnerability is related to a bounds error in HTML content processing. Exploitation The vulnerability could allow a remote attacker to create a customized website, trick the victim into opening it, cause memory corruption, and execute arbitrary code on the target system. the victi...
ROS-20220908-01
A vulnerability in the netfilter subsystem of the Linux kernel is related to the use of memory after it has been freed. Exploitation of the vulnerability could allow an attacker to escalate privileges and execute arbitrary code A vulnerability in the Linux kernel is related to the fact that when...
ROS-20220128-01
The vulnerability in the Polkit library for UNIX-like operating systems is related to improper handling of the number of call parameters in the pkexec setuid binary, which causes the binary to executes environment variables as commands. Exploitation of the vulnerability could allow an attacker to...
ROS-2-661
2.661 Multiple vulnerabilities in Squid CVE-2021-28651, CVE-2021-28662, CVE-2021-28652, CVE-2021-31806, CVE-2021-31808 1. Vulnerability Description: The vulnerability allows a remote attacker to execute a denial-of-service DoS attack.Identifier of the Information Security Threats Data Bank of the...
ROS-2-987
2.987 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote attacke...
ROS-2-520
2.520 Multiple vulnerabilities in Squid CVE-2021-28651, CVE-2021-28662, CVE-2021-28652, CVE-2021-31806, CVE-2021-31808 1. Vulnerability Description: The vulnerability allows a remote attacker to execute a denial-of-service DoS attack.Identifier of the Information Security Threats Data Bank of the...
ROS-2-796
2.796 Vulnerability in GNU C Library glibc 2.32 CVE-2016-10228,CVE-2020-10029. 1. Vulnerability Description: CVE-2016-10228 Looping in iconv utility, manifested when run with "-c" option, in case of incorrect multibyte data processing. CVE-2020-10029 Stack corruption when trigonometric functions...
ROS-20241204-02
Vulnerability in the ca8210 component of the Linux operating system kernel is related to a memory leak in the function ca8210asyncxmitcomplete in drivers/net/ieee802154/ca8210.c. Exploitation of the vulnerability could allow an an attacker to cause a denial of service A vulnerability in the max97...
ROS-20240805-03
Vulnerability of HTTP/2 protocol implementation is related to the possibility of forming a stream of requests within an already established network connection without opening new network connections and without confirming receipt of requests. The vulnerability of the HTTP/2 protocol implementatio...
ROS-20240607-04
Vulnerability of the virNetClientIOEventLoop method of the Libvirt virtualization management library is related to incorrect execution of the data pointer to the structure virNetClientIOEventLoop in the virNetClientIOEventLoop method virNetClientIOIOEventData. Exploitation of the vulnerability...
ROS-20240606-01
A vulnerability in QEMU's USB EHCI controller emulation is related to the lack of checks if the buffer pointer overlaps with the MMIO register when transmitting USB packets. the buffer pointer overlaps with the MMIO region when transmitting USB packets. Exploitation of the vulnerability could all...
ROS-20240603-04
Vulnerability of modproxy module of Apache HTTP Server web server is related to failure to take measures to process CRLF sequences in HTTP headers. CRLF sequences in HTTP headers. Exploitation of the vulnerability could allow an attacker, acting remotely to perform HTTP response splitting attacks...
ROS-20240329-02
A vulnerability in the Squid proxy server is related to the dereferencing of an expired pointer. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20231030-01
A vulnerability in the modmacro component of the Apache HTTP Server web server is related to an out-of-field read. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information...
ROS-20230919-02
Vulnerability of FilePickerShownCallback function in Mozilla Firefox, Firefox ESR and Thunderbird e-mail client Thunderbird is related to memory usage after it is freed. Exploitation of the vulnerability could allow a remote attacker to affect the confidentiality, integrity, and availability of...
ROS-20230710-01
A vulnerability in Podman software is related to a type mixing error. Exploitation of the vulnerability could allow an attacker acting remotely to send specially crafted data to the application, cause a type-mixing error, and reinterpret the resulting content differently. The Podman software...
ROS-20221118-04
A vulnerability in Mozilla Firefox browser is related to a post-release memory usage error in the InputStream implementation. Exploitation of the vulnerability could allow an attacker acting remotely, to force a victim to visit a specially crafted website, trigger a post-release usage error and...
ROS-20221103-03
A vulnerability in the Apache Batik XML SVG graphics rendering, generation, and management library is related to the fact that, the application allows Java classes to be run via JavaScript. Exploitation of the vulnerability could allow an attacker acting remotely to use JavaScript to execute a Ja...
ROS-20221025-04
Mozilla Thunderbird email client vulnerability is related to a boundary error in the engine's garbage collector JS. Exploitation of the vulnerability could allow an attacker acting remotely to create a customized website, trick the victim into opening it, cause memory corruption, and execute...
ROS-20220530-04
Vulnerability of Array method of Mozilla Firefox and Mozilla Firefox ESR browsers and Thunderbird mail client is related to code generation errors. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary JavaScript code. remotely to execute arbitrary...
ROS-20220314-02
Vulnerability of copypagetoiterpipe and pushpipe functions of Linux kernel is related to errors when saving permissions. Exploitation of the vulnerability could allow an attacker to overwrite the contents of the page cache of arbitrary files...
ROS-2-576
2.576 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote attacke...
ROS-20240918-04
Webmin hosting control panel vulnerability is related to failure to take measures to protect the structure of a web page. of the web page. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code A vulnerability in the ajaxterm module of the Webmin hosti...
ROS-20240611-12
Vulnerability of the named DNS server daemon BIND is related to an operation overrunning the buffer boundaries in memory as a result of recursion during processing of received packets. as a result of uncontrolled recursion when processing received packets. Exploitation of the vulnerability could...
ROS-20240425-04
A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection negotiation process and remove an arbitrary number of SSH service messages. during the connection negotiation process and cause an arbitrary number of SSH service...
ROS-20240319-01
A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection negotiation process and remove an arbitrary number of SSH service messages. during the connection negotiation process and cause an arbitrary number of SSH service...
ROS-2-461
2.461 BusyBox Denial of Service CVE-2021-28831 1. Vulnerability Description: The vulnerability allows a remote attacker to perform a denial of service DoS attack. The vulnerability exists due to improper handling of the error bit in the huftbuild result pointer in the decopressgunzip.c file. A...
ROS-20231030-05
Apache HTTP Server vulnerability is related to blocking HTTP/2 connection processing if it was opened with 0 initial sliding window size. was opened with the initial sliding window size set to 0. Exploitation of the vulnerability could Allow an attacker acting remotely to cause a denial of servic...
ROS-20230918-02
A vulnerability in the OpenSSL cryptographic library is related to insufficient validation of user input data in the POLY1305 MAC message authentication code implementation. data in the POLY1305 MAC message authentication code implementation. Exploitation of the vulnerability could allow an...
ROS-2-1443
2.1443 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...
ROS-20230414-04
The curl program vulnerability is related to a memory usage error after release when processing rejected requests from HTTP proxy using SMB or TELNET protocols. Exploitation of the vulnerability could allow an attacker acting remotely to cause a post-release memory usage error and cause the...
ROS-20221028-01
Exim mail server vulnerability is related to the dmarcdnslookup function of the dmarc.c file of the DMARC handler component. Exploitation of the vulnerability could allow an attacker acting remotely to cause a memory freeing and gain access to sensitive data Exim mail server vulnerability is...