ROS-20240507-09

Vulnerability in the Extensions component of Microsoft Edge and Google Chrome browsers is related to incorrect security checks for standard elements. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information V8 JavaScript script handler...

ROS-20240401-01

Vulnerability of idedmacb function of QEMU hardware emulator is related to synchronization errors when processing the DRQSTAT parameter. Exploitation of the vulnerability could allow an attacker to gain access to read, modify, or delete data or cause a denial of service Vulnerability in the...

ROS-20240319-01

A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection negotiation process and remove an arbitrary number of SSH service messages. during the connection negotiation process and cause an arbitrary number of SSH service...

ROS-20231114-01

A vulnerability in the Blink Media component of the Google Chrome browser is related to memory usage after it has been after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code A vulnerability in the Blink Frames component of Goog...

ROS-20231030-01

A vulnerability in the modmacro component of the Apache HTTP Server web server is related to an out-of-field read. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information...

ROS-20231013-05

Vulnerability of prfunctiontype function in prdbg.c file of GNU Binutils development tool is related to a memory leak. Exploitation of the vulnerability could allow an attacker to cause a denial of denial of service A vulnerability in the parsestabstructfields function of the GNU development tool...

ROS-20230918-02

A vulnerability in the OpenSSL cryptographic library is related to insufficient validation of user input data in the POLY1305 MAC message authentication code implementation. data in the POLY1305 MAC message authentication code implementation. Exploitation of the vulnerability could allow an...

ROS-2-618

2.618 Multiple vulnerabilities in ISC BIND CVE-2021-25216, CVE-2021-25215, CVE-2021-25214 1. Vulnerability Description: CVE-2021-25216 A vulnerability exists due to a boundary error in the GSS-TSIG extension. A remote attacker can send specially crafted requests to the server, trigger a buffer...

ROS-20230420-01

Vulnerability in the modproxy module of Apache HTTP Server is related to flaws in header handling Transfer-Encoding. Exploitation of the vulnerability could allow an attacker acting remotely to send a hidden HTTP request HTTP Request Smuggling attack. hidden HTTP request HTTP Request Smuggling...

ROS-20230418-05

A vulnerability in the OpenSSL cryptographic library is related to a boundary error in the PEMreadbioex function. Exploitation of the vulnerability could allow an attacker acting remotely to pass a specially crafted PEM file to an application, cause a memory re-release error, and perform a typing...

ROS-20221222-01

A vulnerability in the audinsendopen function of the xrdp server is related to the possibility of a stacked buffer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to a remote machine Vulnerability in devredirprocclientdevlistannouncereq function ...

ROS-20221118-04

A vulnerability in Mozilla Firefox browser is related to a post-release memory usage error in the InputStream implementation. Exploitation of the vulnerability could allow an attacker acting remotely, to force a victim to visit a specially crafted website, trigger a post-release usage error and...

ROS-20221007-04

Vulnerabilities in Firefox, Firefox ESR web browsers and Thunderbird email client are related to errors in the in the presentation of information by the user interface. Exploitation of the vulnerability could allow An attacker acting remotely could disclose protected information Vulnerability in...

ROS-2-1369

2.1369 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...

ROS-2-527

2.527 Denial of Service in libX11CVE-2021-31535 1. Vulnerability Description: The vulnerability allows a local user to execute a denial of service DoS attack. The vulnerability exists due to insufficient validation of color names in the XLookupColor function. A local user can launch a specially...

ROS-20240405-10

A vulnerability in the Perl programming language is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow a remote attacker to cause a denial of service or execute arbitrary code...

ROS-20240329-06

The vulnerability in the WebAudio component of Google Chrome and Microsoft Edge browsers is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code using a specially crafted HTML page A vulnerability in the...

ROS-20240329-02

A vulnerability in the Squid proxy server is related to the dereferencing of an expired pointer. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20240328-04

Vulnerability of Sudo-rs system administration programs is related to insufficient verification of command arguments entered by the user. of command arguments entered by the user. Exploitation of the vulnerability could allow an attacker acting remotely, escalate their privileges by creating a...

ROS-2-461

2.461 BusyBox Denial of Service CVE-2021-28831 1. Vulnerability Description: The vulnerability allows a remote attacker to perform a denial of service DoS attack. The vulnerability exists due to improper handling of the error bit in the huftbuild result pointer in the decopressgunzip.c file. A...

ROS-20221028-01

Exim mail server vulnerability is related to the dmarcdnslookup function of the dmarc.c file of the DMARC handler component. Exploitation of the vulnerability could allow an attacker acting remotely to cause a memory freeing and gain access to sensitive data Exim mail server vulnerability is...

ROS-20221007-05

Firefox browser vulnerability is related to a bounds error in HTML content processing. Exploitation The vulnerability could allow a remote attacker to create a customized website, trick the victim into opening it, cause memory corruption, and execute arbitrary code on the target system. the victi...

ROS-20221007-01

The cURL command line utility vulnerability is related to how cookies with control codes byte values less than 32 are processed. codes byte values less than 32. Exploitation of the vulnerability could allow an attacker acting remotely to send a cookie containing such control codes to a remote use...

ROS-20220701-01

Vim text editor vulnerability is related to boundary conditions in textobject.c. Exploitation The vulnerability could allow a remote attacker to create a special file, trick the victim into opening it, cause a read error outside the boundaries, and read the memory contents. victim to open it, cau...

ROS-20220314-02

Vulnerability of copypagetoiterpipe and pushpipe functions of Linux kernel is related to errors when saving permissions. Exploitation of the vulnerability could allow an attacker to overwrite the contents of the page cache of arbitrary files...

ROS-2-550

2.550 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote attacke...

ROS-2-622

2.622 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote attacke...

ROS-2-661

2.661 Multiple vulnerabilities in Squid CVE-2021-28651, CVE-2021-28662, CVE-2021-28652, CVE-2021-31806, CVE-2021-31808 1. Vulnerability Description: The vulnerability allows a remote attacker to execute a denial-of-service DoS attack.Identifier of the Information Security Threats Data Bank of the...

ROS-2-1303

2.1303 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...

ROS-20240816-16

A vulnerability in the opensslprivatedecrypt function of the PKCS1 Padding Handler component of the PHP programming language interpreter is related to the use of a version of OpenSSL that incorporates changes from the request. PHP programming language interpreter is related to the use of a versio...

ROS-20240726-05

Apache HTTP Server web server vulnerability is related to failure to take measures to handle sequences of CRLF sequences in HTTP headers. Exploitation of the vulnerability could allow an attacker acting remotely, Perform HTTP response splitting attacks Apache HTTP Server vulnerability is related ...

ROS-20240607-04

Vulnerability of the virNetClientIOEventLoop method of the Libvirt virtualization management library is related to incorrect execution of the data pointer to the structure virNetClientIOEventLoop in the virNetClientIOEventLoop method virNetClientIOIOEventData. Exploitation of the vulnerability...

ROS-20240425-04

A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection negotiation process and remove an arbitrary number of SSH service messages. during the connection negotiation process and cause an arbitrary number of SSH service...

ROS-20240408-14

A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection negotiation process and remove an arbitrary number of SSH service messages. during the connection negotiation process and cause an arbitrary number of SSH service...

ROS-20240403-02

Vulnerability of ntfsnamesfullcollate function of NTFS file system for NTFS-3G FUSE module is related to buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code with elevated privileges using a specially crafted NTFS image file The NT...

ROS-20240329-14

Vulnerability of PostgreSQL database management system is related to the possibility of sending signals to superuser processes using the pgsignalbackend role. to superuser processes using the pgsignalbackend role. Exploitation of the vulnerability could allow a remote attacker to cause a denial o...

ROS-20240328-06

A vulnerability in the libssh library is related to NULL pointer dereferencing. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A vulnerability in the ProxyCommand/ProxyJump component of the libssh library is related to improper control of co...

ROS-20231115-04

Visual Studio Coden source code editor vulnerability related to improper control of code generation. code generation. Exploitation of the vulnerability may allow an attacker to execute arbitrary code Visual Studio Code source code editor vulnerability is related to insufficient protection of...

ROS-20230919-04

The vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client browsers is related to the lack of a warning when opening Diagcab files. Exploitation of the vulnerability could allow an attacker to perform a spoofing attack. a spoofing attack. The vulnerability in Mozilla Thunderbi...

ROS-20230915-10

A vulnerability in the Linux kernel memory management system is related to the lack of randomization of the exception handling stacks. of the exception handling stack. Exploitation of the vulnerability could allow an attacker to gain unauthorized access to protected information. Vulnerability of...

ROS-2-509

2.509 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability coul...

ROS-20230414-04

The curl program vulnerability is related to a memory usage error after release when processing rejected requests from HTTP proxy using SMB or TELNET protocols. Exploitation of the vulnerability could allow an attacker acting remotely to cause a post-release memory usage error and cause the...

ROS-20230127-02

Vim text editor vulnerability is related to NULL pointer dereferencing error in function guix11createblankmouse in guix11.c. Exploiting the vulnerability could allow an attacker, remotely, trick the victim into opening a specially crafted file and performing a denial-of-service attack DoS. "denia...

ROS-20221222-03

A vulnerability in the Moodle course management system is related to insufficient validation of user-entered data in the LTI vendor library. data in the LTI vendor's library. Exploitation of the vulnerability could allow an attacker acting remotely to send a specially crafted HTTP request and tri...

ROS-20221103-03

A vulnerability in the Apache Batik XML SVG graphics rendering, generation, and management library is related to the fact that, the application allows Java classes to be run via JavaScript. Exploitation of the vulnerability could allow an attacker acting remotely to use JavaScript to execute a Ja...

ROS-20220701-03

Vulnerability in Mozilla Thunderbird email client is related to improper handling of sandbox header CSP without the "allow scripts" parameter. Exploitation of the vulnerability could allow an attacker acting remotely to use an iframe to bypass an implemented restriction. remotely, use an iframe t...

ROS-2-524

2.524 Multiple vulnerabilities in ISC BIND CVE-2021-25216, CVE-2021-25215, CVE-2021-25214 1. Vulnerability Description: CVE-2021-25216 A vulnerability exists due to a boundary error in the GSS-TSIG extension. A remote attacker can send specially crafted requests to the server, trigger a buffer...

ROS-20211223-06

A vulnerability in the polkitsystembusnamegetcredssync function of the dbus-daemon of the Polkit library is related to with access control flaws. Exploitation of the vulnerability could allow an attacker to escalate their privileges...

ROS-2-654

2.654 BusyBox Denial of Service CVE-2021-28831 1. Vulnerability Description: A vulnerability allows a remote attacker to perform a denial of service DoS attack. The vulnerability exists due to improper handling of the error bit in the huftbuild result pointer in the decopressgunzip.c file. A...

ROS-2-1464

2.1464 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...