8181 matches found
ROS-20251201-02
A vulnerability in the vfsinode.c component of the Linux kernel is related to the use of an uninitialized resource. of an uninitialized resource. Exploitation of the vulnerability could allow an attacker to cause a denial of denial of service A vulnerability in the llcpsock.c component of the Lin...
ROS-20251128-02
A vulnerability in OpenBao's secret management and encryption system is related to the fact that OpenBao's audit logs incorrectly edited fields when the corresponding subsystems sent byte response parameters rather than strings. strings. Exploitation of the vulnerability could allow an attacker...
ROS-20251125-04
A vulnerability in OpenBao's secret management and encryption system is related to the fact that the software stores sensitive information in log files. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to confidential information...
ROS-20251125-12
Vulnerability of QuerySet and Q objects of Django web application development platform is related to failure to take measures to protect the SQL query structure when processing an argument with the connector keyword. Exploitation of the vulnerability could allow an attacker acting remotely to...
ROS-20251125-01
A vulnerability in the cross-platform software development framework Qt is related to a bug in the data boundary checking when reading data from Bluetooth L2CAP socket in processUnsolicitedReply and processReply in bluetooth/qlowenergycontrollerbluez.cpp. Exploitation of the vulnerability could...
ROS-20251125-06
A vulnerability in the Moodle virtual learning environment is related to the disclosure of hidden group names to users, who have permission to create events in the calendar. Exploitation of the vulnerability could allow an attacker, acting remotely, to gain unauthorized access to protected...
ROS-20251124-05
The Redis database management system DBMS vulnerability is related to the use of memory after its release. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
ROS-20251117-08
Vulnerability of the ksmbdexpiresession function in the fs/smb/server/mgmt/usersession.c module of the in-core CIFS/SMB3 ksmbd server kernel of the Linux operating system is related to reuse of previously of previously freed memory. Exploitation of the vulnerability could allow an attacker to...
ROS-20251117-04
A vulnerability in the LXD container and lightweight virtual machine management system is related to redundant API data output. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to potentially sensitive information The vulnerability in the LXD container and...
ROS-20251021-01
The vulnerability of the parisc component of the Linux kernel is related to incorrect error handling in the fixupexception function in arch/parisc/mm/fault.c, as well as in emulateldh, emulateldw, emulateldd, emulatesth, emulatestw, and emulatestd in arch/parisc/kernel/unaligned.c. Exploitation o...
ROS-20251016-04
Vulnerability of X509VERIFYPARAMadd0policy function of OpenSSL library is related to errors in the procedure of of certificate authentication. Exploitation of the vulnerability could allow an attacker acting remotely to perform a "man-in-the-middle" type of attack. remotely to perform a...
ROS-20250925-04
Vulnerability of TarFile.extractall and TarFile.extract functions of tarfile module of Python programming language interpreter CPython is related to incorrect restriction of path name of the directory with restricted directory. Python programming language interpreter CPython functions...
ROS-20250822-07
Vulnerability of parse.ParseUnverified function of golang-jwt web token library of Go programming language is related to uncontrolled resource consumption. Go programming language is related to uncontrolled resource consumption. Exploitation of the vulnerability allows an attacker acting remotely...
ROS-20250822-13
Vulnerability of HTTP/2 protocol implementation is related to the possibility of forming a stream of requests within an already established network connection without opening new network connections and without confirming receipt of requests. The vulnerability of the HTTP/2 protocol implementatio...
ROS-20250821-08
A vulnerability in the TCPDF PHP library is related to reading arbitrary files from the server's file system via the src tag. Exploitation of the vulnerability could allow an attacker to gain access to sensitive information. information Vulnerability in TCPDF PHP library is related to improper...
ROS-20250819-05
Vulnerability of TarFile.extractall and TarFile.extract functions of tarfile module of Python programming language interpreter CPython is related to incorrect restriction of path name of restricted directory. Python programming language interpreter CPython functions TarFile.extractall and...
ROS-20250813-11
A vulnerability in the SMM component of AMD GPU firmware is related to incorrect processing of some special address ranges with invalid entries in the device table DTE. device table entries DTE. Exploitation of the vulnerability could allow an attacker to escalate privileges on the system A...
ROS-20250806-01
Squid proxy server vulnerability is related to buffer overflow in dynamic memory when processing URN headers. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code by sending specially crafted HTTP requests. arbitrary code by sending specially crafted HTTP...
ROS-20250801-01
A vulnerability in a set of add-on tools and libraries for the Go language designed to integrate with the OpenTelemetry, OpenTelemetry-Go Contrib is related to unconstrained and unregulated resource allocation when adding net.peer.sock.addr and net.peer.sock.port tags. regulation when adding...
ROS-20250724-11
Vulnerability in Apache HTTP Server web server kernel is related to access control bypass with resume session resumption in modssl. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the enforced security restrictions...
ROS-20250724-06
A vulnerability in the Ruby websocket-extensions module that supports the implementation of WebSocket extensions is related to spending quadratic time parsing a header containing an unclosed string parameter value, which is a repeating two-byte sequence of backslash and some of backslash and some...
ROS-20250710-14
Apache Tomcat application server vulnerability is related to unrestricted resource allocation. Exploitation of the vulnerability could allow a remote attacker to cause a denial of service...
ROS-20250625-09
A vulnerability in the Apache Commons Configuration library is related to mismanagement of code generation. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code using specially crafted script, dns, and url requests. using specially crafted script, dn...
ROS-20250625-03
Vulnerability of eachpair function from strongparameters.rb of Ruby on Rails software platform is related to recovery of an invalid data structure in memory. Exploitation of the vulnerability could allow a remote attacker to gain access to confidential data Vulnerability in Ruby on Rails software...
ROS-20250624-01
A vulnerability in the SEV-SNP functions of AMD processor firmware is related to incorrectly input validation for serial presence detection DIMM SPD metadata. Exploitation of the vulnerability allows an attacker to overwrite guest memory, resulting in a loss of the guest data integrity...
ROS-20250619-01
A vulnerability in the Rack module interface of the Ruby programming language interpreter is related to sending requests with an extremely large number of parameters. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A vulnerability in the Rack...
ROS-20250619-15
A software vulnerability in the Grafana monitoring and surveillance platform is related to a vulnerability in the of the XY Chart plugin to DOM XSS. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code Grafana monitoring and surveillance platform...
ROS-20250619-11
The vulnerability of Pgpool-II connection balancing and management software tools is related to errors of input validation errors when processing directory traversal sequences in filenames. Exploitation exploitation of the vulnerability could allow a remote attacker to perform directory traversal...
ROS-20250619-13
The vulnerability of Pgpool-II connection balancing and management software tools is related to errors of input validation errors when processing directory traversal sequences in filenames. Exploitation exploitation of the vulnerability could allow a remote attacker to perform directory traversal...
ROS-20250619-05
A vulnerability in the PostgreSQL PgBouncer connection pooling program is related to the fact that a password can be used after it expires, because authquery does not take into account the value of Postgre's VALID UNTIL. Exploitation of the vulnerability allows an attacker acting remotely to gain...
ROS-20250619-07
Vulnerability in Nextcloud cloud storage creation and utilization software Server is related to a lack of quota checking for attachments. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A vulnerability in cloud software for creating and...
ROS-20250616-22
A vulnerability in the Zabbix Universal Monitoring System server is related to excessive data output by an by the application. Exploitation of the vulnerability could allow a remote attacker to gain access to potentially sensitive information. to potentially sensitive information. A vulnerability...
ROS-20250616-14
Vulnerability in libpq library of PostgreSQL database management system is associated with buffer overflow when checking PostgreSQL GB18030 encoding. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service...
ROS-20250526-03
Nomad application orchestrator vulnerability related to vulnerability to directory path escaping Distributions. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive data...
ROS-20250526-02
Vulnerability in archive-zip package of Golang programming language is related to incorrect processing of zip files. zip files. Exploitation of the vulnerability could allow an attacker to create an arbitrary zip file...
ROS-20250522-01
Vulnerability in the scsi component of the Linux operating system kernel is related to a use-after release in the scsihexpandernoderemove function in drivers/scsi/mpt3sas/mpt3sasscsih.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the...
ROS-2-35
2.35 Notification on update of the RAND OPERATION SYSTEM "RED OS" RU.29926343.02.01-01-24 RED SOFT LLC notifies about the completion of the testing procedure and release of the updated RED OS 7.3 distribution. In order to update your copy of RED OS to the current state, you need to perform a...
ROS-2-65
2.65 Notification on update of the RAND OPERATION SYSTEM "RED OS" RU.29926343.02.01-01-24 RED SOFT LLC notifies about the completion of the testing procedure and release of the updated RED OS 7.3 distribution. In order to update your copy of RED OS to the current state, you need to perform a...
ROS-2-223
2.223 Notification on the update of the Red OS OPERATION SYSTEM MIS RED SOFT LLC notifies of the renewal of the previously obtained certificate of conformity of FSTEC of Russia â„–4060 until 12.01.2029 of the operating system "RED OS", decimal number RU.29926343.02.01-01. You can contact the...
ROS-2-407
2.407 Notification on update of the Red OS OPERATION SYSTEM RU.29926343.02.01-01-24 RED SOFT LLC notifies about the completion of the testing procedure and release of the updated RED OS 7.3 distribution. In order to update your copy of RED OS to the current state, you need to perform a standard...
ROS-2-261
2.261 Notification on the update of MIS OPERATION SYSTEM "RED OS" No. RU.29926343.02.01-01-24 RED SOFT LLC notifies about the completion of the testing procedure and release of the updated RED OS 7.3 distribution. In order to update your copy of RED OS to the current state, you need to perform a...
ROS-2-138
2.138 Notification on updating of the Anti-Malware Protection System "RED OS" No. RU.29926343.02.01-01-24 RED SOFT LLC notifies about the completion of the testing procedure and release of the updated RED OS 7.3 distribution. In order to update your copy of RED OS to the current state, you need t...
ROS-20250505-12
A vulnerability in the OpenSSH cryptographic security tool is related to the fact that a challenge is only sent if the the combination of username and public key can be valid for logging in. Exploitation of the vulnerability allows an attacker acting remotely to gain access to sensitive data. dat...
ROS-20250424-34
A vulnerability in the libxml2 library is related to out-of-bounds reads that occur in Python APIs Python bindings due to an invalid return value. Exploitation of the vulnerability could allow An attacker acting remotely to cause a denial of service...
ROS-20250424-06
A vulnerability in the listitemverbose function of the Libarchive library is related to a bounds error in the processing of .tar .tar files in the listitemverbose function in tar/util.c. Exploitation of the vulnerability could allow an attacker to execute arbitrary code on the target system A...
ROS-20250421-01
Vulnerability of the vmfaultt vasmmapfault function of the arch/powerpc/platforms/book3s/vas-api.c module of the kernel of the of Linux operating system is related to reuse of previously freed memory. Exploitation exploitation of the vulnerability may allow an intruder to affect confidentiality,...
ROS-20250417-03
The Jenkins Automation Server vulnerability is related to the fact that the vulnerable plugin does not edit encrypted secret values when accessing config.xml of agents via REST API or CLI. Exploitation of the vulnerability could Allow an attacker acting remotely to gain access to potentially...
ROS-20250403-04
A vulnerability in the Go programming language is related to improper syntax correctness checking of input. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service...
ROS-20250403-12
OpenSearch software package vulnerability related to out-of-bounds memory reads. Exploitation of the vulnerability could allow an attacker to obtain sensitive data...
ROS-20250402-08
The vulnerability in HashiCorp's Vault and Vault Enterprise enterprise information archiving platforms is related to the fact that the application allows the use of entity aliases mapped to a single resource with the same alias name. Exploitation of the vulnerability could allow an attacker actin...