8110 matches found
ROS-20240506-02
A vulnerability in the Glib library is related to GVariant deserialization. Exploitation of the vulnerability could allow an attacker to cause a denial of service Vulnerability of Glib library function gbytearraynewtake is related to buffer copying without checking the the size of the input data...
ROS-2-1443
2.1443 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...
ROS-20230414-04
The curl program vulnerability is related to a memory usage error after release when processing rejected requests from HTTP proxy using SMB or TELNET protocols. Exploitation of the vulnerability could allow an attacker acting remotely to cause a post-release memory usage error and cause the...
ROS-20221007-01
The cURL command line utility vulnerability is related to how cookies with control codes byte values less than 32 are processed. codes byte values less than 32. Exploitation of the vulnerability could allow an attacker acting remotely to send a cookie containing such control codes to a remote use...
ROS-20240925-01
A vulnerability in the max3100 component of the Linux kernel is related to NULL pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service Vulnerability in the afalg component of the Linux kernel is related to NULL pointer dereferencing...
ROS-20240829-02
A vulnerability in the hciqca component of the Linux operating system kernel is related to memory usage after a release. Exploitation of the vulnerability could allow an attacker to cause a denial of service Vulnerability in the gso component of the Linux operating system kernel is related to the...
ROS-20240826-01
Vulnerability of HTTP/2 protocol implementation is related to the possibility of forming a stream of requests within an already established network connection without opening new network connections and without confirming receipt of requests. The vulnerability of the HTTP/2 protocol implementatio...
ROS-20240819-02
A vulnerability in the felixsetupmmiofiltering function in the felix component of the Linux kernel operating system is related to memory leaks if the CPU port is not defined. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the null-ptr-der...
ROS-20240814-02
Vulnerability of the Linux kernel NCI protocol implementation is related to the null pointer dereferencing. pointer. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the dbgfstargetidswrite function in the dbgfs component of the Linux...
ROS-20240611-09
A vulnerability in the BIND DNS server is related to a flaw in the use of assert. Exploitation vulnerability could allow an attacker acting remotely to cause a denial of service via the named parameter during DNS64 and serve-stale interaction A vulnerability in the named component of the DNS BIND...
ROS-20240611-14
The QEMU hardware emulator vulnerability is related to an infinite loop error in QEMU emulation of a USB xHCI controller when calculating the length of the transfer request block TRB ring. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in th...
ROS-20240328-04
Vulnerability of Sudo-rs system administration programs is related to insufficient verification of command arguments entered by the user. of command arguments entered by the user. Exploitation of the vulnerability could allow an attacker acting remotely, escalate their privileges by creating a...
ROS-20230919-04
The vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client browsers is related to the lack of a warning when opening Diagcab files. Exploitation of the vulnerability could allow an attacker to perform a spoofing attack. a spoofing attack. The vulnerability in Mozilla Thunderbi...
ROS-2-509
2.509 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability coul...
ROS-20230124-05
A vulnerability in the X Pixmap XPM libXpm image file library is related to an infinite loop when processing unclosed comments in XPM images in the ParseComment function. loop when processing unclosed comments in XPM images in the ParseComment function. Exploitation The vulnerability could allow ...
ROS-20220701-01
Vim text editor vulnerability is related to boundary conditions in textobject.c. Exploitation The vulnerability could allow a remote attacker to create a special file, trick the victim into opening it, cause a read error outside the boundaries, and read the memory contents. victim to open it, cau...
ROS-20220701-03
Vulnerability in Mozilla Thunderbird email client is related to improper handling of sandbox header CSP without the "allow scripts" parameter. Exploitation of the vulnerability could allow an attacker acting remotely to use an iframe to bypass an implemented restriction. remotely, use an iframe t...
ROS-2-1369
2.1369 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...
ROS-2-1303
2.1303 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...
ROS-20240923-02
Vulnerability of ANGLE library in Mozilla Firefox, Firefox ESR and Thunderbird email client browsers is related to writing beyond buffer boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service...
ROS-20240816-10
A vulnerability in the PHP programming language interpreter is related to the erroneous handling of cookies due to the replacement of spaces, dots, and open square brackets with underscores. as a result of replacing spaces, periods and open square brackets with underscores. Exploitation...
ROS-20240627-01
A vulnerability in the implementation of the CORS mechanism of Microsoft Edge and Google Chrome browsers is related to weaknesses in the access controls. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security restrictions and disclose protected...
ROS-20240503-05
Microsoft Visual Studio Codef source code editor vulnerability is related to flaws in access control. access. Exploitation of the vulnerability could allow an attacker acting remotely to elevate his or her privileges...
ROS-20240418-08
A vulnerability in the Browserify-sign cryptographic functionality duplication package is related to the upper bound check in the dsaVerify function. Exploitation of the vulnerability could allow an attacker, acting remotely, to create signatures that can be successfully verified by any public ke...
ROS-20240418-05
A vulnerability in the Xreader e-document viewer software is related to the lack of failure to properly validate a user-entered string before using it to make a system call. call. Exploitation of the vulnerability could allow an attacker to execute arbitrary code A vulnerability in the Xreader...
ROS-20240329-14
Vulnerability of PostgreSQL database management system is related to the possibility of sending signals to superuser processes using the pgsignalbackend role. to superuser processes using the pgsignalbackend role. Exploitation of the vulnerability could allow a remote attacker to cause a denial o...
ROS-20240329-06
The vulnerability in the WebAudio component of Google Chrome and Microsoft Edge browsers is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code using a specially crafted HTML page A vulnerability in the...
ROS-20230918-04
A vulnerability in the Poppler PDF rendering library is related to the lack of thread checking before saving the embedded main function file in pdfunite.cc. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. A vulnerability in the Poppler PDF...
ROS-20230915-10
A vulnerability in the Linux kernel memory management system is related to the lack of randomization of the exception handling stacks. of the exception handling stack. Exploitation of the vulnerability could allow an attacker to gain unauthorized access to protected information. Vulnerability of...
ROS-20230908-06
LibTIFF library vulnerability is related to buffer overflow in Fax3Encode function in libtiff/tiffiffax3.c. Exploitation of the vulnerability could allow a remote attacker to trick a victim into opening a specially crafted file and executing a type of attack. the victim to open a specially crafte...
ROS-20230620-03
A vulnerability in the HAProxy server software is related to a flaw in HTTP request processing. Exploitation of the vulnerability could allow an attacker acting remotely to execute a "smuggling of HTTP requests" attack...
ROS-20230428-04
The vulnerability in the Pillow image library is related to improper internal resource management when working with highly compressed GIF data. resources when working with highly compressed GIF data. Exploitation of the vulnerability could allow an attacker, acting remotely, transfer a specially...
ROS-20220125-02
Nginx web server vulnerability is related to a logical error in TLS implementation when working with different protocols but using compatible certificates, such as multi-domain or wildcard certificates. certificates. Exploitation of the vulnerability could allow an attacker acting remotely to...
ROS-2-524
2.524 Multiple vulnerabilities in ISC BIND CVE-2021-25216, CVE-2021-25215, CVE-2021-25214 1. Vulnerability Description: CVE-2021-25216 A vulnerability exists due to a boundary error in the GSS-TSIG extension. A remote attacker can send specially crafted requests to the server, trigger a buffer...
ROS-2-818
2.818 BusyBox Denial of Service CVE-2021-28831 1. Vulnerability Description: The vulnerability allows a remote attacker to perform a denial of service DoS attack. The vulnerability exists due to improper handling of the error bit in the huftbuild result pointer in the decopressgunzip.c file. A...
ROS-20211223-06
A vulnerability in the polkitsystembusnamegetcredssync function of the dbus-daemon of the Polkit library is related to with access control flaws. Exploitation of the vulnerability could allow an attacker to escalate their privileges...
ROS-2-710
2.710 Denial of Service in Libxml2 CVE-2021-3541 1. Vulnerability Description: The vulnerability allows a remote attacker to perform a denial of service DoS attack. The vulnerability exists due to insufficient validation of user input. A remote attacker can pass specially crafted input data to an...
ROS-2-622
2.622 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote attacke...
ROS-2-527
2.527 Denial of Service in libX11CVE-2021-31535 1. Vulnerability Description: The vulnerability allows a local user to execute a denial of service DoS attack. The vulnerability exists due to insufficient validation of color names in the XLookupColor function. A local user can launch a specially...
ROS-20250417-05
Ingress controller vulnerability in the Kubernetes ingress-nginx cluster is related to the use of the Ingress mirror-target and mirror-host annotations to inject configuration into nginx. Exploitation of the The vulnerability could allow an attacker acting remotely to execute arbitrary code...
ROS-20241015-13
A vulnerability in the libceph component of the Linux kernel is related to incorrect input validation of the in the getreply and prepnextsparseread functions in net/ceph/osdclient.c, in the decrypttail and preparereadtailplain in net/ceph/messengerv2.c, in sizeoffooter, readpartialsparsemsgdata,...
ROS-20240924-04
A vulnerability in the fastrpc component of the Linux operating system kernel is related to race conditions after a memory release. Exploitation of the vulnerability could allow an attacker to affect the confidentiality, integrity, and availability A vulnerability in the usbsubmiturb function of...
ROS-20240816-16
A vulnerability in the opensslprivatedecrypt function of the PKCS1 Padding Handler component of the PHP programming language interpreter is related to the use of a version of OpenSSL that incorporates changes from the request. PHP programming language interpreter is related to the use of a versio...
ROS-20240725-08
A vulnerability in the NVIDIA GPU Display Driver software driver for Linux is related to writing outside of memory boundaries. Exploitation of the vulnerability could allow an attacker to elevate privileges, disclose sensitive information, or spoof data A vulnerability in the NVIDIA GPU Display...
ROS-20240730-13
A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection negotiation process and remove an arbitrary number of SSH service messages. during the connection negotiation process and cause an arbitrary number of SSH service...
ROS-20240725-02
Squid proxy vulnerability is related to SSL/TLS certificate validation errors. Exploitation The vulnerability could allow a remote attacker to cause a denial of service...
ROS-20240503-01
A vulnerability in the Web Audio component of Microsoft Edge and Google Chrome browsers is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code A vulnerability in the Skia graphics library of Google Chro...
ROS-20240408-14
A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection negotiation process and remove an arbitrary number of SSH service messages. during the connection negotiation process and cause an arbitrary number of SSH service...
ROS-20240404-02
Vulnerability of aresinetnetpton function of C-ares asynchronous DNS query library is related to violation of the initial buffer boundary. the initial buffer boundary. Exploitation of the vulnerability could allow an attacker to gain access to confidential data, violate its integrity, and cause a...
ROS-20240402-17
A vulnerability in the net/http package of the Go programming language is related to information disclosure. vulnerability could allow a remote attacker to disclose protected information. A vulnerability in the cmd-go component of the Go programming language is related to public data transmission...