8244 matches found
ROS-2-550
2.550 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote attacke...
ROS-2-1464
2.1464 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...
ROS-2-654
2.654 BusyBox Denial of Service CVE-2021-28831 1. Vulnerability Description: A vulnerability allows a remote attacker to perform a denial of service DoS attack. The vulnerability exists due to improper handling of the error bit in the huftbuild result pointer in the decopressgunzip.c file. A...
ROS-20250417-05
Ingress controller vulnerability in the Kubernetes ingress-nginx cluster is related to the use of the Ingress mirror-target and mirror-host annotations to inject configuration into nginx. Exploitation of the The vulnerability could allow an attacker acting remotely to execute arbitrary code...
ROS-20241105-01
A vulnerability in the i2c component of the Linux kernel is related to a stack overflow in the function mlxbfi2csmbusstarttransaction in drivers/i2c/busses/i2c-mlxbf.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the netfilter componen...
ROS-20241015-13
A vulnerability in the libceph component of the Linux kernel is related to incorrect input validation of the in the getreply and prepnextsparseread functions in net/ceph/osdclient.c, in the decrypttail and preparereadtailplain in net/ceph/messengerv2.c, in sizeoffooter, readpartialsparsemsgdata,...
ROS-20240924-04
A vulnerability in the fastrpc component of the Linux operating system kernel is related to race conditions after a memory release. Exploitation of the vulnerability could allow an attacker to affect the confidentiality, integrity, and availability A vulnerability in the usbsubmiturb function of...
ROS-20240816-16
A vulnerability in the opensslprivatedecrypt function of the PKCS1 Padding Handler component of the PHP programming language interpreter is related to the use of a version of OpenSSL that incorporates changes from the request. PHP programming language interpreter is related to the use of a versio...
ROS-20240730-13
A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection negotiation process and remove an arbitrary number of SSH service messages. during the connection negotiation process and cause an arbitrary number of SSH service...
ROS-20240529-01
Vulnerability in the Lightweight HTTP Server component of the Oracle Java SE software platform and virtual machine Oracle GraalVM Enterprise Edition is related to unrestricted resource allocation. Exploitation exploitation of the vulnerability could allow a remote attacker to cause a denial of...
ROS-20240503-01
A vulnerability in the Web Audio component of Microsoft Edge and Google Chrome browsers is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code A vulnerability in the Skia graphics library of Google Chro...
ROS-20240403-14
A vulnerability in the Google Sheets data source of the Grafana monitoring and surveillance platform is related to the failure to handling error messages properly, potentially exposing the Google Sheet API key. Exploitation of the vulnerability could allow an attacker acting remotely to gain acce...
ROS-20240402-17
A vulnerability in the net/http package of the Go programming language is related to information disclosure. vulnerability could allow a remote attacker to disclose protected information. A vulnerability in the cmd-go component of the Go programming language is related to public data transmission...
ROS-20240329-11
Vulnerability of PostgreSQL database management system is related to the possibility of sending signals to superuser processes using the pgsignalbackend role. to superuser processes using the pgsignalbackend role. Exploitation of the vulnerability could allow a remote attacker to cause a denial o...
ROS-20240328-12
The vulnerability of the Sparseunipropstring function of the regcomp.c file of the Perl programming language interpreter is related to the operation exceeding the memory buffer boundaries. is related to an operation exceeding the buffer boundaries in memory. Exploitation of the vulnerability coul...
ROS-20240328-03
Vulnerability of avc420ensurebuffer and avc444ensurebuffer functions of FreeRDP RDP client is related to memory usage after its release. memory usage after memory is freed. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service or other impact A...
ROS-20240318-01
Aiohttp HTTP client vulnerability exists due to insufficient input validation. Exploitation vulnerability could allow an attacker acting remotely to modify an HTTP request or create a new HTTP request The aiohttp HTTP client vulnerability is related to code analyzer errors when the header is...
ROS-20240208-01
A vulnerability in the sudo system administration program is related to an error in processing ipahostname, where ipahostname from /etc/sssd/sssd.conf was not propagated to sudo. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security restrictions to...
ROS-20231116-01
A vulnerability in the RoundCube email client is related to improper input neutralization during the creation of a of a web page. Exploitation of the vulnerability could allow an attacker acting remotely to conduct a cross-site scripted attack. cross-site scripting attacks...
ROS-20230907-03
The vulnerability in the BIND DNS server is related to a stack buffer overflow when BIND is acting as a "resolver" when the number of recursive queries has reached an acceptable maximum and the server settings have been configured. "resolver", when the number of recursive queries has reached an...
ROS-2-540
2.540 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...
ROS-20230428-03
A vulnerability in the WSGI Werkzeug web application library is related to the fact that the application does not properly control the consumption of internal resources when parsing data from a composite form with a large number of fields. internal resource consumption when parsing data from a...
ROS-20230203-03
A vulnerability in the GNU Binary Utilities binutils object code manipulation toolkit is related to a memory access error. Exploitation of the vulnerability could allow an attacker acting remotely to analyze an ELF file containing corrupted information. remotely, to analyze an ELF file containing...
ROS-20221216-02
A vulnerability in the Rsync file transfer and synchronization utility is related to authorization errors. Exploitation of the vulnerability could allow an attacker acting remotely to write arbitrary files...
ROS-20220131-01
Vulnerability in the ptp4l service of the LinuxPTP precision time protocol PTP implementation software is caused by an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker, acting remotely, cause the application to crash as a result of creatin...
ROS-2-602
2.602 Vulnerability in Mozilla Firefox browser CVE-2021-29967 1. Vulnerability description: A vulnerability in the Mozilla Firefox browser that allows an attacker to execute arbitrary code on the target system.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia: 2...
ROS-2-480
2.480 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability Description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...
ROS-2-655
2.655 Memory Leak in GNU Tar CVE-2021-20193 1. Vulnerability Description: The vulnerability allows a remote attacker to perform a DoS attack on a target system. The vulnerability exists due to a memory leak in the readheader function in list.c. A remote attacker could pass a specially crafted...
ROS-2-439
2.439 Vulnerability in GNU C Library glibc 2.32 CVE-2016-10228,CVE-2020-10029. 1. Vulnerability Description: CVE-2016-10228 Looping in iconv utility, manifested when run with "-c" option, in case of incorrect multibyte data processing. CVE-2020-10029 Stack corruption when trigonometric functions...
ROS-2-715
2.715 Multiple vulnerabilities in libwebp 1. Vulnerability Description: CVE-2020-36332 A vulnerability in the libwebp library for encoding and decoding WebP images, is related to improper control of internal resource consumption. Exploitation of the vulnerability could allow an attacker acting...
ROS-2-474
2.474 Denial of Service in Libxml2 CVE-2021-3541 1. Vulnerability Description: The vulnerability allows a remote attacker to perform a denial of service DoS attack. The vulnerability exists due to insufficient validation of user input. A remote attacker can pass specially crafted input data to an...
ROS-20241112-12
A vulnerability in the drm/vmwgfx components of the Linux operating system kernel is related to memory corruption in the vmwducursormobsize and vmwducursorplanecleanupfb functions in the drivers/gpu/drm/vmwgfx/vmwgfxkms.c. Exploitation of the vulnerability could allow an attacker to elevate the...
ROS-20240815-05
A vulnerability in the centralized service for maintaining configuration information, naming, providing Apache ZooKeeper's centralized service for maintaining configuration information and naming, providing distributed synchronization, and providing group services is related to the lack of ACL...
ROS-20240813-02
Vulnerability of nvmettcpbuildpduiovec function in drivers/nvme/target/tcp.c module of NVMe driver of Linux kernel is related to null pointer dereference. of Linux operating system is related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denia...
ROS-20240731-05
A vulnerability in the SHA-3 cryptographic hash function of the eXtended Keccak Code Package XKCP software package is related to errors in block processing of input data and type conversion. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code during...
ROS-20240704-10
A vulnerability in the python38.pth file of the Python programming language interpreter is related to ignoring the sys.path constraints specified in python38.pth . Exploitation of the vulnerability could allow an attacker acting remotely to download code from arbitrary locations A vulnerability i...
ROS-20240704-07
A vulnerability in the parseQuery function of the Webpack loader-utilss package is related to improperly controlled modification of object characteristic attributes. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary JavaScript code Ansi-regex ANSI...
ROS-20240627-04
A vulnerability in the ioctl component of the Flatpak application and environment management tool is related to copying text from the virtual console and pasting it into the command buffer, from which the command can be run after exiting the Flatpak application. Exploitation of the vulnerability...
ROS-20240522-05
A vulnerability in the Hotspot component of Java SE software platforms, Oracle GraalVM Enterprise Virtual Machine Edition is related to insufficient input data validation. Exploitation of the vulnerability could allow A remote attacker to create, delete, or modify access to data Vulnerability in...
ROS-20240412-04
A vulnerability in Salt's configuration management and remote execution system is related to the copying a script along a predictable path. Exploitation of the vulnerability could allow an attacker, acting remotely to run their own script. A vulnerability in the symbolic.py component of the Pytho...
ROS-20240410-20
A vulnerability in e-Tugra root certificates of SSL Certifi's SSL certificate validation package is related to with insufficient data authentication. Exploitation of the vulnerability could allow an attacker, acting remotely to execute a man-in-the-middle attack...
ROS-20240402-02
A vulnerability in the CRI-O container mechanism is related to experimental annotation, causing the the container becomes unrestricted. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
ROS-20240402-14
Vulnerability of a VPN packet based on IPSec strongSwan protocol is caused by a bug in the charon-tkm process with the key exchange IKE protocol implementation based on TKMv2 Trusted Key Manager. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
ROS-20240329-05
Vulnerability in the vim text editor is related to the use of an insecure search path. Exploitation exploitation of the vulnerability could allow an attacker to execute arbitrary code Vulnerability in the vimregsubboth function of the vim text editor is caused by a buffer overflow in dynamic...
ROS-20240329-13
Vulnerability of PostgreSQL database management system is related to the possibility of sending signals to superuser processes using the pgsignalbackend role. to superuser processes using the pgsignalbackend role. Exploitation of the vulnerability could allow a remote attacker to cause a denial o...
ROS-20240328-11
The vulnerability in Curl is related to the installation of "supercookie files" in Curl, which are then passed back to a to more sources. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality of protected information...
ROS-2-1005
2.1005 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...
ROS-20230920-01
Vulnerability of winbinddpamauthcrap.c component of Samba networking software package is related to operation exceeding the buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service Vulnerability in SMB2 packet signing...
ROS-20231016-04
A vulnerability in the VP8 encoding function of the libvpx library in Google Chrome browser is related to a buffer overflow in dynamic memory. buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker, remotely execute arbitrary code when a user opens a speciall...
ROS-20230915-15
A vulnerability in the mailcap module of the Python programming language interpreter is related to insufficient verification of the of arguments passed to a command. Exploitation of the vulnerability could allow an attacker acting remotely to execute an arbitrary command...