8181 matches found
ROS-20240529-01
Vulnerability in the Lightweight HTTP Server component of the Oracle Java SE software platform and virtual machine Oracle GraalVM Enterprise Edition is related to unrestricted resource allocation. Exploitation exploitation of the vulnerability could allow a remote attacker to cause a denial of...
ROS-20240503-01
A vulnerability in the Web Audio component of Microsoft Edge and Google Chrome browsers is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code A vulnerability in the Skia graphics library of Google Chro...
ROS-20240402-17
A vulnerability in the net/http package of the Go programming language is related to information disclosure. vulnerability could allow a remote attacker to disclose protected information. A vulnerability in the cmd-go component of the Go programming language is related to public data transmission...
ROS-20240329-11
Vulnerability of PostgreSQL database management system is related to the possibility of sending signals to superuser processes using the pgsignalbackend role. to superuser processes using the pgsignalbackend role. Exploitation of the vulnerability could allow a remote attacker to cause a denial o...
ROS-20240318-01
Aiohttp HTTP client vulnerability exists due to insufficient input validation. Exploitation vulnerability could allow an attacker acting remotely to modify an HTTP request or create a new HTTP request The aiohttp HTTP client vulnerability is related to code analyzer errors when the header is...
ROS-20230920-03
A vulnerability in the WebP image display module of the Google Chrome browser is related to reading outside the boundaries of the buffer in memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
ROS-20230203-03
A vulnerability in the GNU Binary Utilities binutils object code manipulation toolkit is related to a memory access error. Exploitation of the vulnerability could allow an attacker acting remotely to analyze an ELF file containing corrupted information. remotely, to analyze an ELF file containing...
ROS-20230127-02
Vim text editor vulnerability is related to NULL pointer dereferencing error in function guix11createblankmouse in guix11.c. Exploiting the vulnerability could allow an attacker, remotely, trick the victim into opening a specially crafted file and performing a denial-of-service attack DoS. "denia...
ROS-20220131-01
Vulnerability in the ptp4l service of the LinuxPTP precision time protocol PTP implementation software is caused by an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker, acting remotely, cause the application to crash as a result of creatin...
ROS-2-654
2.654 BusyBox Denial of Service CVE-2021-28831 1. Vulnerability Description: A vulnerability allows a remote attacker to perform a denial of service DoS attack. The vulnerability exists due to improper handling of the error bit in the huftbuild result pointer in the decopressgunzip.c file. A...
ROS-2-550
2.550 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote attacke...
ROS-2-1464
2.1464 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...
ROS-2-655
2.655 Memory Leak in GNU Tar CVE-2021-20193 1. Vulnerability Description: The vulnerability allows a remote attacker to perform a DoS attack on a target system. The vulnerability exists due to a memory leak in the readheader function in list.c. A remote attacker could pass a specially crafted...
ROS-20241112-12
A vulnerability in the drm/vmwgfx components of the Linux operating system kernel is related to memory corruption in the vmwducursormobsize and vmwducursorplanecleanupfb functions in the drivers/gpu/drm/vmwgfx/vmwgfxkms.c. Exploitation of the vulnerability could allow an attacker to elevate the...
ROS-20241105-01
A vulnerability in the i2c component of the Linux kernel is related to a stack overflow in the function mlxbfi2csmbusstarttransaction in drivers/i2c/busses/i2c-mlxbf.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the netfilter componen...
ROS-20240815-05
A vulnerability in the centralized service for maintaining configuration information, naming, providing Apache ZooKeeper's centralized service for maintaining configuration information and naming, providing distributed synchronization, and providing group services is related to the lack of ACL...
ROS-20240813-02
Vulnerability of nvmettcpbuildpduiovec function in drivers/nvme/target/tcp.c module of NVMe driver of Linux kernel is related to null pointer dereference. of Linux operating system is related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denia...
ROS-20240731-05
A vulnerability in the SHA-3 cryptographic hash function of the eXtended Keccak Code Package XKCP software package is related to errors in block processing of input data and type conversion. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code during...
ROS-20240704-07
A vulnerability in the parseQuery function of the Webpack loader-utilss package is related to improperly controlled modification of object characteristic attributes. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary JavaScript code Ansi-regex ANSI...
ROS-20240704-10
A vulnerability in the python38.pth file of the Python programming language interpreter is related to ignoring the sys.path constraints specified in python38.pth . Exploitation of the vulnerability could allow an attacker acting remotely to download code from arbitrary locations A vulnerability i...
ROS-20240627-04
A vulnerability in the ioctl component of the Flatpak application and environment management tool is related to copying text from the virtual console and pasting it into the command buffer, from which the command can be run after exiting the Flatpak application. Exploitation of the vulnerability...
ROS-20240522-05
A vulnerability in the Hotspot component of Java SE software platforms, Oracle GraalVM Enterprise Virtual Machine Edition is related to insufficient input data validation. Exploitation of the vulnerability could allow A remote attacker to create, delete, or modify access to data Vulnerability in...
ROS-20240412-04
A vulnerability in Salt's configuration management and remote execution system is related to the copying a script along a predictable path. Exploitation of the vulnerability could allow an attacker, acting remotely to run their own script. A vulnerability in the symbolic.py component of the Pytho...
ROS-20240410-20
A vulnerability in e-Tugra root certificates of SSL Certifi's SSL certificate validation package is related to with insufficient data authentication. Exploitation of the vulnerability could allow an attacker, acting remotely to execute a man-in-the-middle attack...
ROS-20240403-14
A vulnerability in the Google Sheets data source of the Grafana monitoring and surveillance platform is related to the failure to handling error messages properly, potentially exposing the Google Sheet API key. Exploitation of the vulnerability could allow an attacker acting remotely to gain acce...
ROS-20240402-02
A vulnerability in the CRI-O container mechanism is related to experimental annotation, causing the the container becomes unrestricted. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
ROS-20240402-14
Vulnerability of a VPN packet based on IPSec strongSwan protocol is caused by a bug in the charon-tkm process with the key exchange IKE protocol implementation based on TKMv2 Trusted Key Manager. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
ROS-20240329-05
Vulnerability in the vim text editor is related to the use of an insecure search path. Exploitation exploitation of the vulnerability could allow an attacker to execute arbitrary code Vulnerability in the vimregsubboth function of the vim text editor is caused by a buffer overflow in dynamic...
ROS-20240329-13
Vulnerability of PostgreSQL database management system is related to the possibility of sending signals to superuser processes using the pgsignalbackend role. to superuser processes using the pgsignalbackend role. Exploitation of the vulnerability could allow a remote attacker to cause a denial o...
ROS-20240328-12
The vulnerability of the Sparseunipropstring function of the regcomp.c file of the Perl programming language interpreter is related to the operation exceeding the memory buffer boundaries. is related to an operation exceeding the buffer boundaries in memory. Exploitation of the vulnerability coul...
ROS-20240328-03
Vulnerability of avc420ensurebuffer and avc444ensurebuffer functions of FreeRDP RDP client is related to memory usage after its release. memory usage after memory is freed. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service or other impact A...
ROS-20240328-11
The vulnerability in Curl is related to the installation of "supercookie files" in Curl, which are then passed back to a to more sources. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality of protected information...
ROS-2-1005
2.1005 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote...
ROS-20240208-01
A vulnerability in the sudo system administration program is related to an error in processing ipahostname, where ipahostname from /etc/sssd/sssd.conf was not propagated to sudo. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security restrictions to...
ROS-20230920-01
Vulnerability of winbinddpamauthcrap.c component of Samba networking software package is related to operation exceeding the buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service Vulnerability in SMB2 packet signing...
ROS-20231116-01
A vulnerability in the RoundCube email client is related to improper input neutralization during the creation of a of a web page. Exploitation of the vulnerability could allow an attacker acting remotely to conduct a cross-site scripted attack. cross-site scripting attacks...
ROS-20231016-04
A vulnerability in the VP8 encoding function of the libvpx library in Google Chrome browser is related to a buffer overflow in dynamic memory. buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker, remotely execute arbitrary code when a user opens a speciall...
ROS-20230907-03
The vulnerability in the BIND DNS server is related to a stack buffer overflow when BIND is acting as a "resolver" when the number of recursive queries has reached an acceptable maximum and the server settings have been configured. "resolver", when the number of recursive queries has reached an...
ROS-20230907-04
Vulnerability of DHcheck, DHcheckex or EVPPKEYparamcheck functions of OpenSSL library is related to using a regular expression with inefficient computational complexity. Exploitation of the vulnerability could allow a remote attacker to cause a denial of service. Vulnerability of DHcheck,...
ROS-20230825-05
The QEMU hardware emulator vulnerability is related to the VNC server, when a client connects to the server, QEMU checks if the current number of connections exceeds a certain threshold, and if so, clears the previous connection, if the previous connection is in the confirmation phase and fails,...
ROS-2-540
2.540 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...
ROS-2-599
2.599 Denial of service in libX11CVE-2021-31535 1. Vulnerability Description: The vulnerability allows a local user to execute a denial of service DoS attack. The vulnerability exists due to insufficient validation of color names in the XLookupColor function. A local user can launch a specially...
ROS-2-507
2.507 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability Description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...
ROS-20230428-03
A vulnerability in the WSGI Werkzeug web application library is related to the fact that the application does not properly control the consumption of internal resources when parsing data from a composite form with a large number of fields. internal resource consumption when parsing data from a...
ROS-20230124-02
Vim text editor vulnerability is related to an incorrect memory access error with collapsing and using "L" in the src/normal.c function. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a buffer overflow and denial of service...
ROS-20221216-02
A vulnerability in the Rsync file transfer and synchronization utility is related to authorization errors. Exploitation of the vulnerability could allow an attacker acting remotely to write arbitrary files...
ROS-20221216-01
A vulnerability in the libarchive archiving library is related to the lack of error checking after the call to the calloc function, which may return with a NULL pointer in case of a function crash, resulting in a NULL pointer dereference. resultant dereferencing of the NULL pointer. Exploitation ...
ROS-20220324-01
Vulnerability of cgroupreleaseagentwrite function kernel/cgroup/cgroup-v1.c of Linux kernel is related to lack of privilege control when setting releaseagent. Linux kernel is related to lack of privilege control when setting releaseagent. Exploiting the vulnerability could allow an attacker to...
ROS-2-602
2.602 Vulnerability in Mozilla Firefox browser CVE-2021-29967 1. Vulnerability description: A vulnerability in the Mozilla Firefox browser that allows an attacker to execute arbitrary code on the target system.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia: 2...
ROS-2-715
2.715 Multiple vulnerabilities in libwebp 1. Vulnerability Description: CVE-2020-36332 A vulnerability in the libwebp library for encoding and decoding WebP images, is related to improper control of internal resource consumption. Exploitation of the vulnerability could allow an attacker acting...