ROS-2-482

2.482 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability coul...

ROS-2-1328

2.1328 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability...

ROS-20240226-02

A vulnerability in Microsoft's .NET Framework software platform is related to incorrectly restricting XML links to external objects. external objects. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information...

ROS-20240226-01

A vulnerability in the mustmkdirandopenwithperms function of the snap-confine utility is related to synchronization errors when using a shared resource "Race Situation". Exploitation of the vulnerability could allow an attacker to escalate privileges or execute arbitrary code...

ROS-20240212-01

A vulnerability in the PKCS11 function of the ssh-agent component of the OpenSSH cryptographic security tool is related to the following the use of an insecure search path. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code. remotely to execute...

ROS-20240208-02

Vulnerability of handleimage function of UEFI shim loader is related to operation overrun of buffer boundaries in memory when processing EFI files taking into account SizeOfRawData field. when processing EFI files with SizeOfRawData field. Exploitation of the vulnerability could allow an attacker...

ROS-20240208-01

A vulnerability in the sudo system administration program is related to an error in processing ipahostname, where ipahostname from /etc/sssd/sssd.conf was not propagated to sudo. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security restrictions to...

ROS-20240208-03

Grub loader vulnerability is related to out-of-bounds writes when processing delimited headers HTTP. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service A vulnerability in the grubcmdchainloader function of the Grub operating system...

ROS-20230920-02

Vulnerability of slunpackloop function of mdssvc RPC service of Samba networking software package is related to execution of a loop with an inaccessible exit condition. Exploitation of the vulnerability allows an attacker, acting remotely, to cause a denial of service A vulnerability in the...

ROS-20230920-01

Vulnerability of winbinddpamauthcrap.c component of Samba networking software package is related to operation exceeding the buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service Vulnerability in SMB2 packet signing...

ROS-20240201-01

Vulnerability of XTerm terminal emulator is related to failure to clean input data. Exploitation exploitation of the vulnerability could allow a remote attacker to gain access to sensitive data, compromise its integrity, and cause denial of service Vulnerability in the ReGIS vector graphics...

ROS-20240123-01

The vulnerability of the Atril multi-page document viewer is related to incorrect neutralization of special elements used in the OS command. neutralization of special elements used in the OS command. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary co...

ROS-20231122-01

A vulnerability in the kubelet utility of the Kubernetes virtual machine cluster management software tool is related to insufficient verification of input data. Exploitation of the vulnerability could allow an attacker, acting remotely, escalate their privileges to administrator level...

ROS-20231115-04

Visual Studio Coden source code editor vulnerability related to improper control of code generation. code generation. Exploitation of the vulnerability may allow an attacker to execute arbitrary code Visual Studio Code source code editor vulnerability is related to insufficient protection of...

ROS-20231121-03

OpenSearch software package vulnerability related to improper permission saving. Exploitation exploitation of the vulnerability could allow an attacker to affect data integrity...

ROS-20231115-02

Vulnerability of the GetPacket function of VideoLAN VLC media player program is related to incorrect reading of the offset, which leads to heap buffer overflow in GetPacket function. Exploitation of the vulnerability could allow an attacker acting remotely to corrupt memory A vulnerability in the...

ROS-20231115-01

A vulnerability in the Squid proxy server related to the execution of a "buffer overflow" attack, writing up to 2MB of of arbitrary data to the memory heap when Squid is configured to accept HTTP Digest Authentication. Exploitation of the vulnerability could allow an attacker acting remotely to...

ROS-20231120-01

Vulnerability in the gfisomgetuserdata function of the GPAC multimedia platform is related to a buffer overflow in the gpac MP4Box v.2.3-DEV-rev573-g201320819-master. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20231116-02

Vulnerability in DecodeConfig component of Golang programming language is related to uncontrolled consumption of resources. resources. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the decoder component of the Golang programming language...

ROS-20231116-01

A vulnerability in the RoundCube email client is related to improper input neutralization during the creation of a of a web page. Exploitation of the vulnerability could allow an attacker acting remotely to conduct a cross-site scripted attack. cross-site scripting attacks...

ROS-20231114-02

Vulnerability of XIChangeDeviceProperty Xi/xiproperty.c and RRChangeOutputProperty functions randr/rrrproperty.c of X Window System Xorg-server is related to the possibility of writing outside the boundaries of the buffer in memory. Exploitation of the vulnerability could allow an attacker to cau...

ROS-20231114-01

A vulnerability in the Blink Media component of the Google Chrome browser is related to memory usage after it has been after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code A vulnerability in the Blink Frames component of Goog...

ROS-20231114-03

PowerDNS Recursor DNS server vulnerability related to marking authoritative servers as unreachable. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20231110-03

Vulnerability of the DirSync catlog synchronization mechanism of the Samba networking software package is related to insufficient protection of service data. Exploitation of the vulnerability could allow an attacker, acting remotely, gain unauthorized access to protected information and increase...

ROS-20231110-01

A vulnerability in the smbd library of the Samba networking software package is related to an incorrect restriction of the path name to a restricted directory. Exploitation of the vulnerability could allow an intruder, acting remotely, to cause a denial of service Vulnerability in the...

ROS-20231110-02

The vulnerability of the functions EVPEncryptInitex2, EVPDecryptInitex2, EVPCipherInitex2 of the OpenSSL cryptographic library is related to manipulation of the keylen/ivelens argument. OpenSSL library is related to manipulation of the keylen/ivelens argument. Exploitation of the vulnerability...

ROS-20231109-02

Vulnerability in GLPI's request and incident handling system is related to information disclosure. Exploitation exploitation of the vulnerability could allow a remote attacker to obtain user logins. GLPI request and incident handling system vulnerability related to the lack of path filtering by...

ROS-20231109-01

Go programming language vulnerability is related to insecure external control of critical state data state when processing the setuid and setgid attributes. Exploitation of the vulnerability could allow an attacker, acting remotely, escalate their privileges and gain access to read, modify, or...

ROS-20231107-01

Vulnerability of HTTP/2 protocol implementation is related to the possibility of forming a stream of requests within an already established network connection without opening new network connections and without confirming receipt of requests. The vulnerability of the HTTP/2 protocol implementatio...

ROS-20231102-01

A buc Traceroute vulnerability related to improper handling of lines of code. Exploitation of the vulnerability could allow an attacker acting locally to execute arbitrary code...

ROS-20231031-01

A vulnerability in the Runc isolated container launch tool is related to improper saving of permissions. Exploitation of the vulnerability allows an attacker to gain access to sensitive data, compromise its integrity, and cause a denial of service. Vulnerability in the Runc isolated container too...

ROS-20231030-05

Apache HTTP Server vulnerability is related to blocking HTTP/2 connection processing if it was opened with 0 initial sliding window size. was opened with the initial sliding window size set to 0. Exploitation of the vulnerability could Allow an attacker acting remotely to cause a denial of servic...

ROS-20231030-01

A vulnerability in the modmacro component of the Apache HTTP Server web server is related to an out-of-field read. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information...

ROS-20231030-02

A vulnerability in the Django web application software platform, is related to regular expressions for text clipping that have linear backtrack complexity, which can be slow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service with certain HTML...

ROS-20231030-04

The HPACK decoder vulnerability is related to uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting locally to cause a denial of service...

ROS-20231030-06

The Unix socket vulnerability of the Redis database management system Redis is related to the use of a permissive mask, which creates a race condition that allows for a short period of time for another process to establish an unauthorized connection. Exploitation of the vulnerability could allow ...

ROS-20231030-03

Vulnerability in lib/comp/comp.c, lib/comp/zstd/zstd.c, lib/dl/multipart.c, or lib/header.c files. zchunk is related to integer overflow . Exploitation of the vulnerability could allow an attacker acting locally to gain unauthorized access to protected information...

ROS-20231025-01

Vulnerability of program/lib/Roundcube/rcubewashtml.php component of RoundCube mail client is related to failure to take measures to protect the structure of the web page. Exploitation of the vulnerability could allow an attacker, acting remotely, to download arbitrary JavaScript code...

ROS-20231024-03

The OAuth2 token vulnerability of the cloud-based software for creating and utilizing Nextcloud storage Nextcloud data storage software is related to the storage of OAuth2 tokens in plaintext. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to the server a...

ROS-20231024-02

A vulnerability in the xrdppainter.c component of the XRDP server is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to protected information information...

ROS-20231024-01

Vulnerability of exfatgetuninamefromextentry function in fs/exfat/dir.c module of exFAT file system in Linux kernel is related to memory access outside the allocated buffer kernel of the Linux operating system is related to accessing memory outside of the allocated buffer. Exploitation of the...

ROS-20231024-04

Vulnerability of exfatgetuninamefromextentry function in fs/exfat/dir.c module of exFAT file system in Linux kernel is related to memory access outside the allocated buffer of the Linux kernel is related to accessing memory outside of the allocated buffer. Exploitation of the vulnerability could...

ROS-20231023-01

Vulnerability in libtom function of libtommath library is related to integer overflow. Exploitation exploitation of the vulnerability could allow a remote attacker to execute arbitrary code...

ROS-20231020-10

Vulnerability in the GNU C Library glibc iconv utility due to insufficient validation of input data. Exploitation of the vulnerability could allow a remote attacker to cause a denial of service by invoking the iconv utility with the "-c" option. by invoking the iconv utility with the "-c" option...

ROS-20231020-02

A vulnerability in the Nextcloud calendar application for cloud-based software for creating and Nextcloud data storage software is related to the server's lack of pre-checks for strings of any length as an email address. of any length as an e-mail address. Exploitation of the vulnerability could...

ROS-20231018-05

A vulnerability in the SQLite database management system API library is related to unchecked array indexing. array indexing. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service or execute arbitrary code during the processing of a long sequence of o...

ROS-20231020-03

The ps utility vulnerability is related to out-of-field writes. Exploitation of the vulnerability could allow an attacker acting remotely to write unlimited amounts of unfiltered data to the heap of the process...

ROS-20231020-01

A vulnerability in the MiniZip component of the zlib library is related to an integer overflow and resulting heap-based buffer overflow in zipOpenNewFileInZip464 via long filename, comment or additional field. Exploitation of the vulnerability could allow an attacker acting remotely to cause a...

ROS-20231018-01

Vulnerability in the QDecCoordOnUnitSphere function of the GPAC multimedia platform is related to integer . overflow . Exploitation of the vulnerability could allow an intruder to gain unauthorized access to the protected information...

ROS-20231018-04

Vulnerability in the XCreateImage function of the libX11 library is related to integer overflow. Exploitation exploitation of the vulnerability could allow an attacker to execute arbitrary code with elevated privileges PutSubImage vulnerability in libX11 library is related to execution of a loop...