ROS-20231018-04

Vulnerability in the XCreateImage function of the libX11 library is related to integer overflow. Exploitation exploitation of the vulnerability could allow an attacker to execute arbitrary code with elevated privileges PutSubImage vulnerability in libX11 library is related to execution of a loop...

ROS-20231018-02

The libXpm image file library vulnerability is related to a read error call outside of memory boundaries. outside of memory boundaries. Exploitation of the vulnerability could allow an attacker to gain unauthorized access to protected information...

ROS-20231019-01

Vulnerability in Nextcloud cloud storage creation and utilization software is related to lack of protection and allows password mining in WebDAV API. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to confidential information...

ROS-20231016-07

A vulnerability in the tiff.c file of the ImageMagick console graphics editor is related to a buffer overflow in the heap. Exploitation of the vulnerability could allow an attacker acting remotely to force a user to open a specially crafted file, resulting in application crash and denial of servi...

ROS-20231016-06

Squid proxy server vulnerability is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service Squid proxy vulnerability is related to insufficient input validation. Exploitation exploitation of the vulnerability could allow...

ROS-20231016-01

Vulnerability of XpmCreateXpmImageFromBuffer function of libXpm image file library is related to a read error call. is related to a read error outside the valid range. Exploitation of the vulnerability could allow an intruder to gain unauthorized access to protected information...

ROS-20231016-02

Vulnerability of libvpx multimedia library is related to incorrect handling of exceptional states when processing certain special format video data. when processing certain special-format video data. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of...

ROS-20231016-04

A vulnerability in the VP8 encoding function of the libvpx library in Google Chrome browser is related to a buffer overflow in dynamic memory. buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker, remotely execute arbitrary code when a user opens a speciall...

ROS-20231016-05

A vulnerability in the curl program line utility is related to a copy of the hostname in the buffer instead of the allowed address. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service A vulnerability in the libcurl library is related to...

ROS-20231016-03

A vulnerability in the tiff.c file of the ImageMagick console graphics editor is related to a buffer overflow in the heap. Exploitation of the vulnerability could allow an attacker acting remotely to force a user to open a specially crafted file, resulting in application crash and denial of servi...

ROS-20231016-25

A vulnerability in the curl program line utility is related to a copy of the hostname in the buffer instead of the allowed address. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service A vulnerability in the libcurl library is related to...

ROS-20231013-03

A vulnerability in the xmlUnlinkNode function in the tree.c file of the libxml2 library is related to a failure of a specific allocated memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20231013-04

A vulnerability in the bfdelfslurpversiontables method of the GNU Binutils software development tool is related with a heap-based buffer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service Vulnerability in the binutils-gdb/bfd/libbfd.c...

ROS-20231013-06

Memory leak vulnerability in the RTPS dissector of the Wireshark computer network traffic analyzer. Exploitation of the vulnerability could allow an attacker acting remotely to perform a denial of denial of service by injecting packets or creating a capture file...

ROS-20231011-01

A vulnerability in the HTTP API of the pgAdmin 4 database management tool is related to insufficient input data validation. verification of input data. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary commands on the server...

ROS-20231013-05

Vulnerability of prfunctiontype function in prdbg.c file of GNU Binutils development tool is related to a memory leak. Exploitation of the vulnerability could allow an attacker to cause a denial of denial of service A vulnerability in the parsestabstructfields function of the GNU development tool...

ROS-20231013-02

Vulnerability of the convertstrings function of the tinfo/readentry.c component of the Ncurses I/O control library is related to reading beyond the allowed data buffer boundaries. terminal Ncurses is related to reading outside the allowed data buffer boundaries. Exploitation of the vulnerability...

ROS-20231009-01

PostgreSQL database management system vulnerability is related to the possibility of SQL injection in extensions, that use quoting constructs @extowner@, @extschema@, or @extschema:...@ inside parentheses dollar quoting, '', or "". Exploitation of the vulnerability could allow an attacker acting...

ROS-20231009-04

Vulnerability of the nftsetcatchallflush function in the net/netfilter/nftablesapi.c module of the netfilter component of the Linux kernel is related to the re-release of previously freed memory of the Linux kernel is related to the re-release of previously freed memory. Exploitation of the...

ROS-20230416-10

A vulnerability in the qdiscgraft function net/sched/schapi.c of the traffic control subsystem of the Linux kernel is related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20231009-02

Vulnerability of the nftsetcatchallflush function in the net/netfilter/nftablesapi.c module of the netfilter component of the Linux kernel is related to the re-release of previously freed memory of the Linux kernel is related to the re-release of previously freed memory. Exploitation of the...

ROS-20231009-03

PostgreSQL database management system vulnerability is related to the possibility of SQL injection in extensions, that use quoting constructs @extowner@, @extschema@, or @extschema:...@ inside parentheses dollar quoting, '', or "". Exploitation of the vulnerability could allow an attacker acting...

ROS-20230929-01

Vulnerability in the URI component of the Ruby programming language, related to improper handling of invalid URLs containing certain characters. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service Vulnerability in the...

ROS-20230928-01

A vulnerability in the Logstash log management system is related to a flaw in TLS certificate validation. Exploitation of the vulnerability could allow an attacker acting remotely to launch a man-in-the-middle attack on Logstash monitoring data. "man-in-the-middle" attack on Logstash monitoring d...

ROS-20230926-01

Vulnerability of the gfbifsflushcommandlist function of the GPAC multimedia platform is related to incorrect use of dynamic memory during program operation. use of dynamic memory during program operation. Exploitation of the vulnerability could allow an attacker acting remotely to pass arbitrary...

ROS-20230922-01

Vulnerability in the StringSubstitutor component of the Apache Common Text library is related to mismanagement of code generation. code generation. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20230919-02

Vulnerability of FilePickerShownCallback function in Mozilla Firefox, Firefox ESR and Thunderbird e-mail client Thunderbird is related to memory usage after it is freed. Exploitation of the vulnerability could allow a remote attacker to affect the confidentiality, integrity, and availability of...

ROS-20230920-03

A vulnerability in the WebP image display module of the Google Chrome browser is related to reading outside the boundaries of the buffer in memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20230919-04

The vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client browsers is related to the lack of a warning when opening Diagcab files. Exploitation of the vulnerability could allow an attacker to perform a spoofing attack. a spoofing attack. The vulnerability in Mozilla Thunderbi...

ROS-20230919-01

Vulnerability of FilePickerShownCallback function in Mozilla Firefox, Firefox ESR and Thunderbird e-mail client Thunderbird is related to memory usage after it is freed. Exploitation of the vulnerability could allow a remote attacker to affect the confidentiality, integrity, and availability of...

ROS-20230918-01

GIFLIB GIF handling library vulnerability is related to a bug in the DumpScreen2RGB function in the gif2rgb.c:298:45. Exploitation of the vulnerability could allow an attacker acting remotely to cause a a heap buffer overflow. A vulnerability in the GIF library for handling GIF files GIFLIB is...

ROS-20230918-04

A vulnerability in the Poppler PDF rendering library is related to the lack of thread checking before saving the embedded main function file in pdfunite.cc. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. A vulnerability in the Poppler PDF...

ROS-20230918-03

GPAC multimedia platform vulnerability is related to stack overflow in gfbtcheckline scenemanager/loaderbt.c:408. Exploitation of the vulnerability could allow an attacker to cause the application to crash of the application. GPAC multimedia platform vulnerability is related to an inaccessible re...

ROS-20230918-02

A vulnerability in the OpenSSL cryptographic library is related to insufficient validation of user input data in the POLY1305 MAC message authentication code implementation. data in the POLY1305 MAC message authentication code implementation. Exploitation of the vulnerability could allow an...

ROS-20230913-02

Nextcloud server vulnerability is related to improper access control. Exploitation of the vulnerability could allow an attacker acting remotely to access files within a subfolder of an accessible group folder, even if extended permissions block access to the subfolder. of a group folder, even if...

ROS-20230915-11

A vulnerability in the Base plugin gst-plugins-base of the Gstreamer multimedia framework is related to a buffer overrun during the parsing and decoding of subtitles from SRT files. operation outside the memory buffer when parsing and decoding subtitles from SRT files. Exploitation exploitation o...

ROS-20230915-14

Vulnerability in the AES-SIV encryption algorithm of the OpenSSL library is related to flaws in the procedure of authentication procedure. Exploitation of the vulnerability could allow a remote attacker to bypass the authentication process. the authentication process...

ROS-20230913-03

A vulnerability in libreswan software is related to a null pointer dereferencing error in the IKEv1 fast mode packets. Exploitation of the vulnerability could allow an attacker, remotely send specially crafted packets to the system and perform a denial-of-service attack. denial-of-service attack...

ROS-20230915-12

A vulnerability in the Redis database management system is related to insecure privilege management. Exploitation of the vulnerability could allow an attacker to gain unauthorized access to keys that are not explicitly authorized by the ACL configuration...

ROS-20230915-13

A vulnerability in the symbolic.py component of the Python library for interacting with GitPython git repositories is related to a flaw in the directory path name restriction. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected...

ROS-20230912-01

The vulnerability of Wireshark traffic analysis software is related to insufficient verification of user input data in the CBOR protocol dissector. data entered by the user in the CBOR protocol dissector. Exploitation of the vulnerability could allow an attacker, acting remotely, pass specially...

ROS-20230914-08

GPAC multimedia platform vulnerability is related to integer sign overflow in the filters/muxisom.c:5716:20. Exploitation of the vulnerability could allow an attacker to cause the application to crash. The GPAC multimedia platform vulnerability is related to null pointer dereferencing in function...

ROS-20230914-06

Vulnerability of Iperf3 network bandwidth measurement tool is related to integer overflow when processing field lengths. Exploitation of the vulnerability could allow an intruder, acting remotely to cause a denial of service...

ROS-20230915-09

A vulnerability in the netfilter component of the Linux operating system kernel is related to a stack buffer overflow in nftables. Exploitation of the vulnerability could allow an attacker to gain unauthorized access to protected information and escalate privileges. protected information and...

ROS-20230914-07

VMware Tools suite vulnerability is related to the ability to bypass SAML token signature. Exploitation exploitation of the vulnerability could allow an attacker acting remotely to escalate their privileges by implementing a man-in-the-middle attack. a man-in-the-middle attack...

ROS-20230914-05

Vulnerability of DjVuLibre library for viewing, creating, editing DjVu files is related to IW44Image.cpp. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service by dividing by zero. A vulnerability in the library for viewing, creating,...

ROS-20230914-04

A vulnerability in the nasm assembler involves copying to a buffer without checking the size of the input data. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service through a crafted file...

ROS-20230915-15

A vulnerability in the mailcap module of the Python programming language interpreter is related to insufficient verification of the of arguments passed to a command. Exploitation of the vulnerability could allow an attacker acting remotely to execute an arbitrary command...

ROS-20230915-10

A vulnerability in the Linux kernel memory management system is related to the lack of randomization of the exception handling stacks. of the exception handling stack. Exploitation of the vulnerability could allow an attacker to gain unauthorized access to protected information. Vulnerability of...

ROS-20230911-07

A vulnerability in the Moodle virtual learning environment is related to insufficient validation of user input data. data, an attacker could send a specially crafted HTTP request and make the application initiate requests to arbitrary systems. Exploitation of the vulnerability could allow an...