ROS-20230911-09

A vulnerability in the XML document merge mechanism XInclude of the vector graphics rendering library librsvg is related to incorrect restriction of path name to restricted directory when processing element xi:include. Exploitation of the vulnerability may allow an intruder to gain unauthorized...

ROS-20230911-04

A vulnerability in the GPAC multimedia platform is related to read out of bounds. Exploitation of the vulnerability could allow an attacker to read sensitive information from other memory locations or cause a a glitch...

ROS-20230911-03

A vulnerability in the XMLExternalEntityParserCreate function of the XML parser library libexpat is related to a post-release exploit. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20230911-02

Vulnerability of the KeePass password manager password text field is related to storing credentials in unencrypted form. Exploitation of the vulnerability could allow an attacker acting remotely, to recover the master password in plaintext...

ROS-20230911-05

Vulnerability in the document processing, conversion and generation software suite Ghostscript exists due to failure to take measures to neutralize special elements used in the operating system command. Exploitation of the vulnerability could allow an attacker to execute arbitrary code by using t...

ROS-20230911-08

Vulnerability of UnRAR file unzipping tool is related to incorrect link resolution before accessing a file "Jump to link". before accessing the file "Follow link". Exploitation of the vulnerability could allow an attacker acting remotely to extract files outside the destination folder using file...

ROS-20230911-10

Vulnerability of EmailValidator and URLValidator components of Django web application software platform is related to the use of regular expression with inefficient computational complexity when processing domain name labels in emails and URLs. domain name labels in emails and URLs. Exploitation ...

ROS-20230911-06

Vulnerability of ssh-agent of OpenSSH cryptographic protection tool is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker, acting remotely, to affect the confidentiality, integrity, and availability of protected information...

ROS-20230911-01

A vulnerability in the traffic analysis software Wireshark is related to insufficient validation of user input in the iSCSI dissector. user input to the iSCSI dissector. Exploitation of the vulnerability could allow an attacker, acting remotely, pass specially crafted input data to the applicatio...

ROS-20230907-02

Vulnerability in the Core component of Oracle VM VirtualBox virtual machine is related to resource release errors resources. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code or gain full control of an application using the RDP protocol. arbitrary code or...

ROS-20230908-05

ImageMagick graphics editor vulnerability is related to a memory leak in Magick::Draw. Exploitation The vulnerability could allow an attacker acting remotely to force the application to cause a memory leak and execute a denial-of-service attack...

ROS-20230908-06

LibTIFF library vulnerability is related to buffer overflow in Fax3Encode function in libtiff/tiffiffax3.c. Exploitation of the vulnerability could allow a remote attacker to trick a victim into opening a specially crafted file and executing a type of attack. the victim to open a specially crafte...

ROS-20230907-04

Vulnerability of DHcheck, DHcheckex or EVPPKEYparamcheck functions of OpenSSL library is related to using a regular expression with inefficient computational complexity. Exploitation of the vulnerability could allow a remote attacker to cause a denial of service. Vulnerability of DHcheck,...

ROS-20230907-01

Ghostscript document processing toolkit vulnerability is related to a buffer overflow error in base / gdevdevn.c: 1973 in devnpcxwriterle. buffer overflow in base / gdevdevn.c: 1973 in devnpcxwriterle. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of...

ROS-20230907-03

The vulnerability in the BIND DNS server is related to a stack buffer overflow when BIND is acting as a "resolver" when the number of recursive queries has reached an acceptable maximum and the server settings have been configured. "resolver", when the number of recursive queries has reached an...

ROS-20230908-07

A vulnerability in Firefox browser, Firefox ESR is related to a bug in the calculation of pop-up notification delay. Exploitation of the vulnerability could allow an attacker acting remotely to trick the victim into to grant permissions. Full-screen notification vulnerability in Mozilla Firefox,...

ROS-20230908-08

A vulnerability in the Thunderbird email client exists due to improper handling of the Unicode character to to override text direction in file names. Exploitation of the vulnerability could allow an attacker, acting remotely to conduct spoofing attacks...

ROS-20230905-02

Vulnerability in the ksmbd module of Linux kernel operating systems is related to synchronization errors when using a shared resource. synchronization errors when using a shared resource. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code using the...

ROS-20230905-01

A vulnerability in the Bluetooth permission verification subsystem of the Linux kernel is associated with errors in the processing of input data. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary commands by sending specially crafted requests...

ROS-20230904-01

The vulnerability of the qfqchangeclass function of the Linux kernel is related to the operation exceeding the buffer boundaries in memory while processing the QFQMINLMAX value. buffer boundaries in memory when processing the QFQMINLMAX value. Exploitation of the vulnerability could allow an...

ROS-20230904-02

Vulnerability of the dojournalend function in the fs/reiserfs/journal.c module of the reiserfs file system of the Linux kernel is related to a buffer overrun. of the Linux operating system is related to a buffer overrun. Exploitation of the vulnerability could allow an attacker to cause a denial ...

ROS-20230830-01

The vulnerability of the Floating Frames component of the LibreOffice office software package is related to flaws in access control. in access control. Exploiting the vulnerability could allow an attacker to perform a spoofing attack using a specially crafted file A vulnerability in the Spreadshe...

ROS-20230825-06

A vulnerability in the Yasm assembler is related to null pointer dereferencing in /libyasm/intnum.c and /elf/elf.c. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service through a crafted file...

ROS-20230825-05

The QEMU hardware emulator vulnerability is related to the VNC server, when a client connects to the server, QEMU checks if the current number of connections exceeds a certain threshold, and if so, clears the previous connection, if the previous connection is in the confirmation phase and fails,...

ROS-20230824-01

The Swarm Mode vulnerability of the dockerd daemon of the containerization software tool Moby and the Mirantis Container Runtime runtime is related to the use of the Swarm Mode of the dockerd daemon. Moby container isolation system and Mirantis Container Runtime is related to the use of an insecu...

ROS-20230824-02

A vulnerability in Git's distributed version control system is related to flaws in the path name limitation to the directory. Exploitation of the vulnerability allows an attacker acting remotely to impact the data integrity using a specially crafted command. The vulnerability in the...

ROS-20230825-03

A vulnerability in the Libarchive library is related to the umask call inside archivewritediskposix.c, which changes the umask of the entire process for a very short period of time, this results in a permanent setting of umask 0, which will cause the hidden creation of a directory with permission...

ROS-20230825-04

Redis database management system DBMS vulnerability is related to buffer overflow. Exploitation exploitation of the vulnerability could allow a remote attacker to execute arbitrary code...

ROS-20230807-01

A vulnerability in the OpenLDAP protocol implementation is related to the failure to take measures to protect the SQL query structure. Exploitation of the vulnerability may allow a remote attacker to affect confidentiality, integrity, and availability of protected information by using a specially...

ROS-20230710-01

A vulnerability in Podman software is related to a type mixing error. Exploitation of the vulnerability could allow an attacker acting remotely to send specially crafted data to the application, cause a type-mixing error, and reinterpret the resulting content differently. The Podman software...

ROS-2-1078

2.1078 Notification on update of the Red OS OPERATION SYSTEM No RU.29926343.02.01-01-23 Due to quality improvement and bug fixing, an updated version of MIS Operating System "RED OS" 7.3 has been released. You can contact the technical support service within the framework of your existing technic...

ROS-2-1088

2.1088 Notification on update of the Red OS OPERATION SYSTEM No RU.29926343.02.01-01-23 Due to quality improvement and bug fixing, an updated version of MIS Operating System "RED OS" 7.3 has been released. You can contact the technical support service within the framework of your existing technic...

ROS-2-1116

2.1116 Notification on update of the Red OS OPERATION SYSTEM No RU.29926343.02.01-01-23 Due to quality improvement and bug fixing, an updated version of MIS Operating System "RED OS" 7.3 has been released. You can contact the technical support service within the framework of your existing technic...

ROS-2-127

2.127 Notification on update of the RAND OPERATION SYSTEM "RED OS" No RU.29926343.02.01-01-23 Due to quality improvement and bug fixing, an updated version of MIS Operating System "RED OS" 7.3 has been released. You can contact the technical support service within the framework of your existing...

ROS-2-1159

2.1159 Notification on the update of MIS OPERATION SYSTEM "RED OS" No RU.29926343.02.01-01-23 Due to quality improvement and bug fixing, an updated version of the operating system "RED OS" 7.3 has been released. You can contact the technical support service within the framework of your existing...

ROS-2-130

2.130 Notification on update of the RAND OPERATION SYSTEM "RED OS" No RU.29926343.02.01-01-23 Due to quality improvement and bug fixing, an updated version of MIS Operating System "RED OS" 7.3 has been released. You can contact the technical support service within the framework of your existing...

ROS-2-237

2.237 Notification on the update of MIS OPERATION SYSTEM "RED OS" No RU.29926343.02.01-01-23 Due to quality improvement and bug fixing, an updated version of MIS Operating System "RED OS" 7.3 has been released. You can contact the technical support service within the framework of your existing...

ROS-2-360

2.360 Notification on the update of MIS OPERATION SYSTEM "RED OS" No RU.29926343.02.01-01-23 Due to quality improvement and bug fixing, an updated version of the operating system "RED OS" 7.3 has been released. You can contact the technical support service within the framework of your existing...

ROS-2-2290

2.2290 Notification on the update of the Red OS OPERATION SYSTEM No RU.29926343.02.01-01-23 Due to quality improvement and bug fixing, an updated version of MIS Operating System "RED OS" 7.3 has been released. You can contact the technical support service within the framework of your existing...

ROS-2-1685

2.1685 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...

ROS-2-2164

2.2164 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...

ROS-2-501

2.501 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...

ROS-2-2062

2.2062 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...

ROS-2-901

2.901 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...

ROS-2-1741

2.1741 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...

ROS-2-507

2.507 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability Description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...

ROS-2-1269

2.1269 Multiple vulnerabilities in Mozilla Firefox CVE-2021-23994, CVE-2021-23995, CVE-2021-23996, CVE-2021-23997, CVE-2021-23998, CVE-2021-23999, CVE-2021-24000, CVE-2021-24001, CVE-2021-24002, CVE-2021-29945, CVE-2021-29947, CVE-2021-29946. 1. Vulnerability Description: Vulnerabilities allow a...

ROS-2-1237

2.1237 Memory Leak in GNU Tar CVE-2021-20193 1. Vulnerability Description: The vulnerability allows a remote attacker to perform a DoS attack on a target system. The vulnerability exists due to a memory leak in the readheader function in list.c. A remote attacker could pass a specially crafted...

ROS-2-1428

2.1428 Vulnerability in Mozilla Firefox browser CVE-2021-29967 1. Vulnerability description: Vulnerability in the Mozilla Firefox browser that allows an attacker to execute arbitrary code on the target system.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia : 2...

ROS-2-1895

2.1895 Vulnerability in Mozilla Firefox browser CVE-2021-29967 1. Vulnerability description: A vulnerability in the Mozilla Firefox browser that allows an attacker to execute arbitrary code on the target system.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia : 2...