8110 matches found
ROS-20240611-02
The vulnerability of Tss2RCDecode and Tss2RCSetHandler functions of TCG TPM2 TPM2 Software Stack implementation is related to buffer copying without input data validation. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data, violate its integrity, and cause ...
ROS-20240611-03
A vulnerability in the MIME-tools component of the open-source content filter for Amavis email is related to an interpretation conflict when a MIME email message has multiple boundary parameters. Exploitation of the vulnerability could allow an attacker acting remotely to elevate the privileges...
ROS-20240611-05
The vulnerability of the Zabbix Workstation universal monitoring system server is related to errors in input data processing. of input data. Exploitation of the vulnerability could allow a remote attacker to execute an arbitrary code by injecting a specially crafted SQL query. arbitrary code by...
ROS-20240611-13
Vulnerability in clone/clonefrom components of Python library for interacting with git repositories GitPython is associated with errors in input processing. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code by injecting a specially crafted URL int...
ROS-20240611-16
A vulnerability in the gitpython package is related to external git calls without sufficiently cleaning up input arguments. Exploitation of the vulnerability could allow an attacker acting remotely to inject a malicious remote URL into a clone command...
ROS-20240611-07
A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to the algorithmic complexity and unrestricted resource allocation in the creation of a DNS zone. complexity and unrestricted resource allocation when creating a DNS zone. Exploitation of...
ROS-20240611-04
A vulnerability in the JSON Handler component of the Python PyMySQL library of MySQL is related to keys not being escaped properly using escapedict. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to data, tampering with data, or potentially...
ROS-20240611-15
Vulnerability in archive-zip component of Golang programming language is related to incorrect processing of zip files. zip files. Exploitation of the vulnerability could allow an attacker to create a potentially dangerous zip file A vulnerability in the net-netip component of the Golang programmi...
ROS-20240611-14
The QEMU hardware emulator vulnerability is related to an infinite loop error in QEMU emulation of a USB xHCI controller when calculating the length of the transfer request block TRB ring. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in th...
ROS-20240611-11
A vulnerability in the CDP PDU Packet Handler component of the LLDP protocol implementation under Unix Lldpd is related to an uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to confidential information. remotely to gain...
ROS-20240611-06
A vulnerability in the OpenSSL Handler component of the Iperf3 network bandwidth measurement tool is related to the use of synchronization side-channel in RSA decryption operations. Exploitation of the vulnerability could allow a remote attacker to gain access to confidential information...
ROS-20240611-09
A vulnerability in the BIND DNS server is related to a flaw in the use of assert. Exploitation vulnerability could allow an attacker acting remotely to cause a denial of service via the named parameter during DNS64 and serve-stale interaction A vulnerability in the named component of the DNS BIND...
ROS-20240611-10
Vulnerability of uvgetaddrinfo function src/unix/getaddrinfo.c, src/win/getaddrinfo.c of libuv asynchronous I/O library is related to insufficient checking of incoming requests. libuv asynchronous I/O is due to insufficient checking of incoming requests. Exploitation of the vulnerability could...
ROS-20240611-12
Vulnerability of the named DNS server daemon BIND is related to an operation overrunning the buffer boundaries in memory as a result of recursion during processing of received packets. as a result of uncontrolled recursion when processing received packets. Exploitation of the vulnerability could...
ROS-20240607-01
Vulnerability of bgpcapabilitymsgparse functions of a software tool for implementing network routing on Unix-like FRRouting systems is related to reading outside memory boundaries of the BGP FRRouting daemon. Unix-like systems FRRouting is related to read outside memory boundaries in the BGP...
ROS-20240607-04
Vulnerability of the virNetClientIOEventLoop method of the Libvirt virtualization management library is related to incorrect execution of the data pointer to the structure virNetClientIOEventLoop in the virNetClientIOEventLoop method virNetClientIOIOEventData. Exploitation of the vulnerability...
ROS-20240607-02
Vulnerability of closealtfile function for text terminals of UNIX-like Less systems is related to skipping Shellquote calls for LESSCLOSE in filename.c file. Exploitation of the vulnerability could allow an attacker to execute arbitrary commands...
ROS-20240607-03
A vulnerability in the lrzip.c:initializecontrol component of the Irzip software tool is caused by a buffer overflow in dynamic memory. buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely, affect confidentiality, integrity and availability ...
ROS-20240607-06
Vulnerability of system views pgstatsext, pgstatsextexprs of PostgreSQL DBMS is related to privilege management errors in privilege management. Exploitation of the vulnerability could allow an attacker acting remotely, escalate privileges...
ROS-20240607-07
Vulnerability of system views pgstatsext, pgstatsextexprs of PostgreSQL DBMS is related to privilege management errors in privilege management. Exploitation of the vulnerability could allow an attacker acting remotely, escalate privileges...
ROS-20240607-05
The vulnerability of the system views pgstatsext, pgstatsextexprs of the PostgreSQL DBMS is related to errors in privilege management. in privilege management. Exploitation of the vulnerability could allow an attacker acting remotely, escalate privileges...
ROS-20240606-01
A vulnerability in QEMU's USB EHCI controller emulation is related to the lack of checks if the buffer pointer overlaps with the MMIO register when transmitting USB packets. the buffer pointer overlaps with the MMIO region when transmitting USB packets. Exploitation of the vulnerability could all...
ROS-20240606-09
A vulnerability in the HTTP2 protocol implementation network/access/http2/hpacktable.cpp of the cross-platform Qt software development framework is related to an integer overflow resulting from a a change in the typical order of expressions in a conditional statement "Yoda conditions". Exploitati...
ROS-20240606-10
Vulnerability of EVPPKEYparamcheck or EVPPKEYpubliccheck functions of cryptographic library OpenSSL is associated with uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20240606-08
A vulnerability in the Portainer container management platform is related to the use of open redirection. Exploitation of the vulnerability could allow an attacker to redirect a user to an arbitrary site...
ROS-20240606-07
Vulnerability in the MULTIPARTPARTHEADERS component of the open source web application firewall ModSecurity is related to improper analysis of HTTP requests. Exploitation of the vulnerability could allow an an attacker acting remotely to bypass the firewall's protections...
ROS-20240606-05
Unreliable HTML string vulnerability of Java port jtidy is associated with a stack overflow error. Exploitation The vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20240606-02
Vulnerability in DecodeConfig component of Golang programming language is related to uncontrolled consumption of resources. resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial-of-service condition. denial of service...
ROS-20240606-04
A vulnerability in the OTP component of the Erlang programming language is related to flaws in the authentication procedure. Exploitation of the vulnerability allows a remote attacker to gain access to sensitive data, compromise its integrity, and cause a denial of service. data, compromise its...
ROS-20240606-03
Vulnerability of handlechopping function of Wireshark computer network traffic analyzer is related to a memory handling issue in EditCap. memory handling issue in EditCap. Exploitation of the vulnerability could allow an attacker to cause a denial of denial of service Vulnerability in MONGO and...
ROS-20240606-06
A vulnerability in the yajltreeparse function of the YAJL-ruby JSON library is related to improper memory freeing before deleting the last reference. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service...
ROS-20240603-01
A vulnerability in the PSP file parser of the GIMP graphics editor is related to number processing errors. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...
ROS-20240603-04
Vulnerability of modproxy module of Apache HTTP Server web server is related to failure to take measures to process CRLF sequences in HTTP headers. CRLF sequences in HTTP headers. Exploitation of the vulnerability could allow an attacker, acting remotely to perform HTTP response splitting attacks...
ROS-20240603-03
A vulnerability in the XML parser library libexpat is related to incorrect restriction of recursive object references in DTDs. recursive object references in DTDs. Exploitation of the vulnerability could allow an attacker to cause a denial of denial of service...
ROS-20240603-02
A vulnerability in the Format Detection component of the Mojolicious module for Perl is related to errors in releasing resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service A vulnerability in the securecompare function of the...
ROS-20240529-03
A vulnerability in Git's distributed version control system is related to incorrect path name restriction to the to a restricted directory. Exploiting the vulnerability could allow an attacker acting remotely to execute arbitrary code. remotely to execute arbitrary code...
ROS-20240529-02
A vulnerability in the LibreOffice office suite is related to uncontrolled script execution in the graphics linking scripts by clicking on them. Exploitation of the vulnerability could allow an attacker to execute scripts embedded in LibreOffice...
ROS-20240529-05
A vulnerability in the ImageIO component of the Oracle Java SE software platform and the Oracle GraalVM Virtual Machine Enterprise Edition is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a partial denial of service Vulnerability i...
ROS-20240529-04
A vulnerability in the ImageIO component of the Oracle Java SE software platform and the Oracle GraalVM Virtual Machine Enterprise Edition is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a partial denial of service Vulnerability i...
ROS-20240529-01
Vulnerability in the Lightweight HTTP Server component of the Oracle Java SE software platform and virtual machine Oracle GraalVM Enterprise Edition is related to unrestricted resource allocation. Exploitation exploitation of the vulnerability could allow a remote attacker to cause a denial of...
ROS-20240527-03
Vulnerabilities in the idna.encode functions of the Internationalized Domain Names in Applications IDNA are associated with an uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of...
ROS-20240527-04
A vulnerability in the Git distributed version control system exists due to a process control issue. Exploitation of the vulnerability could allow an attacker to execute arbitrary code when cloning specially crafted local repositories A vulnerability in the Git distributed version control system ...
ROS-20240527-02
A vulnerability in the CONNECT v5 component of the Mosquitto message broker is related to a lack of memory release after an effective lifetime. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service A...
ROS-20240527-01
A vulnerability in the Botan C++ cryptographic library is related to improper certificate validation. Exploitation of the vulnerability could allow an attacker acting remotely to spoof OCSP responses...
ROS-20240524-02
A vulnerability in the rlsafeeval function of the ReportLab library is related to incorrect code generation control. Exploitation of the vulnerability could allow a remote attacker to bypass security restrictions and execute arbitrary code. security restrictions and execute arbitrary code...
ROS-20240524-03
A vulnerability in Ruby Sinatra web application development framework is related to code loading without checking its integrity. of its integrity. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
ROS-20240424-02
A vulnerability in the Libraries component of the Oracle Java SE software platform and Oracle GraalVM virtual machine. Enterprise Edition is related to a flaw in the authorization procedure. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected informatio...
ROS-20240422-10
A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection negotiation process and remove an arbitrary number of SSH service messages. during the connection negotiation process and cause an arbitrary number of SSH service...
ROS-20240424-03
A vulnerability in the Serialization component of the Oracle Java SE software platform and Oracle Virtual Machine GraalVM Enterprise Edition is related to the recovery of invalid data in memory. Exploitation exploitation of the vulnerability could allow a remote attacker to cause a denial of...
ROS-20240424-01
A vulnerability in the ImageIO component of Oracle GraalVM Enterprise Edition virtual machine exists due to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service A vulnerability ...