ROS-2-999

2.999 Multiple vulnerabilities in PostgreSQL CVE-2021-32027, CVE-2021-32028, CVE-2021-32029 1. Vulnerability Description: CVE-2021-32027 The vulnerability allows a remote attacker to execute arbitrary code on the target system. CVE-2021-32028, CVE-2021-32029 Vulnerability allows a remote user to...

ROS-2-1199

2.1199 Multiple vulnerabilities in ISC BIND CVE-2021-25216, CVE-2021-25215, CVE-2021-25214 1. Vulnerability Description: CVE-2021-25216 A vulnerability exists due to a boundary error in the GSS-TSIG extension. A remote attacker can send specially crafted requests to the server, trigger a buffer...

ROS-2-562

2.562 Multiple vulnerabilities in ISC BIND CVE-2021-25216, CVE-2021-25215, CVE-2021-25214 1. Vulnerability Description: CVE-2021-25216 A vulnerability exists due to a boundary error in the GSS-TSIG extension. A remote attacker can send specially crafted requests to the server, trigger a buffer...

ROS-2-618

2.618 Multiple vulnerabilities in ISC BIND CVE-2021-25216, CVE-2021-25215, CVE-2021-25214 1. Vulnerability Description: CVE-2021-25216 A vulnerability exists due to a boundary error in the GSS-TSIG extension. A remote attacker can send specially crafted requests to the server, trigger a buffer...

ROS-2-1909

2.1909 Multiple vulnerabilities in ISC BIND CVE-2021-25216, CVE-2021-25215, CVE-2021-25214 1. Vulnerability Description: CVE-2021-25216 A vulnerability exists due to a boundary error in the GSS-TSIG extension. A remote attacker can send specially crafted requests to the server, trigger a buffer...

ROS-2-1656

2.1656 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...

ROS-2-1668

2.1668 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...

ROS-2-2054

2.2054 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...

ROS-2-2146

2.2146 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...

ROS-2-1714

2.1714 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...

ROS-2-2235

2.2235 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...

ROS-2-540

2.540 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...

ROS-2-1871

2.1871 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...

ROS-2-881

2.881 Denial of Service in libX11CVE-2021-31535 1. Vulnerability Description: The vulnerability allows a local user to execute a denial of service DoS attack. The vulnerability exists due to insufficient validation of color names in the XLookupColor function. A local user can launch a specially...

ROS-2-1333

2.1333 Nettle library vulnerabilityCVE-2021-20305 1. Vulnerability Description: A Nettle library vulnerability involving the use of a failed cryptographic algorithm and allowing an unauthenticated remote attacker to execute arbitrary code.FSTEC Russia Information Security Threats Data Bank...

ROS-2-1566

2.1566 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...

ROS-2-1284

2.1284 Vulnerability in Mozilla Thunderbird email client CVE-2021-29964, CVE-2021-29967 1. Vulnerability description: CVE-2021-29964 A vulnerability in the Mozilla Thunderbird email client, is related to boundary conditions. Exploitation of the vulnerability could allow an attacker acting remotel...

ROS-2-2105

2.2105 Denial of service in libX11CVE-2021-31535 1. Vulnerability Description: The vulnerability allows a local user to execute a denial of service DoS attack. The vulnerability exists due to insufficient validation of color names in the XLookupColor function. A local user can launch a specially...

ROS-2-1389

2.1389 Nettle library vulnerabilityCVE-2021-20305 1. Vulnerability Description: A vulnerability in the Nettle library that involves the use of a failed cryptographic algorithm and allows a remote unauthenticated attacker to execute arbitrary code.Identifier of the Information Security Threats Dat...

ROS-2-2200

2.2200 Denial of Service in Libxml2 CVE-2021-3541 1. Vulnerability Description: The vulnerability allows a remote attacker to perform a denial of service DoS attack. The vulnerability exists due to insufficient validation of user input. A remote attacker can pass specially crafted input data to a...

ROS-2-1499

2.1499 Vulnerability in Mozilla Firefox browser CVE-2021-29967 1. Vulnerability description: A vulnerability in the Mozilla Firefox browser that allows an attacker to execute arbitrary code on the target system.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia : 2...

ROS-2-1699

2.1699 Vulnerability in Mozilla Firefox browser CVE-2021-29967 1. Vulnerability description: A vulnerability in the Mozilla Firefox browser that allows an attacker to execute arbitrary code on the target system.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia : 2...

ROS-20230628-01

The Nextcloud server vulnerability is related to a lack of brute force protection at the password reset endpoint. Exploitation of the vulnerability could allow an attacker acting remotely to compromise the password reset links. password. The Nextcloud server vulnerability is related to the fact...

ROS-20230627-02

Libjxl library vulnerability is related to a bug in decpatchdictionary.cc. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20230627-01

The vulnerability in the Moodle virtual learning environment is related to insufficient cleansing of data submitted by users, in the external Wiki method for listing pages, a user can send a specially crafted query to the affected application and execute limited SQL commands on the application's...

ROS-20230621-24

A vulnerability in the curl program is related to a post-release usage error in SSH fingerprint validation sha256. Exploitation of the vulnerability could allow an attacker acting remotely to use the application to connect to a malicious SSH server, cause a post-release exploit error, and gain...

ROS-20230621-03

A vulnerability in the GPAC multimedia platform is related to null pointer dereferencing in gfisomfragmentaddsampleexisomedia/moviefragments.c:2883. Exploitation of the vulnerability could allow an attacker to cause a denial of service DoS, causing the application to crash or render it...

ROS-20230621-05

OpenSSL cryptographic library vulnerability is related to the use of OBJobj2txt directly or the using any of the OpenSSL OCSP, PKCS7/SMIME, CMS, CMP/CRMF, or TS subsystems without limiting the message size. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denia...

ROS-20230621-02

A vulnerability in the LZWDecode function of the LibTIFF library is related to a null pointer dereferencing error in the libtiff/tiflzw.c file. Exploitation of the vulnerability could allow an attacker to create certain input data that could cause a program to dereference a NULL pointer when...

ROS-20230621-06

The vulnerability in ImageMagick graphical editor is related to writing outside and buffer overflow on a heap-based buffer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a crash of the of the application. The vulnerability in the ImageMagick graphical...

ROS-20230621-04

A vulnerability in the curl program is related to incorrect certificate validation when matching wildcards in TLS certificates for IDNs. wildcards in TLS certificates for IDNs. Exploitation of the vulnerability could allow an attacker acting remotely to create a specially crafted certificate that...

ROS-20230621-01

A vulnerability in the Django web application framework is related to the fact that the application does not perform file validation when using a single form field to upload multiple files. files when using a single form field to upload multiple files. Exploiting the vulnerability could allow an...

ROS-20230622-07

The vulnerability in the libx11 library is due to the fact that the functions in src/InitExt.c in libX11 do not check that the the values provided for request, event, or error identifiers are within the boundaries of the of the arrays to which these functions write, using these identifiers as arr...

ROS-20230622-08

Mozilla Thunderbird email client vulnerability is related to a boundary error in FileReader::DoReadData when reading a file. Exploitation of the vulnerability could allow an attacker acting remotely to cause memory corruption and execute arbitrary code on the target system. memory corruption and...

ROS-20230620-01

Ffmpeg multimedia library vulnerability is related to NULL pointer dereferencing error in function decodemainheader in libavformat/nutdec.c. Exploitation of the vulnerability could allow an attacker, remotely, trick a victim into opening a specially crafted file and performing a denial-of-service...

ROS-20230620-02

Vulnerability of FreeImages library for working with graphic formats is related to reading data outside the buffer boundaries in memory. buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely, to cause a denial of service via a crafted JXR file...

ROS-20230620-04

The vulnerability of the traffic analysis program Wireshark is related to the failure to properly control the consumption of internal resources in the LISP dissector. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause resource exhaustion and perform a...

ROS-20230620-07

A vulnerability in the Python library for Redis redis-py is related to a lack of service data protection. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information...

ROS-20230620-05

A vulnerability in the formatting functionality of the SQL parser module for Python Sqlparse is related to a regular expression that is vulnerable to reuse. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20230620-06

Vulnerability of the GENERALNAMEcmp function of OpenSSL library is related to a flaw in the mechanism of data type conversion data type conversion mechanism when processing x400 addresses. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service A...

ROS-20230620-03

A vulnerability in the HAProxy server software is related to a flaw in HTTP request processing. Exploitation of the vulnerability could allow an attacker acting remotely to execute a "smuggling of HTTP requests" attack...

ROS-20230619-07

Vulnerability of the beh Backend Error Handler component of the cups-filters print package exists due to failure to take measures to neutralize special elements used in the operating system command. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary...

ROS-20230619-05

A vulnerability in the pip module of the Python programming language is related to incorrect input validation in the Policy component python-pip in Oracle Communications Cloud Native Core Policy. Exploitation The vulnerability could allow an attacker acting remotely to manipulate data. The...

ROS-20230619-06

Vulnerability in protobuf-c data serialization protocol is related to integer overflow in the function parserequiredmember. Exploitation of the vulnerability could allow an attacker acting remotely, to cause a complete compromise of the vulnerable system...

ROS-20230619-03

A vulnerability in Certifi's specialized certificate collection is related to the presence of a TrustCor certificate in the list of root certificates, the certificate was removed because TrustCor was also in the business of in the spyware business. Exploitation of the vulnerability could allow an...

ROS-20230619-04

A vulnerability in the OpenSSL cryptographic library is related to ignoring invalid policy certificates in leaf certificates that are skipped for this certificate. Exploitation of the of the vulnerability could allow an attacker to intentionally assert invalid certificate policies to completely...

ROS-20230619-01

The vulnerability in the GLPI web application is related to insufficient cleansing of user data in the administration panel of the administration panel, a user could inject and execute arbitrary HTML code and script in the browser of a user's browser in the context of a vulnerable website...

ROS-20230619-02

A vulnerability in the Redis database is related to insufficient validation of user-entered data, a user could use the HINCRBYFLOAT command to create an invalid hash field. Exploitation of the vulnerability could allow an attacker acting remotely to cause Redis to crash when accessing the affecte...

ROS-20230616-07

Vim text editor vulnerability is related to the error of dereferencing NULL pointer in the function getregister in the register.c file. Exploitation of the vulnerability could allow an attacker acting remotely to trick a victim into opening a specially crafted file and remotely, trick the victim...

ROS-20230616-01

The npm package manager vulnerability is related to the npm package ignoring the file exclusion directives .gitignore and .npmignore root-level file exclusions when run in a workspace or with the workspace flag e.g., --workspaces, --workspace=. Exploitation of the vulnerability could allow an...