ROS-20230407-21

A vulnerability in the libcurl library is related to an authentication bypass, in which libcurl reuses a a previously established SSH connection, even though the SSH parameter has been changed, which should have prevent reuse. Exploitation of the vulnerability could allow an attacker acting...

ROS-20230407-01

The libcurl library vulnerability is related to FTP connection reuse, previously created connections are stored in a connection pool for reuse if they match the current connection pool. connections are stored in the connection pool for reuse if they match the current configuration. configuration...

ROS-20230407-03

A vulnerability in the OpenSSL cryptographic library is related to the validation of X.509 certificate chains that include policy restrictions. Exploitation of the vulnerability could allow an attacker acting remotely, to create a malicious certificate chain that triggers exponential utilization ...

ROS-20230407-02

The Redis DBMS vulnerability is related to a command injection error that exists due to a reachable assertion when processing the MSETNX command. Exploitation of the vulnerability could allow an attacker, acting remotely, to send a specially crafted MSETNX command, causing a denial of service,...

ROS-20230406-21

A vulnerability in the curl program is related to data exchange using the TELNET protocol, which could allow an attacker to pass a specially crafted username and "telnet parameters" during a server negotiation. Exploitation of the vulnerability could allow an attacker acting remotely, to send...

ROS-20230406-01

A vulnerability in the curl program is related to the incorrect replacement of the tilde character when used as a prefix in the first path element, in addition to its intended use as the first element to specify a path relative to a user's home directory. element to specify a path relative to the...

ROS-20230324-01

Vulnerability of Samba networking software package is related to errors in symbolic links processing. links. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to the server's server file system Vulnerability of unwrapdes and unwrapdes3 functions of GSSAPI...

ROS-20230322-03

A vulnerability in the Git program is related to the input of processed input data - a path outside the working tree can be overwritten by a user running "git apply". Exploiting the vulnerability could allow an attacker acting remotely to run the affected command against a malicious or compromise...

ROS-20230322-02

The Containerd container execution environment vulnerability is related to a flaw whereby additional groups are not properly configured within the container, when an attacker has direct access to the container and manipulates its optional group access, it can use optional group access to bypass t...

ROS-20230322-01

A vulnerability in the HEIF and AVIF libheif file format decoder is related to the data parsing code of strided images in the emscripten wrapper for libheif. Exploitation of the vulnerability could allow an attacker acting remotely to use a specially crafted image file to cause a buffer overflow ...

ROS-20230321-01

A vulnerability in libde265 is related to null pointer dereferencing in the mcchroma function in motion.cc. Exploitation of the vulnerability could allow an attacker to cause a denial of service DoS with a a crafted input file. The vulnerability in libde265 is related to the dereferencing of a nu...

ROS-20230320-02

A vulnerability in libde265 involves copying an input buffer to an output buffer without checking that the size of the input buffer is less than the size of the output buffer, resulting in a buffer overflow in the of the input buffer is smaller than the output buffer, resulting in a buffer overfl...

ROS-20230320-01

A vulnerability in the Vim text editor is related to a division by zero error in the scrolldown function in move.c. Exploitation of the vulnerability could allow an attacker acting remotely to perform a denial-of-service attack. denial-of-service attack...

ROS-20230317-02

Squid vulnerability related to a bug in libntlmauth due to improper integer overflow protection integer overflow protection in Squid SSPI and SMB authentication helpers. Exploitation of the vulnerability could allow an attacker, acting remotely to disclose information or cause a denial of service...

ROS-20230317-03

A vulnerability in the Minio object store is related to improper enforcement of the bypass prohibition policy, with the removing a version identifier with the special header "X-Amz-Bypass-Governance-Retention: true". Exploitation of the vulnerability could allow an attacker acting remotely to gai...

ROS-20230317-01

Vulnerability in Redis database related to string mapping commands e.g. SCAN or KEYS with a specially crafted template. Exploitation of the vulnerability could allow an attacker acting remotely to launch a "denial of service" attack. remotely to launch a denial-of-service attack...

ROS-20230316-01

Vulnerability in C library related to c-ares package, where aressetsortlist lacks input string validation, allowing possible stack overflow. package in which aressetsortlist lacks input string validation, which allows possible stack overflow of arbitrary length. Exploitation of the vulnerability...

ROS-20230315-01

Vulnerability in Mozilla Thunderbird email client related to notifications that are not displayed, when the browser is in full screen mode, allowing an attacker to trick the victim into visiting a malicious website and performing a spoofing attack. to visit a malicious website and perform a...

ROS-20230217-01

Vulnerability in driver management software for multipath access organization multipath-tools is related to privilege management errors. Exploitation of the vulnerability could allow an attacker to elevate privileges to root user...

ROS-20230217-02

A vulnerability in the Mozilla Firefox browser is related to a memory corruption bug. Exploitation of the vulnerability could allow a remote attacker to cause a buffer overflow and run arbitrary code...

ROS-20230213-01

A vulnerability in the ImageMagick graphical editor is related to errors in input data processing. Exploitation of the vulnerability may allow a remote intruder to gain access to protected information using the profile parameter. information using the profile parameter Vulnerability of ImageMagic...

ROS-20230210-01

The vulnerability of the GNU Less utility for UNIX-like UNIX text terminals is due to the fact that calling "less -R" will not filter ANSI control sequences sent to the terminal. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges on the system...

ROS-20230210-03

Vulnerability of GNU C Libraryglibc system calls and basic functions library is related to buffer overflow in monstartup function of Call Graph Monitor component in gmon.c file. buffer overflow in monstartup function of gmon.c file of Call Graph Monitor component. Exploiting the vulnerability cou...

ROS-20230210-04

A vulnerability in the Redis database management system DBMS is related to the setrange and sort ro commands. Exploitation of the vulnerability could allow an attacker acting remotely to cause an integer overflow, resulting in the allocation of unacceptable amounts of memory...

ROS-20230210-02

The X.Org Server vulnerability is related to the fact that after calling free a pointer bound to the buffer did not have the NULL sign, which led to further access to the buffer after its freeing use-after-free in the DeepCopyPointerClasses function used in the X Input extension...

ROS-20230203-01

A vulnerability in the GNU Tar archiver is related to the fromheader function in list.c via the V7 archive, in which mtime contains approximately 11 whitespace characters. Exploitation of the vulnerability could allow an attacker, acting remotely, to transmit special data to the application and...

ROS-20230203-03

A vulnerability in the GNU Binary Utilities binutils object code manipulation toolkit is related to a memory access error. Exploitation of the vulnerability could allow an attacker acting remotely to analyze an ELF file containing corrupted information. remotely, to analyze an ELF file containing...

ROS-20230203-02

Vim text editor vulnerability is related to division by zero error in 'smoothscroll' function at small window size. window size. Exploitation of the vulnerability could allow an attacker acting remotely to cause the program to crash. program crash...

ROS-20230130-02

Vulnerability of the opusfile stream decoder library is related to null pointer dereferencing in the opgetdata and opopen1 functions in opusfile.c in xiph. Exploitation of the vulnerability could allow an attacker, acting remotely, transfer specially crafted data to an application and perform a...

ROS-20230130-01

A vulnerability in the cross-platform JavaScript runtime Node.js is related to incorrect handling of an exception in the src/nodeoptions-inl.h file when an invalid command line argument is input. exception in src/nodeoptions-inl.h file when an invalid command line argument is supplied. Exploitati...

ROS-20230127-02

Vim text editor vulnerability is related to NULL pointer dereferencing error in function guix11createblankmouse in guix11.c. Exploiting the vulnerability could allow an attacker, remotely, trick the victim into opening a specially crafted file and performing a denial-of-service attack DoS. "denia...

ROS-20230124-03

Vulnerability of LibTIFF set of libraries and utilities for viewing, editing and converting TIFF files is related to the processCropSelections function of the tools/tiffcrop.c file of the TIFF Image Handler component. Exploitation of the vulnerability could allow an attacker acting remotely to se...

ROS-20230124-04

The vulnerability in the Mozilla Firefox browser is due to the fact that a deprecated library libusrsctp contained a vulnerability that could potentially be exploited. vulnerabilities that could potentially be exploited. Exploitation of the vulnerability could allow an attacker acting remotely to...

ROS-20230124-05

A vulnerability in the X Pixmap XPM libXpm image file library is related to an infinite loop when processing unclosed comments in XPM images in the ParseComment function. loop when processing unclosed comments in XPM images in the ParseComment function. Exploitation The vulnerability could allow ...

ROS-20230124-02

Vim text editor vulnerability is related to an incorrect memory access error with collapsing and using "L" in the src/normal.c function. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a buffer overflow and denial of service...

ROS-20230127-01

A vulnerability in the Mozilla Thunderbird email client is related to the fact that the browser's full-screen notification could have been delayed or suppressed, which could lead to data spoofing. Exploitation of the vulnerability could allow an attacker acting remotely to direct a user to a...

ROS-20230124-01

Vulnerability of sudoedit function of Sudo system administration program is related to errors in processing of additional arguments in environment variables. additional arguments in environment variables. Exploitation of the vulnerability could allow an attacker, acting remotely to escalate...

ROS-20230117-02

A vulnerability in the Open vSwitch software tiered switch is related to loss of integer significance when parsing Auto Attach TLVs. integer when parsing Auto Attach TLVs. Exploitation of the vulnerability could allow an attacker acting remotely to send specially crafted LLDP messages. remotely,...

ROS-20230117-01

Simple DirectMedia Layer SDL multimedia library vulnerability is related to a memory leak in the function GLESCreateTexture in the render/opengles/SDLrendergles.c file. Exploitation of the vulnerability could allow an attacker acting remotely to cause a memory leak and execute a denial of service...

ROS-20230112-02

A vulnerability in the Vim text editor is related to a boundary error in the msgputsprintf0 function in message.c. Exploitation of the vulnerability could allow an attacker acting remotely to trick the victim into to open a specially crafted file, cause a heap buffer overflow, and execute arbitra...

ROS-20230112-01

A vulnerability in the Squid caching proxy server is related to inconsistent processing of internal URIs. Exploitation of the vulnerability could allow an attacker acting remotely to bypass ACL manager protections and gain access to cache manager information, which includes records about the...

ROS-20221229-01

A vulnerability in the GdkPixbuf image processing library is related to a heap buffer overflow when composing or clearing frames in GIF files in the io-gif-animation.ccompositeframe file. Exploitation of the vulnerability could allow an attacker acting remotely to pass specially crafted data to a...

ROS-20221229-03

A vulnerability in the Mozilla Thunderbird email client is related to the fact that a process can partially exit the sandbox and read arbitrary files using IPC messages associated with the clipboard. Exploitation of the vulnerability could allow an attacker acting remotely to open a given source...

ROS-20221229-02

A vulnerability in the Mozilla Firefox browser is related to the fact that a process can partially exit the sandbox and read arbitrary files using IPC messages associated with the clipboard. Exploitation of the of the vulnerability could allow an attacker acting remotely to open a given source an...

ROS-20221227-01

Vulnerability of the library providing functions for X.509 LibKSBA certificates is related to the integer overflow in the CRL parser. Exploitation of the vulnerability could allow an attacker acting remotely to pass specially crafted data to an application, cause an integer overflow and execute...

ROS-20221227-02

A vulnerability in the PJSIP multimedia library is related to a boundary error in the decoding of STUN messages. Exploitation of the vulnerability could allow an attacker acting remotely to transmit a specially crafted STUN message to an application, cause a heap buffer overflow, and execute...

ROS-20221223-01

The containerd container runtime vulnerability is related to a bug in the CRI containerd thread server when handling terminal resize events. Exploitation of the vulnerability could allow an attacker, acting remotely, to query the TTY and cause it to crash by sending an invalid command and running...

ROS-20221222-02

A vulnerability in the cURL command-line utility is related to a bounds error in parsing the .netrc file. Exploitation vulnerability could allow an attacker acting remotely to transfer a specially crafted file, cause a stack-based buffer overflow, and perform a denial of service DoS attack The cU...

ROS-20221222-22

A vulnerability in the cURL command-line utility is related to a bounds error in parsing the .netrc file. Exploitation vulnerability could allow an attacker acting remotely to transfer a specially crafted file, cause a stack-based buffer overflow, and perform a denial of service DoS attack The cU...

ROS-20221222-01

A vulnerability in the audinsendopen function of the xrdp server is related to the possibility of a stacked buffer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to a remote machine Vulnerability in devredirprocclientdevlistannouncereq function ...