7183 matches found
ROS-20221222-05
A vulnerability in the compiling Twig template handler exists due to failure to take measures to neutralize the special elements. Exploitation of the vulnerability could allow an attacker acting remotely, affect the confidentiality, integrity and availability of protected information by running...
ROS-20221222-04
A vulnerability in the PHP programming language interpreter is related to boundary conditions in the function imageloadfont. Exploitation of the vulnerability could allow an attacker acting remotely to pass the specially crafted data to a web application, cause a read error outside of the boundar...
ROS-20221222-03
A vulnerability in the Moodle course management system is related to insufficient validation of user-entered data in the LTI vendor library. data in the LTI vendor's library. Exploitation of the vulnerability could allow an attacker acting remotely to send a specially crafted HTTP request and tri...
ROS-20221220-01
A vulnerability in the ath9khtcwaitfortarget function of the Atheros wireless adapter driver of the kernel of the operating system Linux kernel is associated with a post-release usage error. Exploitation of the vulnerability could allow an attacker to access kernel memory by typing a specially...
ROS-20221216-02
A vulnerability in the Rsync file transfer and synchronization utility is related to authorization errors. Exploitation of the vulnerability could allow an attacker acting remotely to write arbitrary files...
ROS-20221216-01
A vulnerability in the libarchive archiving library is related to the lack of error checking after the call to the calloc function, which may return with a NULL pointer in case of a function crash, resulting in a NULL pointer dereference. resultant dereferencing of the NULL pointer. Exploitation ...
ROS-20221207-02
VLC media player vulnerability, related to a boundary error when playing a malicious URL in the vnc module. Exploitation of the vulnerability could allow an attacker acting remotely to trick a victim into opening a specially crafted stream, causing memory corruption, and executing arbitrary...
ROS-20221207-01
A vulnerability in the inflate.c component of the zlib library is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code...
ROS-20220531-01
A vulnerability in the CUPS print server is related to a flaw in the authorization procedure. Exploiting the vulnerability could allow an attacker to escalate their privileges...
ROS-20221123-01
The vulnerability of qfbufaddline function of Vim text editor is related to memory usage after its release. Exploitation of the vulnerability may allow an intruder to affect the confidentiality, integrity and availability of protected information Vulnerability of the inscompladd function of the...
ROS-20221122-01
Vulnerability of muttdecodeuuencoded function implementation in Mutt mail client is related to operation overflow out of memory buffer boundaries. Exploitation of the vulnerability could allow a remote intruder gain unauthorized access to protected information or cause a denial of service...
ROS-20221121-02
A vulnerability in the FreeRDP remote desktop protocol implementation is related to the fact that there is no range check for the input offset index in the ZGFX decoder. Exploitation of the vulnerability could allow an attacker acting remotely to read the associated data and attempt to decode it...
ROS-20221121-03
Vulnerability of ImageMagick graphic editor is related to integer overflow in function ExportIndexQuantum in MagickCore/quantum-export.c. Exploitation of the vulnerability could allow an attacker, acting remotely, to pass specially crafted image data to an application, cause an integer overflow a...
ROS-20221121-01
A vulnerability in the plugins/sudoers/auth/passwd.c file of the Sudo system administration program is related to the following the ability to read outside of a buffer in memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
ROS-20221118-02
A vulnerability in the MPEG-4 GPAC system standard implementation is related to the svgparsepreserveaspectratio in the scenegraph/svgattributes.c file of the SVG Parser component. Exploitation of the vulnerability could allow an attacker acting remotely to cause a memory leak. an attacker acting...
ROS-20221118-05
A vulnerability in Mozilla Thunderbird email client is related to a memory usage error after a release in the InputStream implementation. Exploitation of the vulnerability could allow an attacker acting remotely, cause a victim to visit a specially crafted website, trigger a post-release usage...
ROS-20221118-03
The vulnerability of Pixman library's rasterizeedges8 function is related to the possibility of writing beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
ROS-20221118-04
A vulnerability in Mozilla Firefox browser is related to a post-release memory usage error in the InputStream implementation. Exploitation of the vulnerability could allow an attacker acting remotely, to force a victim to visit a specially crafted website, trigger a post-release usage error and...
ROS-20221118-01
A vulnerability in the LibTIFF set of libraries and utilities for viewing, editing and converting TIFF files is related to the TIFFReadRGBATileExt function of the libtiff/tifgetimage.c file Exploitation of the vulnerability could allow an attacker acting remotely to send a special file and perfor...
ROS-20221110-01
A vulnerability in the libxml2 XML document parsing library is related to an integer overflow in parse.c during content processing when the XMLPARSEHUGE parameter is set. Exploitation of the vulnerability could allow an attacker acting remotely to pass specially crafted data to the application,...
ROS-20221009-01
A vulnerability in the Exiv2 image metadata management library and command-line utility is related to the QuickTimeVideo::userDataDecoder function of the quicktimevideo.cpp file of the QuickTime Video Handler component. Exploitation of the vulnerability could allow an attacker acting remotely to...
ROS-20221108-01
A vulnerability in the cURL command line utility is related to an error in parsing URLs with IDN characters that are replaced by ASCII analogs during IDN conversion. Exploitation of the vulnerability could allow an attacker acting remotely to bypass curl's HSTS inspection and force it to Use the...
ROS-20221108-21
The cURL command line utility vulnerability is related to a boundary error when processing non-200 HTTP responses proxies for the following schemes: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, telnet. Exploitation vulnerability could allow an attacker acting remotely to cause a bug by forcin...
ROS-20221103-05
Vulnerability of the ntfs-3g utility of the NTFS-3G driver set of the NTFS file system implementation is related to errors in metadata processing. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...
ROS-20221103-03
A vulnerability in the Apache Batik XML SVG graphics rendering, generation, and management library is related to the fact that, the application allows Java classes to be run via JavaScript. Exploitation of the vulnerability could allow an attacker acting remotely to use JavaScript to execute a Ja...
ROS-20221103-02
PJSIP multimedia library vulnerability is related to a buffer overflow error in the PJSIP parser PJSIP parser, PJMEDIA RTP decoder and PJMEDIA SDP parser. Exploitation of the vulnerability could allow an attacker acting remotely to cause a flow failure and gain access to potentially sensitive...
ROS-20221103-04
Libtasn1 library vulnerability is related to ETYPEOK error in asn1encodesimpleder function. Exploitation The vulnerability could allow an attacker acting remotely, passing specially crafted data, cause a one-by-one error, and perform a denial-of-service DoS attack...
ROS-20221103-01
Vim text editor vulnerability is related to memory release error in qfupdatebuffer function in the quickfix.c file of the autocmd Handler component. Exploitation of the vulnerability could allow an attacker, acting remotely, trick the victim into opening a specially crafted file, causing a progra...
ROS-20221103-06
Apache Tomcat application server vulnerability is related to incorrect implementation of read/write locking. writes. Exploitation of the vulnerability could allow an attacker acting remotely to cause a concurrency error and force client connections to share an instance of Http11Processor...
ROS-20221028-01
Exim mail server vulnerability is related to the dmarcdnslookup function of the dmarc.c file of the DMARC handler component. Exploitation of the vulnerability could allow an attacker acting remotely to cause a memory freeing and gain access to sensitive data Exim mail server vulnerability is...
ROS-20221025-03
A vulnerability in Mozilla Firefox browser is related to improper management of internal resources in the application when processing window.print events. application when handling window.print events. Exploitation of the vulnerability could allow an attacker, acting remotely, trick a victim into...
ROS-20221025-02
A vulnerability in the Redis database management system DBMS is associated with the sigsegvHandler function of the debug.c file of the Crash Report component. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service...
ROS-20221025-04
Mozilla Thunderbird email client vulnerability is related to a boundary error in the engine's garbage collector JS. Exploitation of the vulnerability could allow an attacker acting remotely to create a customized website, trick the victim into opening it, cause memory corruption, and execute...
ROS-20221025-01
A vulnerability in the specialized shapelib library is related to a double memory release in the contrib/shpsort.c. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service or other unspecified impact by controlling malloc...
ROS-20221020-02
A vulnerability in the Java Protocol Buffers protobuf-java runtime library is related to a problem analyzing binary data. Exploitation of the vulnerability could allow an attacker acting remotely to send data containing multiple instances of non-repeating embedded messages to the application's...
ROS-20221020-01
Vulnerability of the library providing functions for X.509 LibKSBA certificates is related to the integer overflow in the CRL parser. Exploitation of the vulnerability could allow an attacker acting remotely to pass specially crafted data to an application, cause an integer overflow and execute...
ROS-20221017-02
The Open Asset Import Library Assimp 3D model import library vulnerability is related to a segmentation violation via the Assimp::XFileImporter::CreateMeshes component. segmentation via Assimp::XFileImporter::CreateMeshes component. Exploitation of the vulnerability could allow an attacker acting...
ROS-20221017-01
A vulnerability in the FreeRDP remote desktop protocol implementation is related to the disclosure of uninitialized data on unix systems when using the /parallel command line switch. uninitialized data on unix systems when using the /parallel command line switch. Exploitation of the vulnerability...
ROS-20221013-04
A vulnerability in the PostgreSQL database management system is related to errors when using OR commands extensions. Exploitation of the vulnerability could allow an attacker acting remotely to escalate their privileges and replace arbitrary objects in the database...
ROS-20221013-03
A vulnerability in the PostgreSQL database management system is related to errors when using OR commands extensions. Exploitation of the vulnerability could allow an attacker acting remotely to escalate their privileges and replace arbitrary objects in the database...
ROS-20221013-02
The vulnerability in the Moodle course management system is related to the fact that the H5P attempted action report does not group permissions are not taken into account when displaying to non-editing teachers information about attempts/users in groups to which they should not have access. about...
ROS-20221013-06
A vulnerability in the PostgreSQL database management system is related to errors when using OR commands extensions. Exploitation of the vulnerability could allow an attacker acting remotely to escalate their privileges and replace arbitrary objects in the database...
ROS-20221013-05
A vulnerability in the PostgreSQL database management system is related to errors when using OR commands extensions. Exploitation of the vulnerability could allow an attacker acting remotely to escalate their privileges and replace arbitrary objects in the database...
ROS-20221013-01
A vulnerability in the D-Bus interprocess communication system is related to the reachability of an assertion in debug builds caused by a syntactically invalid type signature with improperly nested brackets and curly braces. Exploitation of the vulnerability could allow an attacker to execute a...
ROS-20221007-02
Vulnerability of lighttpd web server is related to memory leak in modfastcgi and modscgi modules while processing a large number of incorrect HTTP requests. a large number of malformed HTTP requests. Exploiting the vulnerability could allow an attacker, acting remotely, send multiple invalid HTTP...
ROS-20221007-03
Vim text editor vulnerability is related to a memory release error in the function didsetstringoption of the optionstr.c file. Exploitation of the vulnerability could allow an attacker, acting remotely, trick the victim into opening a specially crafted file, crashing the program, and executing...
ROS-20221007-21
The cURL command line utility vulnerability is related to how cookies with control codes byte values less than 32 are handled. codes byte values less than 32. Exploitation of the vulnerability could allow an attacker acting remotely to send a cookie containing such control codes to a remote user...
ROS-20221007-05
Firefox browser vulnerability is related to a bounds error in HTML content processing. Exploitation The vulnerability could allow a remote attacker to create a customized website, trick the victim into opening it, cause memory corruption, and execute arbitrary code on the target system. the victi...
ROS-20221007-04
Vulnerabilities in Firefox, Firefox ESR web browsers and Thunderbird email client are related to errors in the in the presentation of information by the user interface. Exploitation of the vulnerability could allow An attacker acting remotely could disclose protected information Vulnerability in...
ROS-20221007-01
The cURL command line utility vulnerability is related to how cookies with control codes byte values less than 32 are processed. codes byte values less than 32. Exploitation of the vulnerability could allow an attacker acting remotely to send a cookie containing such control codes to a remote use...