7183 matches found
ROS-20221004-01
Vim text editor vulnerability is related to a boundary error during file processing in the function exfinally in exeval.c. Exploitation of the vulnerability could allow an attacker acting remotely, create a special file, force the victim to open it, cause memory corruption, and execute arbitrary...
ROS-20221004-02
Vulnerability of lighttpd web server is related to a null pointer dereferencing error in modwstunnel module module when processing invalid HTTP requests. Exploitation of the vulnerability could allow an attacker, remotely, send specially crafted HTTP requests to a vulnerable web server and execut...
ROS-20220929-01
BIND DNS server vulnerability is related to boundary conditions when reusing HTTP connection when requesting statistics from a statistics channel. Exploitation of the vulnerability could allow an attacker, acting remotely, using a managed DNS server to cause a read error outside the boundary...
ROS-20220929-02
A vulnerability in the Redis database management system DBMS XAUTOCLAIM command implementation is related to an integer overflow during COUNT argument processing. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...
ROS-20220926-01
A vulnerability in the Vim text editor is related to a boundary error in the utfcptr2len function in mbyte. Exploitation of the vulnerability could allow an attacker acting remotely to trick the victim into to open a specially crafted file, cause a heap buffer overflow, and execute arbitrary code...
ROS-20220926-02
Poppler PDF rendering library vulnerability is related to integer overflow in decoder JBIG2 in the JBIG2Stream::readTextRegionSeg function in JBIGStream.c. Exploitation of the vulnerability could allow an an attacker acting remotely to pass a specially crafted PDF file or image to an application...
ROS-20220920-01
The grubscriptfunctioncreate function of the Grub configuration file has a vulnerability due to a function override error. function override error while this function is already executed. Exploitation of the vulnerability allows an attacker to gain access to confidential data, compromise its...
ROS-20220919-01
A vulnerability in the Linux kernel's implementation of the CAN BCM protocol is caused by synchronization errors when utilizing a shared resource. Exploitation of the vulnerability could allow an attacker to escalate their privileges Vulnerability of the legacyparseparam function of the Linux...
ROS-20220914-01
A vulnerability in the libConfuse configuration file parser library is related to a buffer overflow in the function cfgtildeexpand in confuse.c. Exploitation of the vulnerability could allow an attacker acting remotely, transmit a specially crafted file to the system, causing a buffer overflow an...
ROS-20220909-01
A vulnerability in the vimvsnprintftypval function of the Vim text editor is related to the use of memory after it has been freed. Exploitation of the vulnerability may allow an intruder to affect confidentiality, integrity and availability of protected information Vim text editor vulnerability i...
ROS-20220908-01
A vulnerability in the netfilter subsystem of the Linux kernel is related to the use of memory after it has been freed. Exploitation of the vulnerability could allow an attacker to escalate privileges and execute arbitrary code A vulnerability in the Linux kernel is related to the fact that when...
ROS-20220826-01
A vulnerability in the phpurlparseex function of the PHP programming language interpreter is related to insufficient validation of incoming requests. Exploitation of the vulnerability could allow a remote attacker to launch an SSRF attack Vulnerability in the SOAP extension of the PHP interpreter...
ROS-20220808-01
A vulnerability in the ActiveDirectory/DC database audit logging module of the Samba networking software suite is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A vulnerability in the Samba...
ROS-20220721-02
A vulnerability in the Harfbuzz text conversion library involves an integer overflow in the hb-ot-shape-fallback.cc file. Exploitation of the vulnerability could allow an attacker acting remotely to pass specially crafted data to an application, cause an integer overflow, and cause the applicatio...
ROS-20220721-01
Vulnerability in the ProcXkbSetGeometry call handler of X.Org Server is related to improper protection of the of signal strength warnings during request length processing. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code or escalate privileges A...
ROS-20220804-01
A vulnerability in the Rust language standard library is related to the race condition in the std::fs::removedirall function. Exploitation of the vulnerability could allow an attacker acting remotely to achieve deletion of arbitrary system files and directories that an attacker would not normally...
ROS-20220619-01
A vulnerability in the nftexprinit function net/netfilter/nftablesapi.c of the Netfilter packet filtering software of the Linux kernel is related to the possibility of memory usage after the packet filtering software has been installed. Netfilter packet filtering software of the Linux kernel is...
ROS-20220714-01
A vulnerability in the BusyBox command line utility suite is related to incorrect input validation of PTR entries DNS records output in the netstat utility when run on a VT-compatible terminal. Exploitation vulnerability could allow an attacker acting remotely to trick the victim into launching t...
ROS-20220714-02
A vulnerability in the passdb account database of the Dovecot mail server is related to errors in the configuration. Exploitation of the vulnerability could allow an attacker acting remotely to escalate their privileges...
ROS-20220706-01
A vulnerability in the OpenSSH session encryption suite of programs is related to the fact that the application does not properly enforce security restrictions when the keyword parameter LogVerbose keyword parameter is enabled with a set of parameters that activate logging for an isolated process...
ROS-20220706-02
The Rubygem Rack web application development interface vulnerability is related to incorrect input validation when processing data transmitted through the Rack Lint middleware and CommonLogger middleware. Exploitation of the vulnerability could allow an attacker acting remotely to send specially...
ROS-20220705-01
Caribou on-screen keyboard vulnerability, related to buffer overflow in XkbSetDeviceInfo and SetDeviceIndicators. Exploitation of the vulnerability could allow an attacker, when invoking the functionality of the the on-screen keyboard functionality from the screen keeper, crash libcaribou, crash...
ROS-20220701-01
Vim text editor vulnerability is related to boundary conditions in textobject.c. Exploitation The vulnerability could allow a remote attacker to create a special file, trick the victim into opening it, cause a read error outside the boundaries, and read the memory contents. victim to open it, cau...
ROS-20220701-03
Vulnerability in Mozilla Thunderbird email client is related to improper handling of sandbox header CSP without the "allow scripts" parameter. Exploitation of the vulnerability could allow an attacker acting remotely to use an iframe to bypass an implemented restriction. remotely, use an iframe t...
ROS-20220701-02
A vulnerability in the Mozilla Firefox browser is related to improper handling of the CSP sandbox header without the the "allow scripts" parameter. Exploitation of the vulnerability could allow an attacker acting remotely to use an iframe to bypass an implemented CSP restriction and exploit it...
ROS-20220628-02
A vulnerability in the Bluetooth protocol stack for Linux BlueZ is related to insufficient validation of user input during A2DP profile processing. user input during A2DP profile processing. Exploitation of the vulnerability could allow an attacker, remotely, transmit specially crafted data to th...
ROS-20220628-01
A vulnerability in the Apache HTTP web server is related to insufficient validation of user-entered data during the HTTP requests to the lua script that calls r:parsebody0. Exploitation of the vulnerability could allow an attacker acting remotely to send a very large HTTP request to a vulnerable...
ROS-20220628-03
A vulnerability in the Squid caching proxy server is related to assertion reachability when processing responses to the from the Gopher server. Exploitation of the vulnerability could allow an attacker acting remotely to send a specially crafted response to the proxy server and perform a denial o...
ROS-20220622-01
Vulnerability of the E2fsprogs service utility set is related to a boundary error when processing unreliable input data. Exploitation of the vulnerability could allow an attacker to exploit a specially crafted file system, run an out-of-bounds entry, and execute arbitrary code on the target syste...
ROS-20220622-02
Vulnerability of the library implementing Perl PCRE2 style regular expressions is related to boundary conditions in the compilexclassmatchingpath function of the pcre2jitcompile.c file. conditions in the compilexclassmatchingpath function of the pcre2jitcompile.c file. Exploitation of the...
ROS-20220620-01
A vulnerability in the program monitoring the communication between the container manager and the conmon runtime environment is related to the fact that the application does not properly monitor the consumption of internal resources within the request ExecSync. Exploitation of the vulnerability...
ROS-20220608-01
The vulnerability of the ClamAV antivirus software package is related to a boundary error in the module of database loading signatures. Exploitation of the vulnerability could allow an attacker acting remotely to transfer specially crafted data to an application, cause a buffer overflow in dynami...
ROS-20220131-01
Vulnerability in the ptp4l service of the LinuxPTP precision time protocol PTP implementation software is caused by an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker, acting remotely, cause the application to crash as a result of creatin...
ROS-20220530-03
Vulnerability of Array method of Mozilla Firefox and Mozilla Firefox ESR browsers and Thunderbird mail client is related to code generation errors. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary JavaScript code. remotely to execute arbitrary...
ROS-20220530-02
Vulnerabilities in the Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck components of the PostgreSQL database management system are related to a maintenance error in one component. pgamcheck components of PostgreSQL database management system are related to...
ROS-20220530-01
A vulnerability in the Vim text editor is related to boundary conditions in the getonesourceline function. Exploitation of the vulnerability could allow an attacker acting remotely to trick the victim into to open a specially crafted file, cause a read error outside the boundary conditions, and...
ROS-20220530-04
Vulnerability of Array method of Mozilla Firefox and Mozilla Firefox ESR browsers and Thunderbird mail client is related to code generation errors. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary JavaScript code. remotely to execute arbitrary...
ROS-20220525-01
A vulnerability in the Vim text editor is related to a boundary error when processing unreliable input data. Exploitation of the vulnerability could allow an attacker acting remotely to trick the victim into to open a specially crafted file and initiate unauthorized writing and execution of...
ROS-20220524-04
The vulnerability in the Moodle course management system is due to a problem in the logic used to count of failed login attempts. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the account lockout threshold. remotely to bypass the account lockout threshold A...
ROS-20220524-02
A vulnerability in the lightweight DNS, DHCP, and TFTP server Dnsmasq is related to a memory usage error after a release when processing DHCPv6 requests. Exploitation of the vulnerability could allow an attacker, acting remotely, send specially crafted DHCPv6 packets to a vulnerable application,...
ROS-20220524-01
OpenSSL cryptographic library vulnerability is related to incorrect input validation in the script crehash. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary OS commands with script privileges A vulnerability in the OpenSSL cryptographic library is...
ROS-20220524-03
The cURL command-line utility vulnerability is related to the -no-clobber toolkit, which is used in conjunction with --remove-on-error. Exploitation of the vulnerability could allow an attacker acting remotely, trick the victim into connecting to a malicious server and forcing the command-line to...
ROS-20220524-21
The cURL command-line utility vulnerability is related to a bug in the HSTS implementation that could allow curl to continue using the HTTP protocol instead of HTTPS if the hostname in the specified URL used an endpoint but did not use it when building the HSTS cache. Exploitation of the...
ROS-20220518-03
A vulnerability in the pjproject multimedia communication library is related to an infinite loop when parsing a of a WAV file. Exploitation of the vulnerability could allow an attacker acting remotely to consume all available system resources and cause denial of service conditions A vulnerability...
ROS-20220518-01
A vulnerability in the Mozilla Firefox browser is related to improper permission management in the application. Exploitation of the vulnerability could allow an attacker acting remotely to create a web page that Bypasses the existing browser hint and inherits top-level permissions improperly The...
ROS-20220518-02
A vulnerability in Mozilla Thunderbird email client is related to incorrect processing of user input data when processing signed and encrypted attached messages. user input when processing signed and encrypted attached messages. Exploitation exploitation of the vulnerability could allow a remote...
ROS-20220516-08
A vulnerability in the libxml2 XML document parsing library is related to an integer overflow in several buffer handling functions in buf.c xmlBuf and tree.c xmlBuffer. Exploitation of the vulnerability could allow an attacker acting remotely to pass a specially crafted multi-gigabyte XML file to...
ROS-20220516-10
A vulnerability in the evdevlogmsg function of the libinput library's implementation of the X.Org and Wayland display server protocols is related to the use of uncontrolled format strings. Wayland is related to the use of uncontrolled format strings. Exploitation of the vulnerability could allow ...
ROS-20220516-02
A vulnerability in the gzip library is related to errors in file name processing. Exploitation of the vulnerability could allow an attacker acting remotely to write arbitrary files to the system using the command-line utilities zgrep and xzgrep command line utilities...
ROS-20220516-30
Vulnerability in the cURL command line utility is related to OAUTH2 connection reuse errors for SASL-enabled protocols such as SMPTPS, IMAPS, POP3S, and LDAPS openldap only. Exploitation of the vulnerability could allow an attacker acting remotely to reuse the OAUTH2 authenticated connections...