8216 matches found
ROS-20230616-07
Vim text editor vulnerability is related to the error of dereferencing NULL pointer in the function getregister in the register.c file. Exploitation of the vulnerability could allow an attacker acting remotely to trick a victim into opening a specially crafted file and remotely, trick the victim...
ROS-20230616-02
Vulnerability in libavcodec/pthreadframe.c component of FFmpeg multimedia library is related to memory usage after it is freed when processing worker threads with hwaccel decoder. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code...
ROS-20230615-01
LibRaw image processing library vulnerability is related to heap buffer overflow in raw2imageex. Exploitation of the vulnerability could allow an attacker acting remotely to cause an application to application crash due to a maliciously crafted input file...
ROS-20230615-02
The vulnerability of the OpenSearch software package is related to the implementation of detailed access control rules document-level security, field-level security, and field masking when they were incorrectly applied to queries during extremely rare runtime conditions. Exploitation of the of th...
ROS-20230615-03
A vulnerability in the HEIF and AVIF libheif file format decoder is related to a floating point exception in the heif::Fraction::round function in box.cc Exploitation of the vulnerability could allow an attacker, remotely to perform a denial of service attack...
ROS-20230615-05
Vulnerability in Thunderbird email client is related to incorrect processing of user data in the error page for sites with invalid TLS certificates. displaying certificate exceptions, on the error page for sites with invalid TLS certificates. Exploitation of the vulnerability could allow an...
ROS-20230615-04
The vulnerability in Mozilla Firefox and Firefox ESR browsers is related to an operation exceeding buffer boundaries in memory. memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code Vulnerability in Mozilla Firefox browser is related to...
ROS-20230504-03
A vulnerability in the minimatch package of the Node.js software development platform is related to a call to the braceExpand function with with certain arguments. Exploitation of the vulnerability could allow an attacker acting remotely, to cause a denial of service...
ROS-20230505-01
Mozilla Thunderbird email client vulnerability involves invalid free operation from code JavaScript. Exploitation of the vulnerability could allow an attacker acting remotely to force the victim to to visit a specially crafted web page, cause memory corruption, and execute arbitrary code. The...
ROS-20230505-02
The vulnerability in the Mozilla Firefox browser is due to the fact that Mozilla's service desk handles blocking records when downloading updates from an SMB server. Exploitation of the vulnerability could allow an attacker to to apply an unsigned update file by pointing the service to an update...
ROS-20230428-03
A vulnerability in the WSGI Werkzeug web application library is related to the fact that the application does not properly control the consumption of internal resources when parsing data from a composite form with a large number of fields. internal resource consumption when parsing data from a...
ROS-20230428-01
A vulnerability in the Python Charmers Future program is related to improper input validation when processing the the Set-Cookie header. Exploitation of the vulnerability could allow an attacker acting remotely to to send a specially crafted HTTP request to the application and perform a denial of...
ROS-20230428-02
A vulnerability in the Sqlalchemy mako Python template library is related to insufficient input validation when processing regular expressions in the Lexer class. Exploitation of the vulnerability could allow an attacker, acting remotely, pass specially crafted data to an application and perform ...
ROS-20230428-04
The vulnerability in the Pillow image library is related to improper internal resource management when working with highly compressed GIF data. resources when working with highly compressed GIF data. Exploitation of the vulnerability could allow an attacker, acting remotely, transfer a specially...
ROS-20230428-05
A vulnerability in Python Packaging Authority installation tools is related to insufficient input validation when processing HTML content. Exploitation of the vulnerability could allow an attacker acting remotely to pass specially crafted data to an application and perform a denial of service...
ROS-20230420-01
Vulnerability in the modproxy module of Apache HTTP Server is related to flaws in header handling Transfer-Encoding. Exploitation of the vulnerability could allow an attacker acting remotely to send a hidden HTTP request HTTP Request Smuggling attack. hidden HTTP request HTTP Request Smuggling...
ROS-20230420-02
A vulnerability in the iconv function of the glibc library is related to a flaw in the use of the assert function. The vulnerability allows an attacker acting remotely to cause a denial of service...
ROS-20230420-04
Vulnerability in Mozilla Firefox, Firefox ESR browsers and Thunderbird mail client of the operating systems Windows operating systems is related to insufficient protection of service data when processing a request to save files via the "Save As" dialog box. via the "Save As" dialog box...
ROS-20230420-03
The vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client is related to an operation exceeding the memory buffer boundaries when checking the number of available bytes of regulated threads. operation exceeds buffer boundaries in memory when checking the number of available...
ROS-20230419-01
Vulnerability of HFS+ partition file analyzer of ClamAV antivirus software package is related to an operation exceeding the memory buffer boundaries. operation beyond the memory buffer boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
ROS-20230419-03
The X.Org Server vulnerability is related to a post-release exploit bug where, when handling the deletion of a of a window, Xserver leaves a dangling pointer to that window in the CompScreen structure. Exploitation of the vulnerability could allow an attacker to cause a post-release usage error a...
ROS-20230419-02
The vulnerability in the Dnsmasq DNS server is related to the maximum EDNS.0 UDP packet size by default it was set to 4096, but should be 1232. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
ROS-20230418-01
Nextcloud server vulnerability is related to an application that does not properly control the consumption of of internal resources. Exploitation of the vulnerability could allow an attacker acting remotely, to initiate resource exhaustion and perform a denial of service attack. The Nextcloud...
ROS-20230418-04
A vulnerability in the pki-core public key infrastructure deployment management system is related to insufficient validation of user-entered XML data, which could be passed by specially created XML code to a vulnerable application and view the contents of arbitrary files on the system or initiate...
ROS-20230418-02
A vulnerability in the PHP programming language is related to the kernel's path resolution function, which allocates a buffer one bytes less than necessary, if paths are resolved with a length close to the MAXPATHLEN system parameter, this can cause the byte after the allocated buffer to be...
ROS-20230418-05
A vulnerability in the OpenSSL cryptographic library is related to a boundary error in the PEMreadbioex function. Exploitation of the vulnerability could allow an attacker acting remotely to pass a specially crafted PEM file to an application, cause a memory re-release error, and perform a typing...
ROS-20230418-03
A vulnerability in the attribute definition mechanism for the gitattributes paths of the Git distributed version control system is related to an integer overflow. Git version control system is related to integer overflow. Exploitation of the vulnerability could allow an attacker, acting remotely,...
ROS-20230417-03
Vulnerability in ImageMagick graphic editor is related to improper management of internal resources within the application when parsing SVG files. within the application when parsing SVG files. Exploitation of the vulnerability could allow an attacker, acting remotely, to pass a specially crafted...
ROS-20230417-02
A vulnerability in the Kerberos5 heimdal protocol implementation is related to changing memcmp values for constant time and a workaround for a compiler error by adding "!= 0" comparisons to the memcmp result. Exploitation of the vulnerability could allow an attacker acting remotely to perform a...
ROS-20230417-05
A vulnerability in the curl program is related to a problem when processing multiple queries resulting in the ignoring HSTS support. Exploitation of the vulnerability could allow an attacker acting remotely, to cause HSTS functionality to fail by sequentially requesting multiple URLs...
ROS-20230417-04
A vulnerability in the CryptParameterDecryption function of the cryptoprocessor firmware of the Trusted Platform Module TPM is related to reading data beyond buffer boundaries in memory. Exploitation of the vulnerability may allow an intruder to gain unauthorized access to protected information...
ROS-20230417-01
The vulnerability in Redis database is related to integer overflow in "SRANDMEMBER" commands, "ZRANDMEMBER" and "HRANDFIELD." Exploitation of the vulnerability could allow an attacker to pass specially specially crafted data into an application, cause an integer overflow, and trigger a...
ROS-20230417-25
A vulnerability in the curl program is related to a problem when processing multiple queries resulting in the ignoring HSTS support. Exploitation of the vulnerability could allow an attacker acting remotely, to cause HSTS functionality to fail by sequentially requesting multiple URLs...
ROS-20230414-02
DNS server BIND vulnerability is related to reachable assertion in DNS query processing. Exploitation The vulnerability allows an attacker acting remotely to send repeated patterns of specific requests to servers with DNSSEC-Validated Cache synth-from-rom enabled. queries to servers with the...
ROS-20230414-03
The curl program vulnerability is related to the handling of IDN characters in hostnames, the HSTS mechanism can be bypassed, if the hostname in the specified URL first uses IDN characters that are replaced with ASCII analogs during IDN conversion, then in a subsequent request it does not detect...
ROS-20230414-01
A vulnerability in the Ghostscript document processing toolkit is related to a buffer overflow in the BCPEncode, BCPDecode, TBCPEncode and TBCPDecode handlers. BCPEncode, BCPDecode, TBCPEncode and TBCPDecode handlers, in case when the write buffer is underfilled by one byte and then a shielded...
ROS-20230414-04
The curl program vulnerability is related to a memory usage error after release when processing rejected requests from HTTP proxy using SMB or TELNET protocols. Exploitation of the vulnerability could allow an attacker acting remotely to cause a post-release memory usage error and cause the...
ROS-20230414-24
The curl program vulnerability is related to a memory usage error after release when processing rejected requests from HTTP proxy using SMB or TELNET protocols. Exploitation of the vulnerability could allow an attacker acting remotely to cause a post-release memory usage error and cause the...
ROS-20230414-23
The curl program vulnerability is related to the handling of IDN characters in hostnames, the HSTS mechanism can be bypassed, if the hostname in the specified URL first uses IDN characters that are replaced with ASCII analogs during IDN conversion, then in a subsequent request it does not detect...
ROS-20230413-01
The Nextcloud software vulnerability is related to secure browsing for internal shared resources, which can be bypassed if re-sharing permissions are also granted. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to restricted functions. The...
ROS-20230412-03
The Consul server vulnerability is related to allowing an authenticated user to use the service: write permissions to start a workflow. Exploitation of the vulnerability could allow an attacker acting remotely to crash the Consul server and client agents...
ROS-20230412-01
Libde265 vulnerability is related to derivecollocatedmotionvectors function in motion.cc . Exploitation of the vulnerability could allow an attacker to overflow the heap buffer. Vulnerability Libde265 is related to decodercontext::processslicesegmentheader function in decctx.cc . Exploitation of...
ROS-20230412-02
Vim text editor vulnerability related to the classobjectindex vim function in the vim9class.c file. Exploitation of the vulnerability could allow an attacker acting remotely to trick a user into opening a specially crafted file, causing a problem that leads to a problem that leads to a bug. a use...
ROS-20230411-03
The Minio object store vulnerability is related to a user with console administrator privileges who could potentially create a user that matches the root access key, once this user is successfully created, root credentials will stop working properly. Exploitation of the of the vulnerability could...
ROS-20230411-01
The CairoSVG SVG converter vulnerability is related to insufficient validation of user input during the SVG file processing. Exploitation of the vulnerability could allow an attacker acting remotely, access sensitive data located on a local network or send malicious requests to other servers from...
ROS-20230411-02
Liblouis braille translator vulnerability is related to copying to buffer without checking the size of input data data. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of with the compileTranslationTable.c and lousetDataPath functions. The Liblouis...
ROS-20230407-01
The libcurl library vulnerability is related to FTP connection reuse, previously created connections are stored in a connection pool for reuse if they match the current connection pool. connections are stored in the connection pool for reuse if they match the current configuration. configuration...
ROS-20230407-02
The Redis DBMS vulnerability is related to a command injection error that exists due to a reachable assertion when processing the MSETNX command. Exploitation of the vulnerability could allow an attacker, acting remotely, to send a specially crafted MSETNX command, causing a denial of service,...
ROS-20230407-03
A vulnerability in the OpenSSL cryptographic library is related to the validation of X.509 certificate chains that include policy restrictions. Exploitation of the vulnerability could allow an attacker acting remotely, to create a malicious certificate chain that triggers exponential utilization ...
ROS-20230407-21
A vulnerability in the libcurl library is related to an authentication bypass, in which libcurl reuses a a previously established SSH connection, even though the SSH parameter has been changed, which should have prevent reuse. Exploitation of the vulnerability could allow an attacker acting...