8244 matches found
ROS-20230127-02
Vim text editor vulnerability is related to NULL pointer dereferencing error in function guix11createblankmouse in guix11.c. Exploiting the vulnerability could allow an attacker, remotely, trick the victim into opening a specially crafted file and performing a denial-of-service attack DoS. "denia...
ROS-20230124-05
A vulnerability in the X Pixmap XPM libXpm image file library is related to an infinite loop when processing unclosed comments in XPM images in the ParseComment function. loop when processing unclosed comments in XPM images in the ParseComment function. Exploitation The vulnerability could allow ...
ROS-20230124-04
The vulnerability in the Mozilla Firefox browser is due to the fact that a deprecated library libusrsctp contained a vulnerability that could potentially be exploited. vulnerabilities that could potentially be exploited. Exploitation of the vulnerability could allow an attacker acting remotely to...
ROS-20230127-01
A vulnerability in the Mozilla Thunderbird email client is related to the fact that the browser's full-screen notification could have been delayed or suppressed, which could lead to data spoofing. Exploitation of the vulnerability could allow an attacker acting remotely to direct a user to a...
ROS-20230124-01
Vulnerability of sudoedit function of Sudo system administration program is related to errors in processing of additional arguments in environment variables. additional arguments in environment variables. Exploitation of the vulnerability could allow an attacker, acting remotely to escalate...
ROS-20230124-02
Vim text editor vulnerability is related to an incorrect memory access error with collapsing and using "L" in the src/normal.c function. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a buffer overflow and denial of service...
ROS-20230124-03
Vulnerability of LibTIFF set of libraries and utilities for viewing, editing and converting TIFF files is related to the processCropSelections function of the tools/tiffcrop.c file of the TIFF Image Handler component. Exploitation of the vulnerability could allow an attacker acting remotely to se...
ROS-20230117-02
A vulnerability in the Open vSwitch software tiered switch is related to loss of integer significance when parsing Auto Attach TLVs. integer when parsing Auto Attach TLVs. Exploitation of the vulnerability could allow an attacker acting remotely to send specially crafted LLDP messages. remotely,...
ROS-20230117-01
Simple DirectMedia Layer SDL multimedia library vulnerability is related to a memory leak in the function GLESCreateTexture in the render/opengles/SDLrendergles.c file. Exploitation of the vulnerability could allow an attacker acting remotely to cause a memory leak and execute a denial of service...
ROS-20230112-02
A vulnerability in the Vim text editor is related to a boundary error in the msgputsprintf0 function in message.c. Exploitation of the vulnerability could allow an attacker acting remotely to trick the victim into to open a specially crafted file, cause a heap buffer overflow, and execute arbitra...
ROS-20230112-01
A vulnerability in the Squid caching proxy server is related to inconsistent processing of internal URIs. Exploitation of the vulnerability could allow an attacker acting remotely to bypass ACL manager protections and gain access to cache manager information, which includes records about the...
ROS-20221229-02
A vulnerability in the Mozilla Firefox browser is related to the fact that a process can partially exit the sandbox and read arbitrary files using IPC messages associated with the clipboard. Exploitation of the of the vulnerability could allow an attacker acting remotely to open a given source an...
ROS-20221229-03
A vulnerability in the Mozilla Thunderbird email client is related to the fact that a process can partially exit the sandbox and read arbitrary files using IPC messages associated with the clipboard. Exploitation of the vulnerability could allow an attacker acting remotely to open a given source...
ROS-20221229-01
A vulnerability in the GdkPixbuf image processing library is related to a heap buffer overflow when composing or clearing frames in GIF files in the io-gif-animation.ccompositeframe file. Exploitation of the vulnerability could allow an attacker acting remotely to pass specially crafted data to a...
ROS-20221227-02
A vulnerability in the PJSIP multimedia library is related to a boundary error in the decoding of STUN messages. Exploitation of the vulnerability could allow an attacker acting remotely to transmit a specially crafted STUN message to an application, cause a heap buffer overflow, and execute...
ROS-20221227-01
Vulnerability of the library providing functions for X.509 LibKSBA certificates is related to the integer overflow in the CRL parser. Exploitation of the vulnerability could allow an attacker acting remotely to pass specially crafted data to an application, cause an integer overflow and execute...
ROS-20221223-01
The containerd container runtime vulnerability is related to a bug in the CRI containerd thread server when handling terminal resize events. Exploitation of the vulnerability could allow an attacker, acting remotely, to query the TTY and cause it to crash by sending an invalid command and running...
ROS-20221222-22
A vulnerability in the cURL command-line utility is related to a bounds error in parsing the .netrc file. Exploitation vulnerability could allow an attacker acting remotely to transfer a specially crafted file, cause a stack-based buffer overflow, and perform a denial of service DoS attack The cU...
ROS-20221222-04
A vulnerability in the PHP programming language interpreter is related to boundary conditions in the function imageloadfont. Exploitation of the vulnerability could allow an attacker acting remotely to pass the specially crafted data to a web application, cause a read error outside of the boundar...
ROS-20221222-01
A vulnerability in the audinsendopen function of the xrdp server is related to the possibility of a stacked buffer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to a remote machine Vulnerability in devredirprocclientdevlistannouncereq function ...
ROS-20221222-05
A vulnerability in the compiling Twig template handler exists due to failure to take measures to neutralize the special elements. Exploitation of the vulnerability could allow an attacker acting remotely, affect the confidentiality, integrity and availability of protected information by running...
ROS-20221222-03
A vulnerability in the Moodle course management system is related to insufficient validation of user-entered data in the LTI vendor library. data in the LTI vendor's library. Exploitation of the vulnerability could allow an attacker acting remotely to send a specially crafted HTTP request and tri...
ROS-20221222-02
A vulnerability in the cURL command-line utility is related to a bounds error in parsing the .netrc file. Exploitation vulnerability could allow an attacker acting remotely to transfer a specially crafted file, cause a stack-based buffer overflow, and perform a denial of service DoS attack The cU...
ROS-20221220-01
A vulnerability in the ath9khtcwaitfortarget function of the Atheros wireless adapter driver of the kernel of the operating system Linux kernel is associated with a post-release usage error. Exploitation of the vulnerability could allow an attacker to access kernel memory by typing a specially...
ROS-20221216-01
A vulnerability in the libarchive archiving library is related to the lack of error checking after the call to the calloc function, which may return with a NULL pointer in case of a function crash, resulting in a NULL pointer dereference. resultant dereferencing of the NULL pointer. Exploitation ...
ROS-20221216-02
A vulnerability in the Rsync file transfer and synchronization utility is related to authorization errors. Exploitation of the vulnerability could allow an attacker acting remotely to write arbitrary files...
ROS-20221207-01
A vulnerability in the inflate.c component of the zlib library is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code...
ROS-20221207-02
VLC media player vulnerability, related to a boundary error when playing a malicious URL in the vnc module. Exploitation of the vulnerability could allow an attacker acting remotely to trick a victim into opening a specially crafted stream, causing memory corruption, and executing arbitrary...
ROS-20220531-01
A vulnerability in the CUPS print server is related to a flaw in the authorization procedure. Exploiting the vulnerability could allow an attacker to escalate their privileges...
ROS-20221123-01
The vulnerability of qfbufaddline function of Vim text editor is related to memory usage after its release. Exploitation of the vulnerability may allow an intruder to affect the confidentiality, integrity and availability of protected information Vulnerability of the inscompladd function of the...
ROS-20221122-01
Vulnerability of muttdecodeuuencoded function implementation in Mutt mail client is related to operation overflow out of memory buffer boundaries. Exploitation of the vulnerability could allow a remote intruder gain unauthorized access to protected information or cause a denial of service...
ROS-20221121-02
A vulnerability in the FreeRDP remote desktop protocol implementation is related to the fact that there is no range check for the input offset index in the ZGFX decoder. Exploitation of the vulnerability could allow an attacker acting remotely to read the associated data and attempt to decode it...
ROS-20221121-03
Vulnerability of ImageMagick graphic editor is related to integer overflow in function ExportIndexQuantum in MagickCore/quantum-export.c. Exploitation of the vulnerability could allow an attacker, acting remotely, to pass specially crafted image data to an application, cause an integer overflow a...
ROS-20221121-01
A vulnerability in the plugins/sudoers/auth/passwd.c file of the Sudo system administration program is related to the following the ability to read outside of a buffer in memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
ROS-20221118-05
A vulnerability in Mozilla Thunderbird email client is related to a memory usage error after a release in the InputStream implementation. Exploitation of the vulnerability could allow an attacker acting remotely, cause a victim to visit a specially crafted website, trigger a post-release usage...
ROS-20221118-01
A vulnerability in the LibTIFF set of libraries and utilities for viewing, editing and converting TIFF files is related to the TIFFReadRGBATileExt function of the libtiff/tifgetimage.c file Exploitation of the vulnerability could allow an attacker acting remotely to send a special file and perfor...
ROS-20221118-02
A vulnerability in the MPEG-4 GPAC system standard implementation is related to the svgparsepreserveaspectratio in the scenegraph/svgattributes.c file of the SVG Parser component. Exploitation of the vulnerability could allow an attacker acting remotely to cause a memory leak. an attacker acting...
ROS-20221118-04
A vulnerability in Mozilla Firefox browser is related to a post-release memory usage error in the InputStream implementation. Exploitation of the vulnerability could allow an attacker acting remotely, to force a victim to visit a specially crafted website, trigger a post-release usage error and...
ROS-20221118-03
The vulnerability of Pixman library's rasterizeedges8 function is related to the possibility of writing beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
ROS-20221110-01
A vulnerability in the libxml2 XML document parsing library is related to an integer overflow in parse.c during content processing when the XMLPARSEHUGE parameter is set. Exploitation of the vulnerability could allow an attacker acting remotely to pass specially crafted data to the application,...
ROS-20221009-01
A vulnerability in the Exiv2 image metadata management library and command-line utility is related to the QuickTimeVideo::userDataDecoder function of the quicktimevideo.cpp file of the QuickTime Video Handler component. Exploitation of the vulnerability could allow an attacker acting remotely to...
ROS-20221108-21
The cURL command line utility vulnerability is related to a boundary error when processing non-200 HTTP responses proxies for the following schemes: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, telnet. Exploitation vulnerability could allow an attacker acting remotely to cause a bug by forcin...
ROS-20221108-01
A vulnerability in the cURL command line utility is related to an error in parsing URLs with IDN characters that are replaced by ASCII analogs during IDN conversion. Exploitation of the vulnerability could allow an attacker acting remotely to bypass curl's HSTS inspection and force it to Use the...
ROS-20221103-03
A vulnerability in the Apache Batik XML SVG graphics rendering, generation, and management library is related to the fact that, the application allows Java classes to be run via JavaScript. Exploitation of the vulnerability could allow an attacker acting remotely to use JavaScript to execute a Ja...
ROS-20221103-01
Vim text editor vulnerability is related to memory release error in qfupdatebuffer function in the quickfix.c file of the autocmd Handler component. Exploitation of the vulnerability could allow an attacker, acting remotely, trick the victim into opening a specially crafted file, causing a progra...
ROS-20221103-04
Libtasn1 library vulnerability is related to ETYPEOK error in asn1encodesimpleder function. Exploitation The vulnerability could allow an attacker acting remotely, passing specially crafted data, cause a one-by-one error, and perform a denial-of-service DoS attack...
ROS-20221103-05
Vulnerability of the ntfs-3g utility of the NTFS-3G driver set of the NTFS file system implementation is related to errors in metadata processing. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...
ROS-20221103-02
PJSIP multimedia library vulnerability is related to a buffer overflow error in the PJSIP parser PJSIP parser, PJMEDIA RTP decoder and PJMEDIA SDP parser. Exploitation of the vulnerability could allow an attacker acting remotely to cause a flow failure and gain access to potentially sensitive...
ROS-20221103-06
Apache Tomcat application server vulnerability is related to incorrect implementation of read/write locking. writes. Exploitation of the vulnerability could allow an attacker acting remotely to cause a concurrency error and force client connections to share an instance of Http11Processor...
ROS-20221028-01
Exim mail server vulnerability is related to the dmarcdnslookup function of the dmarc.c file of the DMARC handler component. Exploitation of the vulnerability could allow an attacker acting remotely to cause a memory freeing and gain access to sensitive data Exim mail server vulnerability is...