8244 matches found
ROS-20220620-01
A vulnerability in the program monitoring the communication between the container manager and the conmon runtime environment is related to the fact that the application does not properly monitor the consumption of internal resources within the request ExecSync. Exploitation of the vulnerability...
ROS-20220608-01
The vulnerability of the ClamAV antivirus software package is related to a boundary error in the module of database loading signatures. Exploitation of the vulnerability could allow an attacker acting remotely to transfer specially crafted data to an application, cause a buffer overflow in dynami...
ROS-20220131-01
Vulnerability in the ptp4l service of the LinuxPTP precision time protocol PTP implementation software is caused by an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker, acting remotely, cause the application to crash as a result of creatin...
ROS-20220530-01
A vulnerability in the Vim text editor is related to boundary conditions in the getonesourceline function. Exploitation of the vulnerability could allow an attacker acting remotely to trick the victim into to open a specially crafted file, cause a read error outside the boundary conditions, and...
ROS-20220530-03
Vulnerability of Array method of Mozilla Firefox and Mozilla Firefox ESR browsers and Thunderbird mail client is related to code generation errors. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary JavaScript code. remotely to execute arbitrary...
ROS-20220530-02
Vulnerabilities in the Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck components of the PostgreSQL database management system are related to a maintenance error in one component. pgamcheck components of PostgreSQL database management system are related to...
ROS-20220530-04
Vulnerability of Array method of Mozilla Firefox and Mozilla Firefox ESR browsers and Thunderbird mail client is related to code generation errors. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary JavaScript code. remotely to execute arbitrary...
ROS-20220525-01
A vulnerability in the Vim text editor is related to a boundary error when processing unreliable input data. Exploitation of the vulnerability could allow an attacker acting remotely to trick the victim into to open a specially crafted file and initiate unauthorized writing and execution of...
ROS-20220524-01
OpenSSL cryptographic library vulnerability is related to incorrect input validation in the script crehash. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary OS commands with script privileges A vulnerability in the OpenSSL cryptographic library is...
ROS-20220524-03
The cURL command-line utility vulnerability is related to the -no-clobber toolkit, which is used in conjunction with --remove-on-error. Exploitation of the vulnerability could allow an attacker acting remotely, trick the victim into connecting to a malicious server and forcing the command-line to...
ROS-20220524-02
A vulnerability in the lightweight DNS, DHCP, and TFTP server Dnsmasq is related to a memory usage error after a release when processing DHCPv6 requests. Exploitation of the vulnerability could allow an attacker, acting remotely, send specially crafted DHCPv6 packets to a vulnerable application,...
ROS-20220524-04
The vulnerability in the Moodle course management system is due to a problem in the logic used to count of failed login attempts. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the account lockout threshold. remotely to bypass the account lockout threshold A...
ROS-20220524-21
The cURL command-line utility vulnerability is related to a bug in the HSTS implementation that could allow curl to continue using the HTTP protocol instead of HTTPS if the hostname in the specified URL used an endpoint but did not use it when building the HSTS cache. Exploitation of the...
ROS-20220518-03
A vulnerability in the pjproject multimedia communication library is related to an infinite loop when parsing a of a WAV file. Exploitation of the vulnerability could allow an attacker acting remotely to consume all available system resources and cause denial of service conditions A vulnerability...
ROS-20220518-02
A vulnerability in Mozilla Thunderbird email client is related to incorrect processing of user input data when processing signed and encrypted attached messages. user input when processing signed and encrypted attached messages. Exploitation exploitation of the vulnerability could allow a remote...
ROS-20220518-01
A vulnerability in the Mozilla Firefox browser is related to improper permission management in the application. Exploitation of the vulnerability could allow an attacker acting remotely to create a web page that Bypasses the existing browser hint and inherits top-level permissions improperly The...
ROS-20220516-10
A vulnerability in the evdevlogmsg function of the libinput library's implementation of the X.Org and Wayland display server protocols is related to the use of uncontrolled format strings. Wayland is related to the use of uncontrolled format strings. Exploitation of the vulnerability could allow ...
ROS-20220516-09
Vulnerability in the cURL command line utility is related to OAUTH2 connection reuse errors for SASL-enabled protocols such as SMPTPS, IMAPS, POP3S, and LDAPS openldap only. Exploitation of the vulnerability could allow an attacker acting remotely to reuse the OAUTH2 authenticated connections...
ROS-20220516-06
A vulnerability in the high-level Ruby programming language is related to a type conversion bug in the some conversion methods, such as KernelFloat and Stringtof. Exploitation of the vulnerability could allow an attacker acting remotely to pass specially crafted data to a vulnerable application,...
ROS-20220516-08
A vulnerability in the libxml2 XML document parsing library is related to an integer overflow in several buffer handling functions in buf.c xmlBuf and tree.c xmlBuffer. Exploitation of the vulnerability could allow an attacker acting remotely to pass a specially crafted multi-gigabyte XML file to...
ROS-20220516-07
A vulnerability in the implementation of the xsxprtfree function of the Sun RPC Open Network Computing Remote Procedure Call kernel of Linux operating systems is related to state management errors. state management errors. Exploitation of the vulnerability could allow an attacker to cause a denia...
ROS-20220516-01
A vulnerability in shelljs, an implementation of Unix shell commands on top of the Node.js API, is related to the fact that the application does not properly enforce security restrictions. Exploitation of the vulnerability could allow an attacker to bypass security restrictions and escalate...
ROS-20220516-04
Vulnerability of QuerySet.explain function of Django web application software platform is related to failure to take measures to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker, acting remotely, to affect the confidentiality, integrity and availability o...
ROS-20220516-03
A vulnerability in the zipxlzmaaloneinit function of the libarchive archiving library is related to reading beyond the buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely, disclose protected information or cause a denial of service...
ROS-20220516-11
Vim text editor vulnerability is related to NULL pointer dereferencing error in function vimregexecstring in regexp.c. Exploitation of the vulnerability could allow an attacker acting remotely to trick a victim into accessing the Vim text editor. remotely, trick the victim into opening a speciall...
ROS-20220516-02
A vulnerability in the gzip library is related to errors in file name processing. Exploitation of the vulnerability could allow an attacker acting remotely to write arbitrary files to the system using the command-line utilities zgrep and xzgrep command line utilities...
ROS-20220516-05
A vulnerability in the Git distributed version control system is related to the fact that the uninstaller binary downloads DLLs in an unsafe manner from the current working directory. uninstaller binary loads DLLs in an insecure manner from the current working directory. Exploitation of the...
ROS-20220516-30
Vulnerability in the cURL command line utility is related to OAUTH2 connection reuse errors for SASL-enabled protocols such as SMPTPS, IMAPS, POP3S, and LDAPS openldap only. Exploitation of the vulnerability could allow an attacker acting remotely to reuse the OAUTH2 authenticated connections...
ROS-20220413-01
Vulnerability in drivers/usb/gadget/composite.c driver of Linux kernel is related to an operation exceeding the memory buffer boundaries. operation outside of a buffer in memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code Vulnerability in the implementatio...
ROS-20220412-01
Vim text editor vulnerability, related to a boundary error in file processing. Exploitation vulnerability could allow a remote attacker to trick a victim into opening a specially crafted file, causing memory corruption and executing arbitrary code on the target system. a specially crafted file,...
ROS-20220412-03
Vulnerability in Mozilla Thunderbird email client, related to a memory freeing error when processing HTML content after the VR process is destroyed. Exploitation of the vulnerability could allow an attacker, acting remotely, create a specially crafted web page, trick the victim into opening it,...
ROS-20220412-02
Vulnerability in Mozilla Firefox browser, due to the fact that regex for Rust does not control properly internal resource consumption when parsing unreliable input data. Exploitation of the vulnerability could allow a remote attacker to pass specially crafted data to an application and perform a...
ROS-20220407-02
Vim text editor vulnerability, related to memory usage error after release in function utfptr2char in regexpbt.c. Exploitation of the vulnerability could allow an attacker acting remotely, trick a victim into opening a specially crafted file, raise a post-release usage error, and execute arbitrar...
ROS-20220407-01
Vulnerability of libsndfile audio file reading and writing library is related to memory leak in function cafreadheader. Exploitation of the vulnerability could allow an attacker acting remotely to force an application to incorrectly free memory before deleting the last link and executing an attac...
ROS-20220407-03
A vulnerability in the Python client library is related to insufficient validation of user input data in the FTP File Transfer Protocol library when used in PASV passive mode in the FTP File Transfer Protocol library when it is used in PASV passive mode. Exploitation the vulnerability could allow...
ROS-20220405-01
A vulnerability in the Python Paramiko implementation of the SSHv2 protocol, is related to the race condition in the function writeprivatekeyfile between create and chmod operations. Exploitation of the vulnerability could allow an an attacker to exploit the race condition and gain unauthorized...
ROS-20220330-01
Vulnerability in the network block device implementation client library libnbd, related to the mechanism of error handling mechanism in the nbdcopy tool when executing multithreaded copies using asynchronous nbd nbd calls. Exploitation of the vulnerability could allow an attacker acting remotely ...
ROS-20220330-02
Vulnerability in the XML streaming parser library libexpat, related to an integer integer overflow in doProlog function, allowing a remote attacker to pass specially crafted data to an application, cause an integer overflow, and execute arbitrary code in the target application. specially crafted...
ROS-20220329-01
A vulnerability in the zlib data compression library is related to incorrect limitation of operations within the memory buffer due to insufficient validation of user input during data compression. memory due to insufficient validation of user-entered data during data compression. Exploitation...
ROS-20220329-04
Vulnerability in nbd network block device implementation, related to stack-based buffer overflow during NBDOPTINFO or NBDOPTGO messages. Exploitation of the vulnerability could allow an attacker, acting remotely and not authenticated, to pass specially crafted data to an application, causing a...
ROS-20220329-02
Vulnerability in the Moodle course management system, related to insufficient cleansing of user data in the Badges criteria code. Exploitation of the vulnerability could allow an attacker acting remotely, send a specially crafted query to the affected application and execute arbitrary SQL command...
ROS-20220329-03
Vulnerability in the implementation of OpenVPN virtual private network technology due to a bug in the processing of authentication requests in external authentication plugins, when more than one of them uses delayed authentication responses. deferred authentication responses. Exploitation of the...
ROS-20220324-01
Vulnerability of cgroupreleaseagentwrite function kernel/cgroup/cgroup-v1.c of Linux kernel is related to lack of privilege control when setting releaseagent. Linux kernel is related to lack of privilege control when setting releaseagent. Exploiting the vulnerability could allow an attacker to...
ROS-20220324-02
A vulnerability in the QEMU emulator is related to an incorrect implementation of the QEMU shared file system daemon virtio-fs virtiofsd. Exploitation of the vulnerability could allow an attacker, in a guest OS, to create files in directories shared by virtio-fs, with unintended group ownership i...
ROS-20220323-01
A vulnerability in the phpMyAdmin web interface for DBMS administration is related to the application's excessive output of data in the "lang" and "pmaparameter" parameters and in the cookie section. data in the "lang", "pmaparameter" parameters and cookie section. Exploitation of the vulnerabili...
ROS-20220323-02
A vulnerability in the glibc system library is related to a boundary error in the clntcreate function in module sunrpc module. Exploitation of the vulnerability could allow an attacker acting remotely to pass specially crafted input data to an application using a vulnerable version of the library...
ROS-20220322-01
Vulnerability in Mozilla Thunderbird email client, related to a memory usage error upon release when processing HTML content. Exploitation of the vulnerability could allow an attacker, acting remotely, to activate the post-release usage by forcing text to be recomposed in a SVG object and executi...
ROS-20220322-02
A vulnerability in the libarchive archiving library is related to a symbolic link when extracting files from an archive. Exploitation of the vulnerability could allow an attacker to create a specially crafted symbolic link to a critical file on the system, place it in an archive, and change the...
ROS-20220318-02
The vulnerability of OpenSSL function BNmodsqrt is related to execution of a loop without sufficiently limiting the number of its executions. limit the number of times it can be executed. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20220318-03
A vulnerability in the Polkit library is related to process file descriptor exhaustion in polkit. Exploitation exploitation of the vulnerability could allow an attacker to perform a denial of service DoS attack...