8244 matches found
ROS-20220318-01
A vulnerability in the Webmin administration software suite is related to incorrect access restrictions in the File Manager module. Exploitation of the vulnerability could allow a remote attacker to bypass the security restrictions and compromise a vulnerable system. security restrictions and...
ROS-20220317-01
Apache HTTP Server web server vulnerability is related to a bounds error in LimitXMLRequestBody. Exploitation vulnerability could allow an attacker acting remotely to cause memory corruption and execute arbitrary code on the target system Apache HTTP Server web server vulnerability is related to...
ROS-20220315-01
A vulnerability in the libxml2 XML document parsing library is related to a post-release memory usage error when processing ID and IDREF attributes in the valid.c file. release when processing ID and IDREF attributes in valid.c file. Exploitation of the vulnerability could allow an attacker actin...
ROS-20220314-01
Vulnerability in Mozilla Firefox browser, related to a logic error in iframe processing. Exploitation the vulnerability could allow an attacker acting remotely and who has the ability to control the contents of an isolated iframe program environment , allow-popups, but not allow-scripts, could...
ROS-20220314-02
Vulnerability of copypagetoiterpipe and pushpipe functions of Linux kernel is related to errors when saving permissions. Exploitation of the vulnerability could allow an attacker to overwrite the contents of the page cache of arbitrary files...
ROS-20220310-01
PJSIP multimedia communication library vulnerability is related to a boundary error in the PJSUA API during the pjsuaplaylistcreate call. Exploitation of the vulnerability could allow an attacker acting remotely, cause a stack buffer overflow and execute arbitrary code on the target system The...
ROS-20220309-02
The vulnerability in the XSLT parameter of Mozilla Firefox and Focus browsers is related to memory usage after its freeing. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code A vulnerability in the WebGPU 3D graphics processing and computing softwa...
ROS-20220309-01
A vulnerability in the cyrus-sasl authentication mechanism implementation is related to insufficient password cleansing in the SQL plug-in provided with Cyrus SASL. Exploitation of the vulnerability could allow an attacker, acting remotely, send a specially crafted query to a vulnerable applicati...
ROS-20220304-01
Vulnerability in snapd's snap packet management daemon, related to insufficient validation of interface snapd content and layout paths. Exploitation of the vulnerability could allow an attacker to enforce arbitrary AppArmor policy rules through a corrupted content interface and layout declaration...
ROS-20220301-02
Vim text editor vulnerability, related to NULL pointer dereferencing error in Vim when switching tabs in command line window. when switching tabs in a command line window. Exploitation of the vulnerability could allow an attacker, remotely to perform a denial-of-service DoS attack...
ROS-20220301-01
Vulnerability in the Bubblewrap sandbox tool, related to incorrect handling of the number of parameter of call parameters in the pkexec setuid binary. Exploitation of the vulnerability could allow an attacker to create environment variables so that they are processed and executed by pkexec, and...
ROS-2-2253
2.2253 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability coul...
ROS-2-1013
2.1013 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability coul...
ROS-2-712
2.712 Mozilla Thunderbird email client vulnerability CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability could...
ROS-2-708
2.708 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability could...
ROS-20220225-03
Vulnerability in the zsh shell is related to improper neutralization of special elements, used in PROMPTSUBST recursive extension OS commands when processing malicious output. Exploitation of the vulnerability could allow an attacker acting remotely to enter and execute arbitrary commands on the...
ROS-20220225-02
Vulnerability in the Drupal content management system, related to incorrect access restrictions in the in the quick edit module. Exploitation of the vulnerability could allow an attacker acting remotely, to view content restricted by other means A vulnerability in Drupal's content management...
ROS-20220225-01
Expat parsing library vulnerability, related to integer overflow in copyString. Exploitation vulnerability could allow an attacker acting remotely to pass specially crafted data to an application, cause an integer overflow, and cause a denial of service condition on the target system. data, trigg...
ROS-20220209-01
A vulnerability in the BIND DNS server is related to improper consumption of internal resources during cache processing. Exploitation of the vulnerability could allow an attacker acting remotely to cause resource exhaustion and Perform a denial-of-service DoS attack...
ROS-20220210-01
A vulnerability in Mozilla Thunderbird email client and Firefox browser is related to incorrect handling of extension updates. Exploitation of the vulnerability could allow an attacker acting remotely to trick the victim into install a particular type of browser extension and, during automatic...
ROS-20220204-01
A vulnerability in the Django web application framework is related to an infinite loop when parsing files . Exploitation of the vulnerability could allow an attacker acting remotely to upload a specially a specially crafted file to a server, utilize all available system resources, and cause a...
ROS-20220208-01
Samba network file system vulnerability, related to insecure link clicks. Exploitation vulnerability could allow an attacker acting remotely to create a symbolic link to determine whether a file or directory exists in the file system area of the server Samba network file system vulnerability,...
ROS-20220217-01
MariaDB database management system vulnerability, related to a formatted string error in the in the implementation of the CONNECT function. Exploitation of the vulnerability could allow an attacker acting remotely, send a specially crafted SQL query containing format string specifiers and execute...
ROS-20220217-02
Vulnerability in Mozilla Thunderbird email client, related to a boundary error in message processing email messages. Exploitation of the vulnerability could allow an attacker, acting remotely, to send an a specially crafted email to a victim, initiate an out-of-bounds entry, and execute arbitrary...
ROS-20220210-03
Vulnerability of HTTP client library httplib2, is related to the fact that the application does not properly control the consumption of internal resources. internal resource consumption. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause resource exhaustion by...
ROS-20220207-01
Vulnerability in the implementation of the tipccryptokeyrcv function of the protocol for intra-cluster communication Transparent Inter-Process Communication TIPC of Linux kernel is related to insufficient input data verification when processing MSGCRYPTO messages. input data validation when...
ROS-20220202-01
Vulnerability in the GLPI request and incident handling system, related to insufficient clearing of the of user data in the reset button. Exploitation of the vulnerability could allow an attacker, acting remotely, to force a victim to click on a specially crafted link and execute arbitrary HTML a...
ROS-20220125-02
Nginx web server vulnerability is related to a logical error in TLS implementation when working with different protocols but using compatible certificates, such as multi-domain or wildcard certificates. certificates. Exploitation of the vulnerability could allow an attacker acting remotely to...
ROS-20220125-20
Cryptsetup package vulnerability is related to modification of metadata to disable encryption in partitions in the LUKS2 Linux Unified Key Setup format. Exploitation of the vulnerability could allow an attacker to force a user to permanently disable the encryption layer of this media. a user to...
ROS-20220125-01
The HTTP client vulnerability for Python urllib3 is related to incorrect input validation when processing URLs with multiple "@" characters in the credentials component. Exploitation of the vulnerability could allow an attacker, remotely, cause resource exhaustion and perform a denial of service...
ROS-20220125-15
A vulnerability in the Libgcrypt cryptographic library is related to the use of a weak cryptographic algorithm in the ElGamal implementation. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to sensitive information on the system. remotely, to...
ROS-20220125-16
A vulnerability in the GNU Binary Utilities toolkit binutils is related to a boundary error in the stabxcoffbuiltintype function in stabs.c. Exploitation of the vulnerability could allow an attacker, acting remotely, to initiate unauthorized writing and execution of arbitrary code on the target...
ROS-20220125-09
A vulnerability in the nghttp2 library is related to a memory release error. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service on the target system...
ROS-20220125-13
Vulnerability of PostgreSQL database management system is related to failure to take measures to encrypt protected data of protected data. Exploitation of the vulnerability could allow a remote attacker, realize a man-in-the-middle attack Vulnerability in libpq library of PostgreSQL database...
ROS-20220125-12
Vulnerability in the executable environment for running containerd containers is due to incorrect default permissions for the container root directories and some plugins. default permissions for container root directories and some plugins. Exploitation of the vulnerability could allow an attacker...
ROS-20220125-11
A vulnerability in the Http2MultiplexHandler class of the Netty networking software is related to incorrect request processing when converting HTTP/2 stream to HTTP/1.1. The exploitation of the vulnerability could allow an attacker acting remotely to affect data integrity. an attacker acting...
ROS-20220125-03
The vulnerability in the Clam AntiVirus software package is related to a flaw in the OOXML parsing module. OOXML parsing module. Exploitation of the vulnerability could allow an attacker acting remotely to send a specially crafted OOXML file and perform a denial-of-service DoS attack. a specially...
ROS-20220125-04
Apache Log4j2 Java program logging library vulnerability is related to the lack of additional JNDI access controls. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code using the JDBC Appender. remotely execute arbitrary code using the JDBC Appender...
ROS-20220125-17
A vulnerability in the QEMU hardware emulator is related to a single offset error when emulating a SCSI device in QEMU. Exploitation of the vulnerability could allow an attacker acting remotely, cause QEMU to crash The QEMU hardware emulator vulnerability is related to a memory usage error after ...
ROS-20220128-01
The vulnerability in the Polkit library for UNIX-like operating systems is related to improper handling of the number of call parameters in the pkexec setuid binary, which causes the binary to executes environment variables as commands. Exploitation of the vulnerability could allow an attacker to...
ROS-20220125-18
A vulnerability in the Xen hypervisor is related to the incorrect configuration of a number of devices and the incorrect data structure release, including I/O page tables. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service and other issues,...
ROS-20220128-03
A vulnerability in the standard util-linux command line utility package is related to incorrect parsing of the /proc/self/mountinfo file in libmount. parsing of the /proc/self/mountinfo file in libmount. Exploitation of the vulnerability could allow an attacker to, unmount other users' filesystem...
ROS-20220125-06
The vulnerability in the Flatpak deployment, package management utility is due to the application not properly checks whether the permissions displayed to the user for the application during installation correspond to the actual permissions granted to the application at runtime. during installati...
ROS-20220125-14
Lxml library vulnerability is related to insufficient cleansing of user data in the cleanup program HTML in the lxml.html file. Exploitation of the vulnerability could allow an attacker acting remotely to cause a victim to click on a specially crafted link and execute arbitrary HTML code and scri...
ROS-20220125-07
A vulnerability in the GIMP bitmap graphics editor is related to improper input validation, where the path name in the constructed command line is not escaped or filtered. Exploitation of the vulnerability could allow an attacker acting remotely to send special data to the application and execute...
ROS-20220125-05
A vulnerability in the GNU Mailman email distribution management package is related to insufficient validation of the source of an HTTP request. the source of the HTTP request. Exploitation of the vulnerability could allow a remote attacker, cause a victim to visit a customized web page and perfo...
ROS-20220125-10
A vulnerability in the Node.js software platform is related to the formatting logic of the console.table function. Exploitation of the vulnerability could allow an attacker acting remotely to send a special request and assign an empty string to the prototype object's numeric keys A vulnerability ...
ROS-20220125-08
The Sendmail mail transfer agent vulnerability is related to a logical error in the TLS implementation when working with different protocols but using compatible certificates such as multi-domain or wildcard certificates. wildcard certificates. Exploitation of the vulnerability could allow an...
ROS-20220125-19
The XFS file system vulnerability is due to the OS kernel incorrectly imposing security restrictions security restrictions. Exploitation of the vulnerability could allow an attacker to gain access to sensitive information on the system...
ROS-20220128-02
A vulnerability in the Python Pillow image library is related to buffer re-reading during the ImagePath.Path initialization in the pathgetbbox function in path.c. Exploitation of the vulnerability could allow an attacker acting remotely to pass a specially crafted file to a vulnerable library and...