ROS-20250908-01

A vulnerability in the Expat XML parsing library is related to incorrect restriction of XML references to external objects. Exploitation of the vulnerability could allow a remote attacker to gain access to sensitive data, compromise its integrity, and cause a denial of service. sensitive data,...

ROS-20250908-12

A vulnerability in the code generation library for transferring data between different Mapstruct entities is related to a decoding helper call that outputs the original value of a confidential field. Exploitation of the of the vulnerability could allow an attacker acting remotely to gain access t...

ROS-20250908-02

A vulnerability in the doContent function of the xmlparse.c file of the XML parser library libexpat is related to a post-release exploit. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20250908-03

A vulnerability in Oracle GraalVM Enterprise Edition virtual machines, Oracle GraalVM for JDK and Oracle Java SE software platform is related to incorrect input data validation in the 2D component of Oracle GraalVM. Oracle Java SE platform is related to incorrect input data validation in...

ROS-20250908-04

A vulnerability in Oracle GraalVM Enterprise Edition virtual machines, Oracle GraalVM for JDK and Oracle Java SE software platform is related to incorrect input data validation in the 2D component of Oracle GraalVM. Oracle Java SE platform is related to incorrect input data validation in...

ROS-20250908-09

A vulnerability in the JSSE component of the Oracle Java SE software platform is related to insufficient validation of the of input data. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to modify, delete and read protected information using th...

ROS-20250905-12

The Netty networking software vulnerability is related to the fact that the application does not properly control the consumption of internal resources when processing HTTP/2 requests. consumption of internal resources when processing HTTP/2 requests. Exploitation of the vulnerability could allow...

ROS-20250905-06

A vulnerability in the Redis database management system DBMS server is related to unrestricted allocation of resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service through repeated unauthenticated connections...

ROS-20250905-11

A vulnerability in the MuPDF PDF viewer is related to infinite recursion in the mutool utility clean. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service...

ROS-20250905-04

A vulnerability in the radosgw daemon of the Ceph data storage system is related to insufficient authentication of the when processing JWT tokens. Exploitation of the vulnerability could allow an intruder acting remotely to bypass the authentication procedure...

ROS-20250905-02

A vulnerability in the twisted.web component of the Twisted networking framework is related to inconsistent interpretation of HTTP requests. interpretation of HTTP requests. Exploitation of the vulnerability could allow an attacker acting remotely affect the integrity of protected information as ...

ROS-20250905-10

Vulnerability of ImageMagick console graphic editor related to integer overflow on BMP encoder step calculation. calculation of BMP encoder bitmap string step. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary code...

ROS-20250905-01

A vulnerability in the Python library responsible for interacting with various image storage backends python-glance-store is related to the fact that the package registers an accesskey for Glance-store when the DEBUG log level is enabled. DEBUG log level. Exploitation of the vulnerability could...

ROS-20250905-09

Vulnerability of ImageMagick console graphic editor related to integer overflow on BMP encoder step calculation. calculation of BMP encoder bitmap string step. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary code...

ROS-20250905-05

A vulnerability in the Redis database management system DBMS server is related to unrestricted allocation of resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service through repeated unauthenticated connections...

ROS-20250905-03

A vulnerability in the socket.c component of the GNU Screen window manager is related to incorrect assignment of permissions for a critical resource. permissions for a critical resource. Exploitation of the vulnerability could allow an attacker to cause a denial of denial of service...

ROS-20250905-08

A vulnerability in the package manager for Kubernetes Helm is related to the creation of a JSON schema file in such a way, that Helm could use all available memory. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service A batch manager vulnerabili...

ROS-20250905-07

A vulnerability in the user locking mechanism of the Vault Enterprise and Vault Community Edition enterprise data archiving platforms is due to the application not performing the correct normalization of the application. Enterprise and Vault Community Edition is related to the fact that the...

ROS-20250904-10

The vulnerability of the dpkg-deb command line utility included in the dpkg package is related to the peculiarities of processing of temporary files by the package manager when extracting them to a temporary directory. Exploitation vulnerability could allow an attacker acting remotely to cause a...

ROS-20250904-01

A vulnerability in the converter program that converts man pages to HTML man2html format is related to overwriting the the size parameter in the top fragment of the heap. Exploitation of the vulnerability could allow an attacker to perform an arbitrary writing to any memory location in the progra...

ROS-20250904-03

Vulnerability of OpenH264 library decoding functions is related to buffer overflow in dynamic memory. memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute an arbitrary code by sending a specially generated video file. arbitrary code by sending a specially...

ROS-20250904-06

A vulnerability in the Protobuf Pure-Python structured data serialization library is related to uncontrolled recursion when analyzing unreliable data containing an arbitrary number of recursive groups, recursive messages, or series of SGROUP tags. Exploitation of the vulnerability could allow an...

ROS-20250904-12

Redis database management system DBMS vulnerability is related to uncontrolled memory allocation memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service A vulnerability in the Redis database management system DBMS server is related ...

ROS-20250904-08

A vulnerability in a RAM computing platform consisting of a database and application server Tarantool is associated with an achievable assertion. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20250904-04

The vulnerability of Module::Signature::verify function of Perl programming language is related to incorrect confirmation of cryptographic data signature. validation of cryptographic data signature. Exploitation of the vulnerability could allow an attacker, acting remotely, gain access to sensiti...

ROS-20250904-02

The vulnerability of the corosync/pacemaker PCS program configuration utility is related to flaws in the procedure of of authentication. Exploitation of the vulnerability could allow an attacker acting remotely to elevate their privileges...

ROS-20250904-07

A vulnerability in a RAM computing platform consisting of a database and application server Tarantool is associated with an achievable assertion. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20250904-11

A vulnerability in the Redis database management system DBMS server is related to an integer overflow in the buffer when executing commands that use the HyperLogLog algorithm. Exploitation of the vulnerability could allow an attacker to execute arbitrary code by sending a specially crafted HLL...

ROS-20250904-09

Vulnerability in the IW44Image.cpp component of the library for viewing, creating, editing DjVu files DjVuLibre is related to errors of bounds checking when processing unreliable input data in method MMRDecoder::scanruns method. Exploitation of the vulnerability could allow an attacker acting...

ROS-20250904-05

Vulnerability of DNS load balancer and proxy for DNS traffic DNSdist is related to insufficient checking of incoming TCP connections from the client. of incoming TCP connections from the client. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20250903-01

A vulnerability in the bsonstrfreev function of the libbson library of the MongoDB database management system driver C Driver is related to integer overflow. Exploitation of the vulnerability could allow an attacker to affect the integrity of protected information Vulnerability in bsonutf8validat...

ROS-20250903-02

The vulnerability in the go-git library is related to input validation errors when processing directory traversal sequences. Exploitation of the vulnerability could allow an attacker acting remotely to perform directory traversal attacks...

ROS-20250902-01

A vulnerability in the Input component of the Linux kernel is related to a memory corruption in the function imspcuflashfirmware in drivers/input/misc/ims-pcu.c. Exploitation of the vulnerability could allow an attacker to escalate privileges on the system A vulnerability in the i2c component of...

ROS-20250829-03

A vulnerability in the Golang programming language is related to a race condition when canceling a database query. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20250829-02

Vulnerability of the ImageMagick console graphical editor related to size increase in the ReadOneMNGIMage. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service Vulnerability in ImageMagick console graphical editor related to conversion from Log...

ROS-20250829-05

The vulnerability of the GNU Bison universal parser generator is related to manipulation of the function obstackvprintfinternal of the obprintf.c. file. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20250829-01

A vulnerability in the mount.cifs.c component of the CIFS network file system mount utility package cifs-utils of the Linux operating system is related to writing beyond buffer boundaries in memory. Exploitation exploitation of the vulnerability could allow an attacker to escalate his privileges...

ROS-20250829-04

A vulnerability in a network stack designed to manage Netavark container networks is related to the removal of the of the dns.podman search domain. Exploitation of the vulnerability could allow an attacker acting remotely, gain access to sensitive information...

ROS-20250829-06

Vault Enterprise and Vault Community Edition enterprise data archiving platforms have a vulnerability due to incorrect privilege assignment. Edition is related to incorrect privilege assignment. Exploitation of the vulnerability could allow an attacker acting remotely to escalate privileges to ro...

ROS-20250829-07

Vulnerability of OpenJPEG image encoding and decoding library is related to dereferencing of of a null pointer in openjp2/dwt.c. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service...

ROS-20250828-05

The vulnerability of the GNU Tar archiver's implementation of the readheader function is related to the operation exceeding the boundaries of the buffer in memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a Denial of service using a specially crafted inpu...

ROS-20250828-04

A vulnerability in the Moodle virtual learning environment is related to insufficient cleanup of data provided by the by the user in the calendar event header when the event is deleted. Exploitation of the vulnerability could allow A remote attacker to perform cross-site scripting attacks A...

ROS-20250828-03

The Apache Tomcat application server vulnerability is due to Apache Tomcat not setting the attribute "Secure" attribute for session cookie JSESSIONID when using RemoteIpFilter with requests, received from a reverse proxy server over HTTP and containing an X-Forwarded-Proto header set to on https...

ROS-20250828-02

A vulnerability in the GNU Bison universal parser generator is related to double memory freeing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20250828-06

A vulnerability in the Verify component of the Go programming language is related to incorrect assignment of permissions for a critical resource. a critical resource. Exploitation of the vulnerability could allow a remote attacker to bypass existing security restrictions. existing security...

ROS-20250828-01

A vulnerability in the 7-Zip file archiver is related to incorrect symbolic link detection before file access. before accessing a file. Exploitation of the vulnerability allows an attacker to bypass security restrictions A vulnerability in the CopyCoder component of the 7-Zip file archiver is...

ROS-20250828-07

A vulnerability in HashiCorp's Vault and Vault Enterprise enterprise information archiving platforms is related to Vault and Vault Enterprise incorrectly validating the role-bound assertion of a role-based JSON Web Token JWT audience when using the Vault JWT authentication method, which prevented...

ROS-20250827-01

Vulnerability of ComposeQueryMallocExMm riQuery.c function of Uriparser parser is related to integer overflow. overflow. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20250827-05

A vulnerability in the Perl programming language is related to generating cnonce insecurely. Exploiting the vulnerability could allow an attacker to compromise the target system...

ROS-20250827-09

Vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client is related to an operation exceeding the memory buffer boundaries. operation outside of the memory buffer. Exploitation of the vulnerability could allow an attacker acting remotely to affect the confidentiality, integrity,...