ROS-20250827-07

A vulnerability in GLPI's asset management and data center management software is related to improper neutralization of HTML tags associated with scripts on a web page. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code GLPI asset and data center...

ROS-20250827-06

A vulnerability in the pbkdf2 library of the Node.js software platform is related to a flaw in the input data validation mechanism. of input data. Exploitation of the vulnerability could allow an attacker acting remotely to forge a digital signature by sending specially crafted packets...

ROS-20250827-08

Vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client is related to an operation exceeding the memory buffer boundaries. operation outside of the memory buffer. Exploitation of the vulnerability could allow an attacker acting remotely to affect the confidentiality, integrity,...

ROS-20250827-04

Vulnerability of ImageMagick console graphic editor related to the boundary check error in the function InterpretImageFilename. Exploitation of the vulnerability could allow a remote attacker to gain access to confidential information, gain access to confidential information Vulnerability of...

ROS-20250827-02

A vulnerability in the command line utility for converting PDF documents QPDF is related to a heap buffer overflow in PlASCII85Decoder::write heap buffer overflow in PlASCII85Decoder::write. Exploitation of the vulnerability could allow an attacker to cause a denial of denial of service...

ROS-20250827-03

A vulnerability in the resolveFile method of the Apache Commons VFS Virtual File System unified API for accessing different file systems is due to errors in the relative path handling of the directory when processing the relative path of the directory. Virtual File System method is related to...

ROS-20250826-04

Vulnerability of Wireshark computer network traffic analyzer related to insufficient validation of user data in the column utility module of the Dissection engine. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service Vulnerability in the CBOR...

ROS-20250826-05

A vulnerability in the DBI module of the Perl DBI database interface is related to improper assignment of permissions to a a critical resource. Exploitation of the vulnerability allows an attacker to gain access to sensitive data, as well as cause a denial of service...

ROS-20250826-03

Vulnerability of WEBrick library of Ruby programming language interpreter is related to incorrect checking of HTTP requests in the readheader method. HTTP requests in the readheader method. Exploitation of the vulnerability could allow an attacker, acting remotely, to perform HTTP request spoofin...

ROS-20250826-06

Vulnerability of SetQuantumFormat function of ImageMagick console graphic editor is related to incorrect calculation of buffer size when processing received packets. calculation of buffer size when processing received packets. Exploitation of the vulnerability may allow an attacker to cause a...

ROS-20250826-08

Apache Tomcat application server vulnerability involves uncontrolled resource consumption. Exploitation The vulnerability could allow an attacker acting remotely to cause a denial of service. Apache Tomcat application server vulnerability is related to integer overflow. Exploitation exploitation ...

ROS-20250826-09

Apache Tomcat application server vulnerability involves uncontrolled resource consumption. Exploitation The vulnerability could allow an attacker acting remotely to cause a denial of service. Apache Tomcat application server vulnerability is related to integer overflow. Exploitation exploitation ...

ROS-20250826-07

Glib library vulnerability is related to an overflow error when processing a long invalid ISO 8601 timestamp using the gdatetimenewfromiso8601 function. ISO 8601 timestamp using the gdatetimenewfromiso8601 function. Exploitation of the vulnerability could allow an an attacker to cause a denial of...

ROS-20250826-02

The vulnerability of the Diffie-Hellman key negotiation protocol is related to unnecessary public key checking in the Diffie-Hellman key negotiation protocol when using an approved secure prime number. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of...

ROS-20250826-01

The Cyrus IMAP mail server vulnerability is related to an operation exceeding the memory buffer boundaries. Exploitation of the vulnerability could allow a remote attacker to cause a denial of service by sending multiple literals in a single command Cyrus IMAP mail server vulnerability is related...

ROS-20250825-05

A vulnerability in the Ruby Sinatra web application development framework is related to a flaw in limiting the name of the of the directory path. Exploitation of the vulnerability allows an attacker acting remotely to gain access to sensitive data...

ROS-20250825-07

A vulnerability in the PHP adodb class library involves improper escaping of a query parameter. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary SQL statements. SQL statements,...

ROS-20250825-02

A vulnerability in the Nokogiri program library of the Ruby interpreter is related to improper handling of an an unexpected data type. Exploitation of the vulnerability could allow an attacker, acting remotely, disclose protected information or cause a denial of service A vulnerability in the...

ROS-20250825-08

A vulnerability in the Iperf3 network bandwidth measurement tool is related to an achievable assertion in the iperfauth.c. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service A vulnerability in the Iperf3 network bandwidth measurement...

ROS-20250825-03

The OpenSSH cryptographic security tool server vulnerability is related to a server modification to support the authentication option. Exploitation of the vulnerability could allow an attacker acting remotely execute a MITM attack...

ROS-20250825-04

A vulnerability in ASGI Starlette toolkit for creating asynchronous Python web services is related to blocking the main thread for transferring a file to disk. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20250825-01

Vulnerability of Srio archiving utility is related to errors in TAR file header verification. Exploitation of the vulnerability could allow an attacker to escalate his privileges...

ROS-20250825-06

A vulnerability in the Aggregate Term Handler component of the SQLite database management system is related to errors in the numeric truncation errors. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality, integrity, and availability of the SQLit...

ROS-20250822-15

Package manager vulnerability for Helm is related to local code execution when updating dependencies. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...

ROS-20250822-24

A vulnerability in the PHP programming language interpreter is related to insufficient null byte checking in the implementation of the fsockopen function when handling hostnames. Exploitation of the vulnerability could allow an attacker acting remotely to perform SSRF attacks A vulnerability in t...

ROS-20250822-08

Vulnerability of parse.ParseUnverified function of golang-jwt web token library of Go programming language is related to uncontrolled resource consumption. Go programming language is related to uncontrolled resource consumption. Exploitation of the vulnerability allows an attacker acting remotely...

ROS-20250822-11

A vulnerability in the HPACK decoder of Golang programming is related to uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting locally to cause a denial of service...

ROS-20250822-10

Vulnerability in clientgolang library of Prometheus event monitoring and notification application is related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service...

ROS-20250822-14

A vulnerability in a library for XSLT conversion of XML documents to other formats is related to a type confusion bug in xmlNode.psvi. type confusion bug in xmlNode.psvi. Exploitation of the vulnerability could allow an attacker to execute arbitrary code on the target system...

ROS-20250822-23

A vulnerability in the PHP programming language interpreter is related to insufficient null byte checking in the implementation of the fsockopen function when handling hostnames. Exploitation of the vulnerability could allow an attacker acting remotely to perform SSRF attacks A vulnerability in t...

ROS-20250822-19

A vulnerability in the 2D component of the Oracle Java SE software platform and Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient input validation. and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient input...

ROS-20250822-13

Vulnerability of HTTP/2 protocol implementation is related to the possibility of forming a stream of requests within an already established network connection without opening new network connections and without confirming receipt of requests. The vulnerability of the HTTP/2 protocol implementatio...

ROS-20250822-04

Apache Tomcat application server vulnerability related to bypassing the authentication procedure through the use of an alternate path or channel. using an alternate path or channel. Exploitation of the vulnerability could allow an attacker, acting remotely, to affect the confidentiality of...

ROS-20250822-02

A vulnerability in the dom4j open source Java library for XML, XPath and XSLT is related to the improper cleansing of elements and attribute names in XML documents. Exploitation of the vulnerability could Allow an attacker acting remotely to launch an XXE attack on the target system...

ROS-20250822-07

Vulnerability of parse.ParseUnverified function of golang-jwt web token library of Go programming language is related to uncontrolled resource consumption. Go programming language is related to uncontrolled resource consumption. Exploitation of the vulnerability allows an attacker acting remotely...

ROS-20250822-03

SafeHtml validator vulnerability in Hibernate Validator library is related to failure to take measures to protect web page structure when processing HTML content. web page structure when processing HTML content. Exploitation of the vulnerability could allow an attacker acting remotely to conduct...

ROS-20250822-18

A vulnerability in the 2D component of the Oracle Java SE software platform and Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient input validation. and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient input...

ROS-20250822-06

Vulnerability in Moodle virtual learning environment related to user session hijacking via the sesskey. Exploitation of the vulnerability could allow an attacker acting remotely to obtain sensitive data...

ROS-20250822-09

The vulnerability of the package designed to work with JSON Web Tokens jwt-go is related to incorrect checking of the data when processing data transmitted via m"aud". Exploitation of the vulnerability could allow an attacker, acting remotely, to bypass the authentication process...

ROS-20250822-16

A vulnerability in the 2D component of the Oracle Java SE software platform and Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient input validation. and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient input...

ROS-20250822-21

A vulnerability in the PHP programming language interpreter is related to insufficient null byte checking in the implementation of the fsockopen function when handling hostnames. Exploitation of the vulnerability could allow an attacker acting remotely to perform SSRF attacks A vulnerability in t...

ROS-20250822-22

A vulnerability in the PHP programming language interpreter is related to insufficient null byte checking in the implementation of the fsockopen function when handling hostnames. Exploitation of the vulnerability could allow an attacker acting remotely to perform SSRF attacks A vulnerability in t...

ROS-20250822-05

Apache Tomcat application server vulnerability related to bypassing the authentication procedure through the use of an alternate path or channel. using an alternate path or channel. Exploitation of the vulnerability could allow an attacker, acting remotely, to affect the confidentiality of...

ROS-20250822-01

A vulnerability in the Kea open source DHCP server is related to the use of an unreliable search path. Exploitation of the vulnerability could allow an attacker to escalate privileges on the system...

ROS-20250822-20

Vulnerability in GPAC multimedia platform, related to manipulation of baseiniturl argument, resulting in the dereferencing of a null pointer. Exploitation of the vulnerability could allow an attacker, acting remotely to cause a denial of service...

ROS-20250822-17

A vulnerability in the 2D component of the Oracle Java SE software platform and Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient input validation. and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient input...

ROS-20250822-12

Vulnerability of http2 package of Go programming language is related to uncontrolled server resources consumption as a result of resetting Server.MaxConcurrentStreams parameter during request stream processing. as a result of resetting the Server.MaxConcurrentStreams parameter when processing a...

ROS-20250821-03

EMACS text editor vulnerability exists due to failure to take measures to neutralize special elements. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary commands...

ROS-20250821-07

A vulnerability in the cJSON parser is due to the fact that parsestring has a heap-based buffer, rereadable through "1":1, with no terminating newline character if cJSONParseWithLength is called. Exploitation of the of the vulnerability could allow an attacker acting remotely to gain access to...

ROS-20250821-02

A vulnerability in the BinaryStreamDriver component of the Java library for converting objects to XML or JSON XStream format is related to a buffer overflow on the stack from a manipulated binary input stream. Exploitation of the vulnerability could allow an attacker acting remotely to perform a...