7149 matches found
ROS-20250821-08
A vulnerability in the TCPDF PHP library is related to reading arbitrary files from the server's file system via the src tag. Exploitation of the vulnerability could allow an attacker to gain access to sensitive information. information Vulnerability in TCPDF PHP library is related to improper...
ROS-20250821-05
Vulnerability of the open source library Abseil-cpp for C++ standard library extension is related to failure to set an upper bound for its size argument in reserve and rehash functions. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to confidential...
ROS-20250821-06
A vulnerability in the Perl programming language is related to the race condition if a directory descriptor is opened when the thread is created. Exploitation of the vulnerability could allow an attacker to interfere with the application's behavior...
ROS-20250821-04
Vulnerability in libsoup library is related to disclosure of system data to unauthorized parties. Exploitation exploitation of the vulnerability could allow a remote attacker to disclose protected information. GNOME GUI libsoup library vulnerability is related to asymmetric resource consumption...
ROS-20250821-01
WSGI server gunicorn vulnerability is related to flaws in HTTP request handling. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the existing security restrictions and execute an HTTP request smuggling attack...
ROS-20250819-01
Moodle virtual learning environment vulnerability related to IDOR issue in Feedback report. Exploitation The vulnerability could allow an attacker acting remotely to gain unauthorized access to features that would otherwise be restricted. functions that would otherwise be limited to Vulnerability...
ROS-20250819-08
A vulnerability in the Transfer-Encoding and Content-Length headers of the Netty networking software tool is related to a flaw in the interpretation of HTTP requests. a flaw in the interpretation of HTTP requests. Exploitation of the vulnerability could allow an attacker, acting remotely, to impa...
ROS-20250819-05
Vulnerability of TarFile.extractall and TarFile.extract functions of tarfile module of Python programming language interpreter CPython is related to incorrect restriction of path name of restricted directory. Python programming language interpreter CPython functions TarFile.extractall and...
ROS-20250819-02
Vulnerability in dfeninorder component of virtuoso-opensource web application development platform is related to creation of special SQL statements. Exploitation of the vulnerability could allow an attacker acting remotely, allowing an attacker to cause a denial of service...
ROS-20250819-09
Vulnerability of libxml2 library's xmlSchematronFormatReport function is related to reading data outside of the buffer in memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted XML file Vulnerability in the...
ROS-20250819-13
A vulnerability in Salt's configuration management and remote execution system is related to the overwriting of the of the VirtKey class. Exploitation of the vulnerability could allow an attacker to bypass security restrictions. security Vulnerability in the system of configuration management and...
ROS-20250819-04
Vulnerability of libarchive library for reading and writing archives in different formats is related to null pointer dereferencing in headerpaxextension function in rchivereadsupportformatformattar.c:1844:8. Exploitation of the vulnerability could allow an attacker, acting remotely to cause a...
ROS-20250819-07
Xen hypervisor vulnerability is related to mutual blocking of execution threads. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
ROS-20250819-10
The cJSON parser vulnerability is related to the error of dereferencing a null pointer in the function cJSONSetValuestring in cJSON.c. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A vulnerability in the cJSONSetValuestring function of the...
ROS-20250819-03
A vulnerability in the multi-platform database tool dbeaver is related to an improper restriction of a reference to an external XML entity. Exploitation of the vulnerability could allow an attacker to gain access to sensitive information...
ROS-20250819-12
Vulnerability of configuration management and remote Salt operations execution system is related to incorrect input data validation in the findfile method of the GitFS class. Exploitation of the vulnerability could allow an attacker to manipulate files and directories Vulnerability in the Salt...
ROS-20250819-11
Vulnerability of configuration management and remote Salt operations execution system is related to incorrect input data validation in the findfile method of the GitFS class. Exploitation of the vulnerability could allow an attacker to manipulate files and directories Vulnerability in the Salt...
ROS-20250819-06
Vulnerability of TarFile.extractall and TarFile.extract functions of tarfile module of Python programming language interpreter CPython is related to incorrect restriction of path name of restricted directory. Python programming language interpreter CPython functions TarFile.extractall and...
ROS-20250818-04
Vulnerability of AmdPspP2CmboxV2 driver in AMD processor firmware is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker to execute arbitrary code Vulnerability in AMD processor firmware AmdCpmDisplayFeatureSMM driver is related to insufficient inpu...
ROS-20250818-02
The vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client is related to the use of memory after its release. memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary code...
ROS-20250818-03
Vulnerability of phpseclib cryptographic protocol library is related to incorrect processing of RSA PKCS1 signature verification. of RSA PKCS1 signatures. Exploitation of the vulnerability could allow an attacker acting remotely, to compromise the target system. A vulnerability in the phpseclib...
ROS-20250818-05
Wireshark computer network traffic analyzer vulnerability related to insufficient validation of user data in GQUIC dissector. of user data in the GQUIC dissector. Exploitation of the vulnerability could allow an attacker, acting remotely to cause a denial of service...
ROS-20250818-01
In the gffilterpidresolvefiletemplateex function file filtercore/filterpid.c, line 9045 there is no check of the pointer to NULL before calling the strncmp function. This allows an attacker to to generate a media file with incorrect metadata containing incorrect URLs or HTML tags, which results i...
ROS-20250818-06
A vulnerability in the fs/hfs.c file of the hfs component of the Grub2 operating system boot loader is related to writing beyond the buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code in the context of the current user using a speciall...
ROS-20250814-07
A vulnerability in the libxml2 library is related to a post-release usage error in the function xmlXIncludeAddNode in xinclude.c. Exploitation of the vulnerability could allow an attacker acting remotely to compromise a vulnerable system...
ROS-20250814-02
Ingress controller vulnerability in Kubernetes ingress-nginx cluster is related to errors in the processing of Ingress object annotations. Exploitation of the vulnerability could allow an attacker acting remotely to escalate their privileges...
ROS-20250814-01
A vulnerability in the MediaWiki hypertext environment implementation software exists due to failure to take measures to protect the structure of the web page. Exploitation of the vulnerability could allow an attacker, acting remotely, to conduct a cross-site scripting XSS attack...
ROS-20250814-08
Vulnerability of the createInDir function of the glog library of the Golang programming language is related to errors in reference handling. reference handling errors. Exploitation of the vulnerability may allow an attacker to escalate his privileges and gain unauthorized access to protected...
ROS-20250814-06
Vulnerability in Iperf3 network throughput measurement tool is related to incorrect processing of test parameters passed to server in json format. test parameters passed to the server in json format. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of...
ROS-20250814-03
PowerDNS Recursor DNS server vulnerability is due to insufficient input validation. Exploitation The vulnerability could allow a remote attacker to cause a denial of service...
ROS-20250814-05
Mozilla Firefox browser vulnerability is related to an unchecked return value. Exploitation The vulnerability could allow an attacker acting remotely to cause a denial of service A vulnerability in the NSS application development library set of Firefox web browser and Thunderbird email client...
ROS-20250814-10
A vulnerability in the mod-copy module of the ProFTPD FTP server is related to a null pointer dereference error. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20250814-09
A vulnerability in the SMM component of AMD graphics processor firmware is related to a insufficient flow control in AmdCpmOemSmm. Exploitation of the vulnerability could allow an attacker to escalate privileges on the system A vulnerability in the SMM component of AMD GPU firmware is associated...
ROS-20250814-12
EMACS text editor vulnerability is related to incorrect input validation of the org-babel-execute:latex in ob-latex.el when processing file or directory names. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...
ROS-20250814-11
System Management Mode SMM vulnerability in AMD processor firmware is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...
ROS-20250814-04
Vulnerability in the moddavsvn module of the Subversion centralized version control system is related to a bug in the path-based authorization rule lookup. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service. remotely to cause a denial of service...
ROS-20250813-02
A firmware vulnerability in the Server Board S2600ST Family server boards exists due to insufficient input validation. Exploitation of the vulnerability could allow an attacker to escalate their privileges...
ROS-20250813-10
A vulnerability in the Wi-Fi WPA Supplicantt secure access client is related to an uncontrolled element of the search path. search path element. Exploitation of the vulnerability could allow an attacker to escalate their privileges...
ROS-20250813-11
A vulnerability in the SMM component of AMD GPU firmware is related to incorrect processing of some special address ranges with invalid entries in the device table DTE. device table entries DTE. Exploitation of the vulnerability could allow an attacker to escalate privileges on the system A...
ROS-20250813-08
A vulnerability in the Java dnsjava DNS implementation is related to incorrect response checking during processing of DNS queries. Exploitation of the vulnerability could allow a remote attacker to bypass the implemented security restrictions. enforced security restrictions...
ROS-20250813-06
A vulnerability in a software wrapper that allows arbitrary traffic to be hidden in an encrypted ssl tunnel Stunnel is related to incorrect client certificate validation when using the parameters redirection and VerifyChain parameters. Exploitation of the vulnerability could allow an attacker...
ROS-20250813-07
A vulnerability in the Java dnsjava DNS implementation is related to incorrect response checking during processing of DNS queries. Exploitation of the vulnerability could allow a remote attacker to bypass the implemented security restrictions. enforced security restrictions...
ROS-20250813-05
The cross-platform xen hypervisor vulnerability is related to double unlocking when handling x86 guest x86 interrupts. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service...
ROS-20250813-04
VMware Tools suite vulnerability is related to access control flaws. Exploitation of the vulnerability could allow an attacker to escalate privileges...
ROS-20250813-03
Vulnerabilities in the UEFI Firmware component of Intel processor firmware are related to input validation flaws. Exploitation of the vulnerability could allow an attacker to elevate their privileges A vulnerability in the Linux kernel mode driver for certain IntelR Ethernet network controllers a...
ROS-20250813-09
A vulnerability in the Wi-Fi WPA Supplicantt secure access client is related to an uncontrolled element of the search path. search path element. Exploitation of the vulnerability could allow an attacker to escalate their privileges...
ROS-20250813-01
A vulnerability in the tarfile module of the Python programming language interpreter CPython is associated with incorrect parsing of the file header. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service...
ROS-20250812-06
Vulnerability of Sofia-SIP user agent library session initiation protocol is related to the the ability to write outside of a buffer in memory. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary code by sending specially crafted STUN packets The...
ROS-20250812-02
The Liblouis translator vulnerability is due to a bounds error inside the compilePassOpcode function in the compileTranslationTable.c. Exploitation of the vulnerability could allow an attacker to execute arbitrary code on the target system Liblouis translator vulnerability is related to a boundar...
ROS-20250812-09
A vulnerability in the encrypted function of the cross-platform software development framework Qt is related to synchronization errors when using a shared resource. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...