7149 matches found
ROS-20250729-07
A vulnerability in FreeIPA's centralized user identity management system is related to improper access control. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges to the level of a domain administrator and impact the domain. remotely, escalate the...
ROS-20250729-06
A vulnerability in FreeIPA's centralized user identity management system is related to improper access control. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges to the level of a domain administrator and impact the domain. remotely, escalate the...
ROS-20250724-09
A vulnerability in the urllib3 module of the Python programming language interpreter is related to incorrect implementation of the Redirect object when processing redirects and retries. implementation of the Redirect object when processing redirects and retries. Exploitation of the vulnerability...
ROS-20250724-04
The vulnerability of the fstrflocaltime function of the jq functional programming language is related to the use of memory after its release. memory after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely, affect the availability of protected information...
ROS-20250724-05
A vulnerability in the FCGI web server-application interaction library for Perl is related to the inclusion of code from libfcgi/fcgiapp.c that is prone to integer overflow. Exploitation of the vulnerability could Allow a remote attacker to execute arbitrary code on the target system...
ROS-20250724-03
A vulnerability in the Ansible configuration management system is related to the fact that the application allows the use a hostvars object to reference and execute template content. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the implemented security...
ROS-20250724-02
A vulnerability in the Cockpit server management system is related to the failure to clean data at the at the management level. Exploitation of the vulnerability could allow an attacker to execute arbitrary commands...
ROS-20250724-01
Vulnerability of amdgpucswaitallfences function in drivers/gpu/drm/amd/amdgpu/amdgpucs.c driver module amdgpu of AMD Radeon video cards in the Linux kernel is related to the reuse of previously released memory due to competitive access to the resource race condition. Exploitation of the...
ROS-20250724-08
A vulnerability in the Grafana monitoring and surveillance platform is related to insufficient input validation data when processing panel headers or names. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service...
ROS-20250724-06
A vulnerability in the Ruby websocket-extensions module that supports the implementation of WebSocket extensions is related to spending quadratic time parsing a header containing an unclosed string parameter value, which is a repeating two-byte sequence of backslash and some of backslash and some...
ROS-20250724-10
A vulnerability in the LibSSH client authentication library is related to boundary conditions in the function sftphandle... Exploitation of the vulnerability could allow an attacker acting remotely to gain access to potentially sensitive information...
ROS-20250724-11
Vulnerability in Apache HTTP Server web server kernel is related to access control bypass with resume session resumption in modssl. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the enforced security restrictions...
ROS-20250724-07
A vulnerability in the Microsoft .NET software platform and Microsoft's software development tool Visual Studio is related to the use of an insecure search path. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
ROS-20250723-01
The vulnerability of the PAM-PKCS11 authentication module of Linux operating systems is related to the fact that the value of the certpolicy defaults to "none". Exploitation of the vulnerability could allow an attacker acting remotely to bypass the authentication process. remotely to bypass the...
ROS-20250722-01
Vulnerability of the ComposeQueryEngine function UriQuery.c of the URI parsing and processing library uriparser is related to integer overflow. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary code or cause a denial of service...
ROS-20250722-02
Vulnerabilities in GLPI's asset management and data center software are related to an excessive amount of data output by the application. Exploitation of the vulnerability could allow an attacker, acting remotely, to gain access to potentially sensitive information...
ROS-20250722-04
Vulnerability of the glibc system library dlopen function is related to the use of an insecure search path for executable programs when processing the LDLIBRARYPATH variable. executable programs when processing the LDLIBRARYPATH variable. Exploitation of the vulnerability could allow an attacker...
ROS-20250722-03
A vulnerability in the FreeType font rasterization library is related to reading outside buffer boundaries in memory. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code by sending a specially generated file of variant fonts...
ROS-20250721-02
A vulnerability in the assert function of the GNU C Library system library is related to incorrect calculations of the the size of the allocated buffer. Exploitation of the vulnerability could allow an attacker acting remotely, affect the availability of protected information...
ROS-20250721-01
The vulnerability of the iorwinitfile function of the iouring/rw.c module of the asynchronous I/O interface of the kernel of the of Linux operating system is related to reuse of previously freed memory. Exploitation exploitation of the vulnerability could allow an attacker to affect the...
ROS-20250718-02
The vulnerability in Firefox and Firefox ESR browsers and Thunderbird email client is related to the operation exceeding the memory buffer boundaries. memory buffer boundaries. Exploitation of the vulnerability could allow a remote attacker, execute arbitrary code or cause a denial of service...
ROS-20250718-01
The vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client is related to incorrect optimization, where JIT compilation created incorrect code in certain cases. optimization, in which JIT-compilation in certain cases created incorrect code for arguments. arguments. Exploitation...
ROS-20250718-03
The vulnerability in Firefox and Firefox ESR browsers and Thunderbird email client is related to the operation exceeding the memory buffer boundaries. memory buffer boundaries. Exploitation of the vulnerability could allow a remote attacker, execute arbitrary code or cause a denial of service...
ROS-20250717-04
A vulnerability in the Thunderbird email client is related to errors in processing OpenPGP cryptographic signatures. Exploitation of the vulnerability could allow a remote attacker to launch a spoofing attack Vulnerability in the implementation of S/MIME Secure/Multipurpose Internet Mail Extensio...
ROS-20250717-02
Vulnerability of the auxiliary ticket escalation tool in the Escalade GLPI plugin is related to incorrect access controls. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information...
ROS-20250717-03
A vulnerability in the OpenSC smart card handling library is related to information disclosure via a inconsistency. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service...
ROS-20250717-01
GLPI asset and data center management software vulnerability is related to incorrect access restrictions in the API. Exploitation of the vulnerability could allow an attacker, acting remotely, to gain access to sensitive information...
ROS-20250716-01
DNS BIND server vulnerability is related to asymmetric resource consumption. Exploiting the vulnerability Allows a remote attacker to cause a denial of service...
ROS-20250716-02
A vulnerability in HashiCorp's Vault and Vault Enterprise enterprise data archiving platforms is related to uncontrolled cancelation of key change and recovery operations by the Vault operator. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20250710-08
A vulnerability in the OpenWire command handler of the Apache ActiveMQ software platform is related to a lack of control over user input. control over user input. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service by sending specially crafted...
ROS-20250710-06
The Redis database management system DBMS vulnerability is related to boundary checking errors in parsing file names. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...
ROS-20250710-07
YAML LibYAML analysis and creation library vulnerability is related to insufficient validation of user data in the LoadFile method. user data in the LoadFile method. Exploitation of the vulnerability could allow an attacker, acting remotely, to overwrite arbitrary files on the system...
ROS-20250710-12
A vulnerability in the Libexif library for grammar parsing EXIF files is related to an optimization of the compiler optimization that removes buffer overflow protection in libexif. Exploitation of the vulnerability could Allow an attacker acting remotely to execute arbitrary code on the target...
ROS-20250710-01
Vulnerability in the DoH implementation of the DNS BIND server is related to the allocation of unlimited memory. Exploitation The vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20250710-14
Apache Tomcat application server vulnerability is related to unrestricted resource allocation. Exploitation of the vulnerability could allow a remote attacker to cause a denial of service...
ROS-20250710-09
A vulnerability in the Apache MINA Java network application framework is related to incorrect handling ofjq SSL/TLS closenotify messages, as a result of which the software does not close the connection and keeps the socket open, allowing the client to subsequently receive open socket messages...
ROS-20250710-02
Vulnerability in XkbSizeKeySyms function of the Wayland protocol implementation for X.Org XWayland, an implementation of the XWayland Server X Window System X.Org Server is related to a buffer overflow. Exploitation of the vulnerability could allow an attacker to cause a denial of service or...
ROS-20250710-05
The vulnerability in the Perl programming language is due to the fact that the software uses the function rand as the default entropy source, which is not cryptographically secure. Exploitation of the vulnerability could allow an attacker to bypass the implemented security restrictions...
ROS-20250710-04
Tornado asynchronous network library vulnerability is related to excessive logging in parser multipart/form-data. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20250710-13
A vulnerability in the Jackson-databind library of the FasterXML project is related to the recovery of inaccurate data in memory. of invalid data. Exploitation of the vulnerability could allow an attacker acting remotely to affect the confidentiality, integrity, and availability of protected...
ROS-20250710-11
Vulnerability of PropertyUtilsBean class of Apache Commons Beanutils utility is related to flaws in unbundled access to the class loader. Exploitation of the vulnerability could allow an attacker, acting remotely, execute arbitrary code...
ROS-20250710-03
Vulnerability in Update Handler component of Mozilla Firefox, Mozilla Firefox ESR and Mozilla Thunderbird browsers is related to access control flaws. Mozilla Thunderbird is related to access control flaws. Exploitation of the vulnerability could allow An attacker acting remotely could elevate hi...
ROS-20250707-06
Vulnerability of the sudo system administration program is related to insufficient implementation of security measures when running sudo with the -h option --host. security measures when sudo is run with the -h --host option. Exploiting the vulnerability could allow an attacker to elevate their...
ROS-20250707-03
A vulnerability in the Portainer container management platform is related to the transmission of HTTP headers to the registry. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information...
ROS-20250707-01
A vulnerability in the Konsole terminal emulator of the KDE desktop environment is related to the implementation of an incorrect control flow when processing telnet://, rlogin:// and ssh:// URLs. control flow when handling telnet://, rlogin:// and ssh:// URLs. Exploitation of the vulnerability...
ROS-20250707-05
A vulnerability in the Google Chrome browser is related to post-release usage errors in Animation in Google Chrome. Exploitation of the vulnerability could allow an attacker acting remotely, compromise a vulnerable system...
ROS-20250707-02
Vulnerability in the prefix-based ACL policy search mechanism of Nomad application orchestrator is related to incorrect assignment of access control rules. Exploitation of the vulnerability could allow an attacker, acting remotely, to bypass existing security mechanisms by creating a job with a...
ROS-20250707-04
Vulnerability in FontFaceSet interface of Mozilla Firefox, Firefox ESR browsers is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service WebCompat extension vulnerability in Mozilla Firefox, Firefox ES...
ROS-20250703-11
A vulnerability in the HTTP Requests library of the Python Requests programming language is related to the fact that the library passes .netrc credentials to third parties for certain malicious URLs. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data...
ROS-20250703-04
A vulnerability in the cross-platform software development framework Qt is related to the fact that QAbstractOAuth in Qt Network Authorization uses only time to run PRNG Exploitation of this vulnerability could allow an attacker acting remotely to bypass authentication. of the vulnerability could...