ROS-20250703-09

Vulnerability of RoundCube Webmail mail client is related to flaws in deserialization mechanism of from parameter processing. processing the from parameter. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code by sending a specially crafted request...

ROS-20250703-08

A vulnerability in the Thunderbird email client is related to incorrect processing of the p2-from header. Exploitation of the vulnerability could allow an attacker acting remotely to conduct spoofing attacks Vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client is related to...

ROS-20250703-06

A vulnerability in the mpmathify function of the mpmath library of the Python programming language interpreter is related to the unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service ReDos. remotely to cause a deni...

ROS-20250703-10

Vulnerability of the Drupal CMS kernel is related to insufficient control over modification of dynamically defined object characteristics. of dynamically defined object characteristics. Exploitation of the vulnerability could allow an attacker, acting remotely. remotely, to execute arbitrary code...

ROS-20250703-01

Vulnerability in Server Mode LDAP authentication configuration of database management tool pgAdmin 4 is related to incorrect session commit as a result of improper access delimitation. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the security restrictions...

ROS-20250703-02

A vulnerability in the Go programming language is related to improper syntax correctness checking of input. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service...

ROS-20250703-05

A vulnerability in the cross-platform software development framework Qt is related to the fact that QAbstractOAuth in Qt Network Authorization uses only time to run PRNG Exploitation of this vulnerability could allow an attacker acting remotely to bypass authentication. of the vulnerability could...

ROS-20250703-07

A vulnerability in the DevTools component of the Google Chrome browser is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A vulnerability in the libvpx library of the Google Chrome and Microsoft Edge...

ROS-20250703-12

A vulnerability in the HTTP Requests library of the Python Requests programming language is related to the fact that the library passes .netrc credentials to third parties for certain malicious URLs. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data...

ROS-20250703-03

A vulnerability in the pgAdmin 4 database management tool is related to improper data cleanup, provided by the user. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code. remotely to execute arbitrary code...

ROS-20250630-03

A vulnerability in the Symfony web application development and management software platform exists due to failure to take measures to neutralize special elements. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary code A vulnerability in the Symfony w...

ROS-20250630-06

Vulnerability of orftokenendianconvert function of group communication system for fault-tolerant clusters Corosync is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code or cause a denia...

ROS-20250630-05

The Salted Challenge Response Authentication Mechanism SCRAM vulnerability in the Apache Kafka Message Manager is due to a lack of verification of one-time message numbers between messages. of the Apache Kafka Message Manager is related to the lack of verification of one-time message numbers...

ROS-20250630-04

The Eclipse Jetty servlet container vulnerability is related to a bug in GzipHandler when handling certain URL paths. Exploitation of the vulnerability could allow an attacker to bypass the enforced security restrictions security The Eclipse Jetty servlet container vulnerability is related to the...

ROS-20250630-01

A vulnerability in the pgAdmin 4 database management tool exists due to an incorrect restriction of the name of the of the path to a restricted directory. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary code...

ROS-20250630-11

The vulnerability of a data encryption package using Crypt::CBC encryption block chain mode is due to the fact, that the rand function is not cryptographically secure. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20250630-08

A vulnerability in a library for Python that extends the ease of creating, distributing, and installation of Python packages setuptools is related to an input validation error when processing sequences of directory traversal in packageindex.py. Exploitation of the vulnerability could allow an...

ROS-20250630-10

A vulnerability in the BeanIntrospector class of the Apache Commons Beanutils utility is related to the recovery of an inaccurate data structure in memory. of an invalid data structure. Exploitation of the vulnerability could allow an attacker acting remotely to affect the confidentiality,...

ROS-20250630-12

A vulnerability in the Golang programming language is related to an insecure reference following issue OCREATE and OEXCL when processing symbolic links. Exploitation of the vulnerability could allow an attacker to escalate privileges on the system. The vulnerability in the Golang programming...

ROS-20250630-07

A vulnerability in HashiCorp's Vault and Vault Enterprise enterprise information archiving platforms was related to incorrect validation of an assertion in an Azure-issued token, leading to a potential circumvention of the boundlocations parameter at login. Exploitation of the vulnerability could...

ROS-20250630-09

Vulnerability of net/http, x/net/proxy and x/net/http/httpproxy packages of Go programming language is related to incorrect mapping of hosts to proxy server templates. Exploitation of the vulnerability could allow an intruder to affect confidentiality and availability of protected information A...

ROS-20250630-02

The vulnerability of HashiCorp Vault and Vault Enterprise enterprise data archiving platforms is related to the fact that the validprincipals and defaultuser fields of the SSH secrets mechanism configuration are not are not set. Exploitation of the vulnerability could allow an attacker acting...

ROS-20250625-08

Vulnerability in DecodeConfig component of Golang programming language is related to race condition of symbolic links when using os.RemoveAll. Exploitation of the vulnerability could allow an attacker, acting remotely, to remove arbitrary directories...

ROS-20250625-09

A vulnerability in the Apache Commons Configuration library is related to mismanagement of code generation. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code using specially crafted script, dns, and url requests. using specially crafted script, dn...

ROS-20250625-02

A vulnerability in the br.com.anteros.dbcp.AnterosDBCPConfig component of the Java library for grammar parsing JSON files jackson-databind is related to the recovery of invalid data in memory. Exploitation of the of the vulnerability could allow an attacker acting remotely to cause a denial of...

ROS-20250625-01

Vulnerability of ffhevcputweightedpredavg8sse function of h.265 Libde265 video codec implementation is related to operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service using a specially crafted vid...

ROS-20250625-06

A vulnerability in the checkforbidden function from rack/directory.rb of the modular interface between web servers and the Rack web applications is related to incorrect directory path name restriction. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to...

ROS-20250625-05

Vulnerability of components from memcachestore.rb and rediscachestore.rb of Ruby on Rails software platform is related to recovery of invalid data structure in memory. Exploitation of the vulnerability could allow a remote attacker to gain access to sensitive data, compromise its integrity, as we...

ROS-20250625-07

Vulnerability of translate function from translationhelper.rb of Ruby on Rails software platform is related to flaws in the measures used to protect web page structures. Exploitation of the vulnerability allows an attacker acting remotely to affect data integrity...

ROS-20250625-04

A vulnerability in the Ruby on Rails software platform is related to a CSRF vulnerability in the rails-ujs module. Exploitation of the vulnerability could allow an attacker acting remotely to send CSRF tokens to the wrong domains. invalid domains...

ROS-20250625-03

Vulnerability of eachpair function from strongparameters.rb of Ruby on Rails software platform is related to recovery of an invalid data structure in memory. Exploitation of the vulnerability could allow a remote attacker to gain access to confidential data Vulnerability in Ruby on Rails software...

ROS-20250624-15

Vulnerability in the Javascript Object Signing and Encryption Go JOSE standards set implementation is related to uncontrolled consumption of internal resources properly when analyzing JWS and JWE input data. Exploitation of the vulnerability could allow an attacker acting remotely to cause a deni...

ROS-20250624-13

Vulnerability of path.evaluate or path.evaluateTruthy compiler for writing JavaScript code Babel is related to an incorrect comparison. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...

ROS-20250624-09

A vulnerability in the av1looprestorationdealloc function of the libaom video encoding library is related to reading outside of buffer boundaries in memory. Exploitation of the vulnerability could allow a remote attacker, execute arbitrary code...

ROS-20250624-08

GIFLIB GIF library vulnerability is related to a boundary error in the function Dimplescreen2rgb in gif2rgb.c. Exploitation of the vulnerability could allow an attacker to execute arbitrary code on the target system...

ROS-20250624-16

A vulnerability in the libntlm library implementation of the NT LAN Manager Network Authentication Protocol NTLM is related to a buffer boundary read with reading beyond buffer boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code or cause...

ROS-20250624-07

A vulnerability in the Mercurial version control software tool is related to insufficient data cleansing, provided by the user. Exploitation of the vulnerability could allow an attacker acting remotely to perform cross-site scripting XSS attacks. remotely to perform cross-site scripting XSS attac...

ROS-20250624-04

A vulnerability in the Lua script interpreter is related to segmentation errors in changedline in ldebug.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20250624-03

A vulnerability in the UEFI firmware of Intel processors is related to insufficient granularity of the access controls. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the Software Guard eXtensions SGX implementation of Intel processors is...

ROS-20250624-14

A vulnerability in the SSH server of the Golang programming language is associated with uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20250624-11

A vulnerability in the Perl data structure to JSON conversion module Cpanel::JSON::XS is related to access beyond the beyond the allocated memory buffer, acting remotely, obtaining sensitive information or cause a denial of service...

ROS-20250624-05

A vulnerability in the Consul and Consul Enterprise service configuration tool is related to errors in the processing of CSR requests at the RPC endpoint. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the implemented security restrictions. remotely to bypass...

ROS-20250624-12

Vulnerability of putqpelfallback function fallback-motion.cc of h.265 video codec implementation Libde265 is related to writing beyond buffer boundaries. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service Vulnerability in the mcchroma function...

ROS-20250624-06

A vulnerability in the Django web application software platform is related to insufficient validation of user input in django.utils.text.wrap and the wordwrap template filter. user input in django.utils.text.wrap and wordwrap template filter. Exploitation of the vulnerability could allow an...

ROS-20250624-02

Vulnerability in OpenSearch software package related to lack of Markdown cleanup on header or footer previews header or footer preview. Exploitation of the vulnerability could allow an attacker to, execute arbitrary code...

ROS-20250624-01

A vulnerability in the SEV-SNP functions of AMD processor firmware is related to incorrectly input validation for serial presence detection DIMM SPD metadata. Exploitation of the vulnerability allows an attacker to overwrite guest memory, resulting in a loss of the guest data integrity...

ROS-20250624-10

Vulnerability of the native code library for parsing and linearization of PGF LIBPGF grammars is related to the memory usage after release in Decoder.cpp. Exploitation of the vulnerability could allow an attacker acting remotely to escalate privileges on the system...

ROS-20250623-01

The vulnerability of the nftpayload function of the net/netfilter /nftpayload.c module of the netfilter component of the Linux kernel is related to the operation exceeding the memory buffer boundary. of Linux operating system is related to the operation exceeding the buffer boundaries in memory...

ROS-20250619-06

Dante proxy server vulnerability is related to improper access restrictions in certain configurations of sockd.conf that includes socksmethod. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the implemented security restrictions. remotely to bypass the...

ROS-20250619-01

A vulnerability in the Rack module interface of the Ruby programming language interpreter is related to sending requests with an extremely large number of parameters. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A vulnerability in the Rack...