ROS-20250526-07

Google Chrome browser vulnerability involves post-release memory usage. Exploitation of the vulnerability could allow an attacker acting remotely to impact privacy, integrity and availability of data through the use of a specially crafted HTML page...

ROS-20250526-04

Vulnerability in Nomad application orchestrator due to ACL policies not using security labels. security labels. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive data...

ROS-20250526-09

Vulnerability of moodle virtual learning environment is related to flaws in permission checking and user capabilities of the user. Exploitation of the vulnerability could allow an attacker acting remotely to access confidential information A vulnerability in the Multi-Factor Authentication...

ROS-20250526-08

Vulnerability in the soupheaderparsequalitylist function of the libsoup GUI library GNOME of Linux operating systems is related to a memory leak when parsing a quality list containing elements with all zeros. Exploitation of the vulnerability could allow an attacker acting remotely, gain access t...

ROS-20250526-05

Nomad application orchestrator vulnerability related to the fact that the HTTP search API can expose the names of available CSI plugins. of available CSI plugins. Exploitation of the vulnerability could allow an attacker acting remotely, gain access to sensitive information Nomad application...

ROS-20250526-03

Nomad application orchestrator vulnerability related to vulnerability to directory path escaping Distributions. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive data...

ROS-20250522-01

Vulnerability in the scsi component of the Linux operating system kernel is related to a use-after release in the scsihexpandernoderemove function in drivers/scsi/mpt3sas/mpt3sasscsih.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the...

ROS-20250521-01

Vulnerability of drm/v3d components of Linux kernel is related to dereferencing of NULL pointer in the v3dirq and v3dhubirq functions in drivers/gpu/drm/v3d/v3dirq.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the video component of t...

ROS-20250520-01

Vulnerability of v3dirq function in drivers/gpu/drm/v3d/v3dirq.c - driver for Direct Rendering Infrastructure DRI support in Linux kernel is related to code errors. Direct Rendering Infrastructure DRI of the Linux kernel is related to bugs in the code. Exploitation of the vulnerability could allo...

ROS-20250515-10

A vulnerability in Apache Tomcat software is related to insufficient error handling for certain invalid HTTP priority headers. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service Apache Tomcat software vulnerability is related to insufficient...

ROS-20250515-03

Vulnerability of flacbuffercopy function of libsndfile library is related to reading data outside the buffer boundaries in memory. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to protected information and cause a denial of service. unauthorized acces...

ROS-20250515-07

Vulnerability of RevertAction.Php, ApiFileRevert.Php files of MediaWiki hypertext environment implementation software is related to incorrect permissions saving. MediaWiki hypertext environment is related to incorrect permissions saving. Exploitation of the vulnerability could allow a remote...

ROS-20250515-04

The vulnerability of the docker CLI plugin that extends Buildx build capabilities is related to the fact that the software stores sensitive information in log files. software stores sensitive information in log files. Exploiting the vulnerability could allow an attacker to gain access to sensitiv...

ROS-20250515-15

A vulnerability in the WPE WebKit and WebKitGTK web page display modules is related to writing beyond buffer boundaries. Exploitation of the vulnerability could allow a remote attacker to gain access to sensitive data, compromise its integrity, and cause a denial of service. confidential data,...

ROS-20250515-02

A vulnerability in the PHP Twig template language is due to sandbox security checks not being executed under certain circumstances. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the implemented security restrictions. remotely to bypass the implemented securit...

ROS-20250515-13

A vulnerability in the WPE WebKit and WebKitGTK web page display modules is related to writing beyond buffer boundaries. Exploitation of the vulnerability could allow a remote attacker to gain access to sensitive data, compromise its integrity, and cause a denial of service. confidential data,...

ROS-20250515-09

A vulnerability in the ReadParams function of the FastCGI protocol implementation of the fcgi2 library fcgi is related to an integer overflow. integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code by sending requests containing special...

ROS-20250515-14

A vulnerability in the WPE WebKit and WebKitGTK web page display modules is related to writing beyond buffer boundaries. Exploitation of the vulnerability could allow a remote attacker to gain access to sensitive data, compromise its integrity, and cause a denial of service. confidential data,...

ROS-20250515-06

Vulnerability of HTTP/2 protocol implementation is related to the possibility of forming a request flow within an already established network connection without opening new network connections and without confirming receipt of requests. The vulnerability of the HTTP/2 protocol implementation is...

ROS-20250515-01

A vulnerability in the PHP Twig template language is due to sandbox security checks not being executed under certain circumstances. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the implemented security restrictions. remotely to bypass the implemented securit...

ROS-20250515-12

A vulnerability in the WPE WebKit and WebKitGTK web page display modules is related to writing beyond buffer boundaries. Exploitation of the vulnerability could allow a remote attacker to gain access to sensitive data, compromise its integrity, and cause a denial of service. confidential data,...

ROS-20250515-11

A vulnerability in the RSS Block component of the Moodle virtual learning environment is associated with authorization bypassing through a user-controlled key. Exploitation of the vulnerability could allow an attacker, acting remotely, to gain unauthorized access to protected information A...

ROS-20250515-08

A vulnerability in the Thunderbird email client is related to the presence of multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, when hovering over any attachment, only the the last link. Exploiting this vulnerability allows remote attackers, perform a...

ROS-20250515-05

A vulnerability in the Poppler PDF display library is related to a floating-point exception in the PSStack::roll function. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the Poppler PDF mapping library is related to improper signature...

ROS-20250514-01

A vulnerability in the iiosimpledummytriggerh function of driver drivers/iio/dummy/iiosimpledummybuffer.c of the Linux kernel's IIO stub driver support is related to the use of an uninitialized resource. an uninitialized resource. Exploitation of the vulnerability could allow an attacker to gain...

ROS-2-557

2.557 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...

ROS-2-157

2.157 Notification on update of the RAND OPERATION SYSTEM "RED OS" RU.29926343.02.01-01-24 RED SOFT LLC notifies about the completion of the testing procedure and release of the updated RED OS 7.3 distribution. In order to update your copy of RED OS to the current state, you need to perform a...

ROS-2-652

2.652 OpenVPN Authentication Bypass CVE-2020-15078 1. Vulnerability Description: The vulnerability allows a remote attacker to bypass authentication and access restrictions to leak VPN configuration data. The issue only occurs on servers that are configured to use deferredauth. Under certain...

ROS-2-65

2.65 Notification on update of the RAND OPERATION SYSTEM "RED OS" RU.29926343.02.01-01-24 RED SOFT LLC notifies about the completion of the testing procedure and release of the updated RED OS 7.3 distribution. In order to update your copy of RED OS to the current state, you need to perform a...

ROS-2-138

2.138 Notification on updating of the Anti-Malware Protection System "RED OS" No. RU.29926343.02.01-01-24 RED SOFT LLC notifies about the completion of the testing procedure and release of the updated RED OS 7.3 distribution. In order to update your copy of RED OS to the current state, you need t...

ROS-2-588

2.588 Vulnerability in Mozilla Firefox browser CVE-2021-29967 1. Vulnerability description: A vulnerability in the Mozilla Firefox browser that allows an attacker to execute arbitrary code on the target system.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia: 2...

ROS-2-32

2.32 Notification on the update of MIS OPERATION SYSTEM "RED OS" No. RU.29926343.02.01-01-24 RED SOFT LLC notifies about the completion of the testing procedure and release of the updated RED OS 7.3 distribution. In order to update your copy of RED OS to the current state, you need to perform a...

ROS-2-33

2.33 Notification on update of the RAND OPERATION SYSTEM "RED OS" RU.29926343.02.01-01-24 RED SOFT LLC notifies about the completion of the testing procedure and release of the updated RED OS 7.3 distribution. In order to update your copy of RED OS to the current state, you need to perform a...

ROS-2-162

2.162 Notification on update of the RAND OPERATION SYSTEM "RED OS" RU.29926343.02.01-01-24 RED SOFT LLC notifies about the completion of the testing procedure and release of the updated RED OS 7.3 distribution. In order to update your copy of RED OS to the current state, you need to perform a...

ROS-2-347

2.347 Notification on the update of MIS OPERATION SYSTEM "RED OS" No. RU.29926343.02.01-01-24 RED SOFT LLC notifies about the completion of the testing procedure and release of the updated RED OS 7.3 distribution. In order to update your copy of RED OS to the current state, you need to perform a...

ROS-2-626

2.626 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability Description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...

ROS-2-695

2.695 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...

ROS-2-576

2.576 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote attacke...

ROS-2-586

2.586 Remote code execution in nginxCVE-2021-23017 1. Vulnerability Description: The vulnerability allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to a single error in the ngxresolvercopyfunction when processing DNS responses. A remote attacke...

ROS-2-742

2.742 Notification on update of the Red OS OPERATION SYSTEM RU.29926343.02.01-01-24 RED SOFT LLC notifies about the completion of the testing procedure and release of the updated RED OS 7.3 distribution. In order to update your copy of RED OS to the current state, you need to perform a standard...

ROS-2-197

2.197 Notification on updating of the Anti-Malware Protection System "RED OS" No. RU.29926343.02.01-01-24 RED SOFT LLC notifies about the completion of the testing procedure and release of the updated RED OS 7.3 distribution. In order to update your copy of RED OS to the current state, you need t...

ROS-2-407

2.407 Notification on update of the Red OS OPERATION SYSTEM RU.29926343.02.01-01-24 RED SOFT LLC notifies about the completion of the testing procedure and release of the updated RED OS 7.3 distribution. In order to update your copy of RED OS to the current state, you need to perform a standard...

ROS-2-17

2.17 Notification on update of the RAND OPERATION SYSTEM "RED OS" RU.29926343.02.01-01-24 RED SOFT LLC notifies about the completion of the testing procedure and release of the updated RED OS 7.3 distribution. In order to update your copy of RED OS to the current state, you need to perform a...

ROS-2-186

2.186 Notification on update of the RAND OPERATION SYSTEM "RED OS" RU.29926343.02.01-01-24 RED SOFT LLC notifies about the completion of the testing procedure and release of the updated RED OS 7.3 distribution. In order to update your copy of RED OS to the current state, you need to perform a...

ROS-2-542

2.542 Apache Ant utility vulnerability CVE-2021-36374, CVE-2021-36373 1. Vulnerability Description: CVE-2021-36374 A vulnerability in the Apache Ant utility, is related to the application improperly controlling internal resource consumption when processing ZIP archives. Exploitation of the...

ROS-20250513-02

The RED OS kiosk mode vulnerability is due to improper constraints. Exploitation of the vulnerability could allow an attacker to execute arbitrary commands on the system outside of the imposed restrictions Information about the vulnerability was received from Alexander Starikov - researcher at...

ROS-20250513-01

Vulnerability of directory publishing application in domain sharedirectory is related to the lack of verification of the of a user accessing the D-Bus service. Exploitation of the vulnerability could allow an attacker to to execute arbitrary operating system commands. Information about the...

ROS-2-2

2.2 Notification of the update of the OPERATION SYSTEM "RED OS" MIS RED SOFT LLC notifies about renewal of the previously obtained certificate of conformity of FSTEC of Russia 4060 till 12.01.2029 of the operating system "RED OS", decimal number RU.29926343.02.01-01. You can contact the technical...

ROS-2-178

2.178 Notification on update of the RID OS OPERATION SYSTEM RU.29926343.02.01-01-24 RED SOFT LLC notifies about the completion of the testing procedure and release of the updated RED OS 7.3 distribution. In order to update your copy of RED OS to the current state, you need to perform a standard...

ROS-2-484

2.484 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability could...