ROS-20250307-07

A vulnerability in the OVN Open Virtual Network abstraction support system is related to bypassing the output access control lists ACLs in OVN deployments using crafted UDP packets. Exploitation The vulnerability could allow an attacker acting remotely to gain unauthorized access to the Virtual...

ROS-20250303-07

The vulnerability of the ntfsreadmft function in the fs/ntfs3/inode.c module of the Linux kernel is related to the following issues lack of validation of allowed attribute sizes. Exploitation of the vulnerability could allow an attacker to affect confidentiality, integrity and availability of...

ROS-20250303-06

The vulnerability of the ntfsreadmft function in the fs/ntfs3/inode.c module of the Linux kernel is related to the following issues lack of validation of allowed attribute sizes. Exploitation of the vulnerability could allow an attacker to cause a denial of service Vulnerability of mienumattr...

ROS-20250303-04

Vulnerability of the iofilebitmapget function iouring/filetable.c of the Linux kernel is related to pointer dereferencing errors. pointer dereferencing errors. Exploitation of the vulnerability could allow an attacker to cause a denial of denial of service...

ROS-20250303-02

Vulnerability in the htmlawed module of the GLPI computer hardware request, incident and inventory system is related to incorrect input validation in /vendor/htmlawed/htmlawed/htmlawed/htmLawedTest.php. Exploitation of the of the vulnerability could allow an attacker acting remotely to inject...

ROS-20250303-03

A vulnerability in the Linux operating system's dmidecode utility is related to insecure privilege management. Exploitation of the vulnerability could allow an attacker to escalate privileges...

ROS-20250303-05

A vulnerability in the Wi-Fi driver rtl8712 of the Linux operating system kernel is related to the use of memory after its after memory has been freed. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20250303-01

Vulnerability in Nextcloud cloud storage creation and utilization software Server is related to the lack of restrictions on authentication attempts. Exploitation of the vulnerability could allow an attacker acting remotely to reset arbitrary passwords...

ROS-20250226-12

Vulnerabilities in the Hotspot components of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines are related to flaws in the authorization mechanism. for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to a flaw...

ROS-20250226-04

A vulnerability in the Starlette ASGI web development framework is related to the allocation of unlimited memory. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service...

ROS-20250226-02

A vulnerability in the imagingcms.c file of the Pillow imaging library is caused by an integer overflow. Exploitation of the vulnerability could allow an attacker to impact the confidentiality, integrity and availability of protected information...

ROS-20250226-09

Vulnerabilities in the Hotspot components of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines are related to flaws in the authorization mechanism. for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to a flaw...

ROS-20250226-13

The Eclipse Jetty servlet container vulnerability is due to the application not properly controlling the internal resource consumption in the ThreadLimitHandler.getRemote function. Exploitation of the of the vulnerability could allow an attacker to cause a denial of service...

ROS-20250226-01

A vulnerability in the Python toolkit dnspython is related to insufficient validation of user input in the Tudoor mechanism. user input in the Tudoor mechanism. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service...

ROS-20250226-11

Vulnerabilities in the Hotspot components of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines are related to flaws in the authorization mechanism. for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to a flaw...

ROS-20250226-34

A vulnerability in the gzipdowrite function of the zlib compression library of the cURL command-line utility is related to an integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely, bypass the ASLR protection mechanism, execute arbitrary code, or cause a denia...

ROS-20250226-17

A vulnerability in the crypto-elliptic component of the Golang programming language is related to uncontrolled resource consumption. resource consumption. Exploitation of the vulnerability could allow an attacker to gain access to sensitive information...

ROS-20250226-16

SSLVERIFYPEER mode vulnerability in the OpenSSL cryptographic library is related to the lack of a mechanism of to notify the user when a communication session is established. Exploitation of the vulnerability could allow an attacker acting remotely to realize a man-in-the-middle attack during a...

ROS-20250226-14

A vulnerability in the gzipdowrite function of the zlib compression library of the cURL command-line utility is related to an integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely, bypass the ASLR protection mechanism, execute arbitrary code, or cause a denia...

ROS-20250226-08

A vulnerability in the OpenJPEG image encoding and decoding library is related to memory boundary errors. memory boundary errors. Exploitation of the vulnerability could allow an attacker to execute arbitrary code A vulnerability in the OpenJPEG image encoding and decoding library is related to a...

ROS-20250226-06

A vulnerability in python-multipart, a streaming multi-component parser for Python, is related to the fact that the application generates redundant log entries when parsing form data. Exploiting the vulnerability could Allow an attacker acting remotely to cause a denial of service...

ROS-20250226-05

A vulnerability in AMD processors is associated with improper access control in System Management Mode SMM. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20250226-03

Vulnerability of MongoDB database management system is related to incorrect consistency checking in the input data during index processing with PrepareUnique parameter. input data during index processing with PrepareUnique parameter. Exploitation of the vulnerability could allow an attacker actin...

ROS-20250226-15

A vulnerability in the Netty networking software tool is related to an application attempting to download a file that does not does not exist. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the Netty networking software is related to...

ROS-20250226-10

Vulnerabilities in the Hotspot components of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines are related to flaws in the authorization mechanism. for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to a flaw...

ROS-20250226-07

Apache Tomcat application server vulnerability is related to synchronization errors when using a shared resource due to lack of case-sensitivity when writing servlets to the file system. as a result of file system case insensitivity when writing servlets. Exploitation exploitation of the...

ROS-20250220-02

A vulnerability in the ksmbddecodentlmsspauthblob function of the ksmbd module of the Linux kernel is related to a heap-based buffer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20250220-01

Vulnerability of tunfreenetdev function of virtual network drivers TUN/TAP of kernel operating systems Linux is related to repeated freeing of previously freed memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service or escalate privileges A vulnerability in...

ROS-20250219-05

A vulnerability in the Core component of Oracle VM VirtualBox is related to a flaw in the authorization mechanism. authorization mechanism. Exploitation of the vulnerability could allow an attacker to gain privileged access to the infrastructure A vulnerability in the Core component of the Oracle...

ROS-20250219-03

A vulnerability in the git-upload-pack method of the go-git library is related to argument injection or modification. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality, integrity, and availability of protected information A vulnerability in th...

ROS-20250219-01

A vulnerability in Intel Xeon processors is related to a bug in hardware logic. Exploitation of the vulnerability could allow an attacker to cause a denial of service Intel Xeon processor vulnerability is related to incorrect error handling in Intel SGX. Exploitation exploitation of the...

ROS-20250219-04

A vulnerability in Git's distributed version control system is related to a flaw in the mechanism for encoding or shielding of output data. Exploitation of the vulnerability allows a remote attacker, gain access to sensitive data Vulnerability in the ANSI Escape Sequence Handler component of the...

ROS-20250219-07

The vulnerability in the Apache Commons IO library is due to the fact that the application does not properly control the internal resource consumption when processing unreliable input data passed to the class org.apache.commons.io.input.XmlStreamReader. Exploitation of the vulnerability could all...

ROS-20250219-06

A vulnerability in Grafana's web-based data presentation tool is related to excessive data output by the application as part of the Grafana Alerting VictorOps integration. Exploitation of the vulnerability could allow an attacker, acting remotely, to gain access to potentially sensitive informati...

ROS-20250219-02

A vulnerability in the bsonstrfreev function of the libbson library of the MongoDB database management system driver C Driver is related to integer overflow. Exploitation of the vulnerability could allow an attacker to affect the integrity of protected information...

ROS-20250214-05

Intel Xeon processors vulnerability is related to a data protection mechanism violation. Exploitation of the vulnerability could allow an attacker to escalate privileges Vulnerability in SMI transfer monitor STM hypervisor of Intel processors firmware is related to to an improper workflow...

ROS-20250214-03

The vulnerability in Intel Xeon processors is related to incorrect default permissions in some Intel Xeon processor memory controller configurations when using Intel SGX. Intel Xeon processor memory controller configurations when using Intel SGX. Exploitation exploitation of the vulnerability cou...

ROS-20250214-06

A vulnerability in the iio component of the Linux operating system kernel is related to incorrect input validation in the afe4403readraw function in drivers/iio/health/afe4403.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the netfilte...

ROS-20250214-04

Vulnerability of the nftsetelemcatchalldeactivate function in the net/netfilter/nftablesapi.c module of the Linux kernel of the Linux operating system is related to the reuse of previously freed memory. Exploitation exploitation of the vulnerability could allow an attacker to affect the...

ROS-20250214-02

A vulnerability in the go-git library is related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A vulnerability in the git-upload-pack method of the go-git library is related to argument injection or...

ROS-20250214-01

A vulnerability in the Grafana web-based data submission tool is related to the ability to delete pending pending invitations. Exploitation of the vulnerability could allow an attacker acting remotely, modify arbitrary data...

ROS-20250212-17

A vulnerability in the Mark-of-the-Web protection mechanism of the 7-Zip archiver is related to a breach of the data protection mechanism. data protection mechanism. Exploitation of the vulnerability could allow an attacker to execute arbitrary code in the context of the current user...

ROS-20250212-15

A vulnerability in the diagnosticschannel utility of the Node.js software platform is related to incorrectly set security restrictions on diagnostic data processing. incorrectly set security restrictions when processing diagnostic data. Exploitation of the vulnerability could allow an attacker to...

ROS-20250212-12

A vulnerability in the hbcairoglyphsfrombuffer function of the Harfbuzz text transformation library is related to the bounds errors in the hbcairoglyphsfrombuffer function in hb-cairo.cc. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code on the...

ROS-20250212-11

The Nomad application orchestrator vulnerability is related to improper assignment of privileges in the namespace namespace privileges via unedited workload identification tokens. Exploitation of the vulnerability could allow an attacker acting remotely to access sensitive information...

ROS-20250212-09

A vulnerability in the PHP Smarty templating engine is related to incorrect input validation when processing the attribute "extends-tag" attribute. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary PHP code on the target system. arbitrary PHP code on t...

ROS-20250213-01

A vulnerability in the iavf component of the Linux kernel is related to an incorrect locking in the function iavfinitmodule in drivers/net/ethernet/intel/iavf/iavfmain.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service Vulnerability in...

ROS-20250212-18

A vulnerability in the "Host Monitoring" component of the Zabbix universal monitoring system is related to incorrect code generation control. code generation control. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code by injecting it into the ping...

ROS-20250212-16

A vulnerability in the Golang programming language is related to the fact that an HTTP client sends an Authorization header to a third-party domain after a chain of redirects in an uncontrolled consumption of resources. Authorization to a third-party domain after a chain of redirects with...

ROS-20250212-14

The vulnerability of the mkdtemp function of the Python programming language interpreter is related to the problem of introducing an argument. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...