ROS-20250203-14

A vulnerability in the Action Dispatch component of the Ruby on Rails software platform is related to insufficient validation of user input in Action Dispatch. insufficient validation of user input data in Action Dispatch. Exploitation of the vulnerability could allow an attacker acting remotely ...

ROS-20250203-05

Vulnerability of vim text editor is related to buffer overflow in the heap, when switching to other buffers using the :all command. Exploitation of the vulnerability could allow an attacker to execute arbitrary code The vim text editor vulnerability is related to bounds errors when processing...

ROS-20250203-04

A vulnerability in the rsyncd daemon of the Rsync file transfer and synchronization utility is related to an operation exceeding the buffer boundaries in memory as a result of incorrect comparison of file checksums. Exploitation exploitation of the vulnerability could allow a remote intruder to...

ROS-20250203-02

Vulnerability in DecodeConfig component of Golang programming language is related to uncontrolled consumption of resources. resources. Exploitation of the vulnerability could allow an attacker acting remotelyThe Etcd configuration parameter storage vulnerability of Etcd configuration parameters i...

ROS-20250203-03

A vulnerability in the Microsoft .NET software platform is related to incorrect processing of the search path to DLLs. DLLs. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...

ROS-20250203-01

A vulnerability in the QSvgFont Qt SVG feature of the Qt cross-platform software development framework is related to catalog traversal. Qt software is related to the ability to bypass a catalog. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20250203-06

A vulnerability in the LibreOffice office suite is related to insufficient protection of proprietary data. Exploitation of the vulnerability could allow an attacker to disclose confidential information LibreOffice office suite vulnerability is related to incorrect path name restriction to a...

ROS-20250131-01

A vulnerability in the f2fs component of the Linux operating system kernel is related to improper error handling in the f2fsmarkinodedirtysync function in f2fs/inode.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the scsi component of...

ROS-20250130-03

Vulnerability of ma35d1serialprobe function in drivers/tty/serial/ma35d1serial.c module of Nuvoton driver MA35D1 of the Linux operating system kernel is related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in...

ROS-20250130-02

Vulnerability of the nftverdictinit function in the net/netfilter/nftablesapi.c module of the operating system kernel Linux is related to the reuse of previously freed memory. Exploitation of the vulnerability could allow an attacker to affect the confidentiality, integrity, and availability of...

ROS-20250130-01

Linux operating system kernel vulnerability is linked to security configuration errors. Exploitation exploitation of the vulnerability could allow an attacker to bypass the secure boot mechanism and escalate privileges...

ROS-20250128-11

A vulnerability in the Podman OCI container management and launching software tool is associated with a breakout of a container using --jobs=2 and a race condition when building a malicious Containerfile. Exploitation of the vulnerability could allow a remote attacker to disrupt the availability ...

ROS-20250128-03

A vulnerability in the Go programming language is related to the fact that the application does not properly control the consumption of internal resources in several Parse functions. Exploitation of the vulnerability could allow An attacker acting remotely to cause a denial of service...

ROS-20250128-02

Hypervisor vlapicerror function vulnerability is related to access delimitation errors. Exploitation The vulnerability could allow an attacker acting remotely to cause a denial of service A vulnerability in the Xen hypervisor is related to improper locking in the default VGA implementation...

ROS-20250128-05

Vulnerability of the library for processing XML and HTML Lxml markup is related to pointer dereferencing errors NULL in the iterwalk function. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service...

ROS-20250128-09

A vulnerability in the Container Storage Interface CSI component of the Nomad application orchestrator is related to an improper authorization. Exploitation of the vulnerability could allow an attacker acting remotely, Affect the integrity of protected information...

ROS-20250128-06

A vulnerability in the convertfromstr function of the numpy.core component of the NumPy for Python module is related to an incorrect string comparison. Exploitation of the vulnerability could allow an attacker acting remotely to initiate a copy. remotely to initiate data copying using specially...

ROS-20250128-04

Vulnerability of Microsoft .NET software platform and Microsoft software development tool Microsoft Visual Studio is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code Vulnerability in Microsoft .NET...

ROS-20250128-08

Vulnerability in the common.c component of the sysstat utility for measuring and analyzing system performance is related to an integer overflow in the checkoverflow function in common.c. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...

ROS-20250128-10

A vulnerability in the Podman OCI container management and launching software tool is associated with a breakout of a container using --jobs=2 and a race condition when building a malicious Containerfile. Exploitation of the vulnerability could allow a remote attacker to disrupt the availability ...

ROS-20250128-01

A firmware vulnerability in Intel Core Ultra processors is related to improper isolation of shared resources between trusted and untrusted agents. shared resources between trusted and untrusted agents. Exploitation of the vulnerability could allow an attacker to escalate privileges...

ROS-20250128-07

A vulnerability in the HID Profile Human Interface Device interface of the Bluetooth protocol stack for the Linux BlueZ operating system is related to an access control flaw. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary commands...

ROS-20250127-03

A vulnerability in the drm/lima components of the Linux operating system kernel is related to incorrect calculation in the virtualncidevwrite function in drivers/nfc/virtualncidev.c. Exploitation of the vulnerability could allow an an attacker to cause a denial of service A vulnerability in an x8...

ROS-20250127-02

A vulnerability in the Phone Book Access component of the Bluetooth protocol stack for Linux BlueZ is related to a buffer overflow. buffer overflow. Exploitation of the vulnerability allows an attacker acting remotely to execute arbitrary code Vulnerability in the Bluetooth technology stack for...

ROS-20250127-01

Vulnerability of striptags function of django.utils.html module of Django web application software platform is related to unrestricted resource allocation as a result of incorrect HTML character escaping. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial ...

ROS-20250123-01

Vulnerability of RDMA/restrack components of Linux operating system kernel is related to incorrect verification of the input data in the rdmarestrackinit and type2str functions in drivers/infiniband/core/restrack.c. Exploitation of the vulnerability could allow an attacker to cause a denial of...

ROS-20250122-01

A vulnerability in the SUNRPC component of the Linux operating system kernel is related to an incorrect lock in the xsgetsrcport function in net/sunrpc/xprtsock.c, in rpcsysfsxprtsrcaddrshow function in net/sunrpc/sysfs.c. Exploitation of the vulnerability could allow an attacker to cause a denia...

ROS-20250122-02

A vulnerability in the USB component of the Linux kernel is related to incorrect input validation in the usbparseendpoint function in drivers/usb/core/config.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the cachefiles component of th...

ROS-20250121-12

A vulnerability in the qtdemuxparsesvq3stsddata function of the Gstreamer multimedia framework is related to an integer overflow in the MP4/MOV demultiplexer. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code Vulnerability in the...

ROS-20250121-07

Vulnerability of ECMP dissector of computer network traffic analyzer Wireshark is related to insufficient inadequate validation of user input. Exploitation of the vulnerability could allow an attacker to cause a denial of service Vulnerability in FiveCo RAP dissector of Wireshark computer network...

ROS-20250121-04

A vulnerability in the RIB Revalidation component of a software tool that implements network routing on Unix-like FRRouting systems is related to the launch of RIB reanalysis for FRR routers. Unix-like FRRouting systems is related to triggering RIB reanalysis for FRR routers, using RTR, causing...

ROS-20250121-09

Vulnerability of the compiler of the html-template tool jinja is related to the failure to neutralize the special controls when processing f-lines. Exploitation of the vulnerability could allow an attacker to bypass the sandbox protection mechanism, execute arbitrary code, or cause a denial of...

ROS-20250121-01

A vulnerability in the sqlparse.parse function of the SQL parser module for Python Sqlparse is related to uncontrolled recursion when processing a highly nested list. recursion when processing a highly nested list. Exploiting the vulnerability allows an attacker, acting remotely, to cause a denia...

ROS-20250121-08

Vulnerability of Asterisk management systems is related to improper access restrictions for users with the the "write=originate" role. Exploitation of the vulnerability could allow an attacker acting remotely, escalate privileges on the system...

ROS-20250121-03

Vulnerability The contentsecuritypolicy function of the Ruby interpreter's Action Pack extension is related to a vulnerability in the dynamically set Content-Security-Policy CSP headers. Content-Security-Policy CSP dynamically set headers vulnerability. Exploitation The vulnerability could allow ...

ROS-20250121-02

A vulnerability in the koji RPM-based build system is related to insufficient cleansing of data provided by the by the user. Exploitation of the vulnerability could allow a remote attacker to perform cross-site scripting XSS attacks. Cross-site scripting XSS attacks...

ROS-20250121-10

Vulnerability of GLPI system of requests, incidents and inventory of computer equipment is related to Failure to take measures to protect the SQL query structure. Exploitation of the vulnerability could allow an intruder, acting remotely, to disclose protected information...

ROS-20250121-06

A vulnerability in the Tornado asynchronous network library is related to the fact that the application does not control internal resource consumption properly when analyzing HTTP-cookies. internal resource consumption properly when analyzing HTTP-cookies. Exploitation of the vulnerability could...

ROS-20250418-01

A vulnerability in the gui/util/qktxhandler.cpp component of the KTX image processing module of the cross-platform Qt software development framework is related to a buffer overrun. Qt software development framework is related to an operation exceeding buffer boundaries in memory. memory...

ROS-20250121-05

A vulnerability in the modsql component of the ProFTPD FTP server is related to privilege management errors. Exploitation of the vulnerability could allow an attacker acting remotely to elevate his privileges to the root user...

ROS-20250121-11

A vulnerability in the QTextLayout component of the cross-platform software development framework Qt is related to buffer copying without input validation. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service using a specially crafted file SVG A...

ROS-20250120-02

Vulnerability of Mozilla Firefox, Firefox ESR and Thunderbird email client browsers of operating systems Windows is related to leaked video frames from different sources. Exploitation of the vulnerability could allow a remote attacker to gain access to potentially sensitive information...

ROS-20250120-04

A vulnerability in the fs/ntfs3 components of the Linux operating system kernel is related to read errors outside the bounds in the checkrstbl function in fs/ntfs3/fslog.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the jfs component ...

ROS-20250120-01

Vulnerability of Mozilla Firefox, Firefox ESR and Thunderbird email client browsers of operating systems Windows is related to leaked video frames from different sources. Exploitation of the vulnerability could allow a remote attacker to gain access to potentially sensitive information...

ROS-20250120-03

A vulnerability in the misc component of the Linux operating system kernel is related to usage errors after the release in the fastrpcdmabufalloc function in drivers/misc/fastrpc.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the fs/pr...

ROS-20250117-07

A vulnerability in the dmaengine component of the Linux operating system kernel is related to the transfer of private resources. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the powerpc/fixmap component of the Linux kernel is related to...

ROS-20250117-03

Vulnerability in modproxy module of Apache HTTP Server is related to incorrect writing of null pointer. pointer. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service using a specially crafted request Apache HTTP Server WebSocket protocol...

ROS-20250117-05

A vulnerability in the URL Handler component of the Tornado asynchronous networking library is related to URL redirection to an untrusted site. Exploitation of the vulnerability could allow an attacker acting remotely redirect a user to an arbitrary website and conduct a phishing attack...

ROS-20250117-04

Visual Studio Code source code editor vulnerability is related to failure to take measures to neutralize the special elements used in the operating system command. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20250117-06

A vulnerability in the drm/lima components of the Linux operating system kernel is related to the race condition in the function limaschedtimedoutjob in drivers/gpu/drm/lima/lima/limasched.c. Exploitation of the vulnerability could allow an attacker to escalate privileges on the system A...