8181 matches found
ROS-20251022-02
Jenkins Automation Server vulnerability is related to a log message injection issue. Exploitation The vulnerability could allow an attacker acting remotely to compromise the target system A vulnerability in the Jenkins Automation Server is related to a vulnerable plugin not checking permissions f...
ROS-20251022-03
ProFTPD FTP server vulnerability is related to a null pointer dereferencing error in the function tlsverifycrl in ProFTPD when processing data returned by OpenSSL function skX509REVOKEDvalue when detecting an empty certificate revocation list set by the system administrator. Exploitation of the...
ROS-20251021-01
The vulnerability of the parisc component of the Linux kernel is related to incorrect error handling in the fixupexception function in arch/parisc/mm/fault.c, as well as in emulateldh, emulateldw, emulateldd, emulatesth, emulatestw, and emulatestd in arch/parisc/kernel/unaligned.c. Exploitation o...
ROS-20251021-02
A vulnerability in the btrfs component of the Linux operating system kernel is related to an incorrect lock in the function clearextentuptodate in fs/btrfs/inode.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the KVM component of the...
ROS-20251020-02
Jupyter Core vulnerability in Jupyter Notebook interactive development and code execution environment is related to privilege management errors. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information, download and execute code. remotely, disclo...
ROS-20251020-04
Jupyter Core vulnerability in Jupyter Notebook interactive development and code execution environment is related to privilege management errors. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information, download and execute code. remotely, disclo...
ROS-20251020-10
A vulnerability in the ksmbd component of the Linux operating system kernel is related to reading outside the allowed boundaries of the of the data buffer. Exploitation of the vulnerability could allow an attacker to cause a denial of service Vulnerability of smb2getdataarealen function in module...
ROS-20251020-09
Vulnerability of the tcptwskpurge function in the net/ipv4/tcpminisocks.c module of the IPv4 protocol implementation of the kernel of the of the Linux operating system is related to the reuse of previously freed memory. Exploitation exploitation of the vulnerability could allow an attacker to...
ROS-20251020-08
A vulnerability in the JavaScript JSS web application styling tool is related to a memory leak in a non-standard configuration. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20251020-03
Jupyter Core vulnerability in Jupyter Notebook interactive development and code execution environment is related to privilege management errors. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information, download and execute code. remotely, disclo...
ROS-20251020-06
MongoDB database management system upsert operation vulnerability is related to operations on a resource after its expiration date. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service...
ROS-20251020-07
The vulnerability of the DNS server responsible for resolving coredns names is related to an error in the TTL function in the plugin/etcd/etcd.go, which converts the 64-bit etcd lease identifier into uint32 type and uses it as TTL. it as TTL, which causes the cache to be fixed for very long perio...
ROS-20251020-05
Vulnerability in the audit subroutine of the enterprise information archiving platforms Vault Enterprise and Vault Community Edition is related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service by sending...
ROS-20251020-01
Vulnerability in open source external resource management software Terraform is associated with an incorrect restriction on the path name of a restricted directory. Exploitation of the vulnerability could allow an attacker to download arbitrary files...
ROS-20251017-02
A vulnerability in the LoongArch component of the Linux operating system kernel is related to incorrect locking in the arch/loongarch/include/asm/io.h file. Exploitation of the vulnerability could allow an attacker to cause a denial of service denial of service Vulnerability of...
ROS-20251017-01
Vulnerability of mienumattr function of fs/ntfs3 component of Linux kernel is related to buffer copying without input data verification. Exploitation of the vulnerability allows an intruder to gain access to confidential data, violate its integrity, and cause a denial of service. Vulnerability of...
ROS-20251016-04
Vulnerability of X509VERIFYPARAMadd0policy function of OpenSSL library is related to errors in the procedure of of certificate authentication. Exploitation of the vulnerability could allow an attacker acting remotely to perform a "man-in-the-middle" type of attack. remotely to perform a...
ROS-20251016-01
Vulnerability of the library for working with DICOM format DCMTK is related to manipulation of function dcmimage/include/dcmtk/dcmimage/diybrpxt.h component dcm2img. Exploitation of the vulnerability allows an attacker to cause a denial of service...
ROS-20251016-03
A vulnerability in the FirmwarePerformancePei.c component of the UEFI EDK2 open source development environment is related to the lack of division by zero check. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
ROS-20251016-02
Vulnerability of the library for working with DICOM format DCMTK is related to manipulation of function dcmimage/include/dcmtk/dcmimage/diybrpxt.h component dcm2img. Exploitation of the vulnerability allows an attacker to cause a denial of service...
ROS-20251014-03
Golang programming language vulnerability is related to improper input validation. Exploitation exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
ROS-20251014-02
A vulnerability in the pamsmauthenticate function of the Yubico pam-u2f PAM module is related to the return of an invalid status code state. Exploitation of the vulnerability could allow an attacker to escalate privileges...
ROS-20251014-01
The vulnerability of the Rack module interface of the Ruby programming language interpreter is related to the fact that application does not properly control consumption of internal resources in the function "Rack::QueryParser" function. Exploitation of the vulnerability could allow an attacker...
ROS-20251014-08
A vulnerability in the Podman OCI container management and launching software tool is related to an insecure link following a problem in the Podman Kube Play command. Exploitation of the vulnerability could allow An attacker to cause a denial of service...
ROS-20251014-09
A vulnerability in the SVG component of Mozilla Firefox, Firefox ESR and Thunderbird email client is related to an integer overflow. with integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code. remotely to execute arbitrary code...
ROS-20251014-10
The vulnerability in the Jenkins Automation Server is due to a vulnerable plugin not performing validation of of permissions in the sidebar. Exploitation of the vulnerability could allow an attacker acting remotely, gain unauthorized access to features that would otherwise be restricted...
ROS-20251014-06
A vulnerability in the jq JSON processor is related to manipulation of the runjqtests function of the jqtest.c component file JSON Parser Exploitation of the vulnerability could allow an attacker to cause a denial of service...
ROS-20251014-07
Vulnerability in Perl JSON::XS data structure transformation module is related to integer overflow when parsing JSON data. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code on the target system...
ROS-20251014-05
A vulnerability in the interface of the Grafana monitoring and surveillance platform is related to the failure to take measures to protect the web page structure when processing the /swagger endpoint. web page structure when processing the /swagger endpoint. Exploitation of the vulnerability coul...
ROS-20251014-04
A vulnerability in the libvips horizontal topology image processing library is related to the creation of a three-channel HEIF image without an alpha channel and then writing its data into 4 channels. 3-channel HEIF image without alpha channel and then writing its data to 4 channels. Exploitation...
ROS-20251014-11
Go programming language vulnerability is related to improper input validation. Exploitation The vulnerability could allow a remote attacker to bypass existing security restrictions. security...
ROS-20251013-02
Vulnerability of the fpsimdreleasetask function in the arch/arm64/kernel/fpsimd.c module of the Linux kernel is related to a memory leak. Linux kernel is related to a memory leak. Exploitation of the vulnerability could allow an attacker to affect confidentiality, integrity and availability of...
ROS-20251013-01
A vulnerability in the LoongArch component of the Linux operating system kernel is related to the inability to process a kernel swap request. kernel swap requests. Exploitation of the vulnerability could allow an attacker to cause a denial of service Vulnerability in the sii902xinit function in t...
ROS-20251008-09
The Open Asset Import Library Assimp 3D model import library vulnerability is related to the manipulation of the mWidth/mHeight the mWidth/mHeight argument. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service The Open Asset Import Library Assimp 3D...
ROS-20251008-07
Vulnerabilities The Go programming language vulnerability is related to synchronization errors when using a of a shared resource. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service...
ROS-20251008-08
The vulnerability of the libexpat XML file parsing library is related to the fact that the application does not control the internal resource consumption properly. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
ROS-20251008-10
A vulnerability in the fdindex function of the Udisks storage device query and management program is related to a reading beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to escalate their privileges and cause a denial of service...
ROS-20251008-02
Thunderbird email client vulnerability is related to insufficient protection of service data. Exploitation exploitation of the vulnerability could allow an attacker acting remotely to download arbitrary files...
ROS-20251008-01
The Thunderbird email client vulnerability, Thunderbird ESR is related to insufficient authentication of the data. Exploitation of the vulnerability could allow an attacker acting remotely to affect the data integrity Vulnerability of Address Book URI fields of Thunderbird, Thunderbird ESR mail...
ROS-20251008-03
A vulnerability in the Loader component of Google Chrome browsers is related to bypassing the authentication procedure by using an alternate path or channel. Exploitation of the vulnerability could allow an attacker acting remotely to bypass security restrictions...
ROS-20251008-05
A vulnerability in the Kubernetes virtual machine cluster management software tool is related to insufficient validation of user input. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20251008-06
The Eclipse Jetty servlet container vulnerability is related to the fact that the application does not properly control internal resource consumption when processing HTTP/2 requests. consumption of internal resources when processing HTTP/2 requests. Exploitation of the vulnerability could allow a...
ROS-20251008-04
The dumpisomsaps function file applications/mp4box/filedump.c, line 1743 does not check the pointers to NULL before accessing track structure fields, which allows an attacker to generate an MP4 file with a corrupted track there is no mandatory Sample Description Box - stsd. MP4 file with corrupte...
ROS-20251007-02
Vulnerability of the software tool for MediaWiki hypertext environment implementation is related to insufficient filtering of system messages. filtering of system messages. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary JavaScript code. remotely to...
ROS-20251007-01
A vulnerability in the command-line utility for extracting text content from Microsoft Word files catdoc is related to an integer overflow in the OLE Document DIFAT parser function. Exploitation vulnerability could allow an attacker to execute arbitrary code on the target system Vulnerability in ...
ROS-20251007-04
A vulnerability in GLPI's computer hardware request, incident, and inventory system is related to a key-based authorization bypass. key authorization. Exploitation of the vulnerability could allow a remote intruder, compromise the system Vulnerability in the GLPI computer equipment request,...
ROS-20251007-03
The vulnerability of the high-performance open source DNS server PowerDNS Recursor is related to a a bug in the ECS implementation. Exploitation of the vulnerability could allow an attacker acting remotely, perform cache poisoning attacks...
ROS-20251007-05
A vulnerability in the vim text editor is related to manipulation of the main function of the src/xxd/xxd.c file component xxd. Exploitation of the vulnerability could allow an attacker to cause a denial of service The vim text editor vulnerability is related to manipulation of the...
ROS-20251006-10
A vulnerability in the permissions model of the Node.js software platform is related to flaws in the processing of HTTP requests. Exploitation of the vulnerability could allow a remote attacker to bypass existing security restrictions and send unauthorized requests. existing security restrictions...
ROS-20251006-09
A vulnerability in the permissions model of the Node.js software platform is related to flaws in the processing of HTTP requests. Exploitation of the vulnerability could allow a remote attacker to bypass existing security restrictions and send unauthorized requests. existing security restrictions...