ROS-20241220-02

A vulnerability in the minimalist console MPEG audio player mpg123 is related to a boundary error inside the libmpg123 when decoding PCM. Exploitation of the vulnerability could allow an attacker acting remotely, to pass specially crafted data to an application, cause corruption in the heap, and...

ROS-20241220-01

A vulnerability in the password verification function of the PHP programming language is related to insufficient calculation of the password hash. password hash. Exploitation of the vulnerability allows an attacker to affect data integrity...

ROS-20241218-01

Vulnerability of the kmallocreserve function in the net/core/skbuff.c module of the network subsystem of the Linux kernel is related to integer overflow. Linux kernel subsystem is related to integer overflow. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20241216-02

Vulnerability of zbxsnmpcachehandleengineid function of Universal Monitoring System proxy server Zabbix is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service Vulnerability in Zabbix...

ROS-20241216-07

A vulnerability in the asynchronous client and server implementation of the SSHv2 protocol on top of Python python-asyncssh is related to a lack of data authentication. Exploitation of the vulnerability could allow an attacker, acting remotely, to control a remote SSH client session by injecting ...

ROS-20241216-05

A vulnerability in the Single sign-on SSO authentication mechanism of the Zabbix universal monitoring system is related to authentication bypass via spoofing. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security restrictions and elevate their...

ROS-20241216-08

A vulnerability in the authstartsession function of the XRDP server is related to session restriction bypass. Exploitation The vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20241216-01

Vulnerability of zbxsnmpcachehandleengineid function of Universal Monitoring System proxy server Zabbix is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service Vulnerability in Zabbix...

ROS-20241216-09

Vulnerability in the Automatic ConfigProvider component of Apache Kafka Message Manager is related to insufficient protection of service data. inadequate protection of proprietary data. Exploitation of the vulnerability could allow an attacker acting remotely, disclose protected information...

ROS-20241216-04

A vulnerability in the Single sign-on SSO authentication mechanism of the Zabbix universal monitoring system is related to authentication bypass via spoofing. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security restrictions and elevate their...

ROS-20241216-03

A vulnerability in the Single sign-on SSO authentication mechanism of the Zabbix universal monitoring system is related to authentication bypass via spoofing. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security restrictions and elevate their...

ROS-20241216-06

A vulnerability in the Single sign-on SSO authentication mechanism of the Zabbix universal monitoring system is related to authentication bypass via spoofing. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security restrictions and elevate their...

ROS-20241216-10

The Jetty servlet container vulnerability is related to the lack of control over internal resource consumption within DoSFilter. Exploitation of the vulnerability could allow an attacker acting remotely to repeatedly send crafted requests multiple times, cause an OutofMemory error, and finally...

ROS-20241212-01

Vulnerability of pcre2jitcompile.c function of PCRE2 regular expression library is related to reading beyond data buffer boundaries. Exploitation of the vulnerability allows an attacker acting remotely to gain access to confidential data and also to access the data. remotely to gain access to...

ROS-20241212-04

Vulnerability of addRelatedObjects function of Zabbix universal monitoring system is related to failure to take measures to protect SQL query structure. to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges by...

ROS-20241212-02

Vulnerability of addRelatedObjects function of Zabbix universal monitoring system is related to failure to take measures to protect SQL query structure. to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges by...

ROS-20241212-24

Vulnerability of addRelatedObjects function of Zabbix universal monitoring system is related to failure to take measures to protect SQL query structure. to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges by...

ROS-20241212-03

A vulnerability in the Moby container platform exists due to an error deleting a NULL pointer in the daemon/images/imagehistory.go. Exploitation of the vulnerability could allow an attacker to cause the application to crash. of the application...

ROS-20241212-22

Vulnerability of addRelatedObjects function of Zabbix universal monitoring system is related to failure to take measures to protect SQL query structure. to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges by...

ROS-20241211-13

Vulnerability of vrrpipsethandler function fglobalparser.c of network traffic balancing system Keepalived is related to integer overflow. Exploitation of the vulnerability could allow an attacker, acting remotely, to impact the confidentiality, integrity, and availability of protected information...

ROS-20241211-06

CREATE POLICY row-protected table security policy vulnerability in the PostgreSQL database management system PostgreSQL is related to a lack of consistency between independent views of shared state. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary...

ROS-20241211-04

CREATE POLICY row-protected table security policy vulnerability in the PostgreSQL database management system PostgreSQL is related to a lack of consistency between independent views of shared state. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary...

ROS-20241211-14

A vulnerability in the shell command of the IPython interactive computing shell command is related to access control errors. access delimitation errors. Exploitation of the vulnerability allows an attacker to gain access to sensitive data, compromise its integrity, and cause a denial of service...

ROS-20241211-11

A vulnerability in the HTTP client library for Python urllib3 is related to the fact that the Prox-Authorization header is not removed during source-to-source redirection when using proxy server support urllib3 with ProxyManager . Exploitation of the vulnerability could allow an attacker acting...

ROS-20241211-07

CREATE POLICY row-protected table security policy vulnerability in the PostgreSQL database management system PostgreSQL is related to a lack of consistency between independent views of shared state. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary...

ROS-20241211-02

CREATE POLICY row-protected table security policy vulnerability in the PostgreSQL database management system PostgreSQL is related to a lack of consistency between independent views of shared state. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary...

ROS-20241211-01

The vulnerability of the OpenSC smart card software toolkit and libraries is related to the fact that, that in pkcs15init buffers are partially filled with data, and initialized portions of the buffer can be accessed by bypassing the restrictions. Exploitation of the vulnerability could allow an...

ROS-20241211-12

A vulnerability in the RADIUS authentication protocol implementation is related to bypassing the authentication procedure through capture-replay of intercepted messages. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access by forging an authentication...

ROS-20241211-09

A vulnerability in the Expressions feature of the Grafana monitoring and surveillance platform is related to improper code generation control. Exploitation of the vulnerability could allow a remote attacker, execute arbitrary code by injecting specially crafted SQL queries A vulnerability in the...

ROS-20241211-08

CREATE POLICY row-protected table security policy vulnerability in the PostgreSQL database management system PostgreSQL is related to a lack of consistency between independent views of shared state. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary...

ROS-20241211-05

CREATE POLICY row-protected table security policy vulnerability of database management system PostgreSQL is related to a lack of consistency between independent views of shared state. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary commands by reusin...

ROS-20241211-10

Vulnerability of GnuTLS transport layer cryptographic library is related to difference of response time when processing RSA ciphertext in ClientKeyExchange message with correct and incorrect addition of PKCS1. PKCS1 padding. Exploitation of the vulnerability may allow a remote intruder to gain...

ROS-20241211-03

CREATE POLICY row-protected table security policy vulnerability in the PostgreSQL database management system PostgreSQL is related to a lack of consistency between independent views of shared state. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary...

ROS-20241210-01

A vulnerability in the freerdpimagecopy function of the FreeRDP RDP client is related to reading beyond memory boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to impact the Confidentiality, integrity and availability of protected information FreeRDP RDP clien...

ROS-20241209-01

A vulnerability in AMD EPYC™ AGESA™ PI packages is related to incorrect input and range validation in the header of an AMD Secure Processor ASP bootloader image. of the AMD Secure Processor ASP bootloader image. Exploitation of the vulnerability could allow an attacker to, use attacker-controlled...

ROS-20241209-05

The vulnerability of Salt's configuration management and remote execution system is related to the fact that the application does not cause a crash when bad column data is detected. Exploitation of the vulnerability could allow an attacker acting remotely to use the default value from state inste...

ROS-20241209-02

A vulnerability in some IntelR TDX modules is related to improper input validation. Exploitation of the vulnerability could allow a privileged attacker to potentially escalate privileges through local access. Vulnerability related to processor instruction sequencing causes unexpected behavior on...

ROS-20241209-04

A vulnerability in the JavaScript library for securely cleaning and protecting DOMPurify HTML code is related to flaws in the validation of input data containing signs of an XSS attack. Exploitation of the vulnerability could Allow a remote attacker to perform a cross-site scripted attack...

ROS-20241209-03

A vulnerability in the ntfs-3g utility of the NTFS-3G driver set of the NTFS-3G implementation of the NTFS file system is related to errors in the use of freed memory in ntfsuppercasembs in libntfs-3g/unistr.c. Exploitation of the vulnerability could allow an attacker to potentially cause a file...

ROS-20241205-01

The vulnerability of the asm-bug component of the Linux operating system kernel is related to incorrect error handling in arch/arm64/include/asm/asm-bug.h. Exploitation of the vulnerability could allow an attacker to cause a denial of denial of service A vulnerability in the sr component of the...

ROS-20241205-02

A vulnerability in the drmfileupdatepid function in the drivers/gpu/drm/drmfile.c module of the kernel video driver of the of the Linux operating system is related to the reuse of previously freed memory due to competitive resource access race condition. competitive access to the resource race...

ROS-20241204-02

Vulnerability in the ca8210 component of the Linux operating system kernel is related to a memory leak in the function ca8210asyncxmitcomplete in drivers/net/ieee802154/ca8210.c. Exploitation of the vulnerability could allow an an attacker to cause a denial of service A vulnerability in the max97...

ROS-20241204-01

A vulnerability in the libstub component of the Linux kernel is related to the use of an uninitialized resource in the uninitialized resource in the efifree function in drivers/firmware/efi/libstub/fdt.c. Exploitation of the of the vulnerability could allow an attacker to cause a denial of servic...

ROS-20241203-02

A vulnerability in the streamformatter moby package is related to running multiple simultaneous write operations. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service The moby package vulnerability is related to running concurrent builds that call...

ROS-20241203-01

The Go programming language vulnerability is related to errors in processing special characters "" in the in the context of CSS. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code A vulnerability in the Parse function of the Golang programming...

ROS-20241203-11

A vulnerability in the ngxhttpv4module module of the NGINX Plus and NGINX OSS web servers is related to reading out-of-bounds memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20241203-12

A vulnerability in the implementation of the HSTS HTTP Strict Transport Security mechanism of the curl command line utility exists due to a bug in the implementation of the HSTS cache. Exploitation of the vulnerability could allow an attacker, acting remotely to conduct a man-in-the-middle attack...

ROS-20241203-10

Vulnerability in the IPAuthenticationProvider component of a centralized service for maintaining configuration information and providing distributed synchronization and group services. configuration, naming, providing distributed synchronization and provisioning of group services Apache ZooKeeper...

ROS-20241203-09

A vulnerability in the gsocks4aproxy.c component of the Glib library is associated with an overshoot by one error. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20241203-04

A vulnerability in the Kubernetes virtual machine cluster management software tool is related to incorrectly restriction of the path name to a restricted directory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code outside of the container...