7181 matches found
ROS-20241203-03
The HTTP request interpretation vulnerability in HAProxy is related to the ability to access a path that is restricted by an ACL access control list installed on the product. Exploitation of the vulnerability could Allow an attacker acting remotely to obtain sensitive information...
ROS-20241203-15
Go programming language vulnerability is related to errors in handling whitespace characters in context JavaScript. Exploitation of the vulnerability could allow a remote attacker to affect the confidentiality, integrity, and availability of protected information. affect the confidentiality,...
ROS-20241203-08
Vulnerability in Nextcloud cloud storage creation and utilization software Server is related to the ability to download larger-than-expected websites to find Open-Graph data. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information A...
ROS-20241203-32
A vulnerability in the implementation of the HSTS HTTP Strict Transport Security mechanism of the curl command line utility exists due to a bug in the implementation of the HSTS cache. Exploitation of the vulnerability could allow an attacker, acting remotely to conduct a man-in-the-middle attack...
ROS-20241203-16
A vulnerability in the ash.c file of the BusyBox set of UNIX command-line utilities is related to writing outside the buffer boundary in memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute an arbitrary code using specially crafted data. arbitrary code usin...
ROS-20241203-22
The vulnerability in the Puppet Agent launcher app is due to the fact that the app silently ignores the settings of the Augeas before the first synchronization of the plugin. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A vulnerability in...
ROS-20241203-21
The vulnerability of drawio diagramming software is related to improper neutralization of the of special elements used in the OS command. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary commands...
ROS-20241203-20
Apache Ivy package manager vulnerability is related to incorrect path name restriction to a directory with a restricted directory. Exploitation of the vulnerability could allow an attacker acting remotely, gain unauthorized access to the file system Apache Ivy package manager vulnerability is...
ROS-20241203-23
The vulnerability in the Puppet Agent launcher app is due to the fact that the app silently ignores the settings of the Augeas before the first synchronization of the plugin. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A vulnerability in...
ROS-20241203-19
Apache HTTP Server web server kernel vulnerability is related to the inclusion of functions from an invalid controlled area. Exploitation of the vulnerability could allow a remote attacker, execute arbitrary code by running local handlers through internal redirection A vulnerability in the...
ROS-20240203-05
Apache Tomcat application server vulnerability is related to an unchecked error condition. Exploitation The vulnerability could allow an attacker acting remotely to bypass the authentication process and cause a denial of service Apache Tomcat application server vulnerability is related to...
ROS-20241203-13
Vulnerability of OpenDMARC e-mail authentication and analysis software is related to null pointer dereferencing in OpenDMARC/libopendmarc/opendmarcpolicy.c. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20241203-07
Nextcloud mail client vulnerability is related to incorrect automatic configuration. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality Nextcloud mail client vulnerability is related to insufficient access control. Exploitation of the...
ROS-20241203-06
Vulnerability of coretable/dynamic module of Moodle virtual learning environment is related to access control flaws in access control. Exploitation of the vulnerability could allow an attacker acting remotely, gain unauthorized access to protected information...
ROS-20241203-18
An open source RDP server vulnerability is related to ineffective operation of the configuration parameter, that limits the maximum number of login attempts. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
ROS-20241203-17
WSGI server gevent.pywsgi vulnerability in the Python Gevent library is related to insufficient validation of the of executed requests. Exploitation of the vulnerability could allow an attacker acting remotely to affect the integrity, availability, and confidentiality of protected information...
ROS-20241203-14
Squid proxy server vulnerability is related to errors in input data processing. Exploitation of the vulnerability could allow a remote attacker to cause a denial of service by sending specially crafted ESI packets. specially crafted ESI packets...
ROS-20241202-02
Vulnerability of drivers/virt/acrn components of the Linux operating system kernel is related to errors of post-release usage errors in the acrnvmmemsegunmap and acrnvmvmrammap functions in the drivers/virt/acrn/mm.c. Exploitation of the vulnerability could allow an attacker to escalate privilege...
ROS-20241202-01
A vulnerability in the hns3 component of the Linux kernel is related to memory leaks in the function hns3pmuirqregister in drivers/perf/hisilicon/hns3pmu.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the openrisc component of the Linu...
ROS-20241129-02
A vulnerability in the openvswitch component of the Linux operating system kernel is related to incorrect input validation in the parseicmpv6 function in net/openvswitch/flow.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the cppccpufr...
ROS-20241129-01
A vulnerability in the ks8851 component of the Linux operating system kernel is related to improper locking in the ks8851dbgdumpkkt, ks8851rxpkts, and ks8851irq functions in the drivers/net/ethernet/micrel/ks8851common.c. Exploitation of the vulnerability could allow an attacker to cause a denial...
ROS-20241127-01
A vulnerability in the bna component of the Linux operating system kernel is related to out-of-bounds read errors in the bnaddebugfswriteregrd and bnaddebugfswriteregwr functions in the drivers/net/ethernet/brocade/bna/bnaddebugfs.c. Exploitation of the vulnerability could allow an attacker to...
ROS-20241127-03
A vulnerability in the net/smc components of the Linux operating system kernel is related to information disclosure in the function smcibfindroute in net/smc/smcib.c. Exploitation of the vulnerability could allow an attacker to gain access to confidential information A vulnerability in the e1000e...
ROS-20241127-02
A vulnerability in the virtio component of the Linux kernel is related to memory corruption in the functions virtioi2cpreparereqs, virtioi2ccompletereqs and virtioi2cxfer functions in drivers/i2c/busses/i2c-virtio.c. Exploitation of the vulnerability could allow an attacker to gain access to...
ROS-20241126-01
Vulnerability of hcilebigsyncestablishedevt function in net/bluetooth/hcievent.c module of Bluetooth protocol implementation in Linux kernel is related to dereferencing of null pointer. of the Linux kernel Bluetooth protocol is related to null pointer dereferencing. Exploitation of the...
ROS-20241126-02
A vulnerability in the drm/amd/amdkfd component of the Linux operating system kernel is related to incorrect initialization in the stopcpsch function in drivers/gpu/drm/amd/amdkfd/kfddevicequeuemanager.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service A...
ROS-20241125-02
A vulnerability in the hns3 component of the Linux operating system kernel is related to out-of-bounds read errors in the hns3getcoalinfo function in drivers/net/ethernet/hisilicon/hns3/hns3debugfs.c. Exploitation of the of the vulnerability could allow an attacker to cause a denial of service A...
ROS-20241125-01
A vulnerability in the f2fs component of the Linux operating system kernel is related to a memory corruption in the function f2fsinitpagearraycache in f2fs/compress.c. Exploitation of the vulnerability could allow an attacker to gain access to confidential information A vulnerability in the sim...
ROS-20231121-04
Vulnerability in Nextcloud cloud storage creation and utilization software is related to improper access controls. Exploitation of the vulnerability could allow an intruder, acting remotely, to gain access to sensitive information Nextcloud cloud storage creation and utilization software...
ROS-20241121-02
A vulnerability in the Access Rule Handler component of the Openstack cloud services platform involves manipulation of the of input data. Exploitation of the vulnerability could allow an attacker acting remotely to affect the integrity of the system. affect the integrity of the system...
ROS-20241121-04
Vulnerability of authorization plugins AuthZ of the software for automating deployment and management of applications in containerized environments Docker Engine is related to flaws in the AuthZ plugin. application management in containerization-enabled environments Docker Engine is related to...
ROS-20241121-01
Vulnerability in Moodle virtual learning environment related to excessive data output by application in Messaging error message. Messaging error message. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to confidential information. remotely, to...
ROS-20241121-05
The vulnerability in the Moodle virtual learning environment is related to issues with controlling the visibility of user information in gradebook reports. of user information in gradebook reports. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to...
ROS-20241121-06
A vulnerability in the Consul service configuration tool is related to the use of URL paths in L7 traffic. Exploitation of the vulnerability could allow an attacker acting remotely to bypass access rules based on HTTP request paths. HTTP request paths The vulnerability in the Consul service...
ROS-20241120-01
Vulnerability of drm/amd/display components of Linux kernel is related to dereferencing of the NULL pointer in the amdgpudminit function in drivers/gpu/drm/amd/display/amdgpudm/amdgpudm.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in th...
ROS-20241120-02
A vulnerability in the locking/wwmutex/test components of the Linux operating system kernel is related to improper locking in the functions listforeachentrysafe, stressonework, and stress in the kernel/locking/test/test-wwmutex.c. Exploitation of the vulnerability could allow an attacker to cause...
ROS-20241119-01
A vulnerability in the ath11k component of the SUNRPC kernel of the Linux system is related to use-after-use errors release in the rpcclntremovepipedir and rpcsetuppipedir functions in net/sunrpc/clnt.c. Exploitation of the vulnerability could allow an attacker to escalate privileges on the syste...
ROS-20241119-02
Vulnerability of cxl/region components of Linux kernel is related to the use of uninitialized resource in the cxlregionattach function in drivers/cxl/core/region.c. Exploitation of the the vulnerability could allow an attacker to cause a denial of service A vulnerability in the tls component of t...
ROS-20241118-02
A vulnerability in the bcmasp component of the Linux kernel is related to a memory leak in the functions umacinit, bcmasptxpoll, bcmaspinittx and bcmaspnetifdeinit functions in drivers/net/ethernet/broadcom/asp2/bcmaspintf.c. Exploitation of the vulnerability could allow an attacker to cause a...
ROS-20241118-01
Vulnerability in the ena component of the Linux kernel is related to resource management errors in the enaunmaptxbuff and enafreetxbufs functions in drivers/net/ethernet/amazon/ena/ena/enanetdev.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service A...
ROS-20241115-02
A vulnerability in the octeontx2-pf component of the Linux kernel is related to a memory leak in the function otx2qosreadtxschqcfgtl in drivers/net/ethernet/marvell/octeontx2/nic/qos.c. Exploitation of the of the vulnerability could allow an attacker to cause a denial of service A vulnerability i...
ROS-20241115-01
A vulnerability in the pinctrl component of the Linux kernel is related to the dereferencing of a NULL pointer in the pcssetmux function in drivers/pinctrl/pinctrl-single.c.. pcssetmux function in drivers/pinctrl/pinctrl-single.c. Exploitation of the vulnerability could allow an attacker to cause...
ROS-20241114-02
The vulnerability of the micrel component of the Linux operating system kernel is related to the NULL pointer dereferencing in lan8814txtstamp, lan8814getsigrx, lan8814matchrxts, lan8814ptpciadjfine functions, lan8814getsigtx, lan8814dequeuetxskb, and lan8814matchskb in drivers/net/phy/micrel.c...
ROS-20241114-01
Vulnerability of net/rds components of Linux operating system kernel is related to dereferencing of NULL pointer in the rdsrdmamap function in net/rds/rdma.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the nftables component of the...
ROS-20241112-02
A vulnerability in the ansible-core component of the Red Hat Ansible configuration management system is related to incorrect processing of output data for logs. Exploitation of the vulnerability could allow an attacker to disclose protected information Vulnerability in Red Hat Ansible configurati...
ROS-20241112-05
A vulnerability in the XkbSetCompatMap function of the X Window System X.Org Server implementation is related to a buffer overflow in dynamic memory. buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker to escalate privileges...
ROS-20241112-12
A vulnerability in the drm/vmwgfx components of the Linux operating system kernel is related to memory corruption in the vmwducursormobsize and vmwducursorplanecleanupfb functions in the drivers/gpu/drm/vmwgfx/vmwgfxkms.c. Exploitation of the vulnerability could allow an attacker to elevate the...
ROS-20241112-07
Eclipse Mosquitto message broker vulnerability is related to a heap buffer overflow when executing a onsubscribe callback. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information The Eclipse Mosquitto message broker vulnerability is relate...
ROS-20241112-04
Vulnerability of http requests of CurlAsyncHTTPClient component of Tornado asynchronous network library is related to improper neutralization of CRLF sequences. Exploitation of the vulnerability could allow an attacker acting remotely to inject arbitrary headers into a request or cause an...
ROS-20241112-08
A vulnerability in the Raft Consensus Algorithm of the Raft data distribution algorithm of the Integrated storage Raft storage of HashiCorp Vault and Vault Enterprise platforms for archiving corporate information is associated with unlimited resource consumption as a result of nodes incorrectly...