8181 matches found
ROS-20250826-03
Vulnerability of WEBrick library of Ruby programming language interpreter is related to incorrect checking of HTTP requests in the readheader method. HTTP requests in the readheader method. Exploitation of the vulnerability could allow an attacker, acting remotely, to perform HTTP request spoofin...
ROS-20250826-01
The Cyrus IMAP mail server vulnerability is related to an operation exceeding the memory buffer boundaries. Exploitation of the vulnerability could allow a remote attacker to cause a denial of service by sending multiple literals in a single command Cyrus IMAP mail server vulnerability is related...
ROS-20250826-04
Vulnerability of Wireshark computer network traffic analyzer related to insufficient validation of user data in the column utility module of the Dissection engine. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service Vulnerability in the CBOR...
ROS-20250826-06
Vulnerability of SetQuantumFormat function of ImageMagick console graphic editor is related to incorrect calculation of buffer size when processing received packets. calculation of buffer size when processing received packets. Exploitation of the vulnerability may allow an attacker to cause a...
ROS-20250825-02
A vulnerability in the Nokogiri program library of the Ruby interpreter is related to improper handling of an an unexpected data type. Exploitation of the vulnerability could allow an attacker, acting remotely, disclose protected information or cause a denial of service A vulnerability in the...
ROS-20250825-07
A vulnerability in the PHP adodb class library involves improper escaping of a query parameter. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary SQL statements. SQL statements,...
ROS-20250825-05
A vulnerability in the Ruby Sinatra web application development framework is related to a flaw in limiting the name of the of the directory path. Exploitation of the vulnerability allows an attacker acting remotely to gain access to sensitive data...
ROS-20250825-04
A vulnerability in ASGI Starlette toolkit for creating asynchronous Python web services is related to blocking the main thread for transferring a file to disk. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20250825-03
The OpenSSH cryptographic security tool server vulnerability is related to a server modification to support the authentication option. Exploitation of the vulnerability could allow an attacker acting remotely execute a MITM attack...
ROS-20250825-08
A vulnerability in the Iperf3 network bandwidth measurement tool is related to an achievable assertion in the iperfauth.c. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service A vulnerability in the Iperf3 network bandwidth measurement...
ROS-20250825-06
A vulnerability in the Aggregate Term Handler component of the SQLite database management system is related to errors in the numeric truncation errors. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality, integrity, and availability of the SQLit...
ROS-20250825-01
Vulnerability of Srio archiving utility is related to errors in TAR file header verification. Exploitation of the vulnerability could allow an attacker to escalate his privileges...
ROS-20250822-07
Vulnerability of parse.ParseUnverified function of golang-jwt web token library of Go programming language is related to uncontrolled resource consumption. Go programming language is related to uncontrolled resource consumption. Exploitation of the vulnerability allows an attacker acting remotely...
ROS-20250822-01
A vulnerability in the Kea open source DHCP server is related to the use of an unreliable search path. Exploitation of the vulnerability could allow an attacker to escalate privileges on the system...
ROS-20250822-02
A vulnerability in the dom4j open source Java library for XML, XPath and XSLT is related to the improper cleansing of elements and attribute names in XML documents. Exploitation of the vulnerability could Allow an attacker acting remotely to launch an XXE attack on the target system...
ROS-20250822-06
Vulnerability in Moodle virtual learning environment related to user session hijacking via the sesskey. Exploitation of the vulnerability could allow an attacker acting remotely to obtain sensitive data...
ROS-20250822-18
A vulnerability in the 2D component of the Oracle Java SE software platform and Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient input validation. and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient input...
ROS-20250822-17
A vulnerability in the 2D component of the Oracle Java SE software platform and Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient input validation. and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient input...
ROS-20250822-20
Vulnerability in GPAC multimedia platform, related to manipulation of baseiniturl argument, resulting in the dereferencing of a null pointer. Exploitation of the vulnerability could allow an attacker, acting remotely to cause a denial of service...
ROS-20250822-16
A vulnerability in the 2D component of the Oracle Java SE software platform and Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient input validation. and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient input...
ROS-20250822-14
A vulnerability in a library for XSLT conversion of XML documents to other formats is related to a type confusion bug in xmlNode.psvi. type confusion bug in xmlNode.psvi. Exploitation of the vulnerability could allow an attacker to execute arbitrary code on the target system...
ROS-20250822-15
Package manager vulnerability for Helm is related to local code execution when updating dependencies. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...
ROS-20250822-22
A vulnerability in the PHP programming language interpreter is related to insufficient null byte checking in the implementation of the fsockopen function when handling hostnames. Exploitation of the vulnerability could allow an attacker acting remotely to perform SSRF attacks A vulnerability in t...
ROS-20250822-19
A vulnerability in the 2D component of the Oracle Java SE software platform and Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient input validation. and Oracle GraalVM Enterprise Edition virtual machines is related to insufficient input...
ROS-20250822-21
A vulnerability in the PHP programming language interpreter is related to insufficient null byte checking in the implementation of the fsockopen function when handling hostnames. Exploitation of the vulnerability could allow an attacker acting remotely to perform SSRF attacks A vulnerability in t...
ROS-20250822-23
A vulnerability in the PHP programming language interpreter is related to insufficient null byte checking in the implementation of the fsockopen function when handling hostnames. Exploitation of the vulnerability could allow an attacker acting remotely to perform SSRF attacks A vulnerability in t...
ROS-20250822-11
A vulnerability in the HPACK decoder of Golang programming is related to uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting locally to cause a denial of service...
ROS-20250822-09
The vulnerability of the package designed to work with JSON Web Tokens jwt-go is related to incorrect checking of the data when processing data transmitted via m"aud". Exploitation of the vulnerability could allow an attacker, acting remotely, to bypass the authentication process...
ROS-20250822-08
Vulnerability of parse.ParseUnverified function of golang-jwt web token library of Go programming language is related to uncontrolled resource consumption. Go programming language is related to uncontrolled resource consumption. Exploitation of the vulnerability allows an attacker acting remotely...
ROS-20250822-05
Apache Tomcat application server vulnerability related to bypassing the authentication procedure through the use of an alternate path or channel. using an alternate path or channel. Exploitation of the vulnerability could allow an attacker, acting remotely, to affect the confidentiality of...
ROS-20250822-24
A vulnerability in the PHP programming language interpreter is related to insufficient null byte checking in the implementation of the fsockopen function when handling hostnames. Exploitation of the vulnerability could allow an attacker acting remotely to perform SSRF attacks A vulnerability in t...
ROS-20250822-04
Apache Tomcat application server vulnerability related to bypassing the authentication procedure through the use of an alternate path or channel. using an alternate path or channel. Exploitation of the vulnerability could allow an attacker, acting remotely, to affect the confidentiality of...
ROS-20250822-03
SafeHtml validator vulnerability in Hibernate Validator library is related to failure to take measures to protect web page structure when processing HTML content. web page structure when processing HTML content. Exploitation of the vulnerability could allow an attacker acting remotely to conduct...
ROS-20250822-12
Vulnerability of http2 package of Go programming language is related to uncontrolled server resources consumption as a result of resetting Server.MaxConcurrentStreams parameter during request stream processing. as a result of resetting the Server.MaxConcurrentStreams parameter when processing a...
ROS-20250822-10
Vulnerability in clientgolang library of Prometheus event monitoring and notification application is related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service...
ROS-20250822-13
Vulnerability of HTTP/2 protocol implementation is related to the possibility of forming a stream of requests within an already established network connection without opening new network connections and without confirming receipt of requests. The vulnerability of the HTTP/2 protocol implementatio...
ROS-20250821-02
A vulnerability in the BinaryStreamDriver component of the Java library for converting objects to XML or JSON XStream format is related to a buffer overflow on the stack from a manipulated binary input stream. Exploitation of the vulnerability could allow an attacker acting remotely to perform a...
ROS-20250821-08
A vulnerability in the TCPDF PHP library is related to reading arbitrary files from the server's file system via the src tag. Exploitation of the vulnerability could allow an attacker to gain access to sensitive information. information Vulnerability in TCPDF PHP library is related to improper...
ROS-20250821-04
Vulnerability in libsoup library is related to disclosure of system data to unauthorized parties. Exploitation exploitation of the vulnerability could allow a remote attacker to disclose protected information. GNOME GUI libsoup library vulnerability is related to asymmetric resource consumption...
ROS-20250821-06
A vulnerability in the Perl programming language is related to the race condition if a directory descriptor is opened when the thread is created. Exploitation of the vulnerability could allow an attacker to interfere with the application's behavior...
ROS-20250821-07
A vulnerability in the cJSON parser is due to the fact that parsestring has a heap-based buffer, rereadable through "1":1, with no terminating newline character if cJSONParseWithLength is called. Exploitation of the of the vulnerability could allow an attacker acting remotely to gain access to...
ROS-20250821-03
EMACS text editor vulnerability exists due to failure to take measures to neutralize special elements. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary commands...
ROS-20250821-01
WSGI server gunicorn vulnerability is related to flaws in HTTP request handling. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the existing security restrictions and execute an HTTP request smuggling attack...
ROS-20250821-05
Vulnerability of the open source library Abseil-cpp for C++ standard library extension is related to failure to set an upper bound for its size argument in reserve and rehash functions. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to confidential...
ROS-20250819-13
A vulnerability in Salt's configuration management and remote execution system is related to the overwriting of the of the VirtKey class. Exploitation of the vulnerability could allow an attacker to bypass security restrictions. security Vulnerability in the system of configuration management and...
ROS-20250819-11
Vulnerability of configuration management and remote Salt operations execution system is related to incorrect input data validation in the findfile method of the GitFS class. Exploitation of the vulnerability could allow an attacker to manipulate files and directories Vulnerability in the Salt...
ROS-20250819-12
Vulnerability of configuration management and remote Salt operations execution system is related to incorrect input data validation in the findfile method of the GitFS class. Exploitation of the vulnerability could allow an attacker to manipulate files and directories Vulnerability in the Salt...
ROS-20250819-05
Vulnerability of TarFile.extractall and TarFile.extract functions of tarfile module of Python programming language interpreter CPython is related to incorrect restriction of path name of restricted directory. Python programming language interpreter CPython functions TarFile.extractall and...
ROS-20250819-09
Vulnerability of libxml2 library's xmlSchematronFormatReport function is related to reading data outside of the buffer in memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted XML file Vulnerability in the...
ROS-20250819-10
The cJSON parser vulnerability is related to the error of dereferencing a null pointer in the function cJSONSetValuestring in cJSON.c. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A vulnerability in the cJSONSetValuestring function of the...