ROS-20240927-01

Vulnerability of FFmpeg multimedia library function loadinputpicture is related to buffer copying without checking input data size. checking the size of the input data. Exploitation of the vulnerability could allow an attacker to execute arbitrary code Vulnerability in interpolate component...

ROS-20240927-08

A vulnerability in the VideoBridge component of Mozilla Firefox, Firefox ESR and Thunderbird email client browsers is related to errors in security settings. Exploitation of the vulnerability could allow an attacker, acting remotely, to bypass the protection mechanism of an isolated software...

ROS-20240927-05

Vulnerability in the afunix component's unixreleasesock/unixstreamsendmsg function is related to competitive access to a resource race condition. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the drivers/media/test-drivers/vidtv/vidtvpsi...

ROS-20240927-03

A vulnerability in the Concurrency component of the Oracle Java SE and Oracle GraalVM Enterprise Edition software platforms is related to insufficient input validation. Edition is related to insufficient validation of input data. Exploitation of the vulnerability could allow an attacker acting...

ROS-20240927-07

A vulnerability in the WikibaseLexeme extension of the MediaWik hypertext implementation software tool is related to access control weaknesses. Exploitation of the vulnerability could allow an attacker, acting remotely to escalate their privileges Vulnerability of UnlinkedWikibase extension of a...

ROS-20240925-01

A vulnerability in the max3100 component of the Linux kernel is related to NULL pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service Vulnerability in the afalg component of the Linux kernel is related to NULL pointer dereferencing...

ROS-20240924-02

Vulnerability in Thunderbird email client and Firefox browsers, Firefox ESR is related to writing outside the boundaries of the buffer in memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code Vulnerability in Firefox ESR, Firefox web browsers...

ROS-20240924-04

A vulnerability in the fastrpc component of the Linux operating system kernel is related to race conditions after a memory release. Exploitation of the vulnerability could allow an attacker to affect the confidentiality, integrity, and availability A vulnerability in the usbsubmiturb function of...

ROS-20240924-05

The vulnerability in Firefox ESR web browsers, Firefox and Thunderbird email client is related to writing beyond the buffer boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service Vulnerability in Thunderbird email client and Firefox,...

ROS-20240924-01

The vulnerability in Firefox and Firefox ESR browsers and Thunderbird email client is related to flaws in the in access control. Exploitation of the vulnerability could allow an attacker acting remotely, redirect a user to an arbitrary URL using a specially crafted extension The vulnerability in...

ROS-20240924-06

A vulnerability in the Garbage Collector component of the Firefox and Firefox ESR browsers and the Thunderbird email client is related to memory release errors in object operations. Thunderbird email client is associated with memory freeing errors when performing operations on objects. Exploitati...

ROS-20240924-03

Vulnerability of the ice component of the Linux kernel is related to the NULL pointer dereferencing in the kzalloc. Exploitation of the vulnerability could allow an attacker to cause a denial of service Vulnerability of the arm64/mm component of the Linux kernel is related to incorrect handling o...

ROS-20240923-04

A vulnerability in the Node.js software platform is related to flaws in HTTP request processing. Exploitation vulnerability could allow an attacker acting remotely to send a covert HTTP request HTTP Request Smuggling attack. HTTP Request Smuggling...

ROS-20240923-07

NBD protocol vulnerability in libnbd library is related to incorrect verification of NBD server certificate when using TLS to connect to NBD server. using TLS to connect to the NBD server. Exploitation of the vulnerability could allow an attacker, acting remotely, to affect the integrity of the...

ROS-20240923-03

A vulnerability in the gffilterpidpidmergepropertiesinternal function of the GPAC multimedia platform, related to a The lack of memory release after an effective lifetime. Exploitation of the vulnerability could allow An attacker acting remotely to cause a denial of service Vulnerability in the...

ROS-20240923-06

Vulnerability of net/http and net/http2 libraries of Go programming language in terms of implementation of the HTTP/2 protocol is related to uncontrolled resource consumption as a result of incorrect determination of the termination of HTTP/2 is related to uncontrolled resource consumption as a...

ROS-20240923-08

Vulnerabilities in Mozilla Firefox, Firefox ESR and Thunderbird email client are related to flaws in the in access control. Exploitation of the vulnerability could allow an attacker acting remotely, spoofing attacks Vulnerability in the implementation of the HSTS HTTP Strict Transport Security...

ROS-20240923-02

Vulnerability of ANGLE library in Mozilla Firefox, Firefox ESR and Thunderbird email client browsers is related to writing beyond buffer boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service...

ROS-20240923-05

A vulnerability in the interpreter of the software suite for processing, transforming, and generating Ghostscript documents is related to errors in relative directory path handling. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code using a special...

ROS-20240923-01

The vulnerability of WebKitGTK and WPE WebKit web page display modules is related to memory access after it is memory after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20240920-09

Vulnerability in Mozilla Firefox, Mozilla Firefox ESR, Mozilla Thunderbird email client is related to memory security flaws. with memory security flaws. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code. remotely to execute arbitrary code...

ROS-20240920-11

Vulnerability in Mozilla Firefox, Mozilla Firefox ESR, Mozilla Thunderbird email client is related to incorrect limitation of operations within the memory buffer. with incorrect limitation of operations within the memory buffer. Exploitation of the vulnerability could allow an attacker acting...

ROS-20240919-02

Vulnerability of the reweightentity function of the sched component of the Linux operating system kernel is related to synchronization errors when using a shared resource. Exploitation of the vulnerability could allow an attacker to impact confidentiality, integrity, and availability. A...

ROS-20240918-16

A vulnerability in the deserialize JavaScript library function for Jwcrypto is related to an uncontrolled resource consumption. uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service by transmitting a specially...

ROS-20240918-07

A vulnerability in the BlueZ Bluetooth protocol stack for Linux is related to improper index validation of the BlueZ Audio AVRCP of the BlueZ Audio AVRCP array. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code...

ROS-20240918-13

A vulnerability in HashiCorp's Vault and Vault Enterprise enterprise information archiving platforms is related to storing the plaintext values of client tokens and token accessors in the audit log auditing. Exploitation of the vulnerability could allow an attacker to gain access to sensitive...

ROS-20240918-06

Vulnerability of DNS-server Unbound is related to the possibility of forming a pulse stream of a large number of requests to the server using responses from DNS resolvers. DNS server Unbound vulnerability is related to the possibility of generating a pulse flow of a large number of requests to th...

ROS-20240918-14

A vulnerability in Asterisk and Certified Asterisk IP telephony management systems is related to errors in sending a SIP request to a URI. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service and shutdown...

ROS-20240918-12

A vulnerability in the Ruby REXML XML toolkit is related to uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service The XML Toolkit for Ruby REXML vulnerability is related to the presence of a DoS vulnerability in X...

ROS-20240918-10

The Jenkins Automation Server vulnerability is related to a lack of permission checking at the endpoint of the HTTP. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information The Jenkins Automation Server Remoting library vulnerability is...

ROS-20240918-08

A vulnerability in FreeIPA's centralized user identity management system is associated with insufficient password hash calculation. Exploitation of the vulnerability could allow an attacker, acting remotely, to escalate their privileges by brute-forcing possible values for a user's password...

ROS-20240919-03

A vulnerability in the nommu component of the Linux operating system kernel is related to memory freeing errors. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the drm component of the Linux kernel is related to NULL pointer dereferencing...

ROS-20240919-01

Vulnerability of Microsoft.NET Framework and .NET software platform of Windows operating systems is related to incorrect definition of symbolic links before accessing a file. Exploitation of the vulnerability could allow an attacker to escalate privileges...

ROS-20240918-15

A vulnerability in the Mbed TLS software is related to the use of a faulty or risky cryptographic algorithm. Exploitation of the vulnerability could allow an intruder to disclose protected information information...

ROS-20240918-09

A vulnerability in the Compositing component of Google Chrome browser is related to improper access control. Exploitation of the vulnerability could allow an attacker acting remotely to spoof the user's security interface using a specially crafted HTML page. security interface using a specially...

ROS-20240918-11

A vulnerability in the libpcap library's freeaddrinfo function is related to calling freeaddrinfo for the same allocated memory block. same allocated block of memory. Exploitation of the vulnerability could allow an attacker to cause a denial of denial of service...

ROS-20240918-02

A vulnerability in the WebKitGTK web page display module is related to disclosure of information in an erroneous data area of data. Exploitation of the vulnerability allows an attacker acting remotely to gain access to the sensitive data...

ROS-20240918-05

A vulnerability in the net component of the Golang programming language is related to the execution of a loop with an inaccessible exit condition. exit condition. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20240918-01

A vulnerability in the CGI::Cookie.parse function of the Ruby programming language is related to incorrect processing of security prefixes in cookie names. security prefixes in cookie names. Exploitation of the vulnerability allows an attacker, acting remotely, to affect data integrity...

ROS-20240918-03

A vulnerability in the WebCore::RenderLayer::renderer function of the WPE WebKit and WebKitGTK web page display modules is related to memory usage after it is freed. Exploitation of the vulnerability could allow an attacker acting remotely to execute remote code Vulnerability in...

ROS-20240918-04

Webmin hosting control panel vulnerability is related to failure to take measures to protect the structure of a web page. of the web page. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code A vulnerability in the ajaxterm module of the Webmin hosti...

ROS-20240917-07

Vulnerability in the PCI Device Handler component of the Xen cross-platform hypervisor is related to bugs in the program's code of the program. Exploitation of the vulnerability could allow an attacker to impact confidentiality, integrity and availability of the system A vulnerability in the x86...

ROS-20240917-05

Vulnerability in the sysinfo.cgi script implementation of Webmin hosting control panel exists due to failure to take measures to protect the structure of the web page. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute an arbitrary script...

ROS-20240917-02

A vulnerability in the PyFindObjects function of the PyFindObjects library for the open-source Python programming language scipy is related to memory usage after release. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality, integrity, and...

ROS-20240917-06

A glitch in the sessionlogin.cgi script of the Webmin hosting control panel and web interface for unix-like systems Usermin exists due to failure to take measures to protect the structure of the web page. Exploitation of the vulnerability could allow an attacker acting remotely to conduct a...

ROS-20240917-04

A vulnerability in the crypto.X509Certificate function of the Node.js software platform is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service...

ROS-20240917-03

A vulnerability in the QEMU hardware emulator info command is related to uncontrolled consumption of resources. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data, compromise their integrity, and cause a denial of service by using a specially crafted file...

ROS-20240917-01

A vulnerability in the user tabs of Google Chrome and Microsoft Edge browsers is related to an incorrect security checks for standard elements. Exploitation of the vulnerability could allow an attacker, acting remotely, to spoof the user interface with a specially crafted HTML page. generated HTM...

ROS-20241220-03

A vulnerability in the xmlparse.c file of the libexpat XML file parsing library is related to an integer overflow for nDefaultAtts on 32-bit platforms. Exploitation of the vulnerability could allow an an attacker to cause a denial of service...

ROS-20240917-09

Vulnerability of HTTP/2 protocol implementation is related to the possibility of forming a stream of requests within an already established network connection without opening new network connections and without confirming receipt of requests. The vulnerability of the HTTP/2 protocol implementatio...