ROS-20240829-10

A vulnerability in the xmlparse.c file of the libexpat XML file parsing library is related to an integer overflow for nDefaultAtts on 32-bit platforms. Exploitation of the vulnerability could allow an an attacker to cause a denial of service A vulnerability in the xmlparse.c file of the libexpat...

ROS-20240917-08

Vulnerability of classes ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address and ipaddress.IPv6Network of the ipaddress module of the Python programming language interpreter CPython is related to the incorrect IP address range validation. Exploitation of the vulnerability could...

ROS-20240916-10

A vulnerability in the ncwrapentry component of the library for controlling I/O to the terminal ncurses, is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to affect confidentiality, integrity, and availabili...

ROS-20240916-05

A vulnerability in the email module of the Python programming language interpreter is due to insufficient inadequate input validation. Exploitation of the vulnerability could allow an attacker acting remotely, bypass the security mechanism...

ROS-20240916-09

The vulnerability of the x86 HVM Hypercall Handler component of the Xen kernel's x86 HVM hypervisor is related to the ability to freely switch between 64-bit and other system modes. Linux kernel hypervisor is related to the ability to freely switch between 64-bit and other system modes...

ROS-20240916-04

A vulnerability in the PrivateDecrypt function of the cryptographic library of the Node.js software platform is related to the following use of hidden side channels as a result of time discrepancy between decryption of valid and invalid encrypted texts based on the PKCS1 v1.5.5 cryptography...

ROS-20240916-13

A vulnerability in the email module of the Python programming language interpreter is due to insufficient inadequate input validation. Exploitation of the vulnerability could allow an attacker acting remotely, bypass the security mechanism...

ROS-20240916-06

Vulnerability in the Device Handler component of the Xen cross-platform hypervisor of the Linux kernel is related to incorrect placement of a preprocessor directive in the source code. Exploiting the vulnerability could allow an attacker to escalate privileges...

ROS-20240916-08

Vulnerability of MongoDB database management system is related to errors in TLS certificate validation procedure. of TLS certificate authentication. Exploitation of the vulnerability could allow an attacker acting remotely, establish an unauthorized connection to the MongoDB server...

ROS-20240916-01

A vulnerability in the Webmin hosting control panel is related to incorrect permissions and privileges. Exploitation of the vulnerability could allow an attacker acting remotely to bypass implemented security restrictions. security...

ROS-20240916-07

A vulnerability in the fetch function of the Node.js software platform involves uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service DoS...

ROS-20240916-02

The vulnerability of the sql/itemcmpfunc.cc component of the MariaDB DBMS is related to a flaw in the use of the function assert. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service The vulnerability of the Createtmptable::finalize component of the...

ROS-20240916-11

Vulnerability of the sssctl command of the remote directory access control service and authentication mechanism SSSD is related to the lack of input data cleanup measures. Exploitation of the vulnerability could allow a remote attacker to gain access to sensitive data, compromise its integrity, a...

ROS-20240916-03

A vulnerability in the Node.js software platform is related to insufficient data authentication. Exploitation of the vulnerability could allow an attacker acting remotely to disable the validation of the integrity A vulnerability in the APIgenerateKeys function of the Node.js software platform is...

ROS-20240916-12

Vulnerability in the crypto.setEngine method of the Node.js software platform is related to flaws in access delimitation access. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the existing security restrictions...

ROS-20240912-01

A vulnerability in the H5Olayoutencode function in the H5Olayout.c file of the HDF5 library is related to an overflow of the buffer overflow in the heap. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service A vulnerability in the...

ROS-20240911-08

The vulnerability of the configobj ini file reader and writer is related to the placement of a malicious value into a server-side configuration file by a developer. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20240911-17

A vulnerability in the pgdump utility of the PostgreSQL database management system is related to the dereferencing of a null pointer due to competitive access to a resource race condition. pointer due to competitive access to a resource race condition. Exploitation of the vulnerability could allo...

ROS-20240911-05

A vulnerability in the libspf2 library of the Exim mail server is related to an integer overflow resulting from the of SPF macros. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code...

ROS-20240911-03

A vulnerability in the HTTP Requests library of the Python Requests programming language is related to ignoring the certificate validation. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data...

ROS-20240911-02

A vulnerability in the pgdump utility of the PostgreSQL database management system is related to the dereferencing of a null pointer due to competitive access to a resource race condition. pointer due to competitive access to a resource race condition. Exploitation of the vulnerability could allo...

ROS-20240911-04

A vulnerability in the Kerberos network authentication protocol is associated with modification of the Extra Count open field of the confidential GSS krb5 shell token. Exploitation of the vulnerability allows an attacker acting remotely to affect the integrity and operation of the system. remotel...

ROS-20240911-07

Vulnerability of utfcptr2len function of vim text editor is related to operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...

ROS-20240911-22

A vulnerability in the pgdump utility of the PostgreSQL database management system is related to the dereferencing of a null pointer due to competitive access to a resource race condition. pointer due to competitive access to a resource race condition. Exploitation of the vulnerability could allo...

ROS-20240911-18

A vulnerability in the pgdump utility of the PostgreSQL database management system is related to the dereferencing of a null pointer due to competitive access to a resource race condition. pointer due to competitive access to a resource race condition. Exploitation of the vulnerability could allo...

ROS-20240911-01

A vulnerability in the Libvirt virtualization management library is related to NULL pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20240911-09

Vulnerability of the pkgconftupleparse function libpkgconf/tuple.c of the software tool for setting flags for pkgconf development libraries is related to a buffer overrun. compiler and linker flags for pkgconf development libraries is related to the operation exceeding the buffer boundaries. in...

ROS-20240911-19

A vulnerability in the pgdump utility of the PostgreSQL database management system is related to the dereferencing of a null pointer due to competitive access to a resource race condition. pointer due to competitive access to a resource race condition. Exploitation of the vulnerability could allo...

ROS-20240911-20

A vulnerability in the pgdump utility of the PostgreSQL database management system is related to the dereferencing of a null pointer due to competitive access to a resource race condition. pointer due to competitive access to a resource race condition. Exploitation of the vulnerability could allo...

ROS-20240911-21

A vulnerability in the pgdump utility of the PostgreSQL database management system is related to the dereferencing of a null pointer due to competitive access to a resource race condition. pointer due to competitive access to a resource race condition. Exploitation of the vulnerability could allo...

ROS-20240911-11

Vulnerability in the cross-platform Xen hypervisor of the Linux operating system kernel is related to disclosure of information. Exploitation of the vulnerability could allow an attacker acting remotely to gain Unauthorized access to protected information A vulnerability in the libfsimage compone...

ROS-20240911-06

A vulnerability in the stack protection feature of the GNU Compiler Collection GCC for different programming languages is due to a data protection mechanism violation. Collection GCC is related to a breach of the data protection mechanism. Exploitation of the vulnerability could allow an attacker...

ROS-20240911-10

A vulnerability in the Python PyJWT implementation of JWT is related to the lack of locking of some public key formats. key formats. Exploitation of the vulnerability allows an attacker acting remotely to affect the data integrity...

ROS-20240910-05

Nomad application orchestrator vulnerability related to vulnerability to write outside of catalog distribution during migration. Exploitation of the vulnerability could allow an attacker acting remotely, to impact the confidentiality, integrity, and availability of the...

ROS-20240910-01

A vulnerability in the HAProxy server software is related to entering an infinite loop when given certain input data. of certain inputs. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service...

ROS-20240910-02

A vulnerability in the dbussethostname function of the Avahi local area network service discovery system is associated with an achievable assertion. Exploitation of the vulnerability allows an attacker to cause a denial of service A vulnerability in the avahirdataparse function of the Avahi local...

ROS-20240910-03

A vulnerability in the libexpat XML parsing library is related to incorrectly restricting the reference to the XML external entity. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20240910-08

Vulnerability in DecodeConfig component of Golang programming language is related to uncontrolled consumption of resources. resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial-of-service condition. denial of service A vulnerability in the Gstream...

ROS-20240910-04

A vulnerability in the pcapfindalldevsex function of the libpcap library is related to the default support for remote packet capture. remote packet capture. Exploitation of the vulnerability could allow an attacker to cause a denial of denial of service...

ROS-20240910-07

A vulnerability in the snapctl component of the snapd self-contained package management utility is related to incorrect analysis of command line arguments, allowing an unprivileged user to initiate an authorized action on behalf of snapd. to initiate an authorized action on behalf of snap...

ROS-20240910-06

A vulnerability in the Zabbix universal monitoring system is related to improper code generation controls. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code Zabbix universal monitoring system vulnerability is related to the ability to directly...

ROS-20240909-04

Vulnerability in Mozilla Firefox, Mozilla Firefox ESR, Mozilla Thunderbird email client is related to NULL pointer dereferencing. with NULL pointer dereference. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of...

ROS-20240909-01

Vulnerability in Mozilla Firefox, Mozilla Firefox ESR, Mozilla Thunderbird email client is related to NULL pointer dereferencing. with NULL pointer dereference. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of...

ROS-20240909-02

Vulnerability in the cryptography package of the Python programming language interpreter is related to errors in the procedure of to authenticate a certificate. Exploitation of the vulnerability could allow an attacker acting remotely to perform a man-in-the-middle attack. remotely to execute a...

ROS-20240909-03

Vulnerability of the opteeregisterdevice function in the drivers/tee/optee/device.c module of the Trusted Execution Environment TEE module of the Linux kernel is related to incorrect processing of the return code. return code. Exploitation of the vulnerability could allow an attacker to cause a...

ROS-20240906-02

Vulnerability of the kmemcachedestroy function of the lib/listdebug.c library of the Linux kernel is related to a buffer overrun. is related to an operation exceeding the buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20240906-01

Vulnerability of ip6tnlrcv function in net/ipv6/ip6tunnel.c module of Linux kernel IPv6 protocol implementation is related to use of uninitialized memory. of the Linux operating system is related to the use of uninitialized memory. Exploitation of the vulnerability could allow a remote attacker t...

ROS-20240905-03

A vulnerability in the GTK GUI creation library GIMP Toolkit is related to mismanagement of code generation. Exploitation of the vulnerability could allow an attacker to escalate their privileges...

ROS-20240904-13

A vulnerability in the session cookie pga4session of the pgAdmin 4 database management tool is related to an incorrect serialization. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code...

ROS-20240905-04

Vulnerability of the dosetvfinfo function in the net/core/rtnetlink.c module of the TCP/IP protocol stack implementation of the Linux kernel of Linux operating system is related to reading memory outside the allocated buffer. Exploitation exploitation of the vulnerability may allow an intruder to...