8181 matches found
ROS-20250630-10
A vulnerability in the BeanIntrospector class of the Apache Commons Beanutils utility is related to the recovery of an inaccurate data structure in memory. of an invalid data structure. Exploitation of the vulnerability could allow an attacker acting remotely to affect the confidentiality,...
ROS-20250630-08
A vulnerability in a library for Python that extends the ease of creating, distributing, and installation of Python packages setuptools is related to an input validation error when processing sequences of directory traversal in packageindex.py. Exploitation of the vulnerability could allow an...
ROS-20250630-04
The Eclipse Jetty servlet container vulnerability is related to a bug in GzipHandler when handling certain URL paths. Exploitation of the vulnerability could allow an attacker to bypass the enforced security restrictions security The Eclipse Jetty servlet container vulnerability is related to the...
ROS-20250630-06
Vulnerability of orftokenendianconvert function of group communication system for fault-tolerant clusters Corosync is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code or cause a denia...
ROS-20250630-05
The Salted Challenge Response Authentication Mechanism SCRAM vulnerability in the Apache Kafka Message Manager is due to a lack of verification of one-time message numbers between messages. of the Apache Kafka Message Manager is related to the lack of verification of one-time message numbers...
ROS-20250630-07
A vulnerability in HashiCorp's Vault and Vault Enterprise enterprise information archiving platforms was related to incorrect validation of an assertion in an Azure-issued token, leading to a potential circumvention of the boundlocations parameter at login. Exploitation of the vulnerability could...
ROS-20250630-03
A vulnerability in the Symfony web application development and management software platform exists due to failure to take measures to neutralize special elements. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary code A vulnerability in the Symfony w...
ROS-20250630-01
A vulnerability in the pgAdmin 4 database management tool exists due to an incorrect restriction of the name of the of the path to a restricted directory. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary code...
ROS-20250630-02
The vulnerability of HashiCorp Vault and Vault Enterprise enterprise data archiving platforms is related to the fact that the validprincipals and defaultuser fields of the SSH secrets mechanism configuration are not are not set. Exploitation of the vulnerability could allow an attacker acting...
ROS-20250630-11
The vulnerability of a data encryption package using Crypt::CBC encryption block chain mode is due to the fact, that the rand function is not cryptographically secure. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
ROS-20250630-12
A vulnerability in the Golang programming language is related to an insecure reference following issue OCREATE and OEXCL when processing symbolic links. Exploitation of the vulnerability could allow an attacker to escalate privileges on the system. The vulnerability in the Golang programming...
ROS-20250625-01
Vulnerability of ffhevcputweightedpredavg8sse function of h.265 Libde265 video codec implementation is related to operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service using a specially crafted vid...
ROS-20250625-03
Vulnerability of eachpair function from strongparameters.rb of Ruby on Rails software platform is related to recovery of an invalid data structure in memory. Exploitation of the vulnerability could allow a remote attacker to gain access to confidential data Vulnerability in Ruby on Rails software...
ROS-20250625-04
A vulnerability in the Ruby on Rails software platform is related to a CSRF vulnerability in the rails-ujs module. Exploitation of the vulnerability could allow an attacker acting remotely to send CSRF tokens to the wrong domains. invalid domains...
ROS-20250625-02
A vulnerability in the br.com.anteros.dbcp.AnterosDBCPConfig component of the Java library for grammar parsing JSON files jackson-databind is related to the recovery of invalid data in memory. Exploitation of the of the vulnerability could allow an attacker acting remotely to cause a denial of...
ROS-20250625-08
Vulnerability in DecodeConfig component of Golang programming language is related to race condition of symbolic links when using os.RemoveAll. Exploitation of the vulnerability could allow an attacker, acting remotely, to remove arbitrary directories...
ROS-20250625-09
A vulnerability in the Apache Commons Configuration library is related to mismanagement of code generation. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code using specially crafted script, dns, and url requests. using specially crafted script, dn...
ROS-20250625-06
A vulnerability in the checkforbidden function from rack/directory.rb of the modular interface between web servers and the Rack web applications is related to incorrect directory path name restriction. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to...
ROS-20250625-05
Vulnerability of components from memcachestore.rb and rediscachestore.rb of Ruby on Rails software platform is related to recovery of invalid data structure in memory. Exploitation of the vulnerability could allow a remote attacker to gain access to sensitive data, compromise its integrity, as we...
ROS-20250625-07
Vulnerability of translate function from translationhelper.rb of Ruby on Rails software platform is related to flaws in the measures used to protect web page structures. Exploitation of the vulnerability allows an attacker acting remotely to affect data integrity...
ROS-20250624-09
A vulnerability in the av1looprestorationdealloc function of the libaom video encoding library is related to reading outside of buffer boundaries in memory. Exploitation of the vulnerability could allow a remote attacker, execute arbitrary code...
ROS-20250624-05
A vulnerability in the Consul and Consul Enterprise service configuration tool is related to errors in the processing of CSR requests at the RPC endpoint. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the implemented security restrictions. remotely to bypass...
ROS-20250624-04
A vulnerability in the Lua script interpreter is related to segmentation errors in changedline in ldebug.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
ROS-20250624-07
A vulnerability in the Mercurial version control software tool is related to insufficient data cleansing, provided by the user. Exploitation of the vulnerability could allow an attacker acting remotely to perform cross-site scripting XSS attacks. remotely to perform cross-site scripting XSS attac...
ROS-20250624-10
Vulnerability of the native code library for parsing and linearization of PGF LIBPGF grammars is related to the memory usage after release in Decoder.cpp. Exploitation of the vulnerability could allow an attacker acting remotely to escalate privileges on the system...
ROS-20250624-06
A vulnerability in the Django web application software platform is related to insufficient validation of user input in django.utils.text.wrap and the wordwrap template filter. user input in django.utils.text.wrap and wordwrap template filter. Exploitation of the vulnerability could allow an...
ROS-20250624-02
Vulnerability in OpenSearch software package related to lack of Markdown cleanup on header or footer previews header or footer preview. Exploitation of the vulnerability could allow an attacker to, execute arbitrary code...
ROS-20250624-03
A vulnerability in the UEFI firmware of Intel processors is related to insufficient granularity of the access controls. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the Software Guard eXtensions SGX implementation of Intel processors is...
ROS-20250624-01
A vulnerability in the SEV-SNP functions of AMD processor firmware is related to incorrectly input validation for serial presence detection DIMM SPD metadata. Exploitation of the vulnerability allows an attacker to overwrite guest memory, resulting in a loss of the guest data integrity...
ROS-20250624-08
GIFLIB GIF library vulnerability is related to a boundary error in the function Dimplescreen2rgb in gif2rgb.c. Exploitation of the vulnerability could allow an attacker to execute arbitrary code on the target system...
ROS-20250624-14
A vulnerability in the SSH server of the Golang programming language is associated with uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20250624-15
Vulnerability in the Javascript Object Signing and Encryption Go JOSE standards set implementation is related to uncontrolled consumption of internal resources properly when analyzing JWS and JWE input data. Exploitation of the vulnerability could allow an attacker acting remotely to cause a deni...
ROS-20250624-16
A vulnerability in the libntlm library implementation of the NT LAN Manager Network Authentication Protocol NTLM is related to a buffer boundary read with reading beyond buffer boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code or cause...
ROS-20250624-11
A vulnerability in the Perl data structure to JSON conversion module Cpanel::JSON::XS is related to access beyond the beyond the allocated memory buffer, acting remotely, obtaining sensitive information or cause a denial of service...
ROS-20250624-12
Vulnerability of putqpelfallback function fallback-motion.cc of h.265 video codec implementation Libde265 is related to writing beyond buffer boundaries. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service Vulnerability in the mcchroma function...
ROS-20250624-13
Vulnerability of path.evaluate or path.evaluateTruthy compiler for writing JavaScript code Babel is related to an incorrect comparison. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...
ROS-20250623-01
The vulnerability of the nftpayload function of the net/netfilter /nftpayload.c module of the netfilter component of the Linux kernel is related to the operation exceeding the memory buffer boundary. of Linux operating system is related to the operation exceeding the buffer boundaries in memory...
ROS-20250616-28
The vulnerability of the Zabbix universal monitoring system server is related to unrestricted allocation of resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service...
ROS-20250616-27
The vulnerability of the Zabbix universal monitoring system server is related to unrestricted allocation of resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service...
ROS-20250619-01
A vulnerability in the Rack module interface of the Ruby programming language interpreter is related to sending requests with an extremely large number of parameters. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A vulnerability in the Rack...
ROS-20250619-14
The vulnerability of Pgpool-II connection balancing and management software tools is related to errors of input validation errors when processing directory traversal sequences in filenames. Exploitation exploitation of the vulnerability could allow a remote attacker to perform directory traversal...
ROS-20250619-16
YASM assembler vulnerability is related to NULL pointer dereferencing via the yasmsectionbcsappend function in section.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
ROS-20250619-15
A software vulnerability in the Grafana monitoring and surveillance platform is related to a vulnerability in the of the XY Chart plugin to DOM XSS. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code Grafana monitoring and surveillance platform...
ROS-20250619-17
Vulnerability of CompressorStreamFactory, TarArchiveInputStream and TarFile classes of Apache Commons archiver Compress is related to uncontrolled resource consumption as a result of insufficient input data validation when processing TAR archive headers. Exploitation of the vulnerability could...
ROS-20250619-12
The vulnerability of Pgpool-II connection balancing and management software tools is related to errors of input validation errors when processing directory traversal sequences in filenames. Exploitation exploitation of the vulnerability could allow a remote attacker to perform directory traversal...
ROS-20250619-10
The vulnerability of Pgpool-II connection balancing and management software tools is related to errors of input validation errors when processing directory traversal sequences in filenames. Exploitation exploitation of the vulnerability could allow a remote attacker to perform directory traversal...
ROS-20250619-11
The vulnerability of Pgpool-II connection balancing and management software tools is related to errors of input validation errors when processing directory traversal sequences in filenames. Exploitation exploitation of the vulnerability could allow a remote attacker to perform directory traversal...
ROS-20250619-13
The vulnerability of Pgpool-II connection balancing and management software tools is related to errors of input validation errors when processing directory traversal sequences in filenames. Exploitation exploitation of the vulnerability could allow a remote attacker to perform directory traversal...
ROS-20250619-03
A vulnerability in the Microsoft Visual Studio software development tool, the Microsoft.NET software platform, and the Build Tools for Visual Studio toolkit is associated with an incorrect external external vulnerability. Microsoft.NET and Build Tools for Visual Studio toolkit is related to...
ROS-20250619-05
A vulnerability in the PostgreSQL PgBouncer connection pooling program is related to the fact that a password can be used after it expires, because authquery does not take into account the value of Postgre's VALID UNTIL. Exploitation of the vulnerability allows an attacker acting remotely to gain...