7184 matches found
ROS-20240729-22
A vulnerability in the packageindex module of the library designed to simplify the packaging of setuptools projects is related to functions used to download packages from URLs, provided by users or obtained from package index servers, are susceptible to code injection. Exploitation of the...
ROS-20240730-10
Mbed TLS software vulnerability is related to errors in encryption processing in DTLS connections DTLS when using a null cipher or RC4 cipher. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
ROS-20240730-17
A vulnerability in the Hotspot component of the Oracle Java SE software platform and Oracle GraalVM Virtual Machines for JDK and Oracle GraalVM Enterprise Edition exists due to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to impact the...
ROS-20240730-14
A vulnerability in the Hotspot component of the Oracle Java SE software platform and Oracle GraalVM virtual machines for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to the lack of service data protection. Exploitation exploitation of the vulnerability could allow an...
ROS-20240730-18
A vulnerability in the Hotspot component of the Oracle Java SE software platform and Oracle GraalVM Virtual Machines for JDK and Oracle GraalVM Enterprise Edition exists due to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to impact the...
ROS-20240730-15
A vulnerability in the dstring.c component of the Debian GNU/Linux operating system cpio package is caused by an integer overflow. overflow. Exploitation of the vulnerability could allow an attacker to cause a stack overflow via a generated file...
ROS-20240730-07
A vulnerability in the PHP interpreter is related to improper input validation. Exploitation of the vulnerability could allow an attacker acting remotely to install a standard, unsafe cookie in the victim's browser. insecure cookie...
ROS-20240730-03
A vulnerability in the dstring.c component of the Debian GNU/Linux operating system cpio package is caused by an integer overflow. overflow. Exploitation of the vulnerability could allow an attacker to cause a stack overflow via a generated file...
ROS-20240730-02
Lasso library vulnerability is related to insecure privilege management. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality, integrity and availability of protected information...
ROS-20240730-16
A vulnerability in the Hotspot component of the Oracle Java SE software platform and Oracle GraalVM Virtual Machines for JDK and Oracle GraalVM Enterprise Edition exists due to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to impact the...
ROS-20240730-09
Vulnerability of NTLM New Technology LAN Manager protocol implementation in Exim mail server is related to operation exceeding buffer boundaries in memory when processing requests. Exploitation of the vulnerability could allow a remote intruder to gain unauthorized access to protected information...
ROS-20240729-02
An implementation vulnerability in the EncryptInterceptor class of Apache Tomcat application server is related to incomplete program execution documentation. program execution documentation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20240729-20
Squid proxy server vulnerability is related to writing beyond buffer boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20240729-14
A vulnerability in the logentryattr function of the 389-ds-base component is related to a buffer overflow in the heap. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
ROS-20240729-11
A vulnerability in the Cargo package manager of the Rust programming language involves the injection of arbitrary HTML after including it in a report generated by Cargo. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary code...
ROS-20240729-07
Vulnerability in the GLPI request and incident handling system related to improper privilege management. privileges. Exploitation of the vulnerability could allow an attacker acting remotely to steal confidential information Vulnerability in the GLPI reporting plugin is related to improper...
ROS-20240729-21
Vulnerability of authorization plugins AuthZ of the software for automating deployment and management of applications in containerized environments Docker Engine is related to flaws in the AuthZ plugin. application management in containerization-enabled environments Docker Engine is associated wi...
ROS-20240729-04
A vulnerability in the JsonErrorReportValve class of the Apache Tomcat application server is related to a flaw in the mechanism of for encoding or escaping output data. Exploitation of the vulnerability could allow an attacker, acting remotely, to affect the integrity of protected information...
ROS-20240729-09
Vulnerability in Cargo package manager of Rust programming language is related to ignoring umask when extracting archives created on UNIX-like systems. when retrieving archives created on UNIX-like systems. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute...
ROS-20240729-18
Vulnerability of kubelet utility of Kubernetes virtual machine cluster management software for Windows operating systems is related to incorrectly used standard permissions. Windows operating systems is related to incorrectly used standard permissions. Exploitation vulnerability could allow an...
ROS-20240729-16
A vulnerability in the github.com/containers/image library is related to the fact that an attacker can initiate unexpected authenticated registry accesses on behalf of a victim user. Exploitation of the vulnerability could allow an attacker acting remotely to cause resource depletion, local path...
ROS-20240729-03
A vulnerability in the GLPI reports plugin of the GLPI reports system is related to incorrect neutralization of input data during web page generation. neutralization of input data during web page generation. Exploitation of the vulnerability could allow a remote attacker to conduct XSS attacks...
ROS-20240729-10
Vulnerability in HttpServletRequest.getParameter andHttpServletRequest.getParts functions of servlet container Eclipse Jetty is related to the allocation of unlimited memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service The Eclipse Jetty...
ROS-20240729-08
A vulnerability in the scanps function of the libppd library of the CUPS print server is related to the operation exceeding the boundaries of the buffer in memory when processing the length of PPD files. Exploitation of the vulnerability could allow an attacker to elevate his privileges and execu...
ROS-20240729-06
A vulnerability in the TLS and SSL protocol implementation of the Mbed TLS software is related to the ability to of writing outside of the buffer. Exploitation of the vulnerability could allow an attacker acting remotely, overwrite data in the memory buffer and recover a private RSA key...
ROS-20240729-19
The 389 Directory Server vulnerability is related to the ability of an unauthenticated user to cause a systematic server crash when submitting a specific advanced search query. query. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service...
ROS-20240729-13
Vulnerability of cJSONInsertItemInArray function of JSON-C library for JSON-C JSON processing is related to pointer dereferencing errors. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service...
ROS-20240729-05
Vulnerability in the libssh2 library of Libgit2's implementation of Git's C methods is related to validation bugs of cryptographic signatures. Exploitation of the vulnerability could allow an attacker acting remotely, execute a man-in-the-middle attack...
ROS-20240729-01
Vulnerability in Forms Authentication in Application Server Web Application Examples Apache Tomcat exists due to failure to take measures to protect web page structure. Exploitation of the vulnerability could allow a remote attacker to conduct a cross-site scripting XSS attack...
ROS-20240729-17
Vulnerability in modrewrite module of Apache HTTP Server is related to insufficient checking of incoming requests. of incoming requests. Exploitation of the vulnerability could allow a remote attacker, gain unauthorized access to the device by forging requests on behalf of the server...
ROS-20240729-15
A vulnerability in the django.utils.text.Truncator.words function of the Django web application software platform is associated with uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service...
ROS-20240729-12
A vulnerability in the Eclipse Jetty servlet container is related to length overflow errors. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20240726-04
Vulnerability in Moodle virtual learning environment due to a risk in CSV import method XSS. Exploitation of the vulnerability could allow an attacker acting remotely to conduct a cross-site scripting XSS attack. cross-site scripting XSS...
ROS-20240726-05
Apache HTTP Server web server vulnerability is related to failure to take measures to handle sequences of CRLF sequences in HTTP headers. Exploitation of the vulnerability could allow an attacker acting remotely, Perform HTTP response splitting attacks Apache HTTP Server vulnerability is related ...
ROS-20240726-03
A vulnerability in the cjson and cmsgpack libraries of the Redis database management system DBMS is related to a buffer overflow in dynamic memory. buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code using a specially crafted Lua...
ROS-20240726-08
Vulnerability in the httpjson component of Elastick Stack Filebeat is due to a bug in the input data of the httpjson, because of which the contents of the Authorization or Proxy-Authorization http-request header may into the debug logs. Exploitation of the vulnerability could allow an attacker...
ROS-20240726-07
A vulnerability in the Sign-In component of the Google Chrome browser is related to the ability to bypass navigation restrictions using a specially crafted HTML page. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute cross-site scripted attacks...
ROS-20240726-06
The vulnerability in the WebKitGTK and WPE WebKit web page display modules is related to the existence of a method of limited sandbox traversal, which allows an isolated process to trick host processes into thinking that the isolated process is not sandboxed. them into thinking that the isolated...
ROS-20240726-02
A vulnerability in the HAProxy server software is associated with uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20240726-01
A vulnerability in GLPI's request and incident handling system is related to improper input validation. Exploitation of the vulnerability could allow an attacker acting remotely to impact the system integrity A vulnerability in the GLPI request and incident handling system is associated with the...
ROS-20240725-02
Squid proxy vulnerability is related to SSL/TLS certificate validation errors. Exploitation The vulnerability could allow a remote attacker to cause a denial of service...
ROS-20240725-03
A vulnerability in Google Chrome browser's JavaScript script handler V8 is related to reading outside the boundaries of memory. Exploitation of the vulnerability could allow an attacker, acting remotely, to perform access outside the outside of the allocated memory space using a specially crafted...
ROS-20240725-01
Vulnerability of HTTP/3 QUIC module ngxhttpv3module of NGINX Plus and NGINX OSS web servers is related to null pointer dereferencing. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service using specially craft...
ROS-20240724-01
A vulnerability in the DevTools component of the Google Chrome browser is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely, allowing an intruder to execute arbitrary code through a specially crafted HTML page A vulnerability in th...
ROS-20240723-04
A vulnerability in the fetchmail mail receiving and forwarding utility is related to incorrect resource initialization. Exploitation of the vulnerability may allow an attacker to gain access to confidential information...
ROS-20240723-03
Vulnerability of Ruby interpreter's Net::FTP class implementation is related to flaws in service data protection using the PASV command. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information. remotely, to gain unauthorized...
ROS-20240723-01
A vulnerability in the Key Distribution Center KDC component of the Kerberos network authentication protocol is associated with the NULL pointer dereferencing. Exploitation of the vulnerability allows an attacker acting remotely, cause a denial of service...
ROS-20240724-02
A vulnerability in the Dawn component of Microsoft Edge and Google Chrome browsers is related to memory usage after it has been freed. Exploitation of the vulnerability could allow a remote attacker, execute arbitrary code using a specially crafted HTML page A vulnerability in the SwiftShader...
ROS-20240723-05
A vulnerability in the Core component of the Oracle VM VirtualBox virtualization software tool is related to an insecure privilege management vulnerability. insecure privilege management. Exploitation of the vulnerability could allow an attacker to escalate their privileges A vulnerability in the...
ROS-20240723-06
The vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client is related to the use of memory after its release. memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker, acting remotely to cause a denial of service...