8162 matches found
ROS-20250414-01
A vulnerability in the ocfs2 component of the Linux operating system kernel is related to incorrect input validation in the ocfs2reflinkxattrinline function in fs/ocfs2/xattr.c, in ocfs2reflink function in fs/ocfs2/refcounttree.c. Exploitation of the vulnerability could allow an attacker to cause...
ROS-20250410-01
A vulnerability in the mailbox component of the Linux kernel is related to resource management errors in the bcm2835mboxprobe function in drivers/mailbox/bcm2835-mailbox.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service Vulnerability in the uvcparseformat...
ROS-20250409-01
A vulnerability in the NFSD component of the Linux kernel is related to the dereferencing of a NULL pointer in the nfsd4processcbupdate function in fs/nfsd/nfs4callback.c. Exploitation of the vulnerability could allow an an attacker to cause a denial of service A vulnerability in the ALSA compone...
ROS-20250403-07
A vulnerability in the InnoDB component of the Oracle MySQL Server database management system is related to a flaw in the authorization procedure as a result of incorrect input data validation. authorization procedure as a result of incorrect input data verification. Exploitation of the...
ROS-20250403-04
A vulnerability in the Go programming language is related to improper syntax correctness checking of input. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service...
ROS-20250403-01
A vulnerability in the lookup function of the xmlparse.c file of the Expat library is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service Vulnerability in the doProlog function of the xmlparse.c file of the Expat...
ROS-20250403-02
A vulnerability in the QPDF PDF conversion command line utility is related to the creation of a .pdf file with the PlASCII85Decoder::write parameter in libqpdf. .pdf file with the PlASCII85Decoder::write parameter in libqpdf. Exploitation of the vulnerability could allow an attacker to execute...
ROS-20250403-08
A vulnerability in the crun open source OCI container runtime environment is related to an insecure reference following in .krunconfig.json. Exploitation of the vulnerability could allow an attacker acting remotely to compromise a vulnerable system...
ROS-20250403-06
A vulnerability in the InnoDB component of the Oracle MySQL Server database management system is related to a flaw in the authorization procedure as a result of incorrect input data validation. authorization procedure as a result of incorrect input data verification. Exploitation of the...
ROS-20250403-09
Apache Tomcat application server vulnerability is related to accepting input path data as an internal point without verification. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access to protected information and execute arbitrary code. unauthorized access to...
ROS-20250403-10
Vulnerability in the Rack::Static class of the modular interface between web servers and Rack web applications is related to with errors in relative directory path handling. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected informat...
ROS-20250403-14
Vulnerability in the OpenSearch software package due to a problem in the implementation of Field Level Security FLS. Field Level Security FLS. Exploitation of the vulnerability could allow an attacker to obtain sensitive data Vulnerability in the OpenSearch software package due to missing spaces ...
ROS-20250403-16
A vulnerability in the Rack module interface of the Ruby programming language interpreter is related to an incorrect checking of X-Sendfile-Type header input in Rack::Sendfile during processing. Exploitation of the vulnerability could allow an attacker acting remotely to manipulate log entries...
ROS-20250403-03
Vulnerability of SQLite hints and ETRN serialization functions of Exim mail server is related to failure to take measures to protect SQL query structure. SQL query structure protection. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service by sendi...
ROS-20250403-11
Vulnerability in the OpenSearch software package related to calls that utilize an internal underlying Identity Provider IdP rather than other externally configured IdPs. Exploitation of the vulnerability could Allow an attacker to impact data integrity...
ROS-20250403-12
OpenSearch software package vulnerability related to out-of-bounds memory reads. Exploitation of the vulnerability could allow an attacker to obtain sensitive data...
ROS-20250403-15
Vulnerabilities in GLPI's computer hardware request, incident and inventory system are related to improper access control. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to confidential information...
ROS-20250403-13
Vulnerability of net/http, x/net/proxy and x/net/http/httpproxy packages of Go programming language is related to incorrect mapping of hosts to proxy server templates. Exploitation of the vulnerability could allow an intruder to affect confidentiality and availability of protected information...
ROS-20250403-05
A vulnerability in the Media component of the Google Chrome browser is related to memory usage after it is released. after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code using a specially crafted HTML page V8 JavaScript scrip...
ROS-20250402-07
A vulnerability in the Consul and Consul Enterprise service configuration tool is related to insufficient validation of user input. of user input. Exploitation of the vulnerability could allow an attacker acting remotely to launch an SSRF attack. remotely to launch an SSRF attack Vulnerability in...
ROS-20250402-04
Vulnerability of the GLPI system of requests, incidents and inventory of computer equipment is related to improperly restricting access to the "install/update.php" file. Exploitation of the vulnerability could allow An attacker acting remotely could gain access to confidential information A...
ROS-20250402-09
The libexpat XML file parsing library vulnerability is related to boundary errors in the processing of XML content. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code on the target system...
ROS-20250402-05
A vulnerability in the configuration implementation of the HTML cleanup tool for Rails Html Sanitizer applications is related to with insufficient cleaning of user-supplied data. Exploitation of the vulnerability could allow An attacker acting remotely could conduct cross-site scripting attacks...
ROS-20250402-03
A vulnerability in the WebTransport component of Mozilla Firefox, Firefox ESR and Thunderbird email client browsers is related to the possibility of memory usage after release. Thunderbird is related to the possibility of memory usage after release. Exploitation of the vulnerability could allow a...
ROS-20250402-01
The vulnerability of the urllib.parse.urlsplit and urlparse functions of the Python programming language interpreter is related to the fact that urllib.parse.urlsplit and urlparse accept domain names with square brackets. Exploiting the vulnerability could allow an attacker to escalate their...
ROS-20250402-02
A vulnerability in the WebTransport component of Mozilla Firefox, Firefox ESR and Thunderbird email client browsers is related to the possibility of memory usage after release. Thunderbird is related to the possibility of memory usage after release. Exploitation of the vulnerability could allow a...
ROS-20250402-08
The vulnerability in HashiCorp's Vault and Vault Enterprise enterprise information archiving platforms is related to the fact that the application allows the use of entity aliases mapped to a single resource with the same alias name. Exploitation of the vulnerability could allow an attacker actin...
ROS-20250402-06
Vulnerability of pamsmauthenticate function of PAM-PKCS11 authentication module of Linux operating systems is related to authentication errors. Exploitation of the vulnerability could allow an attacker acting remotely, bypass the authentication procedure and gain unauthorized access to protected...
ROS-20250326-08
A vulnerability in the snmptrapd daemon of the Zabbix universal monitoring system is related to improper processing of the output data for logs. Exploitation of the vulnerability could allow an attacker, acting remotely, to spoof the user interface Vulnerability of strbase64encoderfc2047 function...
ROS-20250326-01
Pidgin instant messaging vulnerability is related to DNS response spoofing and redirecting client connections to a malicious server. redirecting client connections to a malicious server. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service to an...
ROS-20250326-07
A vulnerability in the snmptrapd daemon of the Zabbix universal monitoring system is related to improper processing of the output data for logs. Exploitation of the vulnerability could allow an attacker, acting remotely, to spoof the user interface Vulnerability of strbase64encoderfc2047 function...
ROS-20250326-06
A vulnerability in the Twisted Web component of the Twisted networking framework is related to insufficient input data validation when processing HTTP headers. data when processing HTTP headers. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20250326-05
A vulnerability in the sysexec function of MariaDB software is related to insecure permissions. Exploitation of the vulnerability could allow an attacker to execute arbitrary commands with elevated privileges...
ROS-20250326-03
The vulnerability in the document-oriented database management system MongoDB is related to bugs in the query analysis of some complex self-referential $lookup subconvectors, leading to sending to the server literal values in expressions for encrypted fields as plaintext instead of encrypted text...
ROS-20250326-04
A vulnerability in the Ruby Sinatra web application development framework is related to causing an Open Redirect Attack Attack by inserting an arbitrary address into this header. Exploiting the vulnerability allows an attacker, acting remotely, to gain access to sensitive data...
ROS-20250326-02
A vulnerability in the document-oriented MongoDB database management system is related to the lack of authorization checks. authorization checks. Exploitation of the vulnerability could allow a remote intruder gain unauthorized access to protected information...
ROS-20250326-09
Ruby interpreter vulnerability is related to a hidden time channel Exploitation of the vulnerability could allow a remote attacker to gain access to confidential information...
ROS-20250326-10
A vulnerability in the Nextcloud calendar cloud software application for creating and utilizing a Nextcloud data warehouse is related to the failure to clean up line breaks and special characters in the email value in a JSON request. Exploitation of the vulnerability could allow an attacker actin...
ROS-20250326-11
A vulnerability in the sqlghashsource component of the virtuoso-opensource web application development platform is related to the unconstrained and unregulated resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using special...
ROS-20250325-01
A vulnerability in the net component of the Linux kernel is related to a read error outside the allowed range in drivers/net/wwan/wwancore.c. valid range in drivers/net/wwan/wwancore.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the n...
ROS-20250320-01
A vulnerability in the bpf component of the Linux kernel is related to resource management errors in the findequalscalars function in kernel/bpf/verifier.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the htcconnectservice function of...
ROS-20250319-02
A vulnerability in the dm cache component of the Linux operating system kernel is related to a read error outside the bounds in the canresize function in drivers/md/dm-cache-target.c. Exploitation of the vulnerability could allow an an attacker to cause a denial of service Vulnerability in the...
ROS-20250319-01
A vulnerability in the net component of the Linux operating system kernel is related to a reachability assertion in the inetaccept function in net/ipv4/afinet.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
ROS-20250318-01
A vulnerability in the net component of the Linux kernel is related to the dereferencing of a NULL pointer in the sockcreate function in net/socket.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service denial of service A vulnerability in the net component of t...
ROS-20250317-01
Vulnerability of x86androidtabletprobe function in drivers/platform/x86/x86/x86-android-tablets/core.c of the Linux kernel is related to the reuse of previously freed memory. Exploitation of the vulnerability could allow an attacker to impact the confidentiality, integrity and availability of...
ROS-20250314-01
Vulnerability of x86/bugs components of Linux operating system kernel is related to resource management errors in the arch/x86/include/asm/nospec-branch.h file. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the mptcp component of the Lin...
ROS-20250314-02
A vulnerability in the wifi component of the Linux operating system kernel is related to an incorrect lock in the function ilpciresume in drivers/net/wireless/intel/iwlegacy/common.c. Exploitation of the vulnerability could allow an an attacker to cause a denial of service A vulnerability in the...
ROS-20250312-01
The vulnerability of thejd drm/amd/display component of the Linux kernel is related to incorrect verification of the input data in the calculatettucursor function in the drivers/gpu/drm/amd/display/dc/dml/dcn21/displayrqdlgcalc21.c, in the calculatettucursor function in the...
ROS-20250311-07
PQescapeLiteral, PQescapeIdentifier, PQescapeString and PQescapeStringConn functions are vulnerable to vulnerability libpq library of PostgreSQL database management system is related to failure to take measures to protect SQL query structure. Exploitation of the vulnerability could allow an...
ROS-20250311-05
PQescapeLiteral, PQescapeIdentifier, PQescapeString and PQescapeStringConn functions are vulnerable to vulnerability libpq library of PostgreSQL database management system is related to failure to take measures to protect SQL query structure. Exploitation of the vulnerability could allow an...