ROS-20240723-02

Vulnerability in Pygments library's SMLLexer function is related to entering an infinite loop. Exploitation The vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20240719-01

A vulnerability in the github.com/containers/image library is related to the fact that an attacker can initiate unexpected authenticated registry accesses on behalf of a victim user. Exploitation of the vulnerability could allow an attacker acting remotely to cause resource depletion, local path...

ROS-20240719-03

A vulnerability in the jaraco/zipp library of the pathlib-compatible Zipfile object shell is related to the processing of specially crafted zip files, resulting in an infinite loop. Exploitation of the vulnerability could Allow an attacker acting remotely to cause a denial of service...

ROS-20240719-02

Vulnerability in the makeHttpRequest function of the htdocs/js/ajaxfunctions.js file of the web administration tool LDAP phpLDAPAPadmin is related to inconsistent interpretation of HTTP requests. Exploitation of the vulnerability could allow an attacker acting remotely to cause smuggling of http...

ROS-20240719-04

A vulnerability in the Microsoft .NET software platform and Microsoft software development tool Microsoft Visual Studio is related to post-release memory usage. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality, integrity, and availability...

ROS-20240719-05

A vulnerability in the ejs web application development pattern for Node.Js is related to incorrect neutralization of special elements in the output data used by the input component. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code by injecting...

ROS-20240718-02

The go-getter library vulnerability of HashiCorp's enterprise information archiving platforms is related to a vulnerability to argument injection when running Git. Exploitation of the vulnerability could allow an attacker, acting remotely, to format the Git URL to inject additional Git arguments...

ROS-20240718-04

A vulnerability in the vpximgalloc function of the libvpx video encoding/decoding library is related to an integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code by transmitting specially crafted data A vulnerability in the libvpx video...

ROS-20240718-03

Vulnerability of the JWE, JWS, JWT go-jose standards set implementation package for Go programming language is related to incorrect processing of highly compressed input data. Exploitation of the vulnerability could allow An attacker acting remotely to cause a denial of service...

ROS-20240422-11

Vulnerability of net/http and net/http2 libraries of Go programming language in terms of implementation of the HTTP/2 protocol is related to uncontrolled resource consumption as a result of incorrect determination of the end of the HTTP/2 is related to uncontrolled resource consumption as a resul...

ROS-20240718-01

Vulnerability in Mozilla Firefox and Firefox ESR browsers is related to incorrect event handling as a result of incorrect code generation control. as a result of mismanaged code generation. Exploitation of the vulnerability could allow an attacker, acting remotely, escalate their privileges and...

ROS-20240717-03

A vulnerability in the implementation of the gnutlspkcs7verify function of the GnuTLS cryptographic library is related to double release errors occurring during verification of pkcs7 signatures. Exploitation of the vulnerability could Allow an attacker acting remotely to cause a denial of service...

ROS-20240717-05

A vulnerability in the implementation of PKCS1 v1.5, OAEP, and RSASVP standards in the NSS Network Security Services library set is associated with insufficient protection of service data due to time discrepancy. Exploitation of the vulnerability allows an attacker acting remotely to implement th...

ROS-20240717-04

Vulnerability in img2txt function of libcaca graphics library is related to division by zero. Exploitation The vulnerability could allow a remote attacker to cause a denial of service...

ROS-20240717-06

A vulnerability in the GnuTLS transport layer security library is related to the disclosure of confidential information to an unauthorized person. information to an unauthorized person. Exploitation of the vulnerability could allow an attacker acting remotely to cause a data breach...

ROS-20240717-01

Vulnerability of clientsendparams function in lib/ext/presharedkey.c component of GnuTLS transport layer security library is related to memory usage after its release. of GnuTLS transport layer is related to memory usage after its release. Exploitation exploitation of the vulnerability could allo...

ROS-20231019-02

A vulnerability in Nextcloud cloud storage creation and utilization software is related to gaining write/read privileges on any file share. Exploitation of the vulnerability could allow an attacker acting remotely to escalate privileges...

ROS-20240716-01

OpenSearch software package vulnerability related to unintentional access to resources of of users in the Dashboards Reports plugin. Exploitation of the vulnerability could allow an attacker to compromise the integrity of data. impact data integrity OpenSearch software package vulnerability relat...

ROS-20240716-03

A vulnerability in the Org-Link-Expand-ABBREV function of the LISP/OL.EL file of the EMACS text editor exists due to failure to take measures to neutralize special elements used in the operating system command. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary...

ROS-20210716-02

A vulnerability in the DICOM DCMTK library is related to pointer dereferencing errors. Exploitation of the vulnerability allows an attacker to cause a denial of service Vulnerability of the library for working with DICOM DCMTK format is related to allocation of heap memory for parsing the data, b...

ROS-20240712-03

Vulnerability of HTTP/2 protocol implementation is related to the possibility of forming a request flow within an already established network connection without opening new network connections and without confirming receipt of requests. The vulnerability of the HTTP/2 protocol implementation is...

ROS-20240715-01

Vulnerability of Apache Tomcat application server's implementation of rejectIllegalHeader attribute is associated with flaws in processing HTTP requests containing Content-Length header. Exploitation of the vulnerability could allow an attacker acting remotely to send a hidden HTTP request HTTP...

ROS-20240711-03

Vulnerability of NTFS file handler NtfsHandler.cpp of 7-Zip archiver is related to the possibility of heap-based buffer overflow of a heap-based buffer overflow. Exploitation of the vulnerability could allow an attacker, acting remotely, execute arbitrary code A vulnerability in the NTFS file...

ROS-20240712-02

A vulnerability in the ParseAddressList function of the net/mail package of the Go programming language is related to insufficient verification of display names in the function. verification of display names in the function. Exploitation of the vulnerability could allow an attacker acting remotel...

ROS-20240709-04

The vulnerability in the C++ Botan cryptographic library is related to resource allocation without constraints and regulation. Exploitation of the vulnerability could allow an attacker acting remotely to forge a an ECDSA X.509 certificate...

ROS-20240712-01

Vulnerability in Multiline RFC 2231 component of Exim mail server is related to incorrect analysis of the the multiline RFC 2231 header file name. Exploitation of the vulnerability could allow an attacker, acting remotely, to deliver executable attachments to end-user mailboxes...

ROS-20240709-02

Vulnerability in the tempfile.TemporaryDirectory component of the Python programming language interpreter CPython is related to dereferencing symbolic links while clearing permission-related errors. Exploitation of the vulnerability could allow an attacker to increase their privileges...

ROS-20240709-03

Apache Kafka Message Manager vulnerability is related to Apache Kafka cluster migration from ZooKeeper mode to KRaft mode. Exploitation of the vulnerability could allow an attacker acting remotely, impact the confidentiality and integrity of...

ROS-20240709-01

Vulnerability of the function UnicodeString::doAppend unistr.cpp of the International Components for Unicode library is related to integer overflow of the data structure. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to sensitive data, cause...

ROS-20240711-02

A vulnerability in the github.com/containers/image library is related to the fact that an attacker can initiate unexpected authenticated registry accesses on behalf of a victim user. Exploitation of the vulnerability could allow an attacker acting remotely to cause resource depletion, local path...

ROS-20240711-01

Vulnerability The frames.html file is a tool for creating documentation for the Ruby programming language YARD is related to improper handling of user-controlled data obtained from a URL hash in the embedded JavaScript code in the "frames.erb" template file. Exploitation of the vulnerability coul...

ROS-20240711-04

A vulnerability in the github.com/containers/image library is related to the fact that an attacker can initiate unexpected authenticated registry accesses on behalf of a victim user. Exploitation of the vulnerability could allow an attacker acting remotely to cause resource depletion, local path...

ROS-20240708-21

Vulnerability in cURL command line utility is due to bugs in protocol removal logic. Exploitation The exploitation of the vulnerability may allow a remote intruder to gain access to protected information Vulnerability in the HTTP/2 network protocol implementation of the cURL command line utility ...

ROS-20240708-02

A vulnerability in the TPMLPCRSELECTION functions of the source repository for Trusted Platform Module tools TPM2.0 is related to improper mapping of PCR slots, providing a misleading TPM state. Exploitation of the vulnerability could allow an attacker acting remotely to manipulate output data...

ROS-20240708-01

Vulnerability in the HTTP/2 network protocol implementation of the cURL command line utility is related to memory release errors. memory freeing errors. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service Vulnerability in the cURL command line...

ROS-20240704-05

Vulnerability in the OpenSearch software package related to incorrectly restricting reference to an external XML entity. Exploitation of the vulnerability could allow an attacker to conduct XXE attacks...

ROS-20240704-28

A vulnerability in the curl program line utility is related to the storage of HSTS data in a file with a too long name, curl can delete the entire contents, causing subsequent requests that use the file to be unaware of the HSTS status they should have used. file will be unaware of the status of...

ROS-20240704-01

The OpenSSH cryptographic security tool server vulnerability is related to the reuse of previously reuse of previously freed memory due to competitive access to a resource race condition. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code with root privilege...

ROS-20240704-06

Vulnerability of logback receiver component of logging library logback is related to recovery of inaccurate data in memory inaccurate data. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20240704-02

OpenSSH cryptographic protection tool server vulnerability is related to a logic error ObscureKeystrokeTiming. Exploitation of the vulnerability could allow an attacker acting remotely, launch a timing attack...

ROS-20240704-11

A vulnerability in the GnuTLS cryptographic library is related to the use of incorrect cryptography to encryption of a session ticket. Exploitation of the vulnerability could allow an attacker acting remotely, bypass TLS authentications and gain access to sensitive data...

ROS-20240704-08

A vulnerability in the curl program line utility is related to the storage of HSTS data in a file with a too long name, curl can delete the entire contents, causing subsequent requests using the file to be unaware of the HSTS status they should have used. file will be unaware of the status of the...

ROS-20240704-04

Vulnerability of the OpenSSL cryptographic library is related to a call of the OpenSSL API function SSLfreebuffers function, resulting in access to previously freed memory. Exploitation of the vulnerability could Allow an attacker acting remotely to cause a denial of service...

ROS-20240704-03

Vulnerability in gnome Vte terminal is related to escape-sequence window resizing. Exploitation The vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20240704-07

A vulnerability in the parseQuery function of the Webpack loader-utilss package is related to improperly controlled modification of object characteristic attributes. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary JavaScript code Ansi-regex ANSI...

ROS-20240704-09

Vulnerability of the chronyd daemon implementation of Network Time Protocol NTP Chrony is related to incorrect reference definition before accessing a file in /var/run/chrony directory. Exploitation the vulnerability could allow an attacker to cause a denial of service by using a specially crafte...

ROS-20240704-10

A vulnerability in the python38.pth file of the Python programming language interpreter is related to ignoring the sys.path constraints specified in python38.pth . Exploitation of the vulnerability could allow an attacker acting remotely to download code from arbitrary locations A vulnerability i...

ROS-20240702-04

A vulnerability in the DecodeConfig component of the Golang programming language is related to the possibility that certain characters in the subject alternative name fields in TLS certificates are mistakenly allowed to have a special value in regular expressions. value in regular expressions...

ROS-20240703-09

A vulnerability in the WSGI Werkzeug web application library is related to the fact that the application does not properly control the consumption of internal resources when parsing data from a composite form with a large number of fields. internal resource consumption when parsing data from a...

ROS-20240703-12

An Apache Tomcat application server vulnerability is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using specially crafted HTTP/2 requests...