ROS-20240703-10

Vulnerability of usbguard-dbus daemon of USBGuard USB device protection software is related to an error of access error of an unprivileged user who could connect USB devices. Exploitation of the vulnerability could allow an attacker to gain access to confidential data, compromise its integrity, a...

ROS-20240703-11

A vulnerability in the cloud-init virtual machine configuration package for Linux family operating systems is related to the fact that sensitive data could be exposed in cloud-init logs. Exploitation the vulnerability could allow an attacker to gain unauthorized access to the protected informatio...

ROS-20240703-08

Vulnerability of the parsetagandwiretype function of the protobuf-c.c component of the data serialization protocol in the C programming language Protobuf-c is related to resource release errors. C programming language Protobuf-c protocol is related to errors in resource release. Exploitation of t...

ROS-20240702-05

A vulnerability in the qstr method in the adodb library PDO driver is associated with the ability for remote attackers to to conduct SQL injection attacks using vectors associated with misquoted vectors. Exploitation of the vulnerability could allow an attacker acting remotely to conduct an attac...

ROS-20240702-06

The vulnerability of the libarchive archiving library of Windows operating systems is related to the operation exceeding the buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...

ROS-20240702-01

Vulnerabilities in Microsoft Visual Studio software development tool and Microsoft.NET Framework are related to uncontrolled resource consumption. Microsoft.NET Framework is associated with uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotel...

ROS-20240702-02

A vulnerability in the V8 JavaScript script handler of the Google Chrome browser is related to accessing a resource via incompatible types. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code V8 JavaScript script handler vulnerability in Google Chro...

ROS-20240702-03

A vulnerability in the libxml2 library's xmllint.c file is related to the formatting of error messages with xmllint --htmlout. Exploiting the vulnerability could allow an attacker to cause a denial of service...

ROS-20240702-07

A vulnerability in the HTTP/3 QUIC module ngxhttpv3module of NGINX Plus and NGINX OSS web servers is related to writing outside of buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service by using specially crafted HTTP/3...

ROS-20240701-01

A vulnerability in the GIMP graphical editor is related to integer overflow. Exploitation of the vulnerability could allow an attacker to execute arbitrary code GIMP graphical editor vulnerability is related to a buffer overflow on parsing GIMPP PSD files. Exploitation of the vulnerability could...

ROS-20240701-02

A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to the algorithmic complexity and unrestricted resource allocation in the creation of a DNS zone. complexity and unrestricted resource allocation when creating a DNS zone. Exploitation of...

ROS-20240701-03

Vulnerability in Moodle virtual learning environment related to improper validation of allowed event types in the calendar web service. events in the calendar web service. Exploitation of the vulnerability could allow an attacker acting remotely, to create events with types/audience for which the...

ROS-20240628-01

A vulnerability in the Notes file of the distraction-free note-taking app for Nextcloud is related to the The ability to share a Notes folder with a new user before they are logged in. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive informatio...

ROS-20240627-06

A vulnerability in the Calendar component of cloud storage creation and utilization software Nextcloud Server is related to improper access control. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information Vulnerability in the 2FA component...

ROS-20240627-02

A vulnerability in the VPN protocol library using the "IPsec" libreswan is related to a statement of reachability when processing IKEv1 packets without specifying the esp string. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20240627-03

A vulnerability in the QEMU hardware emulator is related to a memory re-release error. Exploitation of the vulnerability could allow an attacker to execute arbitrary code by performing a DMA re-entry...

ROS-20240627-01

A vulnerability in the implementation of the CORS mechanism of Microsoft Edge and Google Chrome browsers is related to weaknesses in the access controls. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security restrictions and disclose protected...

ROS-20240627-04

A vulnerability in the ioctl component of the Flatpak application and environment management tool is related to copying text from the virtual console and pasting it into the command buffer, from which the command can be run after exiting the Flatpak application. Exploitation of the vulnerability...

ROS-20240627-05

A vulnerability in the updatesctpchecksum function of the QEMU hardware emulator is related to a reachability assertion when attempting to calculate the checksum of a fragmented packet of small size. of reachability when attempting to compute the checksum of a fragmented small packet. Exploitatio...

ROS-20240625-04

A vulnerability in the e1000e component of the QEMU server is related to DMA re-entry. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the registervfs function hw/pci/pciesriov.c of the QEMU hardware emulator is related to a buffer overflo...

ROS-20240625-01

Vulnerability in tiff.c file of ImageMagick console graphics editor related to buffer overflow in the heap. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20240626-13

Vulnerability of ExtractImageSection function of LibTIFF library is related to buffer copying without checking the the size of the input. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service using a crafted Tiff file...

ROS-20240626-12

A vulnerability in the Sphinx search engine is related to a path traversal error. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to the protected information using the CALL SNIPPETS statement or the loadfile function...

ROS-20240626-07

A vulnerability in the Net::CIDR::Lite module of the Perl programming language interpreter is related to bugs in the handling foreign null characters at the beginning of an IP address string. Exploitation of the vulnerability could allow an attacker acting remotely to bypass access controls...

ROS-20240620-17

Vulnerability of importmultispectralquantum function of ImageMagick console graphical editor is caused by by a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service Vulnerability in the ReadTIFFImage function of the ImageMagick...

ROS-20240625-02

A vulnerability in the lxc-user-nic component of the LXC virtualization system is related to information disclosure via a inconsistency. Exploitation of the vulnerability could allow an attacker to gain unauthorized access to the protected information...

ROS-20240626-14

Vulnerability of REFRESH MATERIALIZED VIEW CONCURRENTLY function of PostgreSQL database management system is related to privilege management errors in processing and checking command line parameters. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary SQ...

ROS-20240625-07

Vulnerability in tiff.c file of ImageMagick console graphic editor related to buffer overflow in the heap. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20240620-18

Vulnerability in the ReadTIFFImage function of the ImageMagick console graphical editor related to a heap buffer overflow. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service A vulnerability in the importmultispectralquantum function of the...

ROS-20240626-09

Vulnerability of opj2decompress program of OpenJPEG image encoding and decoding library is related to incorrect processing of a directory with a large number of files. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service Vulnerability of -ImgDir comman...

ROS-20240625-06

Vulnerability in TCP Initial Sequence Number Handler component of Tianocore EDK2 library is related to buffer overflow. buffer overflow. Exploitation of the vulnerability allows an attacker acting remotely to gain unauthorized access to confidential data. Unauthorized access to confidential data...

ROS-20240625-05

A vulnerability in Salt's configuration management and remote execution system is related to the catalog traversal. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code A vulnerability in the Salt configuration management and remote Salt operations...

ROS-20240626-08

A vulnerability in the ISO 9660 Image File Handler component of the libcdio library is related to a buffer overflow. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...

ROS-20240619-11

Vulnerability in imgallochelper function of libaom video encoding library is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code by transmitting specially crafted data...

ROS-20240626-15

Vulnerability of avahishostnameresolverstart function of Avahi local network service discovery system is related to pointer dereferencing errors. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20240626-16

A vulnerability in the CRI-O container mechanism is related to the creation of a symbolic link pointing to an arbitrary directory or file on the host through directory traversal. an arbitrary directory or file on the host through directory traversal. Exploitation of the vulnerability could allow ...

ROS-20240625-03

A vulnerability in the GlutAddSubMenu function of the MuPDF PDF viewer is related to a memory leak via the MenuEntry variable. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A vulnerability in the GlutAddMenuEntry function of the MuPDF PDF...

ROS-20240626-10

A vulnerability in the getUnpushedChanges function of the dependency manager for PHP Composer is related to the use of the status and reinstall commands. status, reinstall and remove commands. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary command...

ROS-20240619-02

Vulnerability of JSON object signing and encryption module for Erlang and Elixir programming languages erlang-jose JOSE for Erlang is related to uncontrolled resource consumption. Exploitation of the vulnerability could allow a remote attacker to cause a denial of service...

ROS-20240619-03

A vulnerability in the userinfo URI subcomponent of the GNU Wget download manager is related to an insecure behavior whereby in which data that should be in the userinfo subcomponent is misinterpreted as being part of the host subcomponent. Exploitation of the vulnerability could allow an attacke...

ROS-20240619-01

A vulnerability in the OpenSSH ECDSA Key Handler component of the OpenSSH ECDSA Key Handler technology for signing and encrypting JavaScript objects in Python is related to the definition of a blacklist of prefixes for public keys. Exploitation of the vulnerability could allow an attacker acting...

ROS-20240618-02

Vulnerability in util/gif2rgb.c file of GIFLIB library for working with GIF files is related to memory leakage through a gif file. Exploitation of the vulnerability could allow an attacker acting remotely, gain unauthorized access to protected information...

ROS-20240618-01

A vulnerability in the SVG Handler component of the RoundCube email client is related to cross-site scripting attacks. Exploitation of the vulnerability could allow an attacker acting remotely to exploit XSS via the SVG animation attributes. Vulnerability in the User Preferences Handler component...

ROS-20240617-02

A vulnerability in the bgpd/bgpattr.c file of a software tool for implementing network routing on Unix-like FRRouting systems is related to read outside bgpattraigpvalid bounds, as there are no AIGP checks. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denia...

ROS-20240617-01

The strongSwan daemon vulnerability is related to certificate validation errors in TLS-based EAP methods. Exploitation of the vulnerability could allow an attacker acting remotely to perform a denial of denial of service...

ROS-20240614-01

Vulnerability of UnRAR file unzipping tool is related to incorrect restriction of the path name to the directory with restricted access. Exploitation of the vulnerability could allow a remote attacker, Overwrite arbitrary files using a specially crafted archive...

ROS-20240614-02

The vulnerability in the Python programming language interpreter is related to errors in the conversion of int and str data types. int and str data types. Exploitation of the vulnerability could allow an attacker to cause a denial of service due to the algorithmic complexity...

ROS-20240613-02

The vulnerability of the RelinquishDCMInfo function of the dcm.c component of the ImageMagick console graphic editor is related to memory usage after its release. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive data, as well as cause a denial ...

ROS-20240613-03

Vulnerability in program/lib/Roundcube/rcubestringreplacer.php component of RoundCube mail client Webmail exists due to failure to take measures to protect the structure of the web page. Exploitation of the vulnerability could allow a remote attacker to conduct a cross-site scripting XSS attack...

ROS-20240613-04

Vulnerability of RelinquishDCMInfo function of dcm.c component of ImageMagick console graphic editor is related to memory usage after its release. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive data, as well as cause a denial of service via a...