8110 matches found
ROS-20241216-09
Vulnerability in the Automatic ConfigProvider component of Apache Kafka Message Manager is related to insufficient protection of service data. inadequate protection of proprietary data. Exploitation of the vulnerability could allow an attacker acting remotely, disclose protected information...
ROS-20241216-08
A vulnerability in the authstartsession function of the XRDP server is related to session restriction bypass. Exploitation The vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20241216-06
A vulnerability in the Single sign-on SSO authentication mechanism of the Zabbix universal monitoring system is related to authentication bypass via spoofing. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security restrictions and elevate their...
ROS-20241216-02
Vulnerability of zbxsnmpcachehandleengineid function of Universal Monitoring System proxy server Zabbix is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service Vulnerability in Zabbix...
ROS-20241216-05
A vulnerability in the Single sign-on SSO authentication mechanism of the Zabbix universal monitoring system is related to authentication bypass via spoofing. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security restrictions and elevate their...
ROS-20241216-01
Vulnerability of zbxsnmpcachehandleengineid function of Universal Monitoring System proxy server Zabbix is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service Vulnerability in Zabbix...
ROS-20241216-07
A vulnerability in the asynchronous client and server implementation of the SSHv2 protocol on top of Python python-asyncssh is related to a lack of data authentication. Exploitation of the vulnerability could allow an attacker, acting remotely, to control a remote SSH client session by injecting ...
ROS-20241216-03
A vulnerability in the Single sign-on SSO authentication mechanism of the Zabbix universal monitoring system is related to authentication bypass via spoofing. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security restrictions and elevate their...
ROS-20241216-04
A vulnerability in the Single sign-on SSO authentication mechanism of the Zabbix universal monitoring system is related to authentication bypass via spoofing. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security restrictions and elevate their...
ROS-20241212-24
Vulnerability of addRelatedObjects function of Zabbix universal monitoring system is related to failure to take measures to protect SQL query structure. to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges by...
ROS-20241212-22
Vulnerability of addRelatedObjects function of Zabbix universal monitoring system is related to failure to take measures to protect SQL query structure. to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges by...
ROS-20241212-02
Vulnerability of addRelatedObjects function of Zabbix universal monitoring system is related to failure to take measures to protect SQL query structure. to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges by...
ROS-20241212-04
Vulnerability of addRelatedObjects function of Zabbix universal monitoring system is related to failure to take measures to protect SQL query structure. to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges by...
ROS-20241212-01
Vulnerability of pcre2jitcompile.c function of PCRE2 regular expression library is related to reading beyond data buffer boundaries. Exploitation of the vulnerability allows an attacker acting remotely to gain access to confidential data and also to access the data. remotely to gain access to...
ROS-20241212-03
A vulnerability in the Moby container platform exists due to an error deleting a NULL pointer in the daemon/images/imagehistory.go. Exploitation of the vulnerability could allow an attacker to cause the application to crash. of the application...
ROS-20241211-05
CREATE POLICY row-protected table security policy vulnerability of database management system PostgreSQL is related to a lack of consistency between independent views of shared state. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary commands by reusin...
ROS-20241211-07
CREATE POLICY row-protected table security policy vulnerability in the PostgreSQL database management system PostgreSQL is related to a lack of consistency between independent views of shared state. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary...
ROS-20241211-06
CREATE POLICY row-protected table security policy vulnerability in the PostgreSQL database management system PostgreSQL is related to a lack of consistency between independent views of shared state. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary...
ROS-20241211-04
CREATE POLICY row-protected table security policy vulnerability in the PostgreSQL database management system PostgreSQL is related to a lack of consistency between independent views of shared state. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary...
ROS-20241211-11
A vulnerability in the HTTP client library for Python urllib3 is related to the fact that the Prox-Authorization header is not removed during source-to-source redirection when using proxy server support urllib3 with ProxyManager . Exploitation of the vulnerability could allow an attacker acting...
ROS-20241211-08
CREATE POLICY row-protected table security policy vulnerability in the PostgreSQL database management system PostgreSQL is related to a lack of consistency between independent views of shared state. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary...
ROS-20241211-10
Vulnerability of GnuTLS transport layer cryptographic library is related to difference of response time when processing RSA ciphertext in ClientKeyExchange message with correct and incorrect addition of PKCS1. PKCS1 padding. Exploitation of the vulnerability may allow a remote intruder to gain...
ROS-20241211-09
A vulnerability in the Expressions feature of the Grafana monitoring and surveillance platform is related to improper code generation control. Exploitation of the vulnerability could allow a remote attacker, execute arbitrary code by injecting specially crafted SQL queries A vulnerability in the...
ROS-20241211-13
Vulnerability of vrrpipsethandler function fglobalparser.c of network traffic balancing system Keepalived is related to integer overflow. Exploitation of the vulnerability could allow an attacker, acting remotely, to impact the confidentiality, integrity, and availability of protected information...
ROS-20241211-12
A vulnerability in the RADIUS authentication protocol implementation is related to bypassing the authentication procedure through capture-replay of intercepted messages. Exploitation of the vulnerability could allow a remote attacker to gain unauthorized access by forging an authentication...
ROS-20241211-14
A vulnerability in the shell command of the IPython interactive computing shell command is related to access control errors. access delimitation errors. Exploitation of the vulnerability allows an attacker to gain access to sensitive data, compromise its integrity, and cause a denial of service...
ROS-20241211-02
CREATE POLICY row-protected table security policy vulnerability in the PostgreSQL database management system PostgreSQL is related to a lack of consistency between independent views of shared state. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary...
ROS-20241211-03
CREATE POLICY row-protected table security policy vulnerability in the PostgreSQL database management system PostgreSQL is related to a lack of consistency between independent views of shared state. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary...
ROS-20241211-01
The vulnerability of the OpenSC smart card software toolkit and libraries is related to the fact that, that in pkcs15init buffers are partially filled with data, and initialized portions of the buffer can be accessed by bypassing the restrictions. Exploitation of the vulnerability could allow an...
ROS-20241210-01
A vulnerability in the freerdpimagecopy function of the FreeRDP RDP client is related to reading beyond memory boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to impact the Confidentiality, integrity and availability of protected information FreeRDP RDP clien...
ROS-20241209-04
A vulnerability in the JavaScript library for securely cleaning and protecting DOMPurify HTML code is related to flaws in the validation of input data containing signs of an XSS attack. Exploitation of the vulnerability could Allow a remote attacker to perform a cross-site scripted attack...
ROS-20241209-02
A vulnerability in some IntelR TDX modules is related to improper input validation. Exploitation of the vulnerability could allow a privileged attacker to potentially escalate privileges through local access. Vulnerability related to processor instruction sequencing causes unexpected behavior on...
ROS-20241209-05
The vulnerability of Salt's configuration management and remote execution system is related to the fact that the application does not cause a crash when bad column data is detected. Exploitation of the vulnerability could allow an attacker acting remotely to use the default value from state inste...
ROS-20241209-01
A vulnerability in AMD EPYCâ„¢ AGESAâ„¢ PI packages is related to incorrect input and range validation in the header of an AMD Secure Processor ASP bootloader image. of the AMD Secure Processor ASP bootloader image. Exploitation of the vulnerability could allow an attacker to, use attacker-controlled...
ROS-20241209-03
A vulnerability in the ntfs-3g utility of the NTFS-3G driver set of the NTFS-3G implementation of the NTFS file system is related to errors in the use of freed memory in ntfsuppercasembs in libntfs-3g/unistr.c. Exploitation of the vulnerability could allow an attacker to potentially cause a file...
ROS-20241205-02
A vulnerability in the drmfileupdatepid function in the drivers/gpu/drm/drmfile.c module of the kernel video driver of the of the Linux operating system is related to the reuse of previously freed memory due to competitive resource access race condition. competitive access to the resource race...
ROS-20241205-01
The vulnerability of the asm-bug component of the Linux operating system kernel is related to incorrect error handling in arch/arm64/include/asm/asm-bug.h. Exploitation of the vulnerability could allow an attacker to cause a denial of denial of service A vulnerability in the sr component of the...
ROS-20241204-02
Vulnerability in the ca8210 component of the Linux operating system kernel is related to a memory leak in the function ca8210asyncxmitcomplete in drivers/net/ieee802154/ca8210.c. Exploitation of the vulnerability could allow an an attacker to cause a denial of service A vulnerability in the max97...
ROS-20241204-01
A vulnerability in the libstub component of the Linux kernel is related to the use of an uninitialized resource in the uninitialized resource in the efifree function in drivers/firmware/efi/libstub/fdt.c. Exploitation of the of the vulnerability could allow an attacker to cause a denial of servic...
ROS-20241203-08
Vulnerability in Nextcloud cloud storage creation and utilization software Server is related to the ability to download larger-than-expected websites to find Open-Graph data. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information A...
ROS-20241203-14
Squid proxy server vulnerability is related to errors in input data processing. Exploitation of the vulnerability could allow a remote attacker to cause a denial of service by sending specially crafted ESI packets. specially crafted ESI packets...
ROS-20241203-15
Go programming language vulnerability is related to errors in handling whitespace characters in context JavaScript. Exploitation of the vulnerability could allow a remote attacker to affect the confidentiality, integrity, and availability of protected information. affect the confidentiality,...
ROS-20241203-13
Vulnerability of OpenDMARC e-mail authentication and analysis software is related to null pointer dereferencing in OpenDMARC/libopendmarc/opendmarcpolicy.c. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20241203-12
A vulnerability in the implementation of the HSTS HTTP Strict Transport Security mechanism of the curl command line utility exists due to a bug in the implementation of the HSTS cache. Exploitation of the vulnerability could allow an attacker, acting remotely to conduct a man-in-the-middle attack...
ROS-20241203-16
A vulnerability in the ash.c file of the BusyBox set of UNIX command-line utilities is related to writing outside the buffer boundary in memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute an arbitrary code using specially crafted data. arbitrary code usin...
ROS-20241203-21
The vulnerability of drawio diagramming software is related to improper neutralization of the of special elements used in the OS command. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary commands...
ROS-20241203-22
The vulnerability in the Puppet Agent launcher app is due to the fact that the app silently ignores the settings of the Augeas before the first synchronization of the plugin. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A vulnerability in...
ROS-20241203-09
A vulnerability in the gsocks4aproxy.c component of the Glib library is associated with an overshoot by one error. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20241203-20
Apache Ivy package manager vulnerability is related to incorrect path name restriction to a directory with a restricted directory. Exploitation of the vulnerability could allow an attacker acting remotely, gain unauthorized access to the file system Apache Ivy package manager vulnerability is...
ROS-20241203-18
An open source RDP server vulnerability is related to ineffective operation of the configuration parameter, that limits the maximum number of login attempts. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...