7184 matches found
ROS-20240506-02
A vulnerability in the Glib library is related to GVariant deserialization. Exploitation of the vulnerability could allow an attacker to cause a denial of service Vulnerability of Glib library function gbytearraynewtake is related to buffer copying without checking the the size of the input data...
ROS-20240506-01
A vulnerability in the libexpat XML parser library is related to incorrect restriction of XML references to external objects. XML references to external objects. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service by transmitting specially crafte...
ROS-20240503-12
Vulnerability in administration console of cross-platform real-time collaboration server Openfire is related to a path traversal capability. Exploitation of the vulnerability could allow an attacker, acting remotely to escalate their privileges...
ROS-20240503-02
Vulnerability of HTTP/2 protocol implementation is related to the possibility of forming a stream of requests within an already established network connection without opening new network connections and without confirming receipt of requests. The vulnerability of the HTTP/2 protocol implementatio...
ROS-20240503-04
A vulnerability in the mbedtlsx509setextension function of the Mbed TLS software is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service A vulnerability in the PSA Crypto API of the Mbed TLS and Mbed Crypto...
ROS-20240503-13
A vulnerability in the PSA Crypto API of the Mbed TLS and Mbed Crypto software is related to a insufficient spatial separation. Exploitation of the vulnerability could allow an attacker to have an impact the confidentiality, integrity, and availability of data Vulnerability in the...
ROS-20240503-07
A vulnerability in the Microsoft .NET software platform is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20240503-09
Vulnerability in the IPv6 implementation of the container isolation software tool Moby is related to disclosure of information in an erroneous data area. Exploitation of the vulnerability could allow an attacker to obtain sensitive information...
ROS-20240503-05
Microsoft Visual Studio Codef source code editor vulnerability is related to flaws in access control. access. Exploitation of the vulnerability could allow an attacker acting remotely to elevate his or her privileges...
ROS-20240503-01
A vulnerability in the Web Audio component of Microsoft Edge and Google Chrome browsers is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely, execute arbitrary code A vulnerability in the Skia graphics library of Google Chro...
ROS-20240503-08
Vulnerability in the ECDSA private key signature generation component of the client software for various Putty remote access protocols is related to the possibility of secret key recovery. key. Exploitation of the vulnerability could allow a remote intruder to hijack a session by recovering the...
ROS-20240503-16
A vulnerability in the PSA Crypto API of the Mbed TLS and Mbed Crypto software is related to a insufficient spatial separation. Exploitation of the vulnerability could allow an attacker to have an impact the confidentiality, integrity, and availability of data Vulnerability in the...
ROS-20240503-03
A vulnerability in the Containerd container runtime environment is related to a flaw in the authentication procedure. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information. information...
ROS-20240503-06
Vulnerability in the GLPI request and incident handling system related to incorrect input neutralization during web page creation. during the creation of a web page. Exploitation of the vulnerability could allow an attacker acting remotely, perform an XSS attack...
ROS-20240503-15
A vulnerability in the PSA Crypto API of the Mbed TLS and Mbed Crypto software is related to a insufficient spatial separation. Exploitation of the vulnerability could allow an attacker to have an impact the confidentiality, integrity, and availability of data Vulnerability in the...
ROS-20240503-11
Vulnerability of OpenSSL library EVPPKEYpubliccheck function is related to uncontrolled resource consumption. resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service DoS. denial of service DoS...
ROS-20240503-14
A vulnerability in the PSA Crypto API of the Mbed TLS and Mbed Crypto software is related to a insufficient spatial separation. Exploitation of the vulnerability could allow an attacker to have an impact the confidentiality, integrity, and availability of data Vulnerability in the...
ROS-20240503-10
Vulnerability of iconv function of glibc system library is related to possibility of writing beyond buffer boundaries in memory. Exploitation of the vulnerability could allow a remote attacker to potentially execute arbitrary code by injecting a specially crafted PHP file...
ROS-20240503-17
A vulnerability in the PSA Crypto API of the Mbed TLS and Mbed Crypto software is related to a insufficient spatial separation. Exploitation of the vulnerability could allow an attacker to have an impact the confidentiality, integrity, and availability of data Vulnerability in the...
ROS-20240426-01
A vulnerability in the pesign daemon of the systemd service initialization and management subsystem is related to the ability to path traversal. Exploitation of the vulnerability could allow an attacker to escalate his privileges...
ROS-20240426-02
A vulnerability in the Microsoft .NET software platform is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20240426-03
A vulnerability in the pesign daemon of the systemd service initialization and management subsystem is related to the ability to path traversal. Exploitation of the vulnerability could allow an attacker to escalate his privileges...
ROS-20240425-02
A vulnerability in the GNU Tar archiver is related to improper handling of extension attributes in the PAX archive. Exploitation of the vulnerability could allow an attacker acting remotely to transmit special data to the application and cause a denial of service. special data to the application...
ROS-20240425-06
A vulnerability in the util-linux package of the Linux operating system is related to incorrect privilege assignment. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to passwords or change a user's clipboard using the setgid command. access to...
ROS-20240425-01
Vulnerability of Apache HTTP Server web server in the part of HTTP/2 protocol implementation is related to uncontrolled resource consumption due to incorrect header termination detection during CONTINUATION frame processing. CONTINUATION frames. Exploitation of the vulnerability could allow an...
ROS-20240425-05
A vulnerability in the systemctl status command of the Systemd service initialization and management subsystem is related to access control flaws. Exploitation of the vulnerability could allow an attacker to gain access to confidential data, compromise its integrity, and cause a denial of service...
ROS-20240425-08
The OpenSearch software family vulnerability is related to a bug in the parser where an input string of small size can cause it to use an undefined amount of memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20240425-07
A vulnerability in the Git distributed version control system is related to the ability to create the folder "C:.git." Exploitation of the vulnerability could allow an attacker to run arbitrary commands...
ROS-20240425-04
A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection negotiation process and remove an arbitrary number of SSH service messages. during the connection negotiation process and cause an arbitrary number of SSH service...
ROS-20240425-03
Vulnerability in the node::http2::Http2Session::Http2Session HTTP/2-server function of the software platform Node.js is related to uncontrolled resource consumption as a result of incorrect definition of the end of the header when processing CONTINUATION frames. Exploitation of the vulnerability...
ROS-20240423-12
A vulnerability in the libreswan software is related to the fact that in some IKEv2 scenarios retransmit a connection configured to use PreSharedKeys authby=secret and this connection fails to can't find the corresponding customized secret. Exploiting the vulnerability could allow an attacker,...
ROS-20240423-09
A vulnerability in the espdonodma function in hw/scsi/esp.c of the QEMU hardware emulator is related to a buffer overflow via the TI command when the expected length of a non-DMA transfer is less than the length of the available FIFO data. Exploitation of the vulnerability could allow an attacker...
ROS-20240423-02
Vulnerability of gnew0 function of Libvirt virtualization management library is related to incorrect checking of negative array length before memory allocation. checking for negative array length before allocating memory. Exploitation of the vulnerability could allow an attacker to cause a denial...
ROS-20240423-10
Unbound's DNS server vulnerability is related to an incorrect session expiration date. Exploiting the vulnerability allows a remote attacker to gain access to confidential data Unbound DNS server vulnerability is related to insufficient input data validation. Exploitation of the vulnerability cou...
ROS-20240423-04
A vulnerability in the libreswan software is related to the fact that in some IKEv2 scenarios retransmit a connection configured to use PreSharedKeys authby=secret and this connection fails to can't find the corresponding customized secret. Exploiting the vulnerability could allow an attacker,...
ROS-20240423-06
Envoy proxy vulnerability is due to the fact that regular expressions are compiled for each request and can lead to high CPU utilization and increased request latency. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. The Envoy proxy...
ROS-20240423-05
The FreeIpa server kinit command context vulnerability is related to sending HTTP requests with parameters, that can be interpreted as command arguments to kinit. Exploitation of the vulnerability could Allow an attacker acting remotely to cause a denial of service to the system...
ROS-20240423-08
A vulnerability in the Open vSwitch OvS software multilayer switch allows ICMPv6 packets to announce neighbors between virtual machines to bypass OpenFlow rules. Exploitation of the vulnerability could allow an attacker, to create special packets with a modified or spoofed target IP address field...
ROS-20240423-11
A vulnerability in the Libvirt virtualization management daemon is related to memory re-release. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data, compromise its integrity, and cause a denial of service. integrity, and cause a denial of service...
ROS-20240423-07
The aiohttp HTTP client vulnerability is related to an incorrect restriction of the path name to a directory with restricted access. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information The aiohttp HTTP client vulnerability...
ROS-20240423-03
Vulnerability in the /krb5/src/lib/rpc/pmaprmt.c component of the Kerberos network protocol implementation is related to memory freeing errors. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service Vulnerability in component...
ROS-20240423-01
Apache HTTP Server vulnerability is related to blocking HTTP/2 connection processing if it was opened with 0 initial sliding window size. was opened with the initial sliding window size set to 0. Exploitation of the vulnerability could Allow an attacker acting remotely to cause a denial of servic...
ROS-20240422-04
A vulnerability in the JpegEncoder::Encode function of the libheif file format decoder and encoder is related to a memory leak. memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service...
ROS-20240422-02
The pkcs12.serializekeyandcertificates function vulnerability is invoked with both a certificate whose public key which did not match the provided private key, and with a hmachash certificate set PrivateFormat.PKCS12.encryptionbuilder.hmachash..., which may have caused the pointer to be...
ROS-20240422-09
Apache Tomcat application server vulnerability is related to incomplete cleanup of temporary or auxiliary resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service...
ROS-20240422-07
A vulnerability in the Iperf3 network bandwidth measurement tool is related to the fact that a client can send less than the expected amount of data to the iperf server, which could cause the server to will indefinitely wait for the remainder or until the connection is is closed. Exploitation of...
ROS-20240422-06
A vulnerability in the h.265 Libde265 video codec implementation is related to the size of allocated memory exceeding the the maximum supported size 0x100000000000000. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service...
ROS-20240422-03
The Eclipse Jetty servlet container vulnerability is related to the fact that an established HTTP/2 SSL connection and a overloaded TCP will reload when the set time expires. Exploitation of the vulnerability could allow an attacker acting remotely to cause a state where a server could run out of...
ROS-20240422-08
A vulnerability in the TC flower packet management filter of the software-defined multi-tiered Open vSwitch OvS switch is related to flaws in the handling of exceptional states resulting from an incorrect validation of Geneve packet metadata. incorrect validation of Geneve packet metadata...
ROS-20240422-01
Vulnerability in the OpenSC smart card software toolkit and libraries is related to a bug in the AuthentIC driver and occurs during card registration using pkcs15-init. a bug in the AuthentIC driver and occurs during the card registration process using pkcs15-init, when a user or administrator...