ROS-20240423-05

The FreeIpa server kinit command context vulnerability is related to sending HTTP requests with parameters, that can be interpreted as command arguments to kinit. Exploitation of the vulnerability could Allow an attacker acting remotely to cause a denial of service to the system...

ROS-20240423-08

A vulnerability in the Open vSwitch OvS software multilayer switch allows ICMPv6 packets to announce neighbors between virtual machines to bypass OpenFlow rules. Exploitation of the vulnerability could allow an attacker, to create special packets with a modified or spoofed target IP address field...

ROS-20240423-03

Vulnerability in the /krb5/src/lib/rpc/pmaprmt.c component of the Kerberos network protocol implementation is related to memory freeing errors. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service Vulnerability in component...

ROS-20240423-07

The aiohttp HTTP client vulnerability is related to an incorrect restriction of the path name to a directory with restricted access. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information The aiohttp HTTP client vulnerability...

ROS-20240423-11

A vulnerability in the Libvirt virtualization management daemon is related to memory re-release. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data, compromise its integrity, and cause a denial of service. integrity, and cause a denial of service...

ROS-20240423-01

Apache HTTP Server vulnerability is related to blocking HTTP/2 connection processing if it was opened with 0 initial sliding window size. was opened with the initial sliding window size set to 0. Exploitation of the vulnerability could Allow an attacker acting remotely to cause a denial of servic...

ROS-20240422-04

A vulnerability in the JpegEncoder::Encode function of the libheif file format decoder and encoder is related to a memory leak. memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service...

ROS-20240422-09

Apache Tomcat application server vulnerability is related to incomplete cleanup of temporary or auxiliary resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service...

ROS-20240422-02

The pkcs12.serializekeyandcertificates function vulnerability is invoked with both a certificate whose public key which did not match the provided private key, and with a hmachash certificate set PrivateFormat.PKCS12.encryptionbuilder.hmachash..., which may have caused the pointer to be...

ROS-20240422-07

A vulnerability in the Iperf3 network bandwidth measurement tool is related to the fact that a client can send less than the expected amount of data to the iperf server, which could cause the server to will indefinitely wait for the remainder or until the connection is is closed. Exploitation of...

ROS-20240422-06

A vulnerability in the h.265 Libde265 video codec implementation is related to the size of allocated memory exceeding the the maximum supported size 0x100000000000000. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service...

ROS-20240422-08

A vulnerability in the TC flower packet management filter of the software-defined multi-tiered Open vSwitch OvS switch is related to flaws in the handling of exceptional states resulting from an incorrect validation of Geneve packet metadata. incorrect validation of Geneve packet metadata...

ROS-20240422-03

The Eclipse Jetty servlet container vulnerability is related to the fact that an established HTTP/2 SSL connection and a overloaded TCP will reload when the set time expires. Exploitation of the vulnerability could allow an attacker acting remotely to cause a state where a server could run out of...

ROS-20240422-01

Vulnerability in the OpenSC smart card software toolkit and libraries is related to a bug in the AuthentIC driver and occurs during card registration using pkcs15-init. a bug in the AuthentIC driver and occurs during the card registration process using pkcs15-init, when a user or administrator...

ROS-20240422-05

The golang package vulnerability is related to errors returned from MarshalJSON methods containing data, controlled by the user. Exploitation of the vulnerability could allow an attacker acting remotely, exploit these errors to disrupt the contextual behavior of the automatic output of the packag...

ROS-20240418-01

Unbound DNS server vulnerability is related to execution of a loop with an unreachable exit condition. Exploitation The vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20240418-02

Vulnerabilities in Microsoft .NET Framework, .NET software platforms, and Microsoft Visual Studio software development tool are related to security settings errors. Microsoft Visual Studio software development tool is related to errors in security settings. Exploitation vulnerability could allow ...

ROS-20240418-03

A vulnerability in the underlying authentication system of the Grafana web presentation tool is related to flaws in the authorization mechanism when processing the verifyemailenabled parameter. Exploitation of the vulnerability could allow an attacker acting remotely to bypass email verification...

ROS-20240418-05

A vulnerability in the Xreader e-document viewer software is related to the lack of failure to properly validate a user-entered string before using it to make a system call. call. Exploitation of the vulnerability could allow an attacker to execute arbitrary code A vulnerability in the Xreader...

ROS-20240418-08

A vulnerability in the Browserify-sign cryptographic functionality duplication package is related to the upper bound check in the dsaVerify function. Exploitation of the vulnerability could allow an attacker, acting remotely, to create signatures that can be successfully verified by any public ke...

ROS-20240418-04

The exfatprogs user-space utility vulnerability is related to allowing memory accesses outside the boundaries, such as in readfiledentryset. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20240418-07

A vulnerability in the idxd: component of the Linux operating system kernel is related to pasid writing when the device. Exploitation of the vulnerability could allow an attacker to impact the integrity of the protected information A vulnerability in the nftables: component of the Linux kernel is...

ROS-20240418-06

The Containerd container runtime vulnerability is related to a flaw that causes additional groups are not properly configured within the container. Exploitation of the vulnerability could allow An attacker to gain unauthorized access to protected information or execute arbitrary code A...

ROS-20240415-03

Vulnerability of aprbase64 function of Apache Portable Runtime APR library is related to the ability to to write outside the buffer, act remotely, execute arbitrary code...

ROS-20240415-04

Wireshark computer network traffic analyzer vulnerability related to memory leak in USB dissector HID. Exploitation of the vulnerability could allow an attacker acting remotely to perform a denial of denial of service...

ROS-20240415-01

A vulnerability in the jbig2error function of the jbig2.c file of the Jbig2dec image compression format decoder is related to the SEGV vulnerability. SEGV vulnerability. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20240415-02

Vulnerability of udevListInterfacesByStatus function in module src/interface/interfacebackendudev.c of libvirt library is caused by an off-by-one error. module of the libvirt library has an off-by-one error. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20240412-05

A vulnerability in the gfisomnewgenericsampledescription function of the GPAC multimedia platform is related to the buffer copying without checking the input size. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20240412-02

A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection negotiation process and remove an arbitrary number of SSH service messages. during the connection negotiation process and cause an arbitrary number of SSH service...

ROS-20240412-01

Vulnerability of authfile.c file of memcached data caching software is related to buffer overflow in dynamic memory. buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker to cause a denial of denial of service using a specially crafted authentication file...

ROS-20240412-06

A vulnerability in the OpenSSL library's implementation of the SM2 cryptographic algorithm is related to buffer copying without checking the size of the input data. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code by transmitting specially crafte...

ROS-20240412-07

A vulnerability in the tiffreadrgbatileext function of the LibTIFF library is related to writing beyond buffer boundaries in the memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. denial of service...

ROS-20240412-04

A vulnerability in Salt's configuration management and remote execution system is related to the copying a script along a predictable path. Exploitation of the vulnerability could allow an attacker, acting remotely to run their own script. A vulnerability in the symbolic.py component of the Pytho...

ROS-20240412-03

Atril document viewer vulnerability is related to incorrect path restriction to a restricted directory. Exploitation of the vulnerability could allow an attacker to write arbitrary files anywhere in the file system...

ROS-20240411-02

The Etcd configuration parameter store vulnerability is related to sending an authentication request to the etcdserver with a username and password. Exploitation of the vulnerability could allow an attacker, acting remotely to escalate their privileges...

ROS-20240411-09

A vulnerability in the bsonutf8validate function of the MongoDB database management system is related to a loop with an unreachable exit condition. unreachable exit condition. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service...

ROS-20240411-08

The Jenkins Automation Server vulnerability involves the creation of temporary files with insecure permissions. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to read, modify, or delete files A vulnerability in the args4j library of the Jenkins Git server...

ROS-20240411-07

A vulnerability in the UEFI shim bootloader is related to errors in the MZ binary format. Exploitation of the vulnerability could allow an attacker to cause a denial of service The shim UEFI bootloader vulnerability is related to out-of-bounds read errors when attempting to check the SBAT...

ROS-20240411-11

A vulnerability in the bsonutf8validate function of the MongoDB database management system is related to a loop with an unreachable exit condition. unreachable exit condition. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service...

ROS-20240411-05

The vulnerability of the eval function of the ImageMath module of the Pillow image manipulation library is related to incorrect control of code generation when processing the environment parameter. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20240411-10

A vulnerability in the bsonutf8validate function of the MongoDB database management system is related to a loop with an unreachable exit condition. unreachable exit condition. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service...

ROS-20240411-03

A vulnerability in the bsonutf8validate function of the MongoDB database management system is related to a loop with an unreachable exit condition. unreachable exit condition. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service...

ROS-20240411-04

Vulnerability of sessionReadRecord function of ext/session/sqlite3session.c file of database management system SQLite is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely to affect confidentiality, integrity, and availability...

ROS-20240411-01

A vulnerability in the modauthzsvn module of the Subversion centralized version control system is related to incorrectly handling requests for non-existent URLs. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20240411-12

A vulnerability in the bsonutf8validate function of the MongoDB database management system is related to a loop with an unreachable exit condition. unreachable exit condition. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service...

ROS-20240411-06

A vulnerability in the xmalloc in function of the openvswitch module is related to a lack of memory release after an effective lifetime. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service...

ROS-20240410-05

The vulnerability of the Moby containerization software tool is related to the lack of validation of received requests. no validation of received requests. Exploitation of the vulnerability could allow an intruder, acting remotely, to gain unauthorized access to protected information...

ROS-20240410-11

The vulnerability of the Grub2 operating system boot loader is related to incomplete clearing of temporary or auxiliary resources. Exploitation of the vulnerability could allow an attacker to cause a denial of denial of service...

ROS-20240410-12

The vulnerability in the SAML PySAML2 standard is related to the XML signature packaging variant, as it does not validate the SAML document against the XML schema. Exploitation of the vulnerability could allow an attacker, remotely bypass signature validation and gain access to protected informat...

ROS-20240410-15

A vulnerability in the vim text editor is related to the call to sprintf to write to an error buffer, which is passed to the option callback functions. Exploitation of the vulnerability could allow an attacker to cause a denial of service...