8110 matches found
ROS-20241021-06
A vulnerability in the ASGI Starlette toolkit for creating asynchronous Python web services is related to the following the ability for a remote unauthenticated user to view files in a web service. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensiti...
ROS-20241021-10
The vulnerability of the SI library for asynchronous DNS c-ares queries is related to failure to take measures to protect the structure of a web page. the structure of the web page. Exploitation of the vulnerability could allow an attacker acting remotely, gain access to sensitive data, compromis...
ROS-20241021-09
A vulnerability in the ntfs3 component of the Linux operating system kernel is related to read errors outside the bounds in the ntfslistea function in fs/ntfs3/xattr.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the qedr component of...
ROS-20241021-02
GNOME Project G libgsf structured file library vulnerability is related to heap-based integer overflow during processing of sector allocation table. heap-based integers when processing the sector allocation table. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...
ROS-20241021-01
A vulnerability in the XML toolkit for Ruby REXML is related to parsing XML containing a large number of characters. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service The Ruby REXML XML toolkit vulnerability is related to parsing XML containing a...
ROS-20241021-03
Vulnerability of the tic4xprintcond function of the opcodes/tic4x-dis.c component of the GNU development tool Binutils is related to memory initialization errors. Exploitation of the vulnerability allows an attacker, acting remotely, to gain access to confidential data...
ROS-20241021-05
Vulnerability in Sentry SDK real-time crash reporting software is related to a leak of sensitive cookie values. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information...
ROS-20241021-04
A vulnerability in the Dovecot mail server is related to the fact that the application does not control the consumption of internal resources properly when parsing too large email headers. internal resources properly when parsing excessively large email headers. Exploitation of the vulnerability...
ROS-20241017-09
Vulnerability of the alistadd function of the vim text editor is related to memory usage after its after it has been freed. Exploitation of the vulnerability could allow an attacker to execute arbitrary autocommands Vulnerability of instypebuf function of vim text editor is related to buffer...
ROS-20241017-15
A vulnerability in the Hotspot component of Oracle GraalVM Enterprise Edition virtual machines, Oracle GraalVM for JDK and Oracle Java SE software platform is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to...
ROS-20241017-14
A vulnerability in the Hotspot component of Oracle GraalVM Enterprise Edition virtual machines, Oracle GraalVM for JDK and Oracle Java SE software platform is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to...
ROS-20241017-11
A vulnerability in the Hotspot component of Oracle GraalVM Enterprise Edition virtual machines, Oracle GraalVM for JDK and Oracle Java SE software platform is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to...
ROS-20241017-10
Dovecot mail server vulnerability is related to unrestricted resource allocation. Exploitation The vulnerability could allow an attacker acting remotely to perform a denial of service...
ROS-20241017-16
A vulnerability in the Hotspot component of Oracle GraalVM Enterprise Edition virtual machines, Oracle GraalVM for JDK and Oracle Java SE software platform is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to...
ROS-20241017-07
Apache Portable Runtime library vulnerability is related to the ability to read named shared memory segments. memory. Exploitation of the vulnerability could allow an attacker for a critical resource to gain access to sensitive information...
ROS-20241017-04
A vulnerability in the Microsoft .NET software platform involves inefficient algorithmic complexity. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A vulnerability in the Microsoft .NET software platform is related to post-release memory...
ROS-20241017-05
A vulnerability in the Redis database management system DBMS is related to a stack-based buffer overflow. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code by injecting a specially crafted lua script Redis database management system DBMS vulnerability is...
ROS-20241017-18
Vulnerability in the 'http.cookies' standard library module of the Python programming language interpreter CPython is related to inefficient regular expression complexity. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20241017-08
Vulnerability in the 'http.cookies' standard library module of the Python programming language interpreter CPython is related to inefficient regular expression complexity. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
ROS-20241017-06
A vulnerability in the PeCoffLoaderRelocateImage function of the Tianocore EDK2 library is related to the invocation of memory corruption memory due to overflow through a contiguous network. Exploitation of the vulnerability allows an attacker acting remotely to gain unauthorized access to...
ROS-20241017-03
Vulnerability of toremote function scp.c of OpenSSH cryptographic protection tool exists due to failure to take measures to neutralize special elements used in the operating system command. Exploitation of the vulnerability could allow an attacker acting remotely to execute an arbitrary command...
ROS-20241017-02
Vulnerability in the "CONNECT", "DISCONNECT", "DISCONNECT", "SUBSCRIBE", "UNSUBSCRIBE" and "PUBLISH" components of the message broker Eclipse Mosquitto is related to segmentation errors. Exploitation of the vulnerability could allow an attacker, acting remotely, to gain access to sensitive...
ROS-20241017-01
A vulnerability in the golang package of the Debian GNU/Linux operating system is related to incorrect control of code generation. code generation. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code A vulnerability in the Golang programming languag...
ROS-20241016-01
Vulnerability of nvmet-tcp component of Linux kernel is related to dereferencing of NULL pointer in the nvmettcpinstallqueue function in drivers/nvme/target/tcp.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service Vulnerability in iwldeallocucode function in...
ROS-20241016-02
A vulnerability in the nilfs2 component of the Linux kernel is related to information disclosure in the functions nilfspreparesegmentforrecovery, nilfsrecoverycopyblock, and nilfsrecoverdsyncblocks in the fs/nilfs2/recovery.c. Exploitation of the vulnerability could allow an attacker to gain acce...
ROS-20241015-15
A vulnerability in the PHP programming language interpreter exists due to a failure to take measures to neutralize the special elements. Exploitation of the vulnerability could allow an attacker acting remotely to Affect the confidentiality, integrity, and availability of protected information...
ROS-20241015-14
A vulnerability in the PHP programming language interpreter exists due to a failure to take measures to neutralize the special elements. Exploitation of the vulnerability could allow an attacker acting remotely to Affect the confidentiality, integrity, and availability of protected information...
ROS-20241015-07
Vulnerability in HashiCorp's Vault and Vault Enterprise enterprise information archiving platforms is related to errors in applying policies related to the converged encryption feature. Exploitation of the of the vulnerability could allow an attacker acting remotely to decrypt arbitrary encrypted...
ROS-20241015-13
A vulnerability in the libceph component of the Linux kernel is related to incorrect input validation of the in the getreply and prepnextsparseread functions in net/ceph/osdclient.c, in the decrypttail and preparereadtailplain in net/ceph/messengerv2.c, in sizeoffooter, readpartialsparsemsgdata,...
ROS-20241015-09
A vulnerability in the Golang programming language is related to the lack of value cleanup. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...
ROS-20241015-08
A vulnerability in the Jenkins Automation Server is related to an issue with item creation constraint bypass. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the restrictions and create a temporary item The Jenkins Automation Server vulnerability exists because...
ROS-20241015-02
The vulnerability in the Xen hypervisor is related to a logic error caused by branch type confusion when implementing an of early patches. Exploitation of the vulnerability could allow an attacker to gain access to sensitive information and escalate privileges on the system...
ROS-20241015-01
Vulnerability in the Image Element Handler component of the Haskell library for conversion from markup formats Pandoc is related to the provision of a specially crafted image element as input when creating files using the --extract-media parameter or outputting to PDF. file creation using the...
ROS-20241015-12
A vulnerability in the tunnels component of the Linux operating system kernel is related to read errors outside the bounds in the iptunnelpmtudbuildicmpv6 function in net/ipv4/iptunnelcore.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in...
ROS-20241015-11
A vulnerability in the PHP programming language interpreter exists due to a failure to neutralize special elements. special elements. Exploitation of the vulnerability could allow an attacker acting remotely to Affect the confidentiality, integrity, and availability of protected information...
ROS-20241015-10
The vulnerability of the checkbyssh.c component of the Nagios-plugins monitoring system plugin set is related to the following failure to take measures to neutralize special elements used in operating system commands. Exploitation of the vulnerability could allow an attacker acting remotely to...
ROS-20241015-05
Nano text editor vulnerability is related to temporary file handling errors. Exploitation exploitation of the vulnerability could allow an attacker to affect data integrity...
ROS-20241015-06
A vulnerability in the OpenJPEG image encoding and decoding library is associated with uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
ROS-20241015-04
A vulnerability in the Hotspot component of Oracle GraalVM Enterprise Edition virtual machines, Oracle GraalVM for JDK and Oracle Java SE software platform is related to incorrect resource clearing or release. Exploitation of the vulnerability could allow an attacker acting remotely to cause a...
ROS-20241015-17
A vulnerability in the Networking component of Oracle GraalVM Enterprise Edition virtual machines, Oracle GraalVM for JDK and Oracle Java SE software platform is related to incorrect authorization. Exploitation of the vulnerability could allow an attacker acting remotely to impact data integrity ...
ROS-20241015-16
A vulnerability in the Networking component of Oracle GraalVM Enterprise Edition virtual machines, Oracle GraalVM for JDK and Oracle Java SE software platform is related to incorrect authorization. Exploitation of the vulnerability could allow an attacker acting remotely to impact data integrity ...
ROS-20241015-03
Nomad application orchestrator vulnerability related to improper link resolution before accessing a file. Exploitation of the vulnerability could allow an attacker acting remotely, allowing an attacker to execute arbitrary code...
ROS-20241011-01
A vulnerability in the NFSD component of the Linux operating system kernel is related to a READDIR buffer overflow. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the dbgfs component of the Linux operating system kernel is related to...
ROS-20241011-02
Vulnerability of smb2probe function in drivers/power/supply/qcompmi8998charger.c module of power supply driver of Linux kernel is related to pointer dereferencing error. of the Linux kernel power supply driver is related to a pointer dereferencing error. Exploitation the vulnerability could allow...
ROS-20241009-03
A vulnerability in the ksmbd component of the Linux kernel is related to NULL pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the vcap component of the Linux operating system kernel is related to memory usage after...
ROS-20241009-02
A vulnerability exists in Firefox ESR and Firefox due to a type error when searching for a property name in the "with" block. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code Firefox browser vulnerability, Firefox ESR vulnerability is related to...
ROS-20241009-01
Vulnerability in libcmalloc component of virtuoso-opensource web application development platform is related to incorrect neutralization of special elements used in SQL command. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service by using special...
ROS-20241008-06
Vulnerability of the XTestSwapFakeInput function of the X Window System X.Org Server implementation, an implementation of the Wayland Wayland protocol for X.Org XWayland is related to writing outside buffer boundaries. Exploitation of the vulnerability allows an attacker acting remotely to gain...
ROS-20241008-03
A vulnerability in the TLS protocol implementation of Apache Tomcat application server is associated with uncontrolled consumption of resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. denial of service...
ROS-20241008-02
A vulnerability in the Portainer container management platform is related to an improperly used algorithm encryption algorithm in the AesEncrypt function. Exploitation of the vulnerability could allow an attacker acting remotely to compromise the confidentiality, integrity, and availability of...