Lucene search
K
RedosMost viewed

8162 matches found

Redos
Redos
•added 2024/08/26 12:0 a.m.•24 views

ROS-20240826-08

A vulnerability in the source/blender/imbuf/intern/dds/DirectDrawSurface.cpp component of the Blender software suite of the Blender 3D computer graphics software suite is related to an incorrect assumption about the thread size. thread size. Exploitation of the vulnerability allows an attacker...

7.8CVSS7.5AI score0.01135EPSS
Exploits0
Redos
Redos
•added 2024/08/26 12:0 a.m.•24 views

ROS-20240826-07

A vulnerability in the SafeList.preserveRelativeLinks parameter of the Java library for analyzing, retrieving, and manipulating data in HTML jsoup documents is related to failure to take measures to protect the structure of a web page. Exploitation of the vulnerability could allow an attacker to...

6.1CVSS6.1AI score0.01208EPSS
Exploits1
Redos
Redos
•added 2024/08/23 12:0 a.m.•24 views

ROS-20240823-02

A vulnerability in the Host Authorization Middleware Action Pack component of the Ruby on Rails software platform is related to the creation of "X-Forwarded-Host" headers in combination with certain "authorized host" formats. host." Exploitation of the vulnerability could allow an attacker acting...

6.1CVSS6.7AI score0.04182EPSS
Exploits0
Redos
Redos
•added 2024/08/20 12:0 a.m.•24 views

ROS-20240820-02

Vulnerability of certstorestats and getcacerts functions of ssl module of programming language interpreter Python CPython is related to synchronization errors when using a shared resource. Exploitation The exploitation of the vulnerability may allow a remote intruder to gain unauthorized access t...

7.4CVSS6.9AI score0.00804EPSS
Exploits0
Redos
Redos
•added 2024/08/15 12:0 a.m.•24 views

ROS-20240815-14

A vulnerability in the urllib.parse component of the Python programming language interpreter is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely, bypass URL blocking starting with empty characters...

7.5CVSS7AI score0.20459EPSS
Exploits3
Redos
Redos
•added 2024/08/14 12:0 a.m.•24 views

ROS-20240814-01

Vulnerability of the nftablesnewtable function of Linux kernel operating systems is related to the operation exceeding the buffer boundaries in memory. Exploitation of the vulnerability may allow an intruder to gain unauthorized access to protected information...

7.8CVSS7.1AI score0.00312EPSS
Exploits0
Redos
Redos
•added 2024/08/12 12:0 a.m.•24 views

ROS-20240812-03

The vulnerability in GLPI's asset and data center management software is related to the the injection of commands into a specific workflow that an agent would run with the privileges it uses privileges. Exploitation of the vulnerability could allow an attacker acting remotely to escalate its...

7.6CVSS7.5AI score0.00799EPSS
Exploits0
Redos
Redos
•added 2024/08/12 12:0 a.m.•24 views

ROS-20240812-02

A vulnerability in the GLPI plugin that allows the creation of custom Formcreator forms is related to the the use of FULLFORM for rendering. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary javascript code...

6.1CVSS7.7AI score0.00551EPSS
Exploits1
Redos
Redos
•added 2024/08/06 12:0 a.m.•24 views

ROS-20240806-09

Gstreamer multimedia framework vulnerability is related to stacked buffer overflow. Exploitation The vulnerability could allow a remote attacker to execute arbitrary code using specially crafted H265 encoded files. specially crafted H265 encoded files Gstreamer multimedia framework vulnerability ...

8.8CVSS7.9AI score0.02009EPSS
Exploits0
Redos
Redos
•added 2024/08/05 12:0 a.m.•24 views

ROS-20240805-07

Vulnerability of oghttp codec in the part of HTTP/2 protocol implementation of Envoy proxy server is related to the bug request reset when header size limits are exceeded as a result of missing ENDHEADERS flag when processing CONTINUATION frames. Exploitation of the vulnerability could allow an...

7.5CVSS6.8AI score0.86746EPSS
Exploits1
Redos
Redos
•added 2024/07/30 12:0 a.m.•24 views

ROS-20240730-07

A vulnerability in the PHP interpreter is related to improper input validation. Exploitation of the vulnerability could allow an attacker acting remotely to install a standard, unsafe cookie in the victim's browser. insecure cookie...

6.5CVSS7.1AI score0.49336EPSS
Exploits2
Redos
Redos
•added 2024/07/24 12:0 a.m.•24 views

ROS-20240723-02

Vulnerability in Pygments library's SMLLexer function is related to entering an infinite loop. Exploitation The vulnerability could allow an attacker acting remotely to cause a denial of service...

7.5CVSS6.7AI score0.02707EPSS
Exploits0
Redos
Redos
•added 2024/07/08 12:0 a.m.•24 views

ROS-20240708-02

A vulnerability in the TPMLPCRSELECTION functions of the source repository for Trusted Platform Module tools TPM2.0 is related to improper mapping of PCR slots, providing a misleading TPM state. Exploitation of the vulnerability could allow an attacker acting remotely to manipulate output data...

9CVSS6.7AI score0.00984EPSS
Exploits1
Redos
Redos
•added 2024/07/04 12:0 a.m.•24 views

ROS-20240704-09

Vulnerability of the chronyd daemon implementation of Network Time Protocol NTP Chrony is related to incorrect reference definition before accessing a file in /var/run/chrony directory. Exploitation the vulnerability could allow an attacker to cause a denial of service by using a specially crafte...

6CVSS6.6AI score0.00485EPSS
Exploits0
Redos
Redos
•added 2024/06/26 12:0 a.m.•24 views

ROS-20240626-10

A vulnerability in the getUnpushedChanges function of the dependency manager for PHP Composer is related to the use of the status and reinstall commands. status, reinstall and remove commands. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary command...

8.8CVSS7.7AI score0.03255EPSS
Exploits0
Redos
Redos
•added 2024/06/13 12:0 a.m.•24 views

ROS-20240613-02

The vulnerability of the RelinquishDCMInfo function of the dcm.c component of the ImageMagick console graphic editor is related to memory usage after its release. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive data, as well as cause a denial ...

7.1CVSS7.3AI score0.01113EPSS
Exploits0
Redos
Redos
•added 2024/06/11 12:0 a.m.•24 views

ROS-20240611-05

The vulnerability of the Zabbix Workstation universal monitoring system server is related to errors in input data processing. of input data. Exploitation of the vulnerability could allow a remote attacker to execute an arbitrary code by injecting a specially crafted SQL query. arbitrary code by...

9.1CVSS8.4AI score0.76618EPSS
Exploits5
Redos
Redos
•added 2024/06/07 12:0 a.m.•24 views

ROS-20240607-05

The vulnerability of the system views pgstatsext, pgstatsextexprs of the PostgreSQL DBMS is related to errors in privilege management. in privilege management. Exploitation of the vulnerability could allow an attacker acting remotely, escalate privileges...

4.3CVSS4.1AI score0.00722EPSS
Exploits0
Redos
Redos
•added 2024/06/06 12:0 a.m.•24 views

ROS-20240606-09

A vulnerability in the HTTP2 protocol implementation network/access/http2/hpacktable.cpp of the cross-platform Qt software development framework is related to an integer overflow resulting from a a change in the typical order of expressions in a conditional statement "Yoda conditions". Exploitati...

9.8CVSS6.9AI score0.00986EPSS
Exploits0
Redos
Redos
•added 2024/05/22 12:0 a.m.•24 views

ROS-20240522-02

A vulnerability in the SSSD remote authentication mechanism is related to a race condition error that causes the GPO policy is not applied consistently for authenticated users. Exploitation of the of the vulnerability could allow an attacker acting remotely to cause a denial of service...

7.1CVSS6.8AI score0.01033EPSS
Exploits1
Redos
Redos
•added 2024/05/21 12:0 a.m.•24 views

ROS-20240521-03

Vulnerability in DecodeConfig component of Golang programming language is related to uncontrolled consumption of resources. resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial-of-service condition. denial of service...

9.8CVSS7AI score0.01869EPSS
Exploits0
Redos
Redos
•added 2024/05/07 12:0 a.m.•24 views

ROS-20240507-04

A vulnerability in the Temp File Handler component of rc is related to the creation of temporary files. Exploitation The exploitation of the vulnerability may allow an intruder to gain unauthorized access to protected information...

7.5CVSS6.9AI score0.01317EPSS
Exploits0
Redos
Redos
•added 2024/05/03 12:0 a.m.•24 views

ROS-20240503-08

Vulnerability in the ECDSA private key signature generation component of the client software for various Putty remote access protocols is related to the possibility of secret key recovery. key. Exploitation of the vulnerability could allow a remote intruder to hijack a session by recovering the...

5.9CVSS6.5AI score0.05773EPSS
Exploits0
Redos
Redos
•added 2024/04/25 12:0 a.m.•24 views

ROS-20240425-03

Vulnerability in the node::http2::Http2Session::Http2Session HTTP/2-server function of the software platform Node.js is related to uncontrolled resource consumption as a result of incorrect definition of the end of the header when processing CONTINUATION frames. Exploitation of the vulnerability...

8.2CVSS7.9AI score0.87211EPSS
Exploits1
Redos
Redos
•added 2024/04/25 12:0 a.m.•24 views

ROS-20240425-08

The OpenSearch software family vulnerability is related to a bug in the parser where an input string of small size can cause it to use an undefined amount of memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

7.5CVSS7AI score0.01449EPSS
Exploits1
Redos
Redos
•added 2024/04/23 12:0 a.m.•24 views

ROS-20240423-10

Unbound's DNS server vulnerability is related to an incorrect session expiration date. Exploiting the vulnerability allows a remote attacker to gain access to confidential data Unbound DNS server vulnerability is related to insufficient input data validation. Exploitation of the vulnerability cou...

6.5CVSS6.8AI score0.0085EPSS
Exploits0
Redos
Redos
•added 2024/04/12 12:0 a.m.•24 views

ROS-20240412-07

A vulnerability in the tiffreadrgbatileext function of the LibTIFF library is related to writing beyond buffer boundaries in the memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. denial of service...

7.5CVSS6.8AI score0.02187EPSS
Exploits0
Redos
Redos
•added 2024/04/10 12:0 a.m.•24 views

ROS-20240410-23

A vulnerability in the opencryptoki package is related to the processing of RSA PKCS1 augmented ciphertexts. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information...

5.9CVSS7.1AI score0.00878EPSS
Exploits0
Redos
Redos
•added 2024/04/10 12:0 a.m.•24 views

ROS-20240410-14

A vulnerability in the Django web application software platform is associated with uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

7.5CVSS7.1AI score0.01606EPSS
Exploits0
Redos
Redos
•added 2024/04/10 12:0 a.m.•24 views

ROS-20240410-19

The MinIO object storage server vulnerability is related to flaws in access differentiation based on the UpdateServiceAccountAdminAction policy. Exploitation of the vulnerability could allow an attacker, acting remotely to escalate their privileges...

8.8CVSS7.5AI score0.34086EPSS
Exploits4
Redos
Redos
•added 2024/04/10 12:0 a.m.•24 views

ROS-20240410-12

The vulnerability in the SAML PySAML2 standard is related to the XML signature packaging variant, as it does not validate the SAML document against the XML schema. Exploitation of the vulnerability could allow an attacker, remotely bypass signature validation and gain access to protected informat...

6.5CVSS7.2AI score0.01078EPSS
Exploits0
Redos
Redos
•added 2024/04/09 12:0 a.m.•24 views

ROS-20240409-14

A vulnerability in the protectdir pamnamespace.so function of the Linux-PAM authentication module is related to incorrect cleanup or release of resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

5.5CVSS7.3AI score0.00455EPSS
Exploits1
Redos
Redos
•added 2024/04/09 12:0 a.m.•24 views

ROS-20240409-16

MariaDB spiderdbmbase::printwarnings function vulnerability is related to pointer dereferencing errors. pointer dereferencing errors. Exploitation of the vulnerability allows a remote intruder to cause a denial of service. service...

6.5CVSS7.2AI score0.01486EPSS
Exploits0
Redos
Redos
•added 2024/04/08 12:0 a.m.•24 views

ROS-20240408-09

GdkPixbuf image loading library vulnerability is related to writing beyond buffer boundaries. Exploitation exploitation of the vulnerability could allow a remote attacker to gain access to sensitive data, compromise its integrity, and cause a denial of service via a specially crafted GIF file. A...

8.8CVSS7.8AI score0.02346EPSS
Exploits0
Redos
Redos
•added 2024/04/05 12:0 a.m.•24 views

ROS-20240405-02

Vulnerability in the urllib3 module of the Python programming language interpreter is related to the lack of protection of the of service data. Exploitation of the vulnerability could allow an attacker acting remotely to reveal protected information...

8.1CVSS7.9AI score0.01207EPSS
Exploits0
Redos
Redos
•added 2024/04/04 12:0 a.m.•24 views

ROS-20240404-11

A vulnerability in the libcapstrdup function of the Libcap package is related to an overflow if the input string is close to 4 GB. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

7.8CVSS7AI score0.00574EPSS
Exploits1
Redos
Redos
•added 2024/04/03 12:0 a.m.•24 views

ROS-20240403-15

Vulnerability of alloca and strdup functions of Systemd service initialization and management subsystem is related to uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in systemd-tmpfiles of the Systemd...

6.1CVSS7.1AI score0.0865EPSS
Exploits4
Redos
Redos
•added 2024/04/02 12:0 a.m.•24 views

ROS-20240402-06

Vulnerability in the password protection mechanism of the Grub2 boot loader is related to the bypass of authentication by spoofing. Exploitation of the vulnerability could allow an attacker to bypass established access control...

6.8CVSS6.9AI score0.00542EPSS
Exploits0
Redos
Redos
•added 2024/03/13 12:0 a.m.•24 views

ROS-2-871

2.871 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability could...

8.8CVSS9.6AI score0.03582EPSS
Exploits1
Redos
Redos
•added 2024/03/13 12:0 a.m.•24 views

ROS-2-1162

2.1162 Open redirect in aiohttp CVE-2021-21330 1. Vulnerability Description: Vulnerability allows cross-site scripting and bypass of security restrictions.Identifier of the Information Security Threats Data Bank of the FSTEC of Russia: BDU:2021-01528 2. Possible measures to eliminate the...

6.1CVSS6.8AI score0.01905EPSS
Exploits0
Redos
Redos
•added 2024/03/13 12:0 a.m.•24 views

ROS-2-817

2.817 PostgreSQL update with vulnerability fixes CVE-2020-25695, CVE-2020-25694,CVE-2020-25696 1. Vulnerability Description: The CVE-2020-25695 vulnerability allows arbitrary SQL functions to be executed with administrator privileges with access to create persistent objects in any storage schema...

8.8CVSS8.4AI score0.4644EPSS
Exploits0
Redos
Redos
•added 2024/03/13 12:0 a.m.•24 views

ROS-2-988

2.988 Multiple Exim Server Vulnerabilities 1. Vulnerability description: CVE-2020-28007 A vulnerability in the Exim message forwarding agent, is related to a symbolic link in the Exim log directory. Exploitation of the vulnerability could allow an attacker to create a special symbolic link to a...

9.8CVSS9.1AI score0.61061EPSS
Exploits6
Redos
Redos
•added 2024/03/13 12:0 a.m.•24 views

ROS-2-950

2.950 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability could...

8.8CVSS9.2AI score0.03582EPSS
Exploits1
Redos
Redos
•added 2023/11/21 12:0 a.m.•24 views

ROS-20231121-03

OpenSearch software package vulnerability related to improper permission saving. Exploitation exploitation of the vulnerability could allow an attacker to affect data integrity...

5.4CVSS6.9AI score0.0041EPSS
Exploits0
Redos
Redos
•added 2023/11/20 12:0 a.m.•24 views

ROS-20231120-01

Vulnerability in the gfisomgetuserdata function of the GPAC multimedia platform is related to a buffer overflow in the gpac MP4Box v.2.3-DEV-rev573-g201320819-master. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

5.5CVSS7.9AI score0.00309EPSS
Exploits1
Redos
Redos
•added 2023/10/30 12:0 a.m.•24 views

ROS-20231030-06

The Unix socket vulnerability of the Redis database management system Redis is related to the use of a permissive mask, which creates a race condition that allows for a short period of time for another process to establish an unauthorized connection. Exploitation of the vulnerability could allow ...

3.6CVSS6.7AI score0.00444EPSS
Exploits0
Redos
Redos
•added 2023/10/30 12:0 a.m.•24 views

ROS-20231030-03

Vulnerability in lib/comp/comp.c, lib/comp/zstd/zstd.c, lib/dl/multipart.c, or lib/header.c files. zchunk is related to integer overflow . Exploitation of the vulnerability could allow an attacker acting locally to gain unauthorized access to protected information...

7.8CVSS7.3AI score0.00261EPSS
Exploits0
Redos
Redos
•added 2023/10/26 12:0 a.m.•24 views

ROS-20231025-01

Vulnerability of program/lib/Roundcube/rcubewashtml.php component of RoundCube mail client is related to failure to take measures to protect the structure of the web page. Exploitation of the vulnerability could allow an attacker, acting remotely, to download arbitrary JavaScript code...

6.1CVSS7.2AI score0.73445EPSS
Exploits2
Redos
Redos
•added 2023/10/23 12:0 a.m.•24 views

ROS-20231020-10

Vulnerability in the GNU C Library glibc iconv utility due to insufficient validation of input data. Exploitation of the vulnerability could allow a remote attacker to cause a denial of service by invoking the iconv utility with the "-c" option. by invoking the iconv utility with the "-c" option...

5.9CVSS6.9AI score0.04006EPSS
Exploits0
Redos
Redos
•added 2023/09/28 12:0 a.m.•24 views

ROS-20230928-01

A vulnerability in the Logstash log management system is related to a flaw in TLS certificate validation. Exploitation of the vulnerability could allow an attacker acting remotely to launch a man-in-the-middle attack on Logstash monitoring data. "man-in-the-middle" attack on Logstash monitoring d...

4.3CVSS6.7AI score0.00459EPSS
Exploits0
Total number of security vulnerabilities5000