Lucene search
K

8157 matches found

Redos
Redos
•added 2024/06/11 12:0 a.m.•25 views

ROS-20240611-02

The vulnerability of Tss2RCDecode and Tss2RCSetHandler functions of TCG TPM2 TPM2 Software Stack implementation is related to buffer copying without input data validation. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data, violate its integrity, and cause ...

6.4CVSS7.3AI score0.00519EPSS
Exploits1
Redos
Redos
•added 2024/06/11 12:0 a.m.•12 views

ROS-20240611-03

A vulnerability in the MIME-tools component of the open-source content filter for Amavis email is related to an interpretation conflict when a MIME email message has multiple boundary parameters. Exploitation of the vulnerability could allow an attacker acting remotely to elevate the privileges...

7.4CVSS7.1AI score0.00826EPSS
Exploits0
Redos
Redos
•added 2024/06/11 12:0 a.m.•24 views

ROS-20240611-05

The vulnerability of the Zabbix Workstation universal monitoring system server is related to errors in input data processing. of input data. Exploitation of the vulnerability could allow a remote attacker to execute an arbitrary code by injecting a specially crafted SQL query. arbitrary code by...

9.1CVSS8.4AI score0.76618EPSS
Exploits5
Redos
Redos
•added 2024/06/11 12:0 a.m.•25 views

ROS-20240611-13

Vulnerability in clone/clonefrom components of Python library for interacting with git repositories GitPython is associated with errors in input processing. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code by injecting a specially crafted URL int...

9.8CVSS7.8AI score0.00984EPSS
Exploits0
Redos
Redos
•added 2024/06/11 12:0 a.m.•22 views

ROS-20240611-16

A vulnerability in the gitpython package is related to external git calls without sufficiently cleaning up input arguments. Exploitation of the vulnerability could allow an attacker acting remotely to inject a malicious remote URL into a clone command...

9.8CVSS6.7AI score0.05378EPSS
Exploits1
Redos
Redos
•added 2024/06/11 12:0 a.m.•50 views

ROS-20240611-07

A vulnerability in the DNSSEC component of the DNS protocol implementation of the DNS server BIND is related to the algorithmic complexity and unrestricted resource allocation in the creation of a DNS zone. complexity and unrestricted resource allocation when creating a DNS zone. Exploitation of...

7.5CVSS7.1AI score0.99995EPSS
Exploits0
Redos
Redos
•added 2024/06/11 12:0 a.m.•12 views

ROS-20240611-04

A vulnerability in the JSON Handler component of the Python PyMySQL library of MySQL is related to keys not being escaped properly using escapedict. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to data, tampering with data, or potentially...

6.3CVSS7.8AI score0.00691EPSS
Exploits1
Redos
Redos
•added 2024/06/11 12:0 a.m.•28 views

ROS-20240611-15

Vulnerability in archive-zip component of Golang programming language is related to incorrect processing of zip files. zip files. Exploitation of the vulnerability could allow an attacker to create a potentially dangerous zip file A vulnerability in the net-netip component of the Golang programmi...

9.8CVSS6.7AI score0.01952EPSS
Exploits0
Redos
Redos
•added 2024/06/11 12:0 a.m.•40 views

ROS-20240611-14

The QEMU hardware emulator vulnerability is related to an infinite loop error in QEMU emulation of a USB xHCI controller when calculating the length of the transfer request block TRB ring. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in th...

7.1CVSS7.3AI score0.00489EPSS
Exploits3
Redos
Redos
•added 2024/06/11 12:0 a.m.•16 views

ROS-20240611-11

A vulnerability in the CDP PDU Packet Handler component of the LLDP protocol implementation under Unix Lldpd is related to an uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to confidential information. remotely to gain...

9.8CVSS6.6AI score0.00954EPSS
Exploits0
Redos
Redos
•added 2024/06/11 12:0 a.m.•16 views

ROS-20240611-06

A vulnerability in the OpenSSL Handler component of the Iperf3 network bandwidth measurement tool is related to the use of synchronization side-channel in RSA decryption operations. Exploitation of the vulnerability could allow a remote attacker to gain access to confidential information...

5.9CVSS7.3AI score0.01107EPSS
Exploits0
Redos
Redos
•added 2024/06/07 12:0 a.m.•27 views

ROS-20240607-01

Vulnerability of bgpcapabilitymsgparse functions of a software tool for implementing network routing on Unix-like FRRouting systems is related to reading outside memory boundaries of the BGP FRRouting daemon. Unix-like systems FRRouting is related to read outside memory boundaries in the BGP...

9.1CVSS8.6AI score0.01923EPSS
Exploits2
Redos
Redos
•added 2024/06/07 12:0 a.m.•6 views

ROS-20240607-06

Vulnerability of system views pgstatsext, pgstatsextexprs of PostgreSQL DBMS is related to privilege management errors in privilege management. Exploitation of the vulnerability could allow an attacker acting remotely, escalate privileges...

4.3CVSS6.8AI score0.00722EPSS
Exploits0
Redos
Redos
•added 2024/06/07 12:0 a.m.•7 views

ROS-20240607-07

Vulnerability of system views pgstatsext, pgstatsextexprs of PostgreSQL DBMS is related to privilege management errors in privilege management. Exploitation of the vulnerability could allow an attacker acting remotely, escalate privileges...

4.3CVSS4AI score0.00722EPSS
Exploits0
Redos
Redos
•added 2024/06/07 12:0 a.m.•24 views

ROS-20240607-05

The vulnerability of the system views pgstatsext, pgstatsextexprs of the PostgreSQL DBMS is related to errors in privilege management. in privilege management. Exploitation of the vulnerability could allow an attacker acting remotely, escalate privileges...

4.3CVSS4.1AI score0.00722EPSS
Exploits0
Redos
Redos
•added 2024/06/07 12:0 a.m.•42 views

ROS-20240607-04

Vulnerability of the virNetClientIOEventLoop method of the Libvirt virtualization management library is related to incorrect execution of the data pointer to the structure virNetClientIOEventLoop in the virNetClientIOEventLoop method virNetClientIOIOEventData. Exploitation of the vulnerability...

6.2CVSS6.7AI score0.00486EPSS
Exploits0
Redos
Redos
•added 2024/06/07 12:0 a.m.•23 views

ROS-20240607-02

Vulnerability of closealtfile function for text terminals of UNIX-like Less systems is related to skipping Shellquote calls for LESSCLOSE in filename.c file. Exploitation of the vulnerability could allow an attacker to execute arbitrary commands...

7.8CVSS8.9AI score0.01059EPSS
Exploits0
Redos
Redos
•added 2024/06/07 12:0 a.m.•21 views

ROS-20240607-03

A vulnerability in the lrzip.c:initializecontrol component of the Irzip software tool is caused by a buffer overflow in dynamic memory. buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely, affect confidentiality, integrity and availability ...

9.8CVSS7.5AI score0.01897EPSS
Exploits2
Redos
Redos
•added 2024/06/06 12:0 a.m.•42 views

ROS-20240606-01

A vulnerability in QEMU's USB EHCI controller emulation is related to the lack of checks if the buffer pointer overlaps with the MMIO register when transmitting USB packets. the buffer pointer overlaps with the MMIO region when transmitting USB packets. Exploitation of the vulnerability could all...

8.2CVSS6.9AI score0.01891EPSS
Exploits1
Redos
Redos
•added 2024/06/06 12:0 a.m.•27 views

ROS-20240606-03

Vulnerability of handlechopping function of Wireshark computer network traffic analyzer is related to a memory handling issue in EditCap. memory handling issue in EditCap. Exploitation of the vulnerability could allow an attacker to cause a denial of denial of service Vulnerability in MONGO and...

7.8CVSS7.1AI score0.01403EPSS
Exploits3
Redos
Redos
•added 2024/06/06 12:0 a.m.•22 views

ROS-20240606-06

A vulnerability in the yajltreeparse function of the YAJL-ruby JSON library is related to improper memory freeing before deleting the last reference. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service...

6.5CVSS6.6AI score0.01129EPSS
Exploits1
Redos
Redos
•added 2024/06/06 12:0 a.m.•23 views

ROS-20240606-09

A vulnerability in the HTTP2 protocol implementation network/access/http2/hpacktable.cpp of the cross-platform Qt software development framework is related to an integer overflow resulting from a a change in the typical order of expressions in a conditional statement "Yoda conditions". Exploitati...

9.8CVSS6.9AI score0.00986EPSS
Exploits0
Redos
Redos
•added 2024/06/06 12:0 a.m.•31 views

ROS-20240606-10

Vulnerability of EVPPKEYparamcheck or EVPPKEYpubliccheck functions of cryptographic library OpenSSL is associated with uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

5.3CVSS6.7AI score0.01131EPSS
Exploits0
Redos
Redos
•added 2024/06/06 12:0 a.m.•20 views

ROS-20240606-08

A vulnerability in the Portainer container management platform is related to the use of open redirection. Exploitation of the vulnerability could allow an attacker to redirect a user to an arbitrary site...

9.1CVSS6.8AI score0.00623EPSS
Exploits0
Redos
Redos
•added 2024/06/06 12:0 a.m.•25 views

ROS-20240606-07

Vulnerability in the MULTIPARTPARTHEADERS component of the open source web application firewall ModSecurity is related to improper analysis of HTTP requests. Exploitation of the vulnerability could allow an an attacker acting remotely to bypass the firewall's protections...

7.5CVSS6.7AI score0.01169EPSS
Exploits0
Redos
Redos
•added 2024/06/06 12:0 a.m.•14 views

ROS-20240606-05

Unreliable HTML string vulnerability of Java port jtidy is associated with a stack overflow error. Exploitation The vulnerability could allow an attacker acting remotely to cause a denial of service...

7.5CVSS7AI score0.00866EPSS
Exploits1
Redos
Redos
•added 2024/06/06 12:0 a.m.•22 views

ROS-20240606-02

Vulnerability in DecodeConfig component of Golang programming language is related to uncontrolled consumption of resources. resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial-of-service condition. denial of service...

5.2CVSS6.6AI score0.00756EPSS
Exploits1
Redos
Redos
•added 2024/06/06 12:0 a.m.•17 views

ROS-20240606-04

A vulnerability in the OTP component of the Erlang programming language is related to flaws in the authentication procedure. Exploitation of the vulnerability allows a remote attacker to gain access to sensitive data, compromise its integrity, and cause a denial of service. data, compromise its...

9.8CVSS7.4AI score0.01167EPSS
Exploits0
Redos
Redos
•added 2024/06/03 12:0 a.m.•27 views

ROS-20240603-01

A vulnerability in the PSP file parser of the GIMP graphics editor is related to number processing errors. Exploitation of the vulnerability could allow an attacker to execute arbitrary code...

7.8CVSS7AI score0.56404EPSS
Exploits0
Redos
Redos
•added 2024/06/03 12:0 a.m.•43 views

ROS-20240603-04

Vulnerability of modproxy module of Apache HTTP Server web server is related to failure to take measures to process CRLF sequences in HTTP headers. CRLF sequences in HTTP headers. Exploitation of the vulnerability could allow an attacker, acting remotely to perform HTTP response splitting attacks...

9CVSS6.6AI score0.57941EPSS
Exploits0
Redos
Redos
•added 2024/06/03 12:0 a.m.•31 views

ROS-20240603-03

A vulnerability in the XML parser library libexpat is related to incorrect restriction of recursive object references in DTDs. recursive object references in DTDs. Exploitation of the vulnerability could allow an attacker to cause a denial of denial of service...

5.5CVSS6.1AI score0.00373EPSS
Exploits0
Redos
Redos
•added 2024/06/03 12:0 a.m.•17 views

ROS-20240603-02

A vulnerability in the Format Detection component of the Mojolicious module for Perl is related to errors in releasing resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service A vulnerability in the securecompare function of the...

7.5CVSS6.3AI score0.00549EPSS
Exploits1
Redos
Redos
•added 2024/05/29 12:0 a.m.•30 views

ROS-20240529-03

A vulnerability in Git's distributed version control system is related to incorrect path name restriction to the to a restricted directory. Exploiting the vulnerability could allow an attacker acting remotely to execute arbitrary code. remotely to execute arbitrary code...

9CVSS7.6AI score0.25334EPSS
Exploits32
Redos
Redos
•added 2024/05/29 12:0 a.m.•20 views

ROS-20240529-02

A vulnerability in the LibreOffice office suite is related to uncontrolled script execution in the graphics linking scripts by clicking on them. Exploitation of the vulnerability could allow an attacker to execute scripts embedded in LibreOffice...

6.5CVSS6.8AI score0.01008EPSS
Exploits0
Redos
Redos
•added 2024/05/29 12:0 a.m.•9 views

ROS-20240529-05

A vulnerability in the ImageIO component of the Oracle Java SE software platform and the Oracle GraalVM Virtual Machine Enterprise Edition is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a partial denial of service Vulnerability i...

7.5CVSS7.6AI score0.46677EPSS
Exploits6
Redos
Redos
•added 2024/05/29 12:0 a.m.•12 views

ROS-20240529-04

A vulnerability in the ImageIO component of the Oracle Java SE software platform and the Oracle GraalVM Virtual Machine Enterprise Edition is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a partial denial of service Vulnerability i...

7.5CVSS7.6AI score0.46677EPSS
Exploits6
Redos
Redos
•added 2024/05/29 12:0 a.m.•37 views

ROS-20240529-01

Vulnerability in the Lightweight HTTP Server component of the Oracle Java SE software platform and virtual machine Oracle GraalVM Enterprise Edition is related to unrestricted resource allocation. Exploitation exploitation of the vulnerability could allow a remote attacker to cause a denial of...

7.5CVSS7.4AI score0.46677EPSS
Exploits6
Redos
Redos
•added 2024/05/27 12:0 a.m.•32 views

ROS-20240527-02

A vulnerability in the CONNECT v5 component of the Mosquitto message broker is related to a lack of memory release after an effective lifetime. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service A...

7.5CVSS7.1AI score0.00675EPSS
Exploits0
Redos
Redos
•added 2024/05/27 12:0 a.m.•14 views

ROS-20240527-01

A vulnerability in the Botan C++ cryptographic library is related to improper certificate validation. Exploitation of the vulnerability could allow an attacker acting remotely to spoof OCSP responses...

9.1CVSS7.1AI score0.00415EPSS
Exploits0
Redos
Redos
•added 2024/05/27 12:0 a.m.•34 views

ROS-20240527-04

A vulnerability in the Git distributed version control system exists due to a process control issue. Exploitation of the vulnerability could allow an attacker to execute arbitrary code when cloning specially crafted local repositories A vulnerability in the Git distributed version control system ...

8.1CVSS7.9AI score0.01271EPSS
Exploits2
Redos
Redos
•added 2024/05/27 12:0 a.m.•29 views

ROS-20240527-03

Vulnerabilities in the idna.encode functions of the Internationalized Domain Names in Applications IDNA are associated with an uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of...

7.5CVSS7.1AI score0.01386EPSS
Exploits1
Redos
Redos
•added 2024/05/24 12:0 a.m.•10 views

ROS-20240422-10

A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection negotiation process and remove an arbitrary number of SSH service messages. during the connection negotiation process and cause an arbitrary number of SSH service...

5.9CVSS7.6AI score0.9378EPSS
Exploits4
Redos
Redos
•added 2024/05/24 12:0 a.m.•19 views

ROS-20240424-03

A vulnerability in the Serialization component of the Oracle Java SE software platform and Oracle Virtual Machine GraalVM Enterprise Edition is related to the recovery of invalid data in memory. Exploitation exploitation of the vulnerability could allow a remote attacker to cause a denial of...

5.3CVSS7.6AI score0.08346EPSS
Exploits0
Redos
Redos
•added 2024/05/24 12:0 a.m.•21 views

ROS-20240524-02

A vulnerability in the rlsafeeval function of the ReportLab library is related to incorrect code generation control. Exploitation of the vulnerability could allow a remote attacker to bypass security restrictions and execute arbitrary code. security restrictions and execute arbitrary code...

9.8CVSS8.2AI score0.04452EPSS
Exploits6
Redos
Redos
•added 2024/05/24 12:0 a.m.•20 views

ROS-20240524-03

A vulnerability in Ruby Sinatra web application development framework is related to code loading without checking its integrity. of its integrity. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

8.8CVSS6.8AI score0.00642EPSS
Exploits1
Redos
Redos
•added 2024/05/24 12:0 a.m.•20 views

ROS-20240424-02

A vulnerability in the Libraries component of the Oracle Java SE software platform and Oracle GraalVM virtual machine. Enterprise Edition is related to a flaw in the authorization procedure. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected informatio...

7.5CVSS6.5AI score0.14839EPSS
Exploits0
Redos
Redos
•added 2024/05/24 12:0 a.m.•34 views

ROS-20240424-01

A vulnerability in the ImageIO component of Oracle GraalVM Enterprise Edition virtual machine exists due to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service A vulnerability ...

7.5CVSS7.3AI score0.14839EPSS
Exploits0
Redos
Redos
•added 2024/05/22 12:0 a.m.•28 views

ROS-20240522-04

Vulnerability of OpenSSL cryptographic library is related to the use of non-standard option SSLOPNOTICKET option, in which case the session cache continues to grow indefinitely. Exploiting the vulnerability could Allow an attacker acting remotely to cause a denial of service...

5.9CVSS6.6AI score0.54026EPSS
Exploits0
Redos
Redos
•added 2024/05/22 12:0 a.m.•29 views

ROS-20240522-03

A vulnerability in the KUBE-APISERVER component of the virtual machine cluster management software tool Kubernetes is related to the use of containers with a populated envFrom field.Exploitation of the vulnerability could allow an attacker acting remotely to launch containers bypassing the securi...

2.7CVSS6.8AI score0.02224EPSS
Exploits1
Redos
Redos
•added 2024/05/22 12:0 a.m.•36 views

ROS-20240522-05

A vulnerability in the Hotspot component of Java SE software platforms, Oracle GraalVM Enterprise Virtual Machine Edition is related to insufficient input data validation. Exploitation of the vulnerability could allow A remote attacker to create, delete, or modify access to data Vulnerability in...

7.5CVSS6.8AI score0.17673EPSS
Exploits2
Total number of security vulnerabilities8157