Lucene search
K

8216 matches found

Redos
Redos
•added 2023/06/16 12:0 a.m.•26 views

ROS-20230616-07

Vim text editor vulnerability is related to the error of dereferencing NULL pointer in the function getregister in the register.c file. Exploitation of the vulnerability could allow an attacker acting remotely to trick a victim into opening a specially crafted file and remotely, trick the victim...

7.8CVSS5.9AI score0.00473EPSS
Exploits1
Redos
Redos
•added 2023/06/16 12:0 a.m.•24 views

ROS-20230616-02

Vulnerability in libavcodec/pthreadframe.c component of FFmpeg multimedia library is related to memory usage after it is freed when processing worker threads with hwaccel decoder. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code...

8.1CVSS8.3AI score0.01512EPSS
Exploits1
Redos
Redos
•added 2023/06/15 12:0 a.m.•32 views

ROS-20230615-01

LibRaw image processing library vulnerability is related to heap buffer overflow in raw2imageex. Exploitation of the vulnerability could allow an attacker acting remotely to cause an application to application crash due to a maliciously crafted input file...

6.5CVSS6.9AI score0.01289EPSS
Exploits1
Redos
Redos
•added 2023/06/15 12:0 a.m.•18 views

ROS-20230615-02

The vulnerability of the OpenSearch software package is related to the implementation of detailed access control rules document-level security, field-level security, and field masking when they were incorrectly applied to queries during extremely rare runtime conditions. Exploitation of the of th...

5.9CVSS5.9AI score0.0046EPSS
Exploits0
Redos
Redos
•added 2023/06/15 12:0 a.m.•27 views

ROS-20230615-03

A vulnerability in the HEIF and AVIF libheif file format decoder is related to a floating point exception in the heif::Fraction::round function in box.cc Exploitation of the vulnerability could allow an attacker, remotely to perform a denial of service attack...

6.5CVSS6.2AI score0.00927EPSS
Exploits1
Redos
Redos
•added 2023/06/15 12:0 a.m.•7 views

ROS-20230615-05

Vulnerability in Thunderbird email client is related to incorrect processing of user data in the error page for sites with invalid TLS certificates. displaying certificate exceptions, on the error page for sites with invalid TLS certificates. Exploitation of the vulnerability could allow an...

9.8CVSS7.5AI score0.0093EPSS
Exploits0
Redos
Redos
•added 2023/06/15 12:0 a.m.•28 views

ROS-20230615-04

The vulnerability in Mozilla Firefox and Firefox ESR browsers is related to an operation exceeding buffer boundaries in memory. memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code Vulnerability in Mozilla Firefox browser is related to...

9.8CVSS7.7AI score0.0093EPSS
Exploits0
Redos
Redos
•added 2023/05/05 12:0 a.m.•34 views

ROS-20230504-03

A vulnerability in the minimatch package of the Node.js software development platform is related to a call to the braceExpand function with with certain arguments. Exploitation of the vulnerability could allow an attacker acting remotely, to cause a denial of service...

7.5CVSS7.8AI score0.01674EPSS
Exploits0
Redos
Redos
•added 2023/05/05 12:0 a.m.•34 views

ROS-20230505-01

Mozilla Thunderbird email client vulnerability involves invalid free operation from code JavaScript. Exploitation of the vulnerability could allow an attacker acting remotely to force the victim to to visit a specially crafted web page, cause memory corruption, and execute arbitrary code. The...

9.8CVSS8.4AI score0.00974EPSS
Exploits0
Redos
Redos
•added 2023/05/05 12:0 a.m.•26 views

ROS-20230505-02

The vulnerability in the Mozilla Firefox browser is due to the fact that Mozilla's service desk handles blocking records when downloading updates from an SMB server. Exploitation of the vulnerability could allow an attacker to to apply an unsigned update file by pointing the service to an update...

9.8CVSS8.2AI score0.00974EPSS
Exploits0
Redos
Redos
•added 2023/04/28 12:0 a.m.•38 views

ROS-20230428-03

A vulnerability in the WSGI Werkzeug web application library is related to the fact that the application does not properly control the consumption of internal resources when parsing data from a composite form with a large number of fields. internal resource consumption when parsing data from a...

7.5CVSS6.6AI score0.0142EPSS
Exploits0
Redos
Redos
•added 2023/04/28 12:0 a.m.•24 views

ROS-20230428-01

A vulnerability in the Python Charmers Future program is related to improper input validation when processing the the Set-Cookie header. Exploitation of the vulnerability could allow an attacker acting remotely to to send a specially crafted HTTP request to the application and perform a denial of...

7.5CVSS7.4AI score0.01804EPSS
Exploits1
Redos
Redos
•added 2023/04/28 12:0 a.m.•24 views

ROS-20230428-02

A vulnerability in the Sqlalchemy mako Python template library is related to insufficient input validation when processing regular expressions in the Lexer class. Exploitation of the vulnerability could allow an attacker, acting remotely, pass specially crafted data to an application and perform ...

7.5CVSS7.5AI score0.01656EPSS
Exploits1
Redos
Redos
•added 2023/04/28 12:0 a.m.•39 views

ROS-20230428-04

The vulnerability in the Pillow image library is related to improper internal resource management when working with highly compressed GIF data. resources when working with highly compressed GIF data. Exploitation of the vulnerability could allow an attacker, acting remotely, transfer a specially...

8.6CVSS7.5AI score0.01184EPSS
Exploits0
Redos
Redos
•added 2023/04/28 12:0 a.m.•34 views

ROS-20230428-05

A vulnerability in Python Packaging Authority installation tools is related to insufficient input validation when processing HTML content. Exploitation of the vulnerability could allow an attacker acting remotely to pass specially crafted data to an application and perform a denial of service...

5.9CVSS6.1AI score0.02617EPSS
Exploits1
Redos
Redos
•added 2023/04/20 12:0 a.m.•45 views

ROS-20230420-01

Vulnerability in the modproxy module of Apache HTTP Server is related to flaws in header handling Transfer-Encoding. Exploitation of the vulnerability could allow an attacker acting remotely to send a hidden HTTP request HTTP Request Smuggling attack. hidden HTTP request HTTP Request Smuggling...

9.8CVSS8.7AI score0.8377EPSS
Exploits5
Redos
Redos
•added 2023/04/20 12:0 a.m.•34 views

ROS-20230420-02

A vulnerability in the iconv function of the glibc library is related to a flaw in the use of the assert function. The vulnerability allows an attacker acting remotely to cause a denial of service...

7.5CVSS8.3AI score0.03093EPSS
Exploits0
Redos
Redos
•added 2023/04/20 12:0 a.m.•10 views

ROS-20230420-04

Vulnerability in Mozilla Firefox, Firefox ESR browsers and Thunderbird mail client of the operating systems Windows operating systems is related to insufficient protection of service data when processing a request to save files via the "Save As" dialog box. via the "Save As" dialog box...

8.8CVSS8.2AI score0.00798EPSS
Exploits0
Redos
Redos
•added 2023/04/20 12:0 a.m.•29 views

ROS-20230420-03

The vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client is related to an operation exceeding the memory buffer boundaries when checking the number of available bytes of regulated threads. operation exceeds buffer boundaries in memory when checking the number of available...

8.8CVSS8.7AI score0.00798EPSS
Exploits0
Redos
Redos
•added 2023/04/19 12:0 a.m.•24 views

ROS-20230419-01

Vulnerability of HFS+ partition file analyzer of ClamAV antivirus software package is related to an operation exceeding the memory buffer boundaries. operation beyond the memory buffer boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

9.8CVSS8.3AI score0.29314EPSS
Exploits5
Redos
Redos
•added 2023/04/19 12:0 a.m.•34 views

ROS-20230419-03

The X.Org Server vulnerability is related to a post-release exploit bug where, when handling the deletion of a of a window, Xserver leaves a dangling pointer to that window in the CompScreen structure. Exploitation of the vulnerability could allow an attacker to cause a post-release usage error a...

7.8CVSS7.9AI score0.0044EPSS
Exploits0
Redos
Redos
•added 2023/04/19 12:0 a.m.•31 views

ROS-20230419-02

The vulnerability in the Dnsmasq DNS server is related to the maximum EDNS.0 UDP packet size by default it was set to 4096, but should be 1232. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

7.5CVSS7.4AI score0.01334EPSS
Exploits0
Redos
Redos
•added 2023/04/18 12:0 a.m.•31 views

ROS-20230418-01

Nextcloud server vulnerability is related to an application that does not properly control the consumption of of internal resources. Exploitation of the vulnerability could allow an attacker acting remotely, to initiate resource exhaustion and perform a denial of service attack. The Nextcloud...

9CVSS8.3AI score0.04176EPSS
Exploits3
Redos
Redos
•added 2023/04/18 12:0 a.m.•23 views

ROS-20230418-04

A vulnerability in the pki-core public key infrastructure deployment management system is related to insufficient validation of user-entered XML data, which could be passed by specially created XML code to a vulnerable application and view the contents of arbitrary files on the system or initiate...

7.5CVSS7.7AI score0.85323EPSS
Exploits3
Redos
Redos
•added 2023/04/18 12:0 a.m.•31 views

ROS-20230418-02

A vulnerability in the PHP programming language is related to the kernel's path resolution function, which allocates a buffer one bytes less than necessary, if paths are resolved with a length close to the MAXPATHLEN system parameter, this can cause the byte after the allocated buffer to be...

8.1CVSS6.7AI score0.01408EPSS
Exploits1
Redos
Redos
•added 2023/04/18 12:0 a.m.•47 views

ROS-20230418-05

A vulnerability in the OpenSSL cryptographic library is related to a boundary error in the PEMreadbioex function. Exploitation of the vulnerability could allow an attacker acting remotely to pass a specially crafted PEM file to an application, cause a memory re-release error, and perform a typing...

7.5CVSS7.1AI score0.59501EPSS
Exploits0
Redos
Redos
•added 2023/04/18 12:0 a.m.•23 views

ROS-20230418-03

A vulnerability in the attribute definition mechanism for the gitattributes paths of the Git distributed version control system is related to an integer overflow. Git version control system is related to integer overflow. Exploitation of the vulnerability could allow an attacker, acting remotely,...

9.8CVSS9.8AI score0.56334EPSS
Exploits0
Redos
Redos
•added 2023/04/17 12:0 a.m.•30 views

ROS-20230417-03

Vulnerability in ImageMagick graphic editor is related to improper management of internal resources within the application when parsing SVG files. within the application when parsing SVG files. Exploitation of the vulnerability could allow an attacker, acting remotely, to pass a specially crafted...

5.5CVSS5.8AI score0.00865EPSS
Exploits1
Redos
Redos
•added 2023/04/17 12:0 a.m.•31 views

ROS-20230417-02

A vulnerability in the Kerberos5 heimdal protocol implementation is related to changing memcmp values for constant time and a workaround for a compiler error by adding "!= 0" comparisons to the memcmp result. Exploitation of the vulnerability could allow an attacker acting remotely to perform a...

7.5CVSS6.8AI score0.00491EPSS
Exploits0
Redos
Redos
•added 2023/04/17 12:0 a.m.•33 views

ROS-20230417-05

A vulnerability in the curl program is related to a problem when processing multiple queries resulting in the ignoring HSTS support. Exploitation of the vulnerability could allow an attacker acting remotely, to cause HSTS functionality to fail by sequentially requesting multiple URLs...

9.1CVSS7.7AI score0.00858EPSS
Exploits1
Redos
Redos
•added 2023/04/17 12:0 a.m.•45 views

ROS-20230417-04

A vulnerability in the CryptParameterDecryption function of the cryptoprocessor firmware of the Trusted Platform Module TPM is related to reading data beyond buffer boundaries in memory. Exploitation of the vulnerability may allow an intruder to gain unauthorized access to protected information...

7.8CVSS7.5AI score0.05552EPSS
Exploits0
Redos
Redos
•added 2023/04/17 12:0 a.m.•33 views

ROS-20230417-01

The vulnerability in Redis database is related to integer overflow in "SRANDMEMBER" commands, "ZRANDMEMBER" and "HRANDFIELD." Exploitation of the vulnerability could allow an attacker to pass specially specially crafted data into an application, cause an integer overflow, and trigger a...

6.5CVSS6.9AI score0.00902EPSS
Exploits0
Redos
Redos
•added 2023/04/17 12:0 a.m.•5 views

ROS-20230417-25

A vulnerability in the curl program is related to a problem when processing multiple queries resulting in the ignoring HSTS support. Exploitation of the vulnerability could allow an attacker acting remotely, to cause HSTS functionality to fail by sequentially requesting multiple URLs...

9.1CVSS7AI score0.00858EPSS
Exploits1
Redos
Redos
•added 2023/04/14 12:0 a.m.•35 views

ROS-20230414-02

DNS server BIND vulnerability is related to reachable assertion in DNS query processing. Exploitation The vulnerability allows an attacker acting remotely to send repeated patterns of specific requests to servers with DNSSEC-Validated Cache synth-from-rom enabled. queries to servers with the...

7.5CVSS6.3AI score0.0325EPSS
Exploits0
Redos
Redos
•added 2023/04/14 12:0 a.m.•71 views

ROS-20230414-03

The curl program vulnerability is related to the handling of IDN characters in hostnames, the HSTS mechanism can be bypassed, if the hostname in the specified URL first uses IDN characters that are replaced with ASCII analogs during IDN conversion, then in a subsequent request it does not detect...

7.5CVSS7.7AI score0.1654EPSS
Exploits1
Redos
Redos
•added 2023/04/14 12:0 a.m.•28 views

ROS-20230414-01

A vulnerability in the Ghostscript document processing toolkit is related to a buffer overflow in the BCPEncode, BCPDecode, TBCPEncode and TBCPDecode handlers. BCPEncode, BCPDecode, TBCPEncode and TBCPDecode handlers, in case when the write buffer is underfilled by one byte and then a shielded...

9.8CVSS9.3AI score0.06341EPSS
Exploits1
Redos
Redos
•added 2023/04/14 12:0 a.m.•41 views

ROS-20230414-04

The curl program vulnerability is related to a memory usage error after release when processing rejected requests from HTTP proxy using SMB or TELNET protocols. Exploitation of the vulnerability could allow an attacker acting remotely to cause a post-release memory usage error and cause the...

5.9CVSS6.8AI score0.02511EPSS
Exploits1
Redos
Redos
•added 2023/04/14 12:0 a.m.•3 views

ROS-20230414-24

The curl program vulnerability is related to a memory usage error after release when processing rejected requests from HTTP proxy using SMB or TELNET protocols. Exploitation of the vulnerability could allow an attacker acting remotely to cause a post-release memory usage error and cause the...

5.9CVSS7AI score0.02511EPSS
Exploits1
Redos
Redos
•added 2023/04/14 12:0 a.m.•3 views

ROS-20230414-23

The curl program vulnerability is related to the handling of IDN characters in hostnames, the HSTS mechanism can be bypassed, if the hostname in the specified URL first uses IDN characters that are replaced with ASCII analogs during IDN conversion, then in a subsequent request it does not detect...

7.5CVSS6.9AI score0.1654EPSS
Exploits1
Redos
Redos
•added 2023/04/13 12:0 a.m.•23 views

ROS-20230413-01

The Nextcloud software vulnerability is related to secure browsing for internal shared resources, which can be bypassed if re-sharing permissions are also granted. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to restricted functions. The...

7.5CVSS7AI score0.01373EPSS
Exploits2
Redos
Redos
•added 2023/04/12 12:0 a.m.•109 views

ROS-20230412-03

The Consul server vulnerability is related to allowing an authenticated user to use the service: write permissions to start a workflow. Exploitation of the vulnerability could allow an attacker acting remotely to crash the Consul server and client agents...

6.5CVSS6.7AI score0.01005EPSS
Exploits0
Redos
Redos
•added 2023/04/12 12:0 a.m.•149 views

ROS-20230412-01

Libde265 vulnerability is related to derivecollocatedmotionvectors function in motion.cc . Exploitation of the vulnerability could allow an attacker to overflow the heap buffer. Vulnerability Libde265 is related to decodercontext::processslicesegmentheader function in decctx.cc . Exploitation of...

8.8CVSS7.2AI score0.0085EPSS
Exploits2
Redos
Redos
•added 2023/04/12 12:0 a.m.•101 views

ROS-20230412-02

Vim text editor vulnerability related to the classobjectindex vim function in the vim9class.c file. Exploitation of the vulnerability could allow an attacker acting remotely to trick a user into opening a specially crafted file, causing a problem that leads to a problem that leads to a bug. a use...

8.4CVSS5.9AI score0.00453EPSS
Exploits1
Redos
Redos
•added 2023/04/11 12:0 a.m.•66 views

ROS-20230411-03

The Minio object store vulnerability is related to a user with console administrator privileges who could potentially create a user that matches the root access key, once this user is successfully created, root credentials will stop working properly. Exploitation of the of the vulnerability could...

6.5CVSS6.5AI score0.00898EPSS
Exploits1
Redos
Redos
•added 2023/04/11 12:0 a.m.•61 views

ROS-20230411-01

The CairoSVG SVG converter vulnerability is related to insufficient validation of user input during the SVG file processing. Exploitation of the vulnerability could allow an attacker acting remotely, access sensitive data located on a local network or send malicious requests to other servers from...

9.9CVSS6.6AI score0.00722EPSS
Exploits0
Redos
Redos
•added 2023/04/11 12:0 a.m.•67 views

ROS-20230411-02

Liblouis braille translator vulnerability is related to copying to buffer without checking the size of input data data. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of with the compileTranslationTable.c and lousetDataPath functions. The Liblouis...

7.5CVSS7.3AI score0.01345EPSS
Exploits2
Redos
Redos
•added 2023/04/07 12:0 a.m.•96 views

ROS-20230407-01

The libcurl library vulnerability is related to FTP connection reuse, previously created connections are stored in a connection pool for reuse if they match the current connection pool. connections are stored in the connection pool for reuse if they match the current configuration. configuration...

7.7CVSS7.5AI score0.01856EPSS
Exploits4
Redos
Redos
•added 2023/04/07 12:0 a.m.•67 views

ROS-20230407-02

The Redis DBMS vulnerability is related to a command injection error that exists due to a reachable assertion when processing the MSETNX command. Exploitation of the vulnerability could allow an attacker, acting remotely, to send a specially crafted MSETNX command, causing a denial of service,...

5.5CVSS6.5AI score0.54978EPSS
Exploits0
Redos
Redos
•added 2023/04/07 12:0 a.m.•84 views

ROS-20230407-03

A vulnerability in the OpenSSL cryptographic library is related to the validation of X.509 certificate chains that include policy restrictions. Exploitation of the vulnerability could allow an attacker acting remotely, to create a malicious certificate chain that triggers exponential utilization ...

7.5CVSS7.5AI score0.03658EPSS
Exploits0
Redos
Redos
•added 2023/04/07 12:0 a.m.•5 views

ROS-20230407-21

A vulnerability in the libcurl library is related to an authentication bypass, in which libcurl reuses a a previously established SSH connection, even though the SSH parameter has been changed, which should have prevent reuse. Exploitation of the vulnerability could allow an attacker acting...

7.7CVSS6.8AI score0.01607EPSS
Exploits2
Total number of security vulnerabilities8216