Lucene search
K

8244 matches found

Redos
Redos
•added 2023/04/18 12:0 a.m.•23 views

ROS-20230418-03

A vulnerability in the attribute definition mechanism for the gitattributes paths of the Git distributed version control system is related to an integer overflow. Git version control system is related to integer overflow. Exploitation of the vulnerability could allow an attacker, acting remotely,...

9.8CVSS9.8AI score0.56334EPSS
Exploits0
Redos
Redos
•added 2023/04/17 12:0 a.m.•30 views

ROS-20230417-03

Vulnerability in ImageMagick graphic editor is related to improper management of internal resources within the application when parsing SVG files. within the application when parsing SVG files. Exploitation of the vulnerability could allow an attacker, acting remotely, to pass a specially crafted...

5.5CVSS5.8AI score0.00865EPSS
Exploits1
Redos
Redos
•added 2023/04/17 12:0 a.m.•33 views

ROS-20230417-01

The vulnerability in Redis database is related to integer overflow in "SRANDMEMBER" commands, "ZRANDMEMBER" and "HRANDFIELD." Exploitation of the vulnerability could allow an attacker to pass specially specially crafted data into an application, cause an integer overflow, and trigger a...

6.5CVSS6.9AI score0.00902EPSS
Exploits0
Redos
Redos
•added 2023/04/17 12:0 a.m.•5 views

ROS-20230417-25

A vulnerability in the curl program is related to a problem when processing multiple queries resulting in the ignoring HSTS support. Exploitation of the vulnerability could allow an attacker acting remotely, to cause HSTS functionality to fail by sequentially requesting multiple URLs...

9.1CVSS7AI score0.00858EPSS
Exploits1
Redos
Redos
•added 2023/04/17 12:0 a.m.•45 views

ROS-20230417-04

A vulnerability in the CryptParameterDecryption function of the cryptoprocessor firmware of the Trusted Platform Module TPM is related to reading data beyond buffer boundaries in memory. Exploitation of the vulnerability may allow an intruder to gain unauthorized access to protected information...

7.8CVSS7.5AI score0.05552EPSS
Exploits0
Redos
Redos
•added 2023/04/17 12:0 a.m.•33 views

ROS-20230417-05

A vulnerability in the curl program is related to a problem when processing multiple queries resulting in the ignoring HSTS support. Exploitation of the vulnerability could allow an attacker acting remotely, to cause HSTS functionality to fail by sequentially requesting multiple URLs...

9.1CVSS7.7AI score0.00858EPSS
Exploits1
Redos
Redos
•added 2023/04/17 12:0 a.m.•31 views

ROS-20230417-02

A vulnerability in the Kerberos5 heimdal protocol implementation is related to changing memcmp values for constant time and a workaround for a compiler error by adding "!= 0" comparisons to the memcmp result. Exploitation of the vulnerability could allow an attacker acting remotely to perform a...

7.5CVSS6.8AI score0.00491EPSS
Exploits0
Redos
Redos
•added 2023/04/14 12:0 a.m.•3 views

ROS-20230414-23

The curl program vulnerability is related to the handling of IDN characters in hostnames, the HSTS mechanism can be bypassed, if the hostname in the specified URL first uses IDN characters that are replaced with ASCII analogs during IDN conversion, then in a subsequent request it does not detect...

7.5CVSS6.9AI score0.1654EPSS
Exploits1
Redos
Redos
•added 2023/04/14 12:0 a.m.•71 views

ROS-20230414-03

The curl program vulnerability is related to the handling of IDN characters in hostnames, the HSTS mechanism can be bypassed, if the hostname in the specified URL first uses IDN characters that are replaced with ASCII analogs during IDN conversion, then in a subsequent request it does not detect...

7.5CVSS7.7AI score0.1654EPSS
Exploits1
Redos
Redos
•added 2023/04/14 12:0 a.m.•35 views

ROS-20230414-02

DNS server BIND vulnerability is related to reachable assertion in DNS query processing. Exploitation The vulnerability allows an attacker acting remotely to send repeated patterns of specific requests to servers with DNSSEC-Validated Cache synth-from-rom enabled. queries to servers with the...

7.5CVSS6.3AI score0.0325EPSS
Exploits0
Redos
Redos
•added 2023/04/14 12:0 a.m.•28 views

ROS-20230414-01

A vulnerability in the Ghostscript document processing toolkit is related to a buffer overflow in the BCPEncode, BCPDecode, TBCPEncode and TBCPDecode handlers. BCPEncode, BCPDecode, TBCPEncode and TBCPDecode handlers, in case when the write buffer is underfilled by one byte and then a shielded...

9.8CVSS9.3AI score0.06341EPSS
Exploits1
Redos
Redos
•added 2023/04/14 12:0 a.m.•41 views

ROS-20230414-04

The curl program vulnerability is related to a memory usage error after release when processing rejected requests from HTTP proxy using SMB or TELNET protocols. Exploitation of the vulnerability could allow an attacker acting remotely to cause a post-release memory usage error and cause the...

5.9CVSS6.8AI score0.02511EPSS
Exploits1
Redos
Redos
•added 2023/04/14 12:0 a.m.•3 views

ROS-20230414-24

The curl program vulnerability is related to a memory usage error after release when processing rejected requests from HTTP proxy using SMB or TELNET protocols. Exploitation of the vulnerability could allow an attacker acting remotely to cause a post-release memory usage error and cause the...

5.9CVSS7AI score0.02511EPSS
Exploits1
Redos
Redos
•added 2023/04/13 12:0 a.m.•24 views

ROS-20230413-01

The Nextcloud software vulnerability is related to secure browsing for internal shared resources, which can be bypassed if re-sharing permissions are also granted. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to restricted functions. The...

7.5CVSS7AI score0.01373EPSS
Exploits2
Redos
Redos
•added 2023/04/12 12:0 a.m.•149 views

ROS-20230412-01

Libde265 vulnerability is related to derivecollocatedmotionvectors function in motion.cc . Exploitation of the vulnerability could allow an attacker to overflow the heap buffer. Vulnerability Libde265 is related to decodercontext::processslicesegmentheader function in decctx.cc . Exploitation of...

8.8CVSS7.2AI score0.0085EPSS
Exploits2
Redos
Redos
•added 2023/04/12 12:0 a.m.•109 views

ROS-20230412-03

The Consul server vulnerability is related to allowing an authenticated user to use the service: write permissions to start a workflow. Exploitation of the vulnerability could allow an attacker acting remotely to crash the Consul server and client agents...

6.5CVSS6.7AI score0.01005EPSS
Exploits0
Redos
Redos
•added 2023/04/12 12:0 a.m.•101 views

ROS-20230412-02

Vim text editor vulnerability related to the classobjectindex vim function in the vim9class.c file. Exploitation of the vulnerability could allow an attacker acting remotely to trick a user into opening a specially crafted file, causing a problem that leads to a problem that leads to a bug. a use...

8.4CVSS5.9AI score0.00453EPSS
Exploits1
Redos
Redos
•added 2023/04/11 12:0 a.m.•67 views

ROS-20230411-02

Liblouis braille translator vulnerability is related to copying to buffer without checking the size of input data data. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of with the compileTranslationTable.c and lousetDataPath functions. The Liblouis...

7.5CVSS7.3AI score0.01345EPSS
Exploits2
Redos
Redos
•added 2023/04/11 12:0 a.m.•66 views

ROS-20230411-03

The Minio object store vulnerability is related to a user with console administrator privileges who could potentially create a user that matches the root access key, once this user is successfully created, root credentials will stop working properly. Exploitation of the of the vulnerability could...

6.5CVSS6.5AI score0.00898EPSS
Exploits1
Redos
Redos
•added 2023/04/11 12:0 a.m.•61 views

ROS-20230411-01

The CairoSVG SVG converter vulnerability is related to insufficient validation of user input during the SVG file processing. Exploitation of the vulnerability could allow an attacker acting remotely, access sensitive data located on a local network or send malicious requests to other servers from...

9.9CVSS6.6AI score0.00722EPSS
Exploits0
Redos
Redos
•added 2023/04/07 12:0 a.m.•5 views

ROS-20230407-21

A vulnerability in the libcurl library is related to an authentication bypass, in which libcurl reuses a a previously established SSH connection, even though the SSH parameter has been changed, which should have prevent reuse. Exploitation of the vulnerability could allow an attacker acting...

7.7CVSS6.8AI score0.01607EPSS
Exploits2
Redos
Redos
•added 2023/04/07 12:0 a.m.•96 views

ROS-20230407-01

The libcurl library vulnerability is related to FTP connection reuse, previously created connections are stored in a connection pool for reuse if they match the current connection pool. connections are stored in the connection pool for reuse if they match the current configuration. configuration...

7.7CVSS7.5AI score0.01856EPSS
Exploits4
Redos
Redos
•added 2023/04/07 12:0 a.m.•84 views

ROS-20230407-03

A vulnerability in the OpenSSL cryptographic library is related to the validation of X.509 certificate chains that include policy restrictions. Exploitation of the vulnerability could allow an attacker acting remotely, to create a malicious certificate chain that triggers exponential utilization ...

7.5CVSS7.5AI score0.03658EPSS
Exploits0
Redos
Redos
•added 2023/04/07 12:0 a.m.•67 views

ROS-20230407-02

The Redis DBMS vulnerability is related to a command injection error that exists due to a reachable assertion when processing the MSETNX command. Exploitation of the vulnerability could allow an attacker, acting remotely, to send a specially crafted MSETNX command, causing a denial of service,...

5.5CVSS6.5AI score0.54978EPSS
Exploits0
Redos
Redos
•added 2023/04/06 12:0 a.m.•3 views

ROS-20230406-21

A vulnerability in the curl program is related to data exchange using the TELNET protocol, which could allow an attacker to pass a specially crafted username and "telnet parameters" during a server negotiation. Exploitation of the vulnerability could allow an attacker acting remotely, to send...

9.8CVSS7.8AI score0.02195EPSS
Exploits2
Redos
Redos
•added 2023/04/06 12:0 a.m.•56 views

ROS-20230406-01

A vulnerability in the curl program is related to the incorrect replacement of the tilde character when used as a prefix in the first path element, in addition to its intended use as the first element to specify a path relative to a user's home directory. element to specify a path relative to the...

9.8CVSS8.9AI score0.02195EPSS
Exploits2
Redos
Redos
•added 2023/03/24 12:0 a.m.•35 views

ROS-20230324-01

Vulnerability of Samba networking software package is related to errors in symbolic links processing. links. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to the server's server file system Vulnerability of unwrapdes and unwrapdes3 functions of GSSAPI...

6.5CVSS7.3AI score0.0369EPSS
Exploits0
Redos
Redos
•added 2023/03/23 12:0 a.m.•34 views

ROS-20230322-03

A vulnerability in the Git program is related to the input of processed input data - a path outside the working tree can be overwritten by a user running "git apply". Exploiting the vulnerability could allow an attacker acting remotely to run the affected command against a malicious or compromise...

7.5CVSS6.7AI score0.01144EPSS
Exploits3
Redos
Redos
•added 2023/03/22 12:0 a.m.•33 views

ROS-20230322-02

The Containerd container execution environment vulnerability is related to a flaw whereby additional groups are not properly configured within the container, when an attacker has direct access to the container and manipulates its optional group access, it can use optional group access to bypass t...

7.8CVSS7.2AI score0.00542EPSS
Exploits1
Redos
Redos
•added 2023/03/22 12:0 a.m.•26 views

ROS-20230322-01

A vulnerability in the HEIF and AVIF libheif file format decoder is related to the data parsing code of strided images in the emscripten wrapper for libheif. Exploitation of the vulnerability could allow an attacker acting remotely to use a specially crafted image file to cause a buffer overflow ...

7.8CVSS7.7AI score0.00307EPSS
Exploits0
Redos
Redos
•added 2023/03/21 12:0 a.m.•31 views

ROS-20230321-01

A vulnerability in libde265 is related to null pointer dereferencing in the mcchroma function in motion.cc. Exploitation of the vulnerability could allow an attacker to cause a denial of service DoS with a a crafted input file. The vulnerability in libde265 is related to the dereferencing of a nu...

6.5CVSS5.8AI score0.00774EPSS
Exploits7
Redos
Redos
•added 2023/03/20 12:0 a.m.•24 views

ROS-20230320-02

A vulnerability in libde265 involves copying an input buffer to an output buffer without checking that the size of the input buffer is less than the size of the output buffer, resulting in a buffer overflow in the of the input buffer is smaller than the output buffer, resulting in a buffer overfl...

7.8CVSS8AI score0.00325EPSS
Exploits2
Redos
Redos
•added 2023/03/20 12:0 a.m.•28 views

ROS-20230320-01

A vulnerability in the Vim text editor is related to a division by zero error in the scrolldown function in move.c. Exploitation of the vulnerability could allow an attacker acting remotely to perform a denial-of-service attack. denial-of-service attack...

7.8CVSS7.5AI score0.00455EPSS
Exploits1
Redos
Redos
•added 2023/03/17 12:0 a.m.•30 views

ROS-20230317-02

Squid vulnerability related to a bug in libntlmauth due to improper integer overflow protection integer overflow protection in Squid SSPI and SMB authentication helpers. Exploitation of the vulnerability could allow an attacker, acting remotely to disclose information or cause a denial of service...

8.6CVSS8.6AI score0.0282EPSS
Exploits0
Redos
Redos
•added 2023/03/17 12:0 a.m.•33 views

ROS-20230317-01

Vulnerability in Redis database related to string mapping commands e.g. SCAN or KEYS with a specially crafted template. Exploitation of the vulnerability could allow an attacker acting remotely to launch a "denial of service" attack. remotely to launch a denial-of-service attack...

5.5CVSS5.7AI score0.59706EPSS
Exploits0
Redos
Redos
•added 2023/03/17 12:0 a.m.•13 views

ROS-20230317-03

A vulnerability in the Minio object store is related to improper enforcement of the bypass prohibition policy, with the removing a version identifier with the special header "X-Amz-Bypass-Governance-Retention: true". Exploitation of the vulnerability could allow an attacker acting remotely to gai...

8.8CVSS8.6AI score0.00955EPSS
Exploits1
Redos
Redos
•added 2023/03/16 12:0 a.m.•34 views

ROS-20230316-01

Vulnerability in C library related to c-ares package, where aressetsortlist lacks input string validation, allowing possible stack overflow. package in which aressetsortlist lacks input string validation, which allows possible stack overflow of arbitrary length. Exploitation of the vulnerability...

8.6CVSS8.4AI score0.01232EPSS
Exploits1
Redos
Redos
•added 2023/03/15 12:0 a.m.•33 views

ROS-20230315-01

Vulnerability in Mozilla Thunderbird email client related to notifications that are not displayed, when the browser is in full screen mode, allowing an attacker to trick the victim into visiting a malicious website and performing a spoofing attack. to visit a malicious website and perform a...

8.8CVSS7.6AI score0.00817EPSS
Exploits0
Redos
Redos
•added 2023/02/17 12:0 a.m.•27 views

ROS-20230217-02

A vulnerability in the Mozilla Firefox browser is related to a memory corruption bug. Exploitation of the vulnerability could allow a remote attacker to cause a buffer overflow and run arbitrary code...

8.8CVSS9.3AI score0.00668EPSS
Exploits0
Redos
Redos
•added 2023/02/17 12:0 a.m.•34 views

ROS-20230217-01

Vulnerability in driver management software for multipath access organization multipath-tools is related to privilege management errors. Exploitation of the vulnerability could allow an attacker to elevate privileges to root user...

7.8CVSS7.7AI score0.00606EPSS
Exploits4
Redos
Redos
•added 2023/02/13 12:0 a.m.•32 views

ROS-20230213-01

A vulnerability in the ImageMagick graphical editor is related to errors in input data processing. Exploitation of the vulnerability may allow a remote intruder to gain access to protected information using the profile parameter. information using the profile parameter Vulnerability of ImageMagic...

6.5CVSS6.8AI score0.89855EPSS
Exploits31
Redos
Redos
•added 2023/02/10 12:0 a.m.•79 views

ROS-20230210-04

A vulnerability in the Redis database management system DBMS is related to the setrange and sort ro commands. Exploitation of the vulnerability could allow an attacker acting remotely to cause an integer overflow, resulting in the allocation of unacceptable amounts of memory...

5.5CVSS6AI score0.33269EPSS
Exploits0
Redos
Redos
•added 2023/02/10 12:0 a.m.•70 views

ROS-20230210-02

The X.Org Server vulnerability is related to the fact that after calling free a pointer bound to the buffer did not have the NULL sign, which led to further access to the buffer after its freeing use-after-free in the DeepCopyPointerClasses function used in the X Input extension...

7.8CVSS8AI score0.00899EPSS
Exploits0
Redos
Redos
•added 2023/02/10 12:0 a.m.•72 views

ROS-20230210-03

Vulnerability of GNU C Libraryglibc system calls and basic functions library is related to buffer overflow in monstartup function of Call Graph Monitor component in gmon.c file. buffer overflow in monstartup function of gmon.c file of Call Graph Monitor component. Exploiting the vulnerability cou...

9.8CVSS9.5AI score0.01103EPSS
Exploits0
Redos
Redos
•added 2023/02/10 12:0 a.m.•66 views

ROS-20230210-01

The vulnerability of the GNU Less utility for UNIX-like UNIX text terminals is due to the fact that calling "less -R" will not filter ANSI control sequences sent to the terminal. Exploitation of the vulnerability could allow an attacker acting remotely to escalate his privileges on the system...

7.5CVSS7.7AI score0.01412EPSS
Exploits0
Redos
Redos
•added 2023/02/03 12:0 a.m.•53 views

ROS-20230203-01

A vulnerability in the GNU Tar archiver is related to the fromheader function in list.c via the V7 archive, in which mtime contains approximately 11 whitespace characters. Exploitation of the vulnerability could allow an attacker, acting remotely, to transmit special data to the application and...

5.5CVSS6.3AI score0.04524EPSS
Exploits1
Redos
Redos
•added 2023/02/03 12:0 a.m.•38 views

ROS-20230203-03

A vulnerability in the GNU Binary Utilities binutils object code manipulation toolkit is related to a memory access error. Exploitation of the vulnerability could allow an attacker acting remotely to analyze an ELF file containing corrupted information. remotely, to analyze an ELF file containing...

5.5CVSS6.1AI score0.00437EPSS
Exploits1
Redos
Redos
•added 2023/02/03 12:0 a.m.•34 views

ROS-20230203-02

Vim text editor vulnerability is related to division by zero error in 'smoothscroll' function at small window size. window size. Exploitation of the vulnerability could allow an attacker acting remotely to cause the program to crash. program crash...

7.8CVSS7.5AI score0.0049EPSS
Exploits1
Redos
Redos
•added 2023/01/30 12:0 a.m.•8 views

ROS-20230130-01

A vulnerability in the cross-platform JavaScript runtime Node.js is related to incorrect handling of an exception in the src/nodeoptions-inl.h file when an invalid command line argument is input. exception in src/nodeoptions-inl.h file when an invalid command line argument is supplied. Exploitati...

6.8AI score
Exploits0
Redos
Redos
•added 2023/01/30 12:0 a.m.•19 views

ROS-20230130-02

Vulnerability of the opusfile stream decoder library is related to null pointer dereferencing in the opgetdata and opopen1 functions in opusfile.c in xiph. Exploitation of the vulnerability could allow an attacker, acting remotely, transfer specially crafted data to an application and perform a...

7.8CVSS7.2AI score0.00395EPSS
Exploits1
Total number of security vulnerabilities8244