Redos - Page 55 of Redos Vulnerabilities List

Redos•added 2025/10/08 12:0 a.m.•2 views

ROS-20251008-09

The Open Asset Import Library Assimp 3D model import library vulnerability is related to the manipulation of the mWidth/mHeight the mWidth/mHeight argument. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service The Open Asset Import Library Assimp 3D...

8.8CVSS6.8AI score0.00135EPSS

Exploits3

Redos•added 2025/10/08 12:0 a.m.•3 views

ROS-20251008-08

The vulnerability of the libexpat XML file parsing library is related to the fact that the application does not control the internal resource consumption properly. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

7.5CVSS6.8AI score0.00102EPSS

Redos•added 2025/10/08 12:0 a.m.•1 views

ROS-20251008-06

The Eclipse Jetty servlet container vulnerability is related to the fact that the application does not properly control internal resource consumption when processing HTTP/2 requests. consumption of internal resources when processing HTTP/2 requests. Exploitation of the vulnerability could allow a...

7.7CVSS6.8AI score0.00573EPSS

Redos•added 2025/10/07 12:0 a.m.•1 views

ROS-20251007-02

Vulnerability of the software tool for MediaWiki hypertext environment implementation is related to insufficient filtering of system messages. filtering of system messages. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary JavaScript code. remotely to...

6.9CVSS7.6AI score0.00464EPSS

Redos•added 2025/10/07 12:0 a.m.•3 views

ROS-20251007-01

A vulnerability in the command-line utility for extracting text content from Microsoft Word files catdoc is related to an integer overflow in the OLE Document DIFAT parser function. Exploitation vulnerability could allow an attacker to execute arbitrary code on the target system Vulnerability in ...

8.4CVSS7.9AI score0.00192EPSS

Exploits3

Redos•added 2025/10/07 12:0 a.m.•4 views

ROS-20251007-03

The vulnerability of the high-performance open source DNS server PowerDNS Recursor is related to a a bug in the ECS implementation. Exploitation of the vulnerability could allow an attacker acting remotely, perform cache poisoning attacks...

7.5CVSS6.5AI score0.0012EPSS

Redos•added 2025/10/07 12:0 a.m.•2 views

ROS-20251007-04

A vulnerability in GLPI's computer hardware request, incident, and inventory system is related to a key-based authorization bypass. key authorization. Exploitation of the vulnerability could allow a remote intruder, compromise the system Vulnerability in the GLPI computer equipment request,...

6.5CVSS4.9AI score0.00237EPSS

Redos•added 2025/10/07 12:0 a.m.•2 views

ROS-20251007-05

A vulnerability in the vim text editor is related to manipulation of the main function of the src/xxd/xxd.c file component xxd. Exploitation of the vulnerability could allow an attacker to cause a denial of service The vim text editor vulnerability is related to manipulation of the...

8.8CVSS5.8AI score0.00081EPSS

ROS-20251006-15

A vulnerability in a library that provides basic functionality for data serialization and deserialization Jackson Core, is related to the fact that when parsing JSON from an array of bytes with offset and length, an exception message is erroneously read from the beginning of the array. exception...

7.5CVSS6.8AI score0.0056EPSS

ROS-20251006-11

A vulnerability in the permissions model of the Node.js software platform is related to flaws in the processing of HTTP requests. Exploitation of the vulnerability could allow a remote attacker to bypass existing security restrictions and send unauthorized requests. existing security restrictions...

5.5CVSS6.8AI score0.00039EPSS

ROS-20251006-04

A vulnerability in the GPAC multimedia platform is related to manipulation of the isoffinprocess function of the file src/filters/isoffinread.c of the MP4Box component. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

7.5CVSS6.8AI score0.0056EPSS

ROS-20251006-09

5.3CVSS6.8AI score0.00685EPSS

ROS-20251006-06

A vulnerability in the AbuseFilter extension for MediaWiki is related to the fact that an API caller can map a filter condition with AbuseFilter logs. Exploiting the vulnerability could allow an attacker, acting remotely, to gain access to sensitive information...

3.2CVSS6.8AI score0.00018EPSS

ROS-20251006-05

The vulnerability of the Cockpit server management system is related to the fact that the application does not control the internal resource consumption properly. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20251006-13

ROS-20251006-12

7.5CVSS6.9AI score0.00425EPSS

ROS-20251006-17

The vulnerability of the Libgcrypt cryptographic library is related to the use of a weak cryptographic algorithm. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information...

Redos•added 2025/10/06 12:0 a.m.•4 views

ROS-20251006-02

A vulnerability in the curl program is related to boundary conditions when reading the cookie path. Exploitation The vulnerability could allow a remote attacker to cause a denial of service...

7.5CVSS6.9AI score0.00275EPSS

Redos•added 2025/10/06 12:0 a.m.•4 views

ROS-20251006-01

A vulnerability in the certtool utility of the GnuTLS transport layer security library is related to an operation exceeding the buffer boundaries. operation outside of a buffer in memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

8.2CVSS7AI score0.00292EPSS

8.1CVSS7AI score0.00116EPSS

ROS-20251006-03

A vulnerability in a set of tools that allow companies to manage software subscriptions Candlepin is related to the ability to create data related to another client/tenant. Exploitation vulnerability could allow an attacker acting remotely to gain access to sensitive information...

ROS-20251006-16

7.8CVSS7.2AI score0.00567EPSS

ROS-20251006-07

The vulnerability of the pamaccess component of the access.conf file of the Linux-PAM authentication module is related to the flaws in the authentication procedure. Exploitation of the vulnerability could allow an attacker acting remotely to bypass existing security restrictions and gain access t...

ROS-20251006-14

7.5CVSS6.8AI score0.0056EPSS

ROS-20251006-10

6.1CVSS6.7AI score0.00242EPSS

ROS-20251006-08

Vulnerability of GLPI system of requests, incidents and inventory of computer equipment is related to URL redirection to an untrusted site when the redirect parameter is processed. Exploitation of the vulnerability could Allow a remote attacker to impact the confidentiality and integrity of...

Redos•added 2025/10/02 12:0 a.m.•2 views

ROS-20251002-03

A vulnerability in Microsoft's .NET software platform is related to the closing of the HTTP/3 stream while writing code for an application, resulting in a race condition in response. Exploitation of the vulnerability could allow an attacker, acting remotely, to gain access to sensitive informatio...

8.8CVSS7.3AI score0.00324EPSS

Redos•added 2025/10/02 12:0 a.m.•2 views

ROS-20251002-01

A vulnerability in the Privoxy proxy server with advanced web content filtering functions is related to insufficient validation of user data in the "processencryptedrequestheaders" function. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A...

7.5CVSS6.2AI score0.00633EPSS

Redos•added 2025/10/02 12:0 a.m.•2 views

ROS-20251002-02

A vulnerability in the Netty networking software is associated with incorrect validation of HTTP/1.1 requests. Exploitation of the vulnerability could allow an attacker acting remotely to perform spoofing attacks against HTTP requests. HTTP requests A vulnerability in the Netty networking softwar...

7.5CVSS6.7AI score0.00097EPSS

10CVSS6.8AI score0.00291EPSS

ROS-20251001-07

A vulnerability in the Iperf3 network bandwidth measurement tool is related to a fill error on the one. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

Redos•added 2025/10/01 12:0 a.m.•3 views

ROS-20251001-06

Vulnerability in DecodeConfig component of Golang programming language is related to uncontrolled consumption of resources. resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial-of-service condition. denial of service...

9.1CVSS6.7AI score0.00056EPSS

5.5CVSS7AI score0.00259EPSS

ROS-20251001-04

A vulnerability in the gnutlsrnd function of the Samba networking software package is related to the use of insufficiently random values. insufficiently randomized values. Exploitation of the vulnerability could allow an attacker to gain access to confidential data...

6.9CVSS7.3AI score0.3466EPSS

ROS-20251001-03

A vulnerability in the jQuery library exists due to insufficient cleansing of user-supplied data when passing elements to jQuery DOM methods. Exploitation of the vulnerability could allow an attacker, acting remotely, to perform cross-site scripting attacks...

Exploits6

Redos•added 2025/10/01 12:0 a.m.•5 views

ROS-20250930-15

Kea open source DHCP server vulnerability is related to availability checking when processing DHCP packets. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

7.5CVSS6.8AI score0.0009EPSS

Redos•added 2025/10/01 12:0 a.m.•1 views

ROS-20251001-02

VMSVGA virtual graphics adapter vulnerability in Oracle VM virtualization software VirtualBox is related to access control flaws resulting from buffer overruns. VirtualBox is related to access delimitation flaws as a result of an operation exceeding the buffer boundaries in memory. Exploitation o...

8.2CVSS8AI score0.00133EPSS

9.8CVSS6.7AI score0.00273EPSS

ROS-20251001-08

Vulnerability of cJSON parser is related to boundary conditions in decodearrayindexfrompointer function in cJSONUtils.c. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to potentially sensitive information...

8.2CVSS8AI score0.00133EPSS

ROS-20251001-01

5.5CVSS6.8AI score0.00071EPSS

ROS-20250930-01

A vulnerability in the library used to read EPUB files libgepub is related to incorrect processing of file size calculations when opening specially crafted EPUB files. file size calculations when opening specially crafted EPUB files. Exploitation of the vulnerability could Allow an attacker to...

Redos•added 2025/09/30 12:0 a.m.•1 views

ROS-20250930-07

Vulnerability of ImageMagick console graphic editor related to format string error in function "InterpretImageFilename" function. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code on the target system, execute arbitrary code on the target system Vulnerabili...

8.8CVSS7.8AI score0.01005EPSS

8.7CVSS7AI score0.00235EPSS

ROS-20250930-05

The Unbound DNS server vulnerability is related to a logical error in the EDNS client subnet ECS implementation. Exploitation of the vulnerability allows a remote attacker to perform cache poisoning attacks...

Redos•added 2025/09/30 12:0 a.m.•1 views

ROS-20250930-02

A code vulnerability in the Audio Profile AVRCP component of the Bluetooth protocol stack for Linux BlueZ is related to a buffer overflow. buffer overflow. Exploitation of the vulnerability allows an attacker acting remotely to execute arbitrary code...

8CVSS7.3AI score0.03489EPSS

7CVSS7.2AI score0.00082EPSS

ROS-20250930-06

Tianocore EDK2 library vulnerability is related to insecure IDT register handling during SMM login. Exploitation of the vulnerability allows an attacker to escalate privileges in the system...

Redos•added 2025/09/30 12:0 a.m.•4 views

ROS-20250930-03

The polkit service vulnerability is related to a boundary validation error when processing XML policies with a nesting depth of 32 or more elements. of 32 or more elements. Exploitation of the vulnerability could allow an attacker to compromise a compromised vulnerable system...

6.7CVSS6.9AI score0.00034EPSS

8.8CVSS7.8AI score0.01005EPSS

ROS-20250930-08

Redos•added 2025/09/30 12:0 a.m.•3 views

ROS-20250930-04

The Open Asset Import Library Assimp 3D model import library implementation vulnerability is related to manipulation of the skinwidth/skinheight argument. Exploitation of the vulnerability could allow an attacker to cause a denial of service Vulnerability in Open Asset Import Library Assimp 3D...

8.8CVSS6.9AI score0.00071EPSS

Exploits3

Redos•added 2025/09/29 12:0 a.m.•1 views

ROS-20250929-07

A vulnerability in the SQL concatws function of the SQLite database management system is related to integer overflow. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service via the malloc parameter...

7.5CVSS7.3AI score0.00072EPSS

Redos•added 2025/09/29 12:0 a.m.•2 views

ROS-20250929-13

Vulnerability in Mozilla Firefox, Mozilla Firefox ESR, Mozilla Thunderbird email client is related to with an operation exceeding the memory buffer boundaries. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary code Vulnerability in JavaScript Engine...

9.8CVSS7.3AI score0.0021EPSS

Redos•added 2025/09/29 12:0 a.m.•4 views

ROS-20250929-08

Intel processor firmware vulnerability is linked to information disclosure. Exploitation exploitation of the vulnerability could allow an intruder to gain unauthorized access to protected information A vulnerability in the cross-platform Xen hypervisor of the Linux operating system kernel is...

9.8CVSS8.2AI score0.00339EPSS

Redos•added 2025/09/29 12:0 a.m.•2 views

ROS-20250929-04

Vulnerability of MultipartStream class of the Commons FileUpload library exists due to insufficient validation of the of input data. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service consumption of computational resources using a long string...

7.8CVSS6.7AI score0.40246EPSS

Redos•added 2025/09/29 12:0 a.m.•1 views

ROS-20250929-06

7.5CVSS7.3AI score0.00072EPSS