Redos - Page 73 of Redos Vulnerabilities List

Redos•added 2025/01/15 12:0 a.m.•7 views

ROS-20250115-04

A vulnerability in the ldapescape function of the PHP programming language interpreter is related to the operation exceeding the buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely, cause a denial of service A vulnerability in the dblib and...

9.8CVSS8.4AI score0.01153EPSS

Exploits4

Redos•added 2025/01/15 12:0 a.m.•11 views

ROS-20250115-01

A vulnerability in Mozilla Firefox, Firefox ESR, and Thunderbird email client is related to improper permission persistence. exploitation of the vulnerability could allow a remote attacker to affect the confidentiality of protected information, to affect the confidentiality of protected informati...

7.5CVSS8.1AI score0.0071EPSS

Redos•added 2025/01/15 12:0 a.m.•8 views

ROS-20250115-06

A vulnerability in the ocfs2 component of the Linux kernel is related to the dereferencing of a NULL pointer in the ocfs2fillsuper function in fs/ocfs2/super.c, toocfs2trigger, ocfs2dbfrozentrigger and ocfs2journalaccess in fs/ocfs2/journal.c. Exploitation of the vulnerability could allow an...

7.8CVSS7.3AI score0.00035EPSS

Redos•added 2025/01/15 12:0 a.m.•3 views

ROS-20250115-05

9.8CVSS8.4AI score0.01153EPSS

Exploits4

Redos•added 2025/01/15 12:0 a.m.•6 views

ROS-20250115-03

9.8CVSS8.4AI score0.01153EPSS

Exploits4

Redos•added 2025/01/15 12:0 a.m.•8 views

ROS-20250115-02

7.5CVSS8.1AI score0.0071EPSS

Redos•added 2025/01/14 12:0 a.m.•7 views

ROS-20250114-10

Vulnerability in the animation control and synchronization handler on web pages of Mozilla Firefox browsers, Firefox ESR is related to the possibility of memory usage after its release. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code by injecting it into...

9.8CVSS9.6AI score0.30808EPSS

10CVSS6.8AI score0.00532EPSS

ROS-20250114-02

LibreOffice office suite vulnerability is related to incorrect cryptographic signature verification. signature. Exploitation of the vulnerability could allow an attacker to create a specially crafted document, which, upon recovery, would report the valid status of the electronic signature A...

Redos•added 2025/01/14 12:0 a.m.•142 views

ROS-20250114-15

Vulnerability of gfxv943initmicrocode function in drivers/gpu/drm/amd/amdgpu/gfxv943.c module of driver Linux operating system kernel amdgpu is related to memory writes outside of the allocated buffer. Exploitation of the vulnerability could allow an attacker to impact confidentiality, integrity...

9.8CVSS7.2AI score0.00106EPSS

Redos•added 2025/01/14 12:0 a.m.•4 views

ROS-20250114-11

The vulnerability of the Python virtualenv virtual environment constructor activation scripts is related to the failure to take steps to neutralize special elements used by the operating system command. measures to neutralize special elements used in the operating system command. Exploitation...

8.4CVSS7.6AI score0.00226EPSS

7.8CVSS7.6AI score0.44229EPSS

ROS-20250114-12

A vulnerability in the implementation of the Zstandard compression method of the 7-Zip archiver is related to integer overflow. Exploitation of the vulnerability could allow an attacker to execute arbitrary code provided that a user opens a specially generated archive. by a user opening a special...

Redos•added 2025/01/14 12:0 a.m.•12 views

ROS-20250114-06

A vulnerability in the Serialization component of Oracle GraalVM Enterprise Edition virtual machines, Oracle GraalVM for JDK and Oracle Java SE software platform is related to incorrect clearing or freeing of resources. resources. Exploitation of the vulnerability could allow an attacker acting...

Redos•added 2025/01/14 12:0 a.m.•6 views

ROS-20250114-14

A vulnerability in the compress component of the Linux operating system kernel is related to incorrect blocking in the f2fsreleasecompressblocks and f2fsreservecompressblocks functions in f2fs/file.c. Exploitation of the of the vulnerability could allow an attacker to cause a denial of service A...

7.1CVSS6.8AI score0.0003EPSS

Redos•added 2025/01/14 12:0 a.m.•143 views

ROS-20250114-03

Vulnerability in the Hash Handler component of the 389-ds-basic package is related to insufficient verification of the of password hashes. Exploitation of the vulnerability could allow an intruder to cause a denial of service...

5.7CVSS6.7AI score0.00119EPSS

Redos•added 2025/01/14 12:0 a.m.•6 views

ROS-20250114-04

The incognito mode vulnerability in Mozilla Firefox, Firefox ESR browsers is due to the application not properly impose security restrictions. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the implemented security restrictions Incognito mode vulnerability in...

9.8CVSS7.4AI score0.00168EPSS

Redos•added 2025/01/14 12:0 a.m.•6 views

ROS-20250114-09

9.8CVSS9.6AI score0.30808EPSS

Redos•added 2025/01/14 12:0 a.m.•10 views

ROS-20250114-13

The Redis database management system DBMS vulnerability is related to the use of memory after its memory after it has been freed. Exploitation of the vulnerability could allow an attacker to execute arbitrary code by injecting a specially crafted lua script A vulnerability in the Redis database...

9.8CVSS7.7AI score0.80733EPSS

Exploits2

ROS-20250114-05

Redos•added 2025/01/14 12:0 a.m.•8 views

ROS-20250114-07

Redos•added 2025/01/14 12:0 a.m.•147 views

ROS-20250114-01

HTTP client aiohttp vulnerability is related to execution of a loop with an unreachable exit condition. Exploitation exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service Vulnerability of HTTP client aiohttp is related to a symbolic link issue in...

7.5CVSS7AI score0.00709EPSS

ROS-20250114-08

Redos•added 2025/01/13 12:0 a.m.•12 views

ROS-20250113-05

A vulnerability in the dma-mapping component of the Linux kernel is related to incorrect input validation in the mapbenchmarkioctl function in kernel/dma/mapbenchmark.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the f2fs component of...

9.8CVSS7.5AI score0.00248EPSS

Redos•added 2025/01/13 12:0 a.m.•11 views

ROS-20250113-01

A vulnerability in the OpenSSL library is related to reading the wrong address in memory when comparing subject names otherName of an X.509 certificate. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service...

7.5CVSS6.8AI score0.14258EPSS

Redos•added 2025/01/13 12:0 a.m.•5 views

ROS-20250113-04

A vulnerability in the usb component of the Linux kernel is related to incorrect locking in the functions freeepfback, uaudiosetvolume, uaudiosetmute and gaudiosetup functions in drivers/usb/gadget/function/uaudio.c. Exploitation of the vulnerability could allow an attacker to cause a denial of...

5.5CVSS6.8AI score0.00033EPSS

Redos•added 2025/01/13 12:0 a.m.•11 views

ROS-20250113-02

Vulnerability of sessionuser function in fs/ksmbd/smb2pdu.c module of KSMBD file system of Linux kernel is related to reading data outside the allocated buffer. Linux kernel file system KSMBD is related to reading data outside the allocated buffer. Exploitation of the vulnerability could allow an...

9.8CVSS7.3AI score0.00095EPSS

Redos•added 2025/01/13 12:0 a.m.•15 views

ROS-20250113-03

Vulnerability in Intel Ethernet network controllers RDMA driver for Linux is related to access control flaws access control weaknesses. Exploitation of the vulnerability could allow an attacker acting remotely to escalate their privileges...

9.8CVSS7.1AI score0.00689EPSS

Redos•added 2025/01/10 12:0 a.m.•8 views

ROS-20250110-09

Vulnerability in Erlang programming language OTP library set is related to incorrect certificate validation. certificate. Exploitation of the vulnerability allows an attacker acting remotely to perform a MitM attack...

5.5CVSS6.8AI score0.00057EPSS

Redos•added 2025/01/10 12:0 a.m.•15 views

ROS-20250110-12

Apache Tomcat application server vulnerability is related to synchronization errors when using a shared resource "Race Situation". "Race Situation". Exploitation of the vulnerability could allow a remote attacker, execute arbitrary code by downloading specially crafted JSP files Apache Tomcat...

9.8CVSS7.4AI score0.84587EPSS

Exploits12

Redos•added 2025/01/10 12:0 a.m.•5 views

ROS-20250110-11

A vulnerability in the Action Pack framework of the Ruby on Rails software platform is related to incorrect validation of the of input data. Exploitation of the vulnerability could allow a remote attacker to bypass certain security restrictions. certain security restrictions...

9.8CVSS6.9AI score0.00832EPSS

Redos•added 2025/01/10 12:0 a.m.•3 views

ROS-20250110-08

A vulnerability in the qrreadermatchcenters function of the ZBar barcode reading library is related to writing outside the buffer boundaries. Exploitation of the vulnerability could allow a remote attacker to gain access to confidential data, compromise its integrity, and compromise its integrity...

9.8CVSS7.3AI score0.00814EPSS

Redos•added 2025/01/10 12:0 a.m.•10 views

ROS-20250110-01

A vulnerability in the Core component of the Oracle VM VirtualBox virtualization software tool is associated with authorization errors due to a buffer overrun. authorization errors as a result of an operation exceeding the buffer boundaries in memory. Exploitation of the vulnerability could allow...

7.5CVSS6.9AI score0.00063EPSS

Redos•added 2025/01/10 12:0 a.m.•11 views

ROS-20250110-13

MinIO object storage server vulnerability is related to insecure privilege management. Exploitation exploitation of the vulnerability could allow an attacker acting remotely to elevate their privileges to root...

9.3CVSS6.9AI score0.00412EPSS

Redos•added 2025/01/10 12:0 a.m.•15 views

ROS-20250110-05

The vulnerability of the Zabbix universal monitoring system server is related to the use of uncontrolled format strings when processing HttpRequest objects. format strings when processing HttpRequest objects. Exploitation of the vulnerability could allow an attacker, acting remotely, to gain...

9.1CVSS9.2AI score0.00906EPSS

Redos•added 2025/01/10 12:0 a.m.•6 views

ROS-20250110-02

A vulnerability in the Exiv2 media metadata management library is related to a flaw in the use of the assert function. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service using a specially crafted image file Vulnerability in the Jp2Image::readMetadata...

7.8CVSS7.8AI score0.01509EPSS

Exploits3

Redos•added 2025/01/10 12:0 a.m.•2 views

ROS-20250110-07

A vulnerability in the DNS server responsible for coredns name resolution is related to an incorrect implementation of the of caching. Exploitation of the vulnerability could allow a remote attacker to execute a spoofing attack. spoofing attack...

5.3CVSS7.1AI score0.00212EPSS

Redos•added 2025/01/10 12:0 a.m.•152 views

ROS-20250110-06

9.1CVSS9.2AI score0.00906EPSS

Redos•added 2025/01/10 12:0 a.m.•9 views

ROS-20250110-14

Vulnerability of ServerConfig.PublicKeyCallback function of the library for Go crypto programming language is related to a flaw in the authorization procedure for key processing. Exploitation of the vulnerability could allow an attacker acting remotely to bypass security restrictions...

9.1CVSS7.1AI score0.32338EPSS

Exploits2

Redos•added 2025/01/10 12:0 a.m.•12 views

ROS-20250110-10

A vulnerability in the asyncio.SelectorSocketTransport.writelines function of the Python programming language is associated with an uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker to cause a denial of service denial of service...

8.7CVSS6.6AI score0.00249EPSS

Redos•added 2025/01/10 12:0 a.m.•142 views

ROS-20250110-03

A vulnerability in the XMLResumeParser function of the libexpat XML parsing library is related to improper checking for unusual or exceptional conditions. Exploitation of the vulnerability could allow an attacker to stop/stop a parser that is not running...

5.9CVSS6.7AI score0.00116EPSS

Redos•added 2025/01/10 12:0 a.m.•4 views

ROS-20250110-04

Vulnerability of instancecreate method of the program for monitoring and adaptive tuning of system devices tuned is related to insufficient input data validation when processing the instancename parameter. Exploitation of the vulnerability could allow an attacker to conduct spoofing attacks...

7.8CVSS7.7AI score0.00033EPSS

Redos•added 2025/01/09 12:0 a.m.•16 views

ROS-20250109-03

Vulnerability of GLPI system of requests, incidents and inventory of computer equipment is related to Failure to take measures to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary code Vulnerability of the GLPI system...

9.3CVSS7.5AI score0.19755EPSS

Redos•added 2025/01/09 12:0 a.m.•5 views

ROS-20250109-07

A vulnerability in the Downloads component of Microsoft Edge and Google Chrome browsers is related to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to affect the confidentiality, integrity, and availability of protected information...

9.6CVSS8.7AI score0.33501EPSS

Exploits11

Redos•added 2025/01/09 12:0 a.m.•77 views

ROS-20250109-01

A NetworkManager network connection management vulnerability involves the injection of corrupted LLDP packets. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

3.1CVSS7.3AI score0.00082EPSS

Redos•added 2025/01/09 12:0 a.m.•3 views

ROS-20250109-02

Vulnerability in dogtag-pki and pki-core packages is related to incorrect input validation during query processing LDAP. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the authentication process. authentication...

7.5CVSS7.4AI score0.00047EPSS

Redos•added 2025/01/09 12:0 a.m.•13 views

ROS-20250109-08

The ungetbyte and ungetc methods of StringIO string handler for Ruby programming language are vulnerable to with an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker, acting remotely, to affect the confidentiality of protected information...

9.8CVSS6.9AI score0.0883EPSS

Redos•added 2025/01/09 12:0 a.m.•6 views

ROS-20250109-04

Vulnerability of the Fields plug-in of the GLPI system of requests, incidents and inventory of computer equipment is related to failure to take measures to protect the SQL query structure. Exploitation of the vulnerability could allow An attacker acting remotely could execute arbitrary SQL code...

7.7CVSS8.3AI score0.00107EPSS