Monthly
Local ASLR bypass in the FreeBSD ELF image activator (kernel) lets an unprivileged user neutralize address-space layout randomization for setuid PIE binaries. By calling procctl(2) to request ASLR disablement before execve(2), the per-process disable flag remains active when the PIE base address is computed, because the activator clears the flag too late. This is a mitigation-weakening flaw that materially eases exploitation of any separate memory-corruption bug in those privileged binaries; there is no public exploit identified at time of analysis and EPSS is low (0.18%, 8th percentile).
GnuTLS with OCSP verification enabled incorrectly accepts revoked server certificates when presented with specially crafted multi-record OCSP responses during TLS handshakes, allowing attackers to bypass certificate revocation checks and establish connections to compromised servers. The vulnerability requires high attack complexity and specific OCSP configuration, affecting Red Hat Enterprise Linux 6-10, Red Hat Hardened Images, and OpenShift Container Platform 4. No public exploit code or active exploitation has been identified at the time of analysis.
Versions of the package lockfile-lint-api before 5.9.2 are vulnerable to Incorrect Behavior Order: Early Validation via the resolved attribute of the package URL validation which can be bypassed by. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to improper implementation of password policies. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
Local ASLR bypass in the FreeBSD ELF image activator (kernel) lets an unprivileged user neutralize address-space layout randomization for setuid PIE binaries. By calling procctl(2) to request ASLR disablement before execve(2), the per-process disable flag remains active when the PIE base address is computed, because the activator clears the flag too late. This is a mitigation-weakening flaw that materially eases exploitation of any separate memory-corruption bug in those privileged binaries; there is no public exploit identified at time of analysis and EPSS is low (0.18%, 8th percentile).
GnuTLS with OCSP verification enabled incorrectly accepts revoked server certificates when presented with specially crafted multi-record OCSP responses during TLS handshakes, allowing attackers to bypass certificate revocation checks and establish connections to compromised servers. The vulnerability requires high attack complexity and specific OCSP configuration, affecting Red Hat Enterprise Linux 6-10, Red Hat Hardened Images, and OpenShift Container Platform 4. No public exploit code or active exploitation has been identified at the time of analysis.
Versions of the package lockfile-lint-api before 5.9.2 are vulnerable to Incorrect Behavior Order: Early Validation via the resolved attribute of the package URL validation which can be bypassed by. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to improper implementation of password policies. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.