The vulnerability of the UEFI loading mode of the BIOS microprogramming system on Intel Server Board M20NTP allows a hacker to enhance their privileges.

The vulnerability of the UEFI loading mechanism in the BIOS of Intel Server Board M20NTP software-based motherboards is related to insufficient validation of input data. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the Manager component in the Wowza Streaming Engine server software allows a hacker to gain access to and read files.

The vulnerability of the Manager component in the Wowza Streaming Engine server software is related to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability could allow a malicious actor to gain read access to files in the target directory, provided that...

The vulnerability of the SmartDeviceServer component in the Ivanti Avalanche mobile device management system allows a hacker to disclose protected information.

The vulnerability of the SmartDeviceServer component in the Ivanti Avalanche mobile device management system is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability can allow a malicious actor to disclose protected information...

[SECURITY] Fedora 41 Update: trafficserver-9.2.6-2.fc41

Traffic Server is a high-performance building block for cloud services. It's more than just a caching proxy server; it also has support for plugins to build large scale web applications. Key features: Caching - Improve your response time, while reducing server load and bandwidth needs by caching...

The vulnerability of the efi/capsule-loader component of the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the efi/capsule-loader component in the Linux operating system is related to a memory corruption in the eficapsuleopen function. Exploiting this vulnerability can allow an attacker to cause a service failure...

Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a new EFI/UEFI specification from Insyde China. It is intended to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O, which stems from a 0x49 function that can restore the factory default settings of certain UEFI variabl...

CVE-2024-39609

Improper Access Control in UEFI firmware for some IntelR Server Board M70KLP may allow a privileged user to potentially enable escalation of privilege via local access...

kernel: efi/unaccepted: touch soft lockup during memory accept

In the Linux kernel, the following vulnerability has been resolved: efi/unaccepted: touch soft lockup during memory accept Commit 50e782a86c98 "efi/unaccepted: Fix soft lockups caused by parallel memory acceptance" has released the spinlock so other CPUs can do memory acceptance in parallel and n...

kernel: efi: runtime: Fix potential overflow of soft-reserved region size

A flaw was found in the Linux kernel. Due to an integer overflow, certain EFI-related memory reservations might receive a size other than expected, leading to a denial of service...

SUSE CVE-2024-50141

In the Linux kernel, the following vulnerability has been resolved: ACPI: PRM: Find EFIMEMORYRUNTIME block for PRM handler and context PRMT needs to find the correct type of block to translate the PA-VA mapping for EFI runtime services. The issue arises because the PRMT is finding a block of type...

DEBIAN-CVE-2024-50141

In the Linux kernel, the following vulnerability has been resolved: ACPI: PRM: Find EFIMEMORYRUNTIME block for PRM handler and context PRMT needs to find the correct type of block to translate the PA-VA mapping for EFI runtime services. The issue arises because the PRMT is finding a block of type...

AZL-53639 CVE-2024-50141 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: ACPI: PRM: Find EFIMEMORYRUNTIME block for PRM handler and context PRMT needs to find the correct type of block to translate the PA-VA mapping for EFI runtime services. The issue arises because the PRMT is finding a block of type...

Cisco Identity Services Engine 代码问题漏洞

Cisco Identity Services Engine is an environment-aware platform from the U.S. company Cisco Cisco. The Cisco Identity Services Engine API interface has an XML external entity vulnerability that can be exploited by a remote attacker to submit a special request that can read arbitrary files in the...

The vulnerability of the struts2-core library in the Apache Struts software platform allows attackers to induce a service failure.

The vulnerability of the struts2-core library of the Apache Struts software platform is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures using specially crafted XML files...

The vulnerability of the UEFI Firmware component of Intel microprogramming systems, related to defects in input data validation, allows attackers to exploit their privileges.

The vulnerability of the UEFI Firmware component of Intel microprocessors is related to defects in input validation. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the UEFI Firmware component of Intel microprogramming systems, related to writing beyond the buffer boundaries, allows attackers to enhance their privileges.

The vulnerability of the UEFI Firmware component of Intel microprocessors is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to increase their privileges...

REXML 安全漏洞

REXML is a Ruby open source XML toolkit for Ruby. A security vulnerability exists in REXML versions prior to 3.3.9, which stems from a vulnerability to a regular expression denial of service attack when parsing XML referenced by hexadecimal numeric characters containing a large number of digits...

UBUNTU-CVE-2024-6826

An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 17.3.6, 17.4 before 17.4.3, and 17.5 before 17.5.1. A denial of service could occur via importing a malicious crafted XML manifest file...

SUSE CVE-2022-49004

In the Linux kernel, the following vulnerability has been resolved: riscv: Sync efi page table's kernel mappings before switching The EFI page table is initially created as a copy of the kernel page table. With VMAPSTACK enabled, kernel stacks are allocated in the vmalloc area: if the stack is...

SUSE CVE-2024-50045

In the Linux kernel, the following vulnerability has been resolved: netfilter: brnetfilter: fix panic with metadatadst skb Fix a kernel panic in the brnetfilter module when sending untagged traffic via a VxLAN device. This happens during the check for fragmentation in brnfdevqueuexmit. It is...