Cisco IOS XR 安全漏洞

Cisco IOS XR is a set of operating systems developed by Cisco USA for its network devices. A security vulnerability exists in Cisco IOS XR that stems from a lack of proper error validation of incoming XML packets...

CVE-2022-28737

...

The vulnerability of UEFI microprogramming, which is related to the possibility of using hard-coded platform keys, allows a hacker to execute arbitrary code before the operating system loads.

The vulnerability of UEFI BIOS relates to the possibility of using hard-coded platform keys. Exploiting this vulnerability allows a hacker to execute arbitrary code before the operating system loads...

The vulnerability of the efi component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the efi component in the Linux operating system’s kernel is related to the assignment of NULL pointers. Exploiting this vulnerability can allow an attacker to cause a service failure...

BIT-JUPYTER-NOTEBOOK-2024-43805 HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. This vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user c...

DEBIAN-CVE-2024-45490

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XMLParseBuffer...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a failure to check for the existence of efi.getvariable before calling it...

UBUNTU-CVE-2022-48879

In the Linux kernel, the following vulnerability has been resolved: efi: fix NULL-deref in init error path In cases where runtime services are not supported or have been disabled, the runtime services workqueue will never have been allocated. Do not try to destroy the workqueue unconditionally in...

UBUNTU-CVE-2023-52893

In the Linux kernel, the following vulnerability has been resolved: gsmi: fix null-deref in gsmigetvariable We can get EFI variables without fetching the attribute, so we must allow for that in gsmi. commit 859748255b43 "efi: pstore: Omit efivars caching EFI varstore access layer" added a new...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a null pointer dereference issue in the gsmi component when fetching EFI variables...

kernel: efi: fix panic in kdump kernel

In the Linux kernel, the following vulnerability has been resolved: efi: fix panic in kdump kernel The Linux kernel CVE team has assigned CVE-2024-35800 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024051738-CVE-2024-35800-219a@gregkh/T...

August 13, 2024—KB5041580 (OS Builds 19044.4780 and 19045.4780) - EXPIRED

August 13, 2024—KB5041580 OS Builds 19044.4780 and 19045.4780 - EXPIRED EXPIRATION NOTICEIMPORTANT As of March 31, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. ---...

PT-2024-11951 · Asp +1 · Asp +1

Name of the Vulnerable Software and Affected Versions: ASP affected versions not specified Description: The issue is related to incomplete cleanup in the ASP, which may expose the Master Encryption Key MEK to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltrati...

kernel: efi: runtime: Fix potential overflow of soft-reserved region size

A flaw was found in the Linux kernel. Due to an integer overflow, certain EFI-related memory reservations might receive a size other than expected, leading to a denial of service...

kernel: efi: runtime: Fix potential overflow of soft-reserved region size

A flaw was found in the Linux kernel. Due to an integer overflow, certain EFI-related memory reservations might receive a size other than expected, leading to a denial of service...

kernel: xhci: Handle TD clearing for multiple streams case

A vulnerability was found in the Linux kernel's xHCI driver, related to the handling of TD when multiple streams are active, where the issue occurs when the endpoint is stopped, causing TD to remain uncleared, which can lead to system crashes and memory corruption due to stale TD references...

The vulnerability in the web interface of the software requirement management tool during the development of IBM Engineering Requirements Management DOORS allows a perpetrator to gain unauthorized access to protected information or affect the accessibility of that information.

The vulnerability of the IBM Engineering Requirements Management DOORS web interface during software development is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information or...

[SECURITY] Fedora 39 Update: trafficserver-9.2.5-1.fc39

Traffic Server is a high-performance building block for cloud services. It's more than just a caching proxy server; it also has support for plugins to build large scale web applications. Key features: Caching - Improve your response time, while reducing server load and bandwidth needs by caching...

PT-2024-37395 · Hamastar · Hamastar Meetinghub Paperless Meetings

Name of the Vulnerable Software and Affected Versions: Hamastar MeetingHub Paperless Meetings version 2021 Description: A Plaintext Storage of a Password issue in the ebooknote function allows remote attackers to obtain other users' credentials and gain access to the product via an XML file...

Moderate: Red Hat Bug Fix Advisory: Red Hat Developer Hub 1.2.2 bugfix release

Red Hat Developer Hub 1.2.2 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...