CVE-2024-20357

A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device. This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could exploit this vulnerability by...

kernel: efi: fix potential NULL deref in efi_mem_reserve_persistent

A flaw was found in the EFI module in the Linux kernel. A NULL pointer dereference can be triggered due to a missing check of the return value of the memremap function, causing a crash and resulting in a denial of service...

PT-2024-5591 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 5.1 through 17.0.6 GitLab versions 17.1 through 17.1.4 GitLab versions 17.2 through 17.2.2 Description: A cross-site scripting issue exists due to inadequate protection of the web page structure. This can be exploited by a...

[SECURITY] Fedora 40 Update: httpd-2.4.59-2.fc40

The Apache HTTP Server is a powerful, efficient, and extensible web server...

UBUNTU-CVE-2024-26843

In the Linux kernel, the following vulnerability has been resolved: efi: runtime: Fix potential overflow of soft-reserved region size mdsize will have been narrowed if we have = 4GB worth of pages in a soft-reserved region...

Scrapy 安全漏洞

Scrapy is a free and open source web crawler framework written in Python. A security vulnerability exists in Scrapy that stems from the use of lxml.etree.fromstring to parse untrusted XML data without proper validation, allowing an attacker to perform a denial-of-service attack, access a local...

[SECURITY] Fedora 39 Update: trafficserver-9.2.4-1.fc39

Traffic Server is a high-performance building block for cloud services. It's more than just a caching proxy server; it also has support for plugins to build large scale web applications. Key features: Caching - Improve your response time, while reducing server load and bandwidth needs by caching...

[SECURITY] Fedora 38 Update: trafficserver-9.2.4-1.fc38

Traffic Server is a high-performance building block for cloud services. It's more than just a caching proxy server; it also has support for plugins to build large scale web applications. Key features: Caching - Improve your response time, while reducing server load and bandwidth needs by caching...

CVE-2024-22080

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur during XML body parsing...

Moderate: Red Hat Security Advisory: ruby:3.1 security, bug fix, and enhancement update

An update for the ruby:3.1 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

UBUNTU-CVE-2021-47134

In the Linux kernel, the following vulnerability has been resolved: efi/fdt: fix panic when no valid fdt found setuparch would invoke efiinit-efigetfdtparams. If no valid fdt found then initialbootparams will be null. So we should stop further fdt processing here. I encountered this issue on risc...

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a panic when a valid fdt is not found by the efi/fdt module...

The vulnerability of the XML syntax analyzer library libexpat lies in the improper limitation on XML references to external objects, which allows attackers to trigger a service failure.

The vulnerability of the XML syntax analyzer library libexpat is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to cause service failures by sending specially created XML code remotely...

PT-2024-12154 · Insyde · Insydeh2O

Name of the Vulnerable Software and Affected Versions: Insyde InsydeH2O with kernel versions prior to 05.28.42 Insyde InsydeH2O with kernel versions prior to 05.37.42 Insyde InsydeH2O with kernel versions prior to 05.45.39 Insyde InsydeH2O with kernel versions prior to 05.53.39 Insyde InsydeH2O...

AZL-35841 CVE-2024-28757 affecting package expat for versions less than 2.6.2-2

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers created via XMLExternalEntityParserCreate...

[SECURITY] Fedora 40 Update: jmock-2.12.0-16.fc40

Mock objects help you design and test the interactions between the objects in your programs. The jMock library: makes it quick and easy to define mock objects, so you don't break the rhythm of programming. lets you precisely specify the interactions between your objects, reducing the brittleness ...

BIT-JUPYTERLAB-2024-22421 Potential authentication and CSRF tokens leak in JupyterLab

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Users of JupyterLab who click on a malicious link may get their Authorization and XSRFToken tokens exposed to a third party when running an older jupyter-server...

edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message

A security weakness was identified in EDK2, the open-source reference implementation of the UEFI specification, revealing a buffer overflow vulnerability. This vulnerability enables an unauthorized attacker within proximity on the network to transmit a specifically crafted DHCPv6 Advertise messag...

UBUNTU-CVE-2024-1892

A Regular Expression Denial of Service ReDoS vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML content. By crafting malicious XML content that exploits inefficient regular expression complexity used in the parsing process, an attacker...

USN-6658-1 libxml2 vulnerability

It was discovered that libxml2 incorrectly handled certain XML documents. A remote attacker could possibly use this issue to cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code...