CVE-2026-48136

When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain CMA can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permission...

CVE-2026-48136 Authenticated Administrator Role-Based Access Control Bypass in Compliance

When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain CMA can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permission...

CVE-2026-48136 - Authenticated Administrator Role-Based Access Control Bypass in Compliance

Symptoms - When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain CMA can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access...

kernel: pmdomain: imx8mp-blk-ctrl: add missing loop break condition

In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8mp-blk-ctrl: add missing loop break condition Currently imx8mpblkctrlremove will continue the for loop until an out-of-bounds exception occurs. pstate: 60000005 nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=-- pc :...

PT-2025-9962 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been identified, related to the initialization of the power management domain genpd. The issue arises when the genpd struct's device name is not...

GHSA-JQ3F-MFMG-747X Eclipse Glassfish improperly handles http parameters

In Eclipse Glassfish versions before 7.0.17, the Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is /management/domain. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal...

PT-2024-39578 · Eclipse · Eclipse Glassfish

Name of the Vulnerable Software and Affected Versions: Eclipse Glassfish versions prior to 7.0.17 Description: The Host HTTP parameter could cause the web application to redirect to the specified URL when the requested endpoint is "/management/domain". By modifying the URL value to a malicious...

Eclipse GlassFish 输入验证错误漏洞

Eclipse GlassFish is an open source application server from the Eclipse Foundation. An input validation error vulnerability exists in Eclipse GlassFish versions prior to 7.0.17, which stems from a Host HTTP parameter that may cause a web application to redirect to a specified URL when the request...

CVE-2023-21908

Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications component: OBVAM Trn Journal Domain. Supported versions that are affected are 14.5, 14.6 and 14.7. Difficult to exploit vulnerability allows high privileged attacker with network acces...

CentOS Update for xen CESA-2011:0496 centos5 x86_64

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

paravirtualised kernel image validation

ISSUE DESCRIPTION 1. Problems ----------- The functions which interpret the kernel image supplied for a paravirtualised guest, and decompress it into memory when booting the domain, are incautious. Specifically: i Integer overflow in the decompression loop memory allocator might result in...