261 matches found
CVE-2024-46083
Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting XSS. An authenticated user can craft malicious payloads using the messages feature, which allows the injection of malicious code into any user's account on the platform. It is important to note that regular users can trigger...
RHSA-2022:8850 Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.4 (python-ujson) security update
Bulletin has no description...
RHSA-2019:3132 Red Hat Security Advisory: OpenShift Container Platform 4.1.20 openshift security update
Bulletin has no description...
UBUNTU-CVE-2024-45157
An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLSPSAHMACDRBGMDTYPE does not cause the PSA subsystem to use HMACDRBG: it uses HMACDRBG only when MBEDTLSPSACRYPTOEXTERNALRNG and...
Trusted Firmware-M 安全漏洞
Linaro Trusted Firmware-M Tf-M is a reference implementation of the Platform Security Architecture Psa IoT security framework from Linaro, UK. A security vulnerability exists in Trusted Firmware-M version 2.0.0 and prior versions, which stems from a lack of parameter validation in the logging...
PT-2024-6380
Name of the Vulnerable Software and Affected Versions Mbed TLS versions prior to 2.28.9 Mbed TLS versions 3.x prior to 3.6.1 Description The issue is related to the misuse of a cryptographic algorithm in Mbed TLS, where the user-selected algorithm is not used. Specifically, enabling MBEDTLS PSA...
UBUNTU-CVE-2024-43874
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix null pointer dereference in sevsnpshutdownlocked Fix a null pointer dereference induced by DEBUGTESTDRIVERREMOVE. Return from sevsnpshutdownlocked if the pspdevice or the sevdevice structs are not initialized...
CVE-2021-26344
An out of bounds memory write when processing the AMD PSP1 Configuration Block APCB could allow an attacker with access the ability to modify the BIOS image, and the ability to sign the resulting image, to potentially modify the APCB block resulting in arbitrary code execution...
Leave the World Behind, or don’t
I watched Leave the World Behind on Netflix recently. I was intrigued as the trailers showed an oil tanker crashing on to a beach. It was implied that it had been hacked and someone had taken control of it. Shipping security is something we know quite a bit about, having been asked to hack a larg...
CVE-2024-30040
Windows MSHTML Platform Security Feature Bypass Vulnerability...
Windows MSHTML Platform Security Feature Bypass Vulnerability
...
CVE-2024-21001
CVE-2024-21001 affects Oracle BI Enterprise Edition (OBIEE) 7.0.0.0.0, with a vulnerability in the BI Platform Security component that allows a low-privileged, network-accessing attacker (HTTP) to potentially modify or read data after user interaction. The issue is described as easily exploitable...
PT-2024-3733 · Oracle · Oracle Business Intelligence Enterprise Edition
Name of the Vulnerable Software and Affected Versions: Oracle Business Intelligence Enterprise Edition version 7.0.0.0.0 Description: The issue is related to insufficient input validation in the BI Platform Security component. It allows a low-privileged attacker with network access via HTTP to...
JFreeChart 安全漏洞
JFreeChart is a comprehensive free charting library for the Java platform from the individual developer David Gilbert. A security vulnerability exists in JFreeChart v1.5.4, which stems from an array index out-of-bounds issue...
The vulnerability of the PSA Crypto application programming interface, as well as the Mbed TLS and Mbed Crypto software, allows a perpetrator to compromise the confidentiality, integrity, and accessibility of data.
The vulnerability of the PSA Crypto application programming interface and the Mbed TLS and Mbed Crypto software implementations is related to insufficient spatial partitioning. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of...
SUSE CVE-2024-28960
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory...
AZL-47703 CVE-2024-28960 affecting package hvloader for versions less than 1.0.1-6
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory...
DEBIAN-CVE-2024-28960
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory...
IBM Watson IoT Platform Security Breach
IBM Watson IoT Platform is an Internet of Things IoT solution platform from International Business Machines IBM. A security vulnerability exists in IBM Watson IoT Platform version 1.0 that stems from the fact that an unauthorized attacker who obtains a secure authentication token can use it to...
CVE-2024-20913
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics component: BI Platform Security. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...