70 matches found
Ivanti Endpoint Manager 安全漏洞
Ivanti Endpoint Manager EPM is a set of endpoint security managers developed by the American company Ivanti. Versions of Ivanti Endpoint Manager prior to EPM 2024 SU5 contained security vulnerabilities. These vulnerabilities were due to authentication bypass vulnerabilities, which could allow...
[SECURITY] Fedora 42 Update: qt5-qtlocation-5.15.18-1.fc42
The Qt Location and Qt Positioning APIs gives developers the ability to determine a position by using a variety of possible sources, including satellite, or wifi, or text file, and so on...
SUSE-SU-2025:20983-1 Security update for kernel-livepatch-MICRO-6-0-RT_Update_5
This update for kernel-livepatch-MICRO-6-0-RTUpdate5 fixes the following issues: - CVE-2025-38664: ice: Fix a null pointer dereference in icecopyandinitpkg bsc1248631 - CVE-2025-38618: vsock: Do not allow binding to VMADDRPORTANY bsc1249207 - CVE-2025-38617: net/packet: fix a race in packetsetrin...
PT-2025-44547
Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.7.2 Description Nagios XI versions prior to 5.7.2 are susceptible to cross-site scripting XSS through the background color settings within Dashboards. This is due to inadequate validation or escaping of...
CVE-2025-62391
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...
CVE-2025-62392
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...
CVE-2025-59143
color is a Javascript color conversion and manipulation library. On 8 September 2025, the npm publishing account for color was taken over after a phishing attack. Version 5.0.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to...
Security update for kernel-livepatch-MICRO-6-0-RT_Update_5
This update for kernel-livepatch-MICRO-6-0-RTUpdate5 fixes the following issues: CVE-2025-38087: net/sched: fix use-after-free in tapriodevnotifier bsc1245505 CVE-2025-21999: proc: fix UAF in procgetinode bsc1242579 CVE-2025-38001: netsched: hfsc: Address reentrant enqueue adding class to eltree...
Security update for kernel-livepatch-MICRO-6-0_Update_5
This update for kernel-livepatch-MICRO-6-0Update5 fixes the following issues: CVE-2025-37752: netsched: schsfq: move the limit validation bsc1245776 CVE-2025-37797: netsched: hfsc: Fix a UAF vulnerability in class handling bsc1245793 CVE-2025-21702: pfifotailenqueue: Drop new packet when sch-limi...
CVE-2025-40739
A vulnerability has been identified in Solid Edge SE2025 All versions V225.0 Update 5. The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the curre...
glibc security update
2.34-125.0.1.8 - Forward-port Oracle patches for ol9-u5 glibc-2.34-125.0.1.8 Reviewed by: David Faust Oracle history:...
CVE-2024-29823
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code...
CVE-2024-33492
A vulnerability has been identified in Solid Edge All versions V224.0 Update 5. The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current...
CVE-2024-33493
A vulnerability has been identified in Solid Edge All versions V224.0 Update 5. The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current...
CVE-2024-33490
A vulnerability has been identified in Solid Edge All versions V224.0 Update 5. The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current...
CVE-2024-33489
A vulnerability has been identified in Solid Edge All versions V224.0 Update 5. The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process...
PT-2024-6573 · Siemens · Solid Edge
Name of the Vulnerable Software and Affected Versions: Solid Edge versions prior to V224.0 Update 5 Description: The issue is related to an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the...
PT-2024-4459 · Siemens · Solid Edge
Name of the Vulnerable Software and Affected Versions: Solid Edge versions prior to V224.0 Update 5 Description: A vulnerability has been identified that involves an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker t...
PT-2023-24689 · Zoom · Zoom Rooms For Windows
Name of the Vulnerable Software and Affected Versions: Zoom Rooms for Windows versions prior to 5.15.0 Description: The issue is related to an insecure temporary file in the installer, which may allow an authenticated user to enable an escalation of privilege via local access. Recommendations: Fo...
PT-2023-3755 · Zoom · Zoom
Name of the Vulnerable Software and Affected Versions: Zoom versions prior to 5.14.0 Description: The issue is related to an improper restriction of operations within the bounds of a memory buffer, which can be exploited by a remote attacker to execute arbitrary code. This can potentially cause...