37038 matches found
Important: Red Hat Security Advisory: Insights proxy Container Image
Initial GA Release of Red Hat Insights proxy The Insights proxy Container is used by the Insights proxy product RPM and serves as an intermediary between cystomer systems in disconnected networks, air-gapped systems or systems with no outside connections and Insights. The Insights proxy routes al...
CVE-2024-36311
CVE-2024-36311 describes a TOCTOU race in the SMM communications buffer that could allow a privileged attacker to bypass input validation and perform an out-of-bounds read or write, potentially impacting confidentiality, integrity, and availability. The Red Hat, NVD, CVE lists and vendor advisori...
CVE-2024-36311
A Time-of-check time-of-use TOCTOU race condition in the SMM communications buffer could allow a privileged attacker to bypass input validation and perform an out of bounds read or write, potentially resulting in loss of confidentiality, integrity, or availability...
CVE-2026-2245
A vulnerability was identified in CCExtractor up to 183. This affects the function parsePAT/parsePMT in the library src/libccx/tstables.c of the component MPEG-TS File Parser. Such manipulation leads to out-of-bounds read. The attack can only be performed from a local environment. The exploit is...
CVE-2025-31655
Incorrect default permissions for some IntelR Battery Life Diagnostic Tool within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may...
CVE-2025-27560
Loop with unreachable exit condition 'infinite loop' for some IntelR Platform within Ring 0: Kernel may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable denial of service. This result may potentially occur via local acces...
CVE-2025-32003
Out-of-bounds read in the firmware for some 100GbE IntelR Ethernet Network Adapter E810 before version cvl fw 1.7.6, cpk 1.3.7 within Ring 0: Bare Metal OS may allow a denial of service. Network adversary with an authenticated user combined with a low complexity attack may enable denial of servic...
CVE-2025-31944
CVE-2025-31944 concerns a race condition in certain Intel TDX Module implementations prior to tdx1.5, within Ring 0 hypervisor code. The issue may allow a denial of service when a privileged local attacker with high complexity performs a deliberate race condition under local access, with no user ...
CVE-2025-27560
Loop with unreachable exit condition 'infinite loop' for some IntelR Platform within Ring 0: Kernel may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable denial of service. This result may potentially occur via local acces...
CVE-2025-27560
CVE-2025-27560 describes an infinite loop in certain Intel Platform components operating in Ring 0, enabling a local privileged user to cause a denial of service with no user interaction. The impact is limited to availability (high) while confidentiality and integrity remain unaffected per the pr...
CVE-2025-24851
CVE-2025-24851 affects Intel Ethernet Controller E810 100GbE firmware (cvl fw 1.7.8.x and earlier) running Ring 0 Bare Metal OS. The issue is an uncaught exception that may allow a local, privileged attacker with low complexity and no user interaction to cause denial of service, impacting availab...
CVE-2025-24851
Uncaught exception in the firmware for some 100GbE IntelR Ethernet Controller E810 before version cvl fw 1.7.8.x within Ring 0: Bare Metal OS may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable denial of service. This...
CVE-2025-20070
Improper conditions check for the IntelR OptaneTM PMem management software before versions CRMGMT02.00.00.4052, CRMGMT03.00.00.0538 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity...
CVE-2025-11004 Reflected XSS vulnerability in Simplicity Device Manager tool
The Simplicity Device Manager Tool has a Reflected XSS Cross-site-scripting vulnerability in several API endpoints. The attacker needs to be on the same network to execute this attack. These APIs can affect confidentiality, integrity, and availability of the system that has Simplicity Device...
CVE-2025-11004
The vulnerability CVE-2025-11004 is a reflected XSS in several API endpoints of the Simplicity Device Manager Tool. An attacker on the same network can exploit the issue, potentially affecting confidentiality, integrity, and availability of the system hosting the tool. The CVSS v4.0 vector indica...
Important: Red Hat Security Advisory: resource-agents security update
An update for resource-agents is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this...
CVE-2026-24323
The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not sufficiently sanitized. When a victim accesses a crafted URL, the injected script is executed in the victim�s browser, leading to a low impact on confidentiality a...
CVE-2026-24321
SAP Commerce Cloud exposes multiple API endpoints to unauthenticated users, allowing them to submit requests to these open endpoints to retrieve sensitive information that is not intended to be publicly accessible via the front-end. This vulnerability has a low impact on confidentiality and does...
CVE-2026-24323
The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not sufficiently sanitized. When a victim accesses a crafted URL, the injected script is executed in the victim�s browser, leading to a low impact on confidentiality a...
CVE-2026-24325
SAP BusinessObjects Enterprise does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting XSS vulnerability. This enables an admin user to inject malicious JavaScript into a website and the injected script gets executed when the user visits the compromised page.Th...