Lucene search
K

37038 matches found

RedHat Linux
RedHat Linux
added 2026/02/10 8:29 p.m.12 views

Important: Red Hat Security Advisory: Insights proxy Container Image

Initial GA Release of Red Hat Insights proxy The Insights proxy Container is used by the Insights proxy product RPM and serves as an intermediary between cystomer systems in disconnected networks, air-gapped systems or systems with no outside connections and Insights. The Insights proxy routes al...

9.8CVSS6.9AI score0.47621EPSS
Exploits10References17
CVE
CVE
added 2026/02/10 7:50 p.m.10 views

CVE-2024-36311

CVE-2024-36311 describes a TOCTOU race in the SMM communications buffer that could allow a privileged attacker to bypass input validation and perform an out-of-bounds read or write, potentially impacting confidentiality, integrity, and availability. The Red Hat, NVD, CVE lists and vendor advisori...

4.6CVSS5.8AI score0.00121EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/10 7:50 p.m.26 views

CVE-2024-36311

A Time-of-check time-of-use TOCTOU race condition in the SMM communications buffer could allow a privileged attacker to bypass input validation and perform an out of bounds read or write, potentially resulting in loss of confidentiality, integrity, or availability...

4.6CVSS0.00121EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/10 7:22 p.m.6 views

CVE-2026-2245

A vulnerability was identified in CCExtractor up to 183. This affects the function parsePAT/parsePMT in the library src/libccx/tstables.c of the component MPEG-TS File Parser. Such manipulation leads to out-of-bounds read. The attack can only be performed from a local environment. The exploit is...

4.8CVSS4.6AI score0.00127EPSS
Exploits0References1
NVD
NVD
added 2026/02/10 5:16 p.m.16 views

CVE-2025-31655

Incorrect default permissions for some IntelR Battery Life Diagnostic Tool within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may...

6.7CVSS0.00081EPSS
Exploits0References1
NVD
NVD
added 2026/02/10 5:16 p.m.19 views

CVE-2025-27560

Loop with unreachable exit condition 'infinite loop' for some IntelR Platform within Ring 0: Kernel may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable denial of service. This result may potentially occur via local acces...

6.7CVSS0.00113EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/10 4:25 p.m.6 views

CVE-2025-32003

Out-of-bounds read in the firmware for some 100GbE IntelR Ethernet Network Adapter E810 before version cvl fw 1.7.6, cpk 1.3.7 within Ring 0: Bare Metal OS may allow a denial of service. Network adversary with an authenticated user combined with a low complexity attack may enable denial of servic...

6.5CVSS5.4AI score0.0024EPSS
Exploits0References1
CVE
CVE
added 2026/02/10 4:25 p.m.14 views

CVE-2025-31944

CVE-2025-31944 concerns a race condition in certain Intel TDX Module implementations prior to tdx1.5, within Ring 0 hypervisor code. The issue may allow a denial of service when a privileged local attacker with high complexity performs a deliberate race condition under local access, with no user ...

5.6CVSS5.4AI score0.00074EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/10 4:25 p.m.3 views

CVE-2025-27560

Loop with unreachable exit condition 'infinite loop' for some IntelR Platform within Ring 0: Kernel may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable denial of service. This result may potentially occur via local acces...

6.7CVSS5.4AI score0.00113EPSS
Exploits0References1
CVE
CVE
added 2026/02/10 4:25 p.m.11 views

CVE-2025-27560

CVE-2025-27560 describes an infinite loop in certain Intel Platform components operating in Ring 0, enabling a local privileged user to cause a denial of service with no user interaction. The impact is limited to availability (high) while confidentiality and integrity remain unaffected per the pr...

6.7CVSS5.4AI score0.00113EPSS
Exploits0References1
CVE
CVE
added 2026/02/10 4:25 p.m.12 views

CVE-2025-24851

CVE-2025-24851 affects Intel Ethernet Controller E810 100GbE firmware (cvl fw 1.7.8.x and earlier) running Ring 0 Bare Metal OS. The issue is an uncaught exception that may allow a local, privileged attacker with low complexity and no user interaction to cause denial of service, impacting availab...

6.7CVSS5.5AI score0.00113EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/10 4:25 p.m.4 views

CVE-2025-24851

Uncaught exception in the firmware for some 100GbE IntelR Ethernet Controller E810 before version cvl fw 1.7.8.x within Ring 0: Bare Metal OS may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable denial of service. This...

6.7CVSS5.5AI score0.00113EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/10 4:25 p.m.3 views

CVE-2025-20070

Improper conditions check for the IntelR OptaneTM PMem management software before versions CRMGMT02.00.00.4052, CRMGMT03.00.00.0538 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity...

6.7CVSS5.3AI score0.00097EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/10 3:31 p.m.4 views

CVE-2025-11004 Reflected XSS vulnerability in Simplicity Device Manager tool

The Simplicity Device Manager Tool has a Reflected XSS Cross-site-scripting vulnerability in several API endpoints. The attacker needs to be on the same network to execute this attack. These APIs can affect confidentiality, integrity, and availability of the system that has Simplicity Device...

7.5CVSS5.6AI score0.00258EPSS
Exploits0References1
CVE
CVE
added 2026/02/10 3:31 p.m.9 views

CVE-2025-11004

The vulnerability CVE-2025-11004 is a reflected XSS in several API endpoints of the Simplicity Device Manager Tool. An attacker on the same network can exploit the issue, potentially affecting confidentiality, integrity, and availability of the system hosting the tool. The CVSS v4.0 vector indica...

7.5CVSS5.6AI score0.00258EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/02/10 3:19 p.m.6 views

Important: Red Hat Security Advisory: resource-agents security update

An update for resource-agents is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this...

7.5CVSS7.3AI score0.00679EPSS
Exploits0References2
OSV
OSV
added 2026/02/10 4:16 a.m.4 views

CVE-2026-24323

The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not sufficiently sanitized. When a victim accesses a crafted URL, the injected script is executed in the victim�s browser, leading to a low impact on confidentiality a...

6.1CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2026/02/10 4:16 a.m.11 views

CVE-2026-24321

SAP Commerce Cloud exposes multiple API endpoints to unauthenticated users, allowing them to submit requests to these open endpoints to retrieve sensitive information that is not intended to be publicly accessible via the front-end. This vulnerability has a low impact on confidentiality and does...

5.3CVSS0.00214EPSS
Exploits0References2
NVD
NVD
added 2026/02/10 4:16 a.m.7 views

CVE-2026-24323

The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not sufficiently sanitized. When a victim accesses a crafted URL, the injected script is executed in the victim�s browser, leading to a low impact on confidentiality a...

6.1CVSS0.00206EPSS
Exploits0References2
OSV
OSV
added 2026/02/10 4:16 a.m.5 views

CVE-2026-24325

SAP BusinessObjects Enterprise does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting XSS vulnerability. This enables an admin user to inject malicious JavaScript into a website and the injected script gets executed when the user visits the compromised page.Th...

4.8CVSS5.8AI score0.00185EPSS
Exploits0References2
Rows per page
Query Builder