Hitachi JP1/IT Desktop Management 2 安全漏洞

Hitachi JP1/IT Desktop Management 2 is an automatic collection of various types of information from Hitachi, Ltd. of Japan Hitachi, allowing you to manage it in one place. A security vulnerability exists in Hitachi JP1/IT Desktop Management 2 versions prior to 12-00 to 12-00-08, 11-10 to 11-10-08...

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.6.0 release.

Red Hat Developer Hub 1.6.0 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

Peergos 代码问题漏洞

Peergos is a Peergos open source application. A security vulnerability exists in Peergos 1.1.0 and earlier versions that stems from improperly restricted XML external entity references in the WebDav servlet...

libxml2: Use-After-Free in libxml2

A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema...

Intel Server M50FCP和Intel Server D50DNP 输入验证错误漏洞

Intel Server M50FCP and Intel Server D50DNP are both servers from Intel Corporation USA. An input validation error vulnerability exists in Intel Server M50FCP and Intel Server D50DNP, which stems from improper input validation in the UEFI firmware DXE module, which could lead to elevation of...

Intel Server M50FCP和Intel Server D50DNP 安全漏洞

Intel Server M50FCP and Intel Server D50DNP are both servers from Intel Corporation USA. A security vulnerability exists in Intel Server M50FCP and Intel Server D50DNP that stems from improper initialization of the UEFI firmware, which could lead to information disclosure...

DEBIAN-CVE-2025-37882

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix isochronous Ring Underrun/Overrun event handling The TRB pointer of these events points at enqueue at the time of error occurrence on xHCI 1.1+ HCs or it's NULL on older ones. By the time we are handling the event,...

PT-2025-20342

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, specifically in the xhci Extensible Host Controller Interface component related to the Etron workaround. The issue involves an...

SysAid On-Prem 安全漏洞

SysAid On-Prem is a locally deployed IT Service Management ITSM platform from SysAid Israel. A security vulnerability exists in SysAid On-Prem version 23.3.40 and earlier, which stems from an unvalidated XML external entity vulnerability in the lshw processing functionality, which could lead to...

SysAid On-Prem 安全漏洞

SysAid On-Prem is a locally deployed IT Service Management ITSM platform from SysAid Israel. A security vulnerability exists in SysAid On-Prem versions 23.3.40 and earlier, which stems from an unvalidated XML external entity vulnerability in the Server URL handling feature that could lead to...

CVE-2025-22478

Dell Storage Center - Dell Storage Manager, versions 20.1.20, contains an Improper Restriction of XML External Entity Reference vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure and Information...

rexml: DoS vulnerability in REXML

A flaw was found in the REXML package. Reading an XML file that contains many entity expansions may lead to a denial of service due to resource starvation. An attacker can use this flaw to trick a user into processing an untrusted XML file...

libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash...

woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks

A flaw was found in the FasterXML/woodstox package. This flaw allows an attacker to cause a denial of service DoS in its target via XML serialization. An attacker may benefit from the parser sending a malicious input that may cause a crash. This vulnerability is only relevant for users using the...

jettison: parser crash by stackoverflow

A stack-based buffer overflow vulnerability was found in Jettison, where parsing an untrusted XML or JSON data may lead to a crash. This flaw allows an attacker to supply content that causes the parser to crash by writing outside the memory bounds if the parser is running on user-supplied input,...

GFI MailEssentials 安全漏洞

GFI MailEssentials is an email security suite from GFI that includes 14 anti-spam filters, 3 anti-virus engines, and malware scanning. A security vulnerability exists in GFI MailEssentials versions prior to 21.8, which stems from improper handling of XML external entities and could result in...

CLSA-2025-1745530363 expat: Fix of CVE-2024-8176

CVE-2024-8176: fix stack overflow vulnerability in the libexpat library due to the way it handles recursive entity expansion in XML documents...

PT-2025-22183

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, related to the deletion of a default FDB entry in 'vnifilter' mode when a VNI is deleted from a VXLAN device. This issue results in...

[SECURITY] Fedora 41 Update: trafficserver-9.2.10-1.fc41

Traffic Server is a high-performance building block for cloud services. It's more than just a caching proxy server; it also has support for plugins to build large scale web applications. Key features: Caching - Improve your response time, while reducing server load and bandwidth needs by caching...

[SECURITY] Fedora 40 Update: trafficserver-9.2.10-1.fc40

Traffic Server is a high-performance building block for cloud services. It's more than just a caching proxy server; it also has support for plugins to build large scale web applications. Key features: Caching - Improve your response time, while reducing server load and bandwidth needs by caching...