2081 matches found
PublicCMS 代码问题漏洞
PublicCMS is an open source content management system CMS written in Java language by PublicCMS China. A security vulnerability exists in PublicCMS version v4.0.202406, which originates from the /cms/CmsWebFileAdminController.java component that allows the upload of specially crafted svg or xml...
kernel: efi: runtime: Fix potential overflow of soft-reserved region size
A flaw was found in the Linux kernel. Due to an integer overflow, certain EFI-related memory reservations might receive a size other than expected, leading to a denial of service...
Moderate: Red Hat Security Advisory: Red Hat Developer Hub 1.4.2 release.
Red Hat Developer Hub 1.4.2 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...
The vulnerability of UEFI microprogramming systems of Intel processors allows a hacker to gain unauthorized access to protected information.
The vulnerability of Intel UEFI microprogramming systems is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of UEFI microprogramming systems of Intel processors allows a hacker to gain unauthorized access to protected information.
The vulnerability of Intel UEFI microprogramming systems lies in the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of UEFI microprogramming systems in Intel processors allows attackers to enhance their privileges.
The vulnerability of Intel UEFI microprogramming system processors is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability can allow an attacker to enhance their privileges...
UBUNTU-CVE-2022-49357
In the Linux kernel, the following vulnerability has been resolved: efi: Do not import certificates from UEFI Secure Boot for T2 Macs On Apple T2 Macs, when Linux attempts to read the db and dbx efi variables at early boot to load UEFI Secure Boot certificates, a page fault occurs in Apple firmwa...
The vulnerability of the task and project management service WEEEK lies in the lack of measures taken to protect the website structure, allowing a perpetrator to execute arbitrary JavaScript code.
The vulnerability of the WEEEK task and project management service is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary JavaScript code by loading an XML file...
The vulnerability of Cobalt Ashlar-Vellum’s parametric automated design and 3D modeling software lies in the inability to properly manage memory boundaries during data writing. This allows a malicious actor to execute arbitrary code.
The vulnerability of the Cobalt Ashlar-Vellum software for parametric automated design and 3D modeling lies in the issue of writing beyond buffer boundaries in memory during the processing of XE format files. Exploiting this vulnerability allows an attacker to execute arbitrary code...
DEBIAN-CVE-2024-29214
Improper input validation in UEFI firmware CseVariableStorageSmm for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access...
UBUNTU-CVE-2024-28127
Improper input validation in UEFI firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access...
UBUNTU-CVE-2023-43758
Improper input validation in UEFI firmware for some IntelR processors may allow a privileged user to potentially enable escalation of privilege via local access...
Intel Processors 输入验证错误漏洞
Intel Processors are a family of processors from Intel Corporation USA. Intel Processors suffers from an input validation error vulnerability that stems from improper UEFI firmware input validation, which could allow a privileged user to elevate privileges via local access...
Intel Processors 输入验证错误漏洞
Intel Processors are a family of processors from Intel Corporation USA. Intel Processors suffers from an input validation error vulnerability that stems from improper UEFI firmware input validation, which could allow a privileged user to elevate privileges via local access...
Intel Processors 安全漏洞
Intel Processors are a family of processors from Intel Corporation USA. A security vulnerability exists in Intel Processors that stems from improper initialization of the OutOfBandXML module of the UEFI firmware, which could allow a privileged user to disclose information via local access...
Intel Processors 输入验证错误漏洞
Intel Processors are a family of processors from Intel Corporation USA. Intel Processors suffers from an input validation error vulnerability that stems from improper UEFI firmware input validation, which could allow a privileged user to disclose information via local access...
firefox: thunderbird: Use-after-free in XSLT
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash...
PT-2025-6631
Name of the Vulnerable Software and Affected Versions IntelR Processors affected versions not specified Description The issue is related to improper input validation in UEFI firmware for some IntelR Processors. This may allow a privileged user to potentially enable escalation of privilege via loc...
UBUNTU-CVE-2024-39279
Insufficient granularity of access control in UEFI firmware in some IntelR processors may allow a authenticated user to potentially enable denial of service via local access...
USN-7256-1 ruby2.7 vulnerabilities
It was discovered that Ruby incorrectly handled parsing of an XML document that has specific XML characters in an attribute value using REXML gem. An attacker could use this issue to cause Ruby to crash, resulting in a denial of service...