Lucene search
K

2081 matches found

BDU FSTEC
BDU FSTEC
added 2024/12/05 12:0 a.m.5 views

The vulnerability of the software for managing software product licenses in HPE AutoPass License Server arises from incorrect restrictions on XML links to external objects. This allows a perpetrator to access confidential information.

The vulnerability of the software for managing HPE AutoPass License Server product licenses is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow an attacker to access confidential information...

7.8CVSS7.2AI score0.00363EPSS
Exploits0References4Affected Software1
AlmaLinux
AlmaLinux
added 2024/12/05 12:0 a.m.19 views

Important: ruby:2.5 security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: REXML ReDoS vulnerability CVE-2024-49761 For more details about the security issues, including the impact, a CVSS score,...

8.7CVSS6.1AI score0.01429EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2024/12/03 12:0 a.m.4 views

The vulnerability of the mergeEnabledFeaturesFromPolicy() function in the PDF compliance checking library veraPDF allows attackers to perform XXE attacks.

The vulnerability of the mergeEnabledFeaturesFromPolicy function in the PDF compliance checking library veraPDF is related to an incorrect limitation on XML links to external objects. Exploiting this vulnerability could allow a malicious actor, operating remotely, to carry out XXE attacks...

6.5CVSS5.5AI score0.01063EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2024/12/02 12:0 a.m.3 views

SimpleSAMLphp 安全漏洞

SimpleSAMLphp is a PHP authentication application that implements SAML 2.0 service provider and identity provider functionality. A security vulnerability exists in SimpleSAMLphp that originates when xml-common loads an untrusted XML document, inducing XML external entity injection...

8.8CVSS6.8AI score0.00985EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/11/29 12:0 a.m.5 views

The vulnerability of the UEFI loading mode of the BIOS microprogramming system on Intel Server Board M20NTP allows a hacker to enhance their privileges.

The vulnerability of the UEFI boot mode of the BIOS microprogramming system on Intel Server Board M20NTP is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

5.3CVSS5.5AI score0.00148EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/11/29 12:0 a.m.3 views

The vulnerability of the UEFI loading mode of the BIOS microprogramming system on Intel Server Board M10JNP2SB allows a hacker to enhance their privileges.

The vulnerability of the UEFI loading mode of the BIOS microprogramming system on Intel Server Board M10JNP2SB motherboards is related to insufficient validation of input data. Exploiting this vulnerability can allow attackers to enhance their privileges...

7.5CVSS5.5AI score0.00151EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/11/29 12:0 a.m.5 views

The vulnerability of the UEFI loading mode of the BIOS microprogramming system on Intel Server Board M20NTP allows a hacker to enhance their privileges.

The vulnerability of the UEFI loading mechanism in the BIOS of Intel Server Board M20NTP software-based motherboards is related to insufficient validation of input data. Exploiting this vulnerability can allow attackers to enhance their privileges...

6.3CVSS5.5AI score0.00152EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/11/26 12:0 a.m.4 views

The vulnerability of the Manager component in the Wowza Streaming Engine server software allows a hacker to gain access to and read files.

The vulnerability of the Manager component in the Wowza Streaming Engine server software is related to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability could allow a malicious actor to gain read access to files in the target directory, provided that...

6.8CVSS5.5AI score0.00974EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/11/26 12:0 a.m.4 views

The vulnerability of the SmartDeviceServer component in the Ivanti Avalanche mobile device management system allows a hacker to disclose protected information.

The vulnerability of the SmartDeviceServer component in the Ivanti Avalanche mobile device management system is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability can allow a malicious actor to disclose protected information...

8.5CVSS7.4AI score0.91984EPSS
Exploits1References4Affected Software1
Fedora
Fedora
added 2024/11/22 3:22 a.m.16 views

[SECURITY] Fedora 41 Update: trafficserver-9.2.6-2.fc41

Traffic Server is a high-performance building block for cloud services. It's more than just a caching proxy server; it also has support for plugins to build large scale web applications. Key features: Caching - Improve your response time, while reducing server load and bandwidth needs by caching...

9.1CVSS7AI score0.0158EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2024/11/19 12:0 a.m.4 views

The vulnerability of the efi/capsule-loader component of the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the efi/capsule-loader component in the Linux operating system is related to a memory corruption in the eficapsuleopen function. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS6.3AI score0.00244EPSS
Exploits0References38Affected Software6
CNNVD
CNNVD
added 2024/11/14 12:0 a.m.4 views

Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a new EFI/UEFI specification from Insyde China. It is intended to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O, which stems from a 0x49 function that can restore the factory default settings of certain UEFI variabl...

5.3CVSS6.6AI score0.00168EPSS
Exploits0References1
OSV
OSV
added 2024/11/13 9:15 p.m.3 views

CVE-2024-39609

Improper Access Control in UEFI firmware for some IntelR Server Board M70KLP may allow a privileged user to potentially enable escalation of privilege via local access...

6.7CVSS5.8AI score0.00134EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/11/12 9:11 a.m.3 views

kernel: efi/unaccepted: touch soft lockup during memory accept

In the Linux kernel, the following vulnerability has been resolved: efi/unaccepted: touch soft lockup during memory accept Commit 50e782a86c98 "efi/unaccepted: Fix soft lockups caused by parallel memory acceptance" has released the spinlock so other CPUs can do memory acceptance in parallel and n...

5.5CVSS6.6AI score0.00171EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/11/12 9:11 a.m.4 views

kernel: efi: runtime: Fix potential overflow of soft-reserved region size

A flaw was found in the Linux kernel. Due to an integer overflow, certain EFI-related memory reservations might receive a size other than expected, leading to a denial of service...

6CVSS7.2AI score0.00226EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2024/11/08 3:49 a.m.3 views

SUSE CVE-2024-50141

In the Linux kernel, the following vulnerability has been resolved: ACPI: PRM: Find EFIMEMORYRUNTIME block for PRM handler and context PRMT needs to find the correct type of block to translate the PA-VA mapping for EFI runtime services. The issue arises because the PRMT is finding a block of type...

5.5CVSS6.5AI score0.00232EPSS
Exploits0References19
OSV
OSV
added 2024/11/07 10:15 a.m.1 views

DEBIAN-CVE-2024-50141

In the Linux kernel, the following vulnerability has been resolved: ACPI: PRM: Find EFIMEMORYRUNTIME block for PRM handler and context PRMT needs to find the correct type of block to translate the PA-VA mapping for EFI runtime services. The issue arises because the PRMT is finding a block of type...

5.5CVSS5.8AI score0.00232EPSS
Exploits0References1
OSV
OSV
added 2024/11/07 10:15 a.m.6 views

AZL-53639 CVE-2024-50141 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: ACPI: PRM: Find EFIMEMORYRUNTIME block for PRM handler and context PRMT needs to find the correct type of block to translate the PA-VA mapping for EFI runtime services. The issue arises because the PRMT is finding a block of type...

5.5CVSS6.3AI score0.00232EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/06 12:0 a.m.4 views

Cisco Identity Services Engine 代码问题漏洞

Cisco Identity Services Engine is an environment-aware platform from the U.S. company Cisco Cisco. The Cisco Identity Services Engine API interface has an XML external entity vulnerability that can be exploited by a remote attacker to submit a special request that can read arbitrary files in the...

6.5CVSS6.7AI score0.00361EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/10/29 12:0 a.m.7 views

The vulnerability of the UEFI Firmware component of Intel microprogramming systems, related to writing beyond the buffer boundaries, allows attackers to enhance their privileges.

The vulnerability of the UEFI Firmware component of Intel microprocessors is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to increase their privileges...

6.1CVSS5.7AI score0.00145EPSS
Exploits0References4
Rows per page
Query Builder