2081 matches found
The vulnerability of the software for managing software product licenses in HPE AutoPass License Server arises from incorrect restrictions on XML links to external objects. This allows a perpetrator to access confidential information.
The vulnerability of the software for managing HPE AutoPass License Server product licenses is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow an attacker to access confidential information...
Important: ruby:2.5 security update
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fixes: rexml: REXML ReDoS vulnerability CVE-2024-49761 For more details about the security issues, including the impact, a CVSS score,...
The vulnerability of the mergeEnabledFeaturesFromPolicy() function in the PDF compliance checking library veraPDF allows attackers to perform XXE attacks.
The vulnerability of the mergeEnabledFeaturesFromPolicy function in the PDF compliance checking library veraPDF is related to an incorrect limitation on XML links to external objects. Exploiting this vulnerability could allow a malicious actor, operating remotely, to carry out XXE attacks...
SimpleSAMLphp 安全漏洞
SimpleSAMLphp is a PHP authentication application that implements SAML 2.0 service provider and identity provider functionality. A security vulnerability exists in SimpleSAMLphp that originates when xml-common loads an untrusted XML document, inducing XML external entity injection...
The vulnerability of the UEFI loading mode of the BIOS microprogramming system on Intel Server Board M20NTP allows a hacker to enhance their privileges.
The vulnerability of the UEFI boot mode of the BIOS microprogramming system on Intel Server Board M20NTP is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the UEFI loading mode of the BIOS microprogramming system on Intel Server Board M10JNP2SB allows a hacker to enhance their privileges.
The vulnerability of the UEFI loading mode of the BIOS microprogramming system on Intel Server Board M10JNP2SB motherboards is related to insufficient validation of input data. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the UEFI loading mode of the BIOS microprogramming system on Intel Server Board M20NTP allows a hacker to enhance their privileges.
The vulnerability of the UEFI loading mechanism in the BIOS of Intel Server Board M20NTP software-based motherboards is related to insufficient validation of input data. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the Manager component in the Wowza Streaming Engine server software allows a hacker to gain access to and read files.
The vulnerability of the Manager component in the Wowza Streaming Engine server software is related to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability could allow a malicious actor to gain read access to files in the target directory, provided that...
The vulnerability of the SmartDeviceServer component in the Ivanti Avalanche mobile device management system allows a hacker to disclose protected information.
The vulnerability of the SmartDeviceServer component in the Ivanti Avalanche mobile device management system is related to an incorrect limitation on XML references to external objects. Exploiting this vulnerability can allow a malicious actor to disclose protected information...
[SECURITY] Fedora 41 Update: trafficserver-9.2.6-2.fc41
Traffic Server is a high-performance building block for cloud services. It's more than just a caching proxy server; it also has support for plugins to build large scale web applications. Key features: Caching - Improve your response time, while reducing server load and bandwidth needs by caching...
The vulnerability of the efi/capsule-loader component of the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the efi/capsule-loader component in the Linux operating system is related to a memory corruption in the eficapsuleopen function. Exploiting this vulnerability can allow an attacker to cause a service failure...
Insyde InsydeH2O 安全漏洞
Insyde InsydeH2O is a new EFI/UEFI specification from Insyde China. It is intended to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O, which stems from a 0x49 function that can restore the factory default settings of certain UEFI variabl...
CVE-2024-39609
Improper Access Control in UEFI firmware for some IntelR Server Board M70KLP may allow a privileged user to potentially enable escalation of privilege via local access...
kernel: efi/unaccepted: touch soft lockup during memory accept
In the Linux kernel, the following vulnerability has been resolved: efi/unaccepted: touch soft lockup during memory accept Commit 50e782a86c98 "efi/unaccepted: Fix soft lockups caused by parallel memory acceptance" has released the spinlock so other CPUs can do memory acceptance in parallel and n...
kernel: efi: runtime: Fix potential overflow of soft-reserved region size
A flaw was found in the Linux kernel. Due to an integer overflow, certain EFI-related memory reservations might receive a size other than expected, leading to a denial of service...
SUSE CVE-2024-50141
In the Linux kernel, the following vulnerability has been resolved: ACPI: PRM: Find EFIMEMORYRUNTIME block for PRM handler and context PRMT needs to find the correct type of block to translate the PA-VA mapping for EFI runtime services. The issue arises because the PRMT is finding a block of type...
DEBIAN-CVE-2024-50141
In the Linux kernel, the following vulnerability has been resolved: ACPI: PRM: Find EFIMEMORYRUNTIME block for PRM handler and context PRMT needs to find the correct type of block to translate the PA-VA mapping for EFI runtime services. The issue arises because the PRMT is finding a block of type...
AZL-53639 CVE-2024-50141 affecting package kernel for versions less than 5.15.173.1-1
In the Linux kernel, the following vulnerability has been resolved: ACPI: PRM: Find EFIMEMORYRUNTIME block for PRM handler and context PRMT needs to find the correct type of block to translate the PA-VA mapping for EFI runtime services. The issue arises because the PRMT is finding a block of type...
Cisco Identity Services Engine 代码问题漏洞
Cisco Identity Services Engine is an environment-aware platform from the U.S. company Cisco Cisco. The Cisco Identity Services Engine API interface has an XML external entity vulnerability that can be exploited by a remote attacker to submit a special request that can read arbitrary files in the...
The vulnerability of the UEFI Firmware component of Intel microprogramming systems, related to writing beyond the buffer boundaries, allows attackers to enhance their privileges.
The vulnerability of the UEFI Firmware component of Intel microprocessors is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow an attacker to increase their privileges...