Lucene search
K

2082 matches found

RedHat Linux
RedHat Linux
added 2024/10/02 3:29 p.m.12 views

Important: Red Hat Bug Fix Advisory: Red Hat Developer Hub 1.3.0 release

Red Hat Developer Hub 1.3.0 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

10CVSS6.7AI score0.01952EPSS
Exploits3References2
OSV
OSV
added 2024/09/27 10:15 p.m.5 views

AZL-49713 CVE-2024-38796 affecting package hvloader for versions less than 1.0.1-13

EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage. An Attacker may cause memory corruption due to an overflow via an adjacent network. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability...

5.9CVSS6.6AI score0.00373EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/09/21 12:0 a.m.2 views

Apache HertzBeat 代码问题漏洞

Apache HertzBeat is a tool from the American company Apache Apache that can monitor various components. A deserialization vulnerability exists in Apache HertzBeat versions prior to 1.6.0, which stems from the insecure deserialization of serialized data received from users by the SnakeYAML library...

8.8CVSS7.8AI score0.04054EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/09/18 9:15 p.m.1 views

rexml: DoS vulnerability in REXML

An uncontrolled resource consumption vulnerability was found in REXML. When parsing an untrusted XML with many specific characters such as , it can lead to a denial of service...

4.3CVSS7.3AI score0.01493EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/09/18 12:0 a.m.2 views

Guardrails 安全漏洞

Guardrails is a Python framework open-sourced by Guardrails AI. A security vulnerability exists in Guardrails versions 0.2.9 through 0.5.0 and earlier, which stems from its improper validation of an XML file, such that if a victim loads an XML file containing malicious Python code, the code will ...

7.8CVSS6.8AI score0.00375EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/09/16 6:8 p.m.6 views

rexml: DoS vulnerability in REXML

A flaw was found in the REXML package. Reading an XML file that contains many entity expansions may lead to a denial of service due to resource starvation. An attacker can use this flaw to trick a user into processing an untrusted XML file...

7.5CVSS7.3AI score0.01192EPSS
Exploits0References8
Fedora
Fedora
added 2024/09/13 9:3 p.m.27 views

[SECURITY] Fedora 41 Update: ruby-3.3.5-14.fc41

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

5.9CVSS7AI score0.01493EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2024/09/11 7:0 a.m.5 views

There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables

...

7.8CVSS6.8AI score0.00332EPSS
Exploits0
CNNVD
CNNVD
added 2024/09/11 12:0 a.m.4 views

Cisco IOS XR 安全漏洞

Cisco IOS XR is a set of operating systems developed by Cisco USA for its network devices. A security vulnerability exists in Cisco IOS XR that stems from a lack of proper error validation of incoming XML packets...

5.3CVSS6.6AI score0.00437EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/09/04 12:0 a.m.3 views

The vulnerability of UEFI microprogramming, which is related to the possibility of using hard-coded platform keys, allows a hacker to execute arbitrary code before the operating system loads.

The vulnerability of UEFI BIOS relates to the possibility of using hard-coded platform keys. Exploiting this vulnerability allows a hacker to execute arbitrary code before the operating system loads...

8.2CVSS7.7AI score0.0024EPSS
Exploits0References5Affected Software11
BDU FSTEC
BDU FSTEC
added 2024/09/03 12:0 a.m.5 views

The vulnerability of the efi component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the efi component in the Linux operating system’s kernel is related to the assignment of NULL pointers. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS6.8AI score0.0024EPSS
Exploits0References13Affected Software2
OSV
OSV
added 2024/08/30 7:13 a.m.16 views

BIT-JUPYTER-NOTEBOOK-2024-43805 HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. This vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user c...

7.6CVSS6.6AI score0.00373EPSS
Exploits0References2
OSV
OSV
added 2024/08/30 3:15 a.m.2 views

DEBIAN-CVE-2024-45490

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XMLParseBuffer...

7.5CVSS7AI score0.01686EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/08/26 12:0 a.m.3 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a failure to check for the existence of efi.getvariable before calling it...

5.5CVSS5.6AI score0.00193EPSS
Exploits0References5
OSV
OSV
added 2024/08/21 7:15 a.m.1 views

UBUNTU-CVE-2023-52893

In the Linux kernel, the following vulnerability has been resolved: gsmi: fix null-deref in gsmigetvariable We can get EFI variables without fetching the attribute, so we must allow for that in gsmi. commit 859748255b43 "efi: pstore: Omit efivars caching EFI varstore access layer" added a new...

5.5CVSS5.8AI score0.0024EPSS
Exploits0References10
OSV
OSV
added 2024/08/21 7:15 a.m.1 views

UBUNTU-CVE-2022-48879

In the Linux kernel, the following vulnerability has been resolved: efi: fix NULL-deref in init error path In cases where runtime services are not supported or have been disabled, the runtime services workqueue will never have been allocated. Do not try to destroy the workqueue unconditionally in...

5.5CVSS6.2AI score0.0024EPSS
Exploits0References9
CNNVD
CNNVD
added 2024/08/21 12:0 a.m.2 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a null pointer dereference issue in the gsmi component when fetching EFI variables...

5.5CVSS6.5AI score0.0024EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2024/08/15 5:34 a.m.2 views

kernel: efi: fix panic in kdump kernel

In the Linux kernel, the following vulnerability has been resolved: efi: fix panic in kdump kernel The Linux kernel CVE team has assigned CVE-2024-35800 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024051738-CVE-2024-35800-219a@gregkh/T...

5.5CVSS6.8AI score0.00225EPSS
Exploits0References5
Microsoft KB
Microsoft KB
added 2024/08/13 7:0 a.m.148 views

August 13, 2024—KB5041580 (OS Builds 19044.4780 and 19045.4780) - EXPIRED

August 13, 2024—KB5041580 OS Builds 19044.4780 and 19045.4780 - EXPIRED EXPIRATION NOTICEIMPORTANT As of March 31, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. ---...

9.8CVSS7.1AI score0.39457EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/08/13 12:0 a.m.7 views

PT-2024-11951 · Asp +1 · Asp +1

Name of the Vulnerable Software and Affected Versions: ASP affected versions not specified Description: The issue is related to incomplete cleanup in the ASP, which may expose the Master Encryption Key MEK to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltrati...

1.9CVSS6AI score0.00096EPSS
Exploits0References10
Rows per page
Query Builder