2082 matches found
Important: Red Hat Bug Fix Advisory: Red Hat Developer Hub 1.3.0 release
Red Hat Developer Hub 1.3.0 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...
AZL-49713 CVE-2024-38796 affecting package hvloader for versions less than 1.0.1-13
EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage. An Attacker may cause memory corruption due to an overflow via an adjacent network. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability...
Apache HertzBeat 代码问题漏洞
Apache HertzBeat is a tool from the American company Apache Apache that can monitor various components. A deserialization vulnerability exists in Apache HertzBeat versions prior to 1.6.0, which stems from the insecure deserialization of serialized data received from users by the SnakeYAML library...
rexml: DoS vulnerability in REXML
An uncontrolled resource consumption vulnerability was found in REXML. When parsing an untrusted XML with many specific characters such as , it can lead to a denial of service...
Guardrails 安全漏洞
Guardrails is a Python framework open-sourced by Guardrails AI. A security vulnerability exists in Guardrails versions 0.2.9 through 0.5.0 and earlier, which stems from its improper validation of an XML file, such that if a victim loads an XML file containing malicious Python code, the code will ...
rexml: DoS vulnerability in REXML
A flaw was found in the REXML package. Reading an XML file that contains many entity expansions may lead to a denial of service due to resource starvation. An attacker can use this flaw to trick a user into processing an untrusted XML file...
[SECURITY] Fedora 41 Update: ruby-3.3.5-14.fc41
Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...
There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables
...
Cisco IOS XR 安全漏洞
Cisco IOS XR is a set of operating systems developed by Cisco USA for its network devices. A security vulnerability exists in Cisco IOS XR that stems from a lack of proper error validation of incoming XML packets...
The vulnerability of UEFI microprogramming, which is related to the possibility of using hard-coded platform keys, allows a hacker to execute arbitrary code before the operating system loads.
The vulnerability of UEFI BIOS relates to the possibility of using hard-coded platform keys. Exploiting this vulnerability allows a hacker to execute arbitrary code before the operating system loads...
The vulnerability of the efi component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the efi component in the Linux operating system’s kernel is related to the assignment of NULL pointers. Exploiting this vulnerability can allow an attacker to cause a service failure...
BIT-JUPYTER-NOTEBOOK-2024-43805 HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering
jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. This vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user c...
DEBIAN-CVE-2024-45490
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XMLParseBuffer...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a failure to check for the existence of efi.getvariable before calling it...
UBUNTU-CVE-2023-52893
In the Linux kernel, the following vulnerability has been resolved: gsmi: fix null-deref in gsmigetvariable We can get EFI variables without fetching the attribute, so we must allow for that in gsmi. commit 859748255b43 "efi: pstore: Omit efivars caching EFI varstore access layer" added a new...
UBUNTU-CVE-2022-48879
In the Linux kernel, the following vulnerability has been resolved: efi: fix NULL-deref in init error path In cases where runtime services are not supported or have been disabled, the runtime services workqueue will never have been allocated. Do not try to destroy the workqueue unconditionally in...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a null pointer dereference issue in the gsmi component when fetching EFI variables...
kernel: efi: fix panic in kdump kernel
In the Linux kernel, the following vulnerability has been resolved: efi: fix panic in kdump kernel The Linux kernel CVE team has assigned CVE-2024-35800 to this issue. Upstream advisory: https://lore.kernel.org/linux-cve-announce/2024051738-CVE-2024-35800-219a@gregkh/T...
August 13, 2024—KB5041580 (OS Builds 19044.4780 and 19045.4780) - EXPIRED
August 13, 2024—KB5041580 OS Builds 19044.4780 and 19045.4780 - EXPIRED EXPIRATION NOTICEIMPORTANT As of March 31, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. ---...
PT-2024-11951 · Asp +1 · Asp +1
Name of the Vulnerable Software and Affected Versions: ASP affected versions not specified Description: The issue is related to incomplete cleanup in the ASP, which may expose the Master Encryption Key MEK to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltrati...