2082 matches found
kernel: efi: runtime: Fix potential overflow of soft-reserved region size
A flaw was found in the Linux kernel. Due to an integer overflow, certain EFI-related memory reservations might receive a size other than expected, leading to a denial of service...
kernel: efi: runtime: Fix potential overflow of soft-reserved region size
A flaw was found in the Linux kernel. Due to an integer overflow, certain EFI-related memory reservations might receive a size other than expected, leading to a denial of service...
kernel: xhci: Handle TD clearing for multiple streams case
A vulnerability was found in the Linux kernel's xHCI driver, related to the handling of TD when multiple streams are active, where the issue occurs when the endpoint is stopped, causing TD to remain uncleared, which can lead to system crashes and memory corruption due to stale TD references...
The vulnerability in the web interface of the software requirement management tool during the development of IBM Engineering Requirements Management DOORS allows a perpetrator to gain unauthorized access to protected information or affect the accessibility of that information.
The vulnerability of the IBM Engineering Requirements Management DOORS web interface during software development is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information or...
[SECURITY] Fedora 39 Update: trafficserver-9.2.5-1.fc39
Traffic Server is a high-performance building block for cloud services. It's more than just a caching proxy server; it also has support for plugins to build large scale web applications. Key features: Caching - Improve your response time, while reducing server load and bandwidth needs by caching...
PT-2024-37395 · Hamastar · Hamastar Meetinghub Paperless Meetings
Name of the Vulnerable Software and Affected Versions: Hamastar MeetingHub Paperless Meetings version 2021 Description: A Plaintext Storage of a Password issue in the ebooknote function allows remote attackers to obtain other users' credentials and gain access to the product via an XML file...
Moderate: Red Hat Bug Fix Advisory: Red Hat Developer Hub 1.2.2 bugfix release
Red Hat Developer Hub 1.2.2 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...
PT-2024-29612 · Sdop +1 · Sdop +1
Name of the Vulnerable Software and Affected Versions: SDoP versions prior to 1.11 Description: The issue is related to the handling of parameters inside input data, resulting in a stack-based buffer overflow. This can lead to arbitrary code execution when a user processes a specially crafted XML...
The vulnerability of the SINEMA Remote Connect client web interface, related to security mechanism failures, allows attackers to view and edit protected information regarding VxLAN network configurations.
The vulnerability of the SINEMA Remote Connect client web interface is related to security mechanism errors. Exploiting this vulnerability allows an attacker to remotely view and edit protected information regarding VxLAN network configurations without proper access rights...
The vulnerability of the JT Open Toolkit (JTTK) and PLM XML SDK development tools is related to pointer assignment errors, which allow attackers to trigger a service failure.
The vulnerability of the JT Open Toolkit JTTK and PLM XML SDK development tools is related to pointer dereferencing errors. Exploiting this vulnerability can allow an attacker to trigger a service failure by loading a specially created malicious XML file...
CVE-2024-39868
A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP1. Affected devices do not properly validate the authentication when performing certain actions in the web interface allowing an unauthenticated attacker to access and edit VxLAN configuration information of...
CVE-2024-39570
A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 HF1. Affected applications are vulnerable to command injection due to missing server side input sanitation when loading VxLAN configurations. This could allow an authenticated attacker to execute arbitrary code...
[SECURITY] Fedora 40 Update: httpd-2.4.61-1.fc40
The Apache HTTP Server is a powerful, efficient, and extensible web server...
Siemens SINEMA Remote Connect Server 安全漏洞
Siemens SINEMA Remote Connect Server is a remote network management platform from Siemens, Germany. The platform is used to remotely access, maintain, control and diagnose the underlying network. Siemens SINEMA Remote Connect Server suffers from a forced browsing vulnerability due to the failure ...
PT-2024-5098 · Siemens · Sinema Remote Connect Server
Name of the Vulnerable Software and Affected Versions: SINEMA Remote Connect Server versions prior to V3.2 HF1 Description: A vulnerability has been identified in SINEMA Remote Connect Server due to missing server-side input sanitation when loading VxLAN configurations. This could allow an...
PT-2024-5097 · Siemens · Sinema Remote Connect Server
Name of the Vulnerable Software and Affected Versions: SINEMA Remote Connect Server versions prior to V3.2 SP1 Description: A vulnerability has been identified in the SINEMA Remote Connect Server, related to errors in security mechanisms. This issue allows an unauthenticated attacker to access an...
The vulnerability of the Guided Procedures component of the SAP NetWeaver AS for Java software used for creating and deploying web applications allows a malicious individual to gain unauthorized access to confidential information.
The vulnerability of the Guided Procedures component in the SAP NetWeaver AS for Java web application creation and deployment software is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to...
The vulnerability of the Oozie Workflow Scheduler component of the Apache Ambari software, which allows attackers to perform XXE attacks
The vulnerability of the Oozie Workflow Scheduler component of the Apache Ambari software is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a remote attacker to perform XXE attacks...
JP1/Extensible SNMP Agent fails to restrict access permissions
Overview JP1/Extensible SNMP Agent provided by Hitachi fails to restrict access permissions CWE-276. Yutaka Kokubu, Shun Suzaki, and Kazuki Hirota of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
JVN#94347255: JP1/Extensible SNMP Agent fails to restrict access permissions
JP1/Extensible SNMP Agent provided by Hitachi fails to restrict access permissions CWE-276. Impact If an authenticated attacker who can log in to the product places a specially crafted DLL file in a specific directory, arbitrary code may be executed with the administrative privilege. Solution...