Lucene search
K

2082 matches found

CNNVD
CNNVD
added 2024/05/15 12:0 a.m.3 views

Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a C source from Insyde Corporation, Taiwan, which implements the new technology "EFI/UEFI" specification designed to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O, which stems from a memory corruption vulnerability...

7.4CVSS6.8AI score0.0017EPSS
Exploits0References3
OSV
OSV
added 2024/05/14 4:17 p.m.3 views

CVE-2024-34085

A vulnerability has been identified in JT2Go All versions V2312.0001, Teamcenter Visualization V14.1 All versions V14.1.0.13, Teamcenter Visualization V14.2 All versions V14.2.0.10, Teamcenter Visualization V14.3 All versions V14.3.0.7, Teamcenter Visualization V2312 All versions V2312.0001. The...

7.8CVSS5.9AI score0.00239EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.4 views

strongSwan Security Vulnerabilities

strongSwan is an open source IPsec-based VPN solution for use on Linux platforms by Andreas Steffen, an individual developer in Switzerland. The solution includes authentication mechanisms such as X.509 public key certificates, secure storage of private keys, and smart cards. A security...

7.7CVSS6.9AI score0.00464EPSS
Exploits0References6
OSV
OSV
added 2024/05/03 3:16 a.m.5 views

CVE-2023-51601

Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this...

6.5CVSS5.6AI score0.00784EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2024/05/03 3:15 a.m.3 views

CVE-2023-42035

Visualware MyConnection Server doIForward XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Visualware MyConnection Server. Authentication is not required to exploit this...

6.5CVSS5.7AI score0.01155EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2024/05/03 3:15 a.m.3 views

CVE-2023-41205

D-Link DAP-1325 SetAPLanSettings SubnetMask Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this...

8.8CVSS6.3AI score0.00855EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/05/03 2:15 a.m.5 views

CVE-2023-27328

Parallels Desktop Toolgate XML Injection Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system i...

7.8CVSS6.2AI score0.00321EPSS
Exploits0References2
OSV
OSV
added 2024/05/01 5:15 p.m.1 views

CVE-2024-20357

A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device. This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could exploit this vulnerability by...

5.9CVSS5.8AI score0.00494EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/04/30 9:57 a.m.2 views

kernel: efi: fix potential NULL deref in efi_mem_reserve_persistent

A flaw was found in the EFI module in the Linux kernel. A NULL pointer dereference can be triggered due to a missing check of the return value of the memremap function, causing a crash and resulting in a denial of service...

5.5CVSS6.8AI score0.00266EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/04/25 12:0 a.m.3 views

PT-2024-5591 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 5.1 through 17.0.6 GitLab versions 17.1 through 17.1.4 GitLab versions 17.2 through 17.2.2 Description: A cross-site scripting issue exists due to inadequate protection of the web page structure. This can be exploited by a...

5.4CVSS5.8AI score0.00294EPSS
Exploits0References15
Fedora
Fedora
added 2024/04/19 9:45 p.m.45 views

[SECURITY] Fedora 40 Update: httpd-2.4.59-2.fc40

The Apache HTTP Server is a powerful, efficient, and extensible web server...

7.3CVSS7.3AI score0.03914EPSS
Exploits0
OSV
OSV
added 2024/04/17 10:15 a.m.2 views

UBUNTU-CVE-2024-26843

In the Linux kernel, the following vulnerability has been resolved: efi: runtime: Fix potential overflow of soft-reserved region size mdsize will have been narrowed if we have = 4GB worth of pages in a soft-reserved region...

6CVSS6.2AI score0.00226EPSS
Exploits0References19
CNNVD
CNNVD
added 2024/04/15 12:0 a.m.5 views

Scrapy 安全漏洞

Scrapy is a free and open source web crawler framework written in Python. A security vulnerability exists in Scrapy that stems from the use of lxml.etree.fromstring to parse untrusted XML data without proper validation, allowing an attacker to perform a denial-of-service attack, access a local...

7.5CVSS7.4AI score0.00807EPSS
Exploits1References4
Fedora
Fedora
added 2024/04/12 1:21 a.m.28 views

[SECURITY] Fedora 39 Update: trafficserver-9.2.4-1.fc39

Traffic Server is a high-performance building block for cloud services. It's more than just a caching proxy server; it also has support for plugins to build large scale web applications. Key features: Caching - Improve your response time, while reducing server load and bandwidth needs by caching...

7.5CVSS7.4AI score0.94615EPSS
Exploits1
Fedora
Fedora
added 2024/04/12 1:15 a.m.25 views

[SECURITY] Fedora 38 Update: trafficserver-9.2.4-1.fc38

Traffic Server is a high-performance building block for cloud services. It's more than just a caching proxy server; it also has support for plugins to build large scale web applications. Key features: Caching - Improve your response time, while reducing server load and bandwidth needs by caching...

7.5CVSS7.4AI score0.94615EPSS
Exploits1
OSV
OSV
added 2024/03/20 5:15 a.m.3 views

CVE-2024-22080

An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur during XML body parsing...

9.8CVSS5.8AI score0.00785EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/03/19 6:46 p.m.38 views

Moderate: Red Hat Security Advisory: ruby:3.1 security, bug fix, and enhancement update

An update for the ruby:3.1 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.8CVSS7.1AI score0.02637EPSS
Exploits1References5
OSV
OSV
added 2024/03/15 9:15 p.m.4 views

UBUNTU-CVE-2021-47134

In the Linux kernel, the following vulnerability has been resolved: efi/fdt: fix panic when no valid fdt found setuparch would invoke efiinit-efigetfdtparams. If no valid fdt found then initialbootparams will be null. So we should stop further fdt processing here. I encountered this issue on risc...

5.5CVSS6.6AI score0.00232EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/03/15 12:0 a.m.3 views

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a panic when a valid fdt is not found by the efi/fdt module...

5.5CVSS6.5AI score0.00232EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/03/14 12:0 a.m.4 views

The vulnerability of the XML syntax analyzer library libexpat lies in the improper limitation on XML references to external objects, which allows attackers to trigger a service failure.

The vulnerability of the XML syntax analyzer library libexpat is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to cause service failures by sending specially created XML code remotely...

7.8CVSS6.5AI score0.02006EPSS
Exploits1References16Affected Software7
Rows per page
Query Builder