2082 matches found
Insyde InsydeH2O 安全漏洞
Insyde InsydeH2O is a C source from Insyde Corporation, Taiwan, which implements the new technology "EFI/UEFI" specification designed to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O, which stems from a memory corruption vulnerability...
CVE-2024-34085
A vulnerability has been identified in JT2Go All versions V2312.0001, Teamcenter Visualization V14.1 All versions V14.1.0.13, Teamcenter Visualization V14.2 All versions V14.2.0.10, Teamcenter Visualization V14.3 All versions V14.3.0.7, Teamcenter Visualization V2312 All versions V2312.0001. The...
strongSwan Security Vulnerabilities
strongSwan is an open source IPsec-based VPN solution for use on Linux platforms by Andreas Steffen, an individual developer in Switzerland. The solution includes authentication mechanisms such as X.509 public key certificates, secure storage of private keys, and smart cards. A security...
CVE-2023-51601
Honeywell Saia PG5 Controls Suite XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Honeywell Saia PG5 Controls Suite. User interaction is required to exploit this...
CVE-2023-42035
Visualware MyConnection Server doIForward XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Visualware MyConnection Server. Authentication is not required to exploit this...
CVE-2023-41205
D-Link DAP-1325 SetAPLanSettings SubnetMask Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this...
CVE-2023-27328
Parallels Desktop Toolgate XML Injection Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system i...
CVE-2024-20357
A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device. This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could exploit this vulnerability by...
kernel: efi: fix potential NULL deref in efi_mem_reserve_persistent
A flaw was found in the EFI module in the Linux kernel. A NULL pointer dereference can be triggered due to a missing check of the return value of the memremap function, causing a crash and resulting in a denial of service...
PT-2024-5591 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 5.1 through 17.0.6 GitLab versions 17.1 through 17.1.4 GitLab versions 17.2 through 17.2.2 Description: A cross-site scripting issue exists due to inadequate protection of the web page structure. This can be exploited by a...
[SECURITY] Fedora 40 Update: httpd-2.4.59-2.fc40
The Apache HTTP Server is a powerful, efficient, and extensible web server...
UBUNTU-CVE-2024-26843
In the Linux kernel, the following vulnerability has been resolved: efi: runtime: Fix potential overflow of soft-reserved region size mdsize will have been narrowed if we have = 4GB worth of pages in a soft-reserved region...
Scrapy 安全漏洞
Scrapy is a free and open source web crawler framework written in Python. A security vulnerability exists in Scrapy that stems from the use of lxml.etree.fromstring to parse untrusted XML data without proper validation, allowing an attacker to perform a denial-of-service attack, access a local...
[SECURITY] Fedora 39 Update: trafficserver-9.2.4-1.fc39
Traffic Server is a high-performance building block for cloud services. It's more than just a caching proxy server; it also has support for plugins to build large scale web applications. Key features: Caching - Improve your response time, while reducing server load and bandwidth needs by caching...
[SECURITY] Fedora 38 Update: trafficserver-9.2.4-1.fc38
Traffic Server is a high-performance building block for cloud services. It's more than just a caching proxy server; it also has support for plugins to build large scale web applications. Key features: Caching - Improve your response time, while reducing server load and bandwidth needs by caching...
CVE-2024-22080
An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur during XML body parsing...
Moderate: Red Hat Security Advisory: ruby:3.1 security, bug fix, and enhancement update
An update for the ruby:3.1 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
UBUNTU-CVE-2021-47134
In the Linux kernel, the following vulnerability has been resolved: efi/fdt: fix panic when no valid fdt found setuparch would invoke efiinit-efigetfdtparams. If no valid fdt found then initialbootparams will be null. So we should stop further fdt processing here. I encountered this issue on risc...
Linux kernel security vulnerabilities
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a panic when a valid fdt is not found by the efi/fdt module...
The vulnerability of the XML syntax analyzer library libexpat lies in the improper limitation on XML references to external objects, which allows attackers to trigger a service failure.
The vulnerability of the XML syntax analyzer library libexpat is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to cause service failures by sending specially created XML code remotely...