Lucene search
K

2086 matches found

RedHat Linux
RedHat Linux
added 2024/03/19 6:46 p.m.39 views

Moderate: Red Hat Security Advisory: ruby:3.1 security, bug fix, and enhancement update

An update for the ruby:3.1 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

8.8CVSS7.1AI score0.02637EPSS
Exploits1References5
OSV
OSV
added 2024/03/15 9:15 p.m.4 views

UBUNTU-CVE-2021-47134

In the Linux kernel, the following vulnerability has been resolved: efi/fdt: fix panic when no valid fdt found setuparch would invoke efiinit-efigetfdtparams. If no valid fdt found then initialbootparams will be null. So we should stop further fdt processing here. I encountered this issue on risc...

5.5CVSS6.6AI score0.00232EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/03/15 12:0 a.m.3 views

Linux kernel security vulnerabilities

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a panic when a valid fdt is not found by the efi/fdt module...

5.5CVSS6.5AI score0.00232EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/03/14 12:0 a.m.4 views

The vulnerability of the XML syntax analyzer library libexpat lies in the improper limitation on XML references to external objects, which allows attackers to trigger a service failure.

The vulnerability of the XML syntax analyzer library libexpat is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability could allow a malicious actor to cause service failures by sending specially created XML code remotely...

7.8CVSS6.5AI score0.02006EPSS
Exploits1References16Affected Software7
Positive Technologies
Positive Technologies
added 2024/03/12 12:0 a.m.4 views

PT-2024-12154 · Insyde · Insydeh2O

Name of the Vulnerable Software and Affected Versions: Insyde InsydeH2O with kernel versions prior to 05.28.42 Insyde InsydeH2O with kernel versions prior to 05.37.42 Insyde InsydeH2O with kernel versions prior to 05.45.39 Insyde InsydeH2O with kernel versions prior to 05.53.39 Insyde InsydeH2O...

6.1CVSS7AI score0.00132EPSS
Exploits0References6
OSV
OSV
added 2024/03/10 5:15 a.m.6 views

AZL-35841 CVE-2024-28757 affecting package expat for versions less than 2.6.2-2

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers created via XMLExternalEntityParserCreate...

7.5CVSS6.6AI score0.02006EPSS
Exploits1References1
Fedora
Fedora
added 2024/03/07 10:33 p.m.21 views

[SECURITY] Fedora 40 Update: jmock-2.12.0-16.fc40

Mock objects help you design and test the interactions between the objects in your programs. The jMock library: makes it quick and easy to define mock objects, so you don't break the rhythm of programming. lets you precisely specify the interactions between your objects, reducing the brittleness ...

8.8CVSS9.1AI score0.02557EPSS
Exploits3
OSV
OSV
added 2024/03/06 10:54 a.m.27 views

BIT-JUPYTERLAB-2024-22421 Potential authentication and CSRF tokens leak in JupyterLab

JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Users of JupyterLab who click on a malicious link may get their Authorization and XSRFToken tokens exposed to a third party when running an older jupyter-server...

7.6CVSS6.8AI score0.00665EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/03/04 2:3 a.m.2 views

edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message

A security weakness was identified in EDK2, the open-source reference implementation of the UEFI specification, revealing a buffer overflow vulnerability. This vulnerability enables an unauthorized attacker within proximity on the network to transmit a specifically crafted DHCPv6 Advertise messag...

8.8CVSS6.4AI score0.01186EPSS
Exploits1References6
OSV
OSV
added 2024/02/28 12:15 a.m.2 views

UBUNTU-CVE-2024-1892

A Regular Expression Denial of Service ReDoS vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML content. By crafting malicious XML content that exploits inefficient regular expression complexity used in the parsing process, an attacker...

7.5CVSS5.7AI score0.00553EPSS
Exploits1References7
OSV
OSV
added 2024/02/26 1:57 p.m.3 views

USN-6658-1 libxml2 vulnerability

It was discovered that libxml2 incorrectly handled certain XML documents. A remote attacker could possibly use this issue to cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code...

7.5CVSS7AI score0.01375EPSS
Exploits3References2
OSV
OSV
added 2024/02/22 5:15 p.m.2 views

DEBIAN-CVE-2023-52161

The Access Point functionality in eapolauthkeyhandle in eapol.c in iNet wireless daemon IWD before 2.14 allows attackers to gain unauthorized access to a protected Wi-Fi network. An attacker can complete the EAPOL handshake by skipping Msg2/4 and instead sending Msg4/4 with an all-zero key...

7.5CVSS7.6AI score0.01103EPSS
Exploits0References1
OSV
OSV
added 2024/02/22 5:15 p.m.5 views

ALPINE-CVE-2023-52160

The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eappeapdecrypt vulnerability can then be abused to skip Phase 2...

6.5CVSS7AI score0.01177EPSS
Exploits0References1
OSV
OSV
added 2024/02/22 5:15 p.m.1 views

UBUNTU-CVE-2023-52160

The implementation of PEAP in wpasupplicant through 2.10 allows authentication bypass. For a successful attack, wpasupplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eappeapdecrypt vulnerability can then be abused to skip Phase 2...

6.5CVSS6.8AI score0.01177EPSS
Exploits0References4
Fedora
Fedora
added 2024/02/19 2:29 a.m.52 views

[SECURITY] Fedora 39 Update: caddy-2.7.6-1.fc39

Caddy is an extensible server platform that uses TLS by default...

7.5CVSS7.3AI score0.01364EPSS
Exploits2
BDU FSTEC
BDU FSTEC
added 2024/02/19 12:0 a.m.11 views

The vulnerability of the PEAP (Protected Extensible Authentication Protocol) client implementation of the Wi-Fi Protected Access Point software WPA Supplicant allows a hacker to intercept the unencrypted user traffic.

The vulnerability of the PEAP Protected Extensible Authentication Protocol client Wi-Fi access control implementation, such as WPA Supplicant, arises due to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to intercept unencrypted user traffic by...

8.3CVSS7.1AI score0.01177EPSS
Exploits0References12Affected Software6
SUSE CVE
SUSE CVE
added 2024/02/17 3:22 a.m.2 views

SUSE CVE-2023-49721

An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot...

6.7CVSS7AI score0.00237EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2024/02/17 3:22 a.m.1 views

SUSE CVE-2023-52161

The Access Point functionality in eapolauthkeyhandle in eapol.c in iNet wireless daemon IWD before 2.14 allows attackers to gain unauthorized access to a protected Wi-Fi network. An attacker can complete the EAPOL handshake by skipping Msg2/4 and instead sending Msg4/4 with an all-zero key...

7.5CVSS7.1AI score0.01103EPSS
Exploits0References3
OSV
OSV
added 2024/02/14 10:15 p.m.3 views

CVE-2023-49721

An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot...

6.7CVSS7AI score0.00256EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/02/14 12:0 a.m.4 views

EDK2 Security Vulnerability

EDK2 is a set of cross-platform firmware development environments from the Tianocore community based on the UEFI and PI specifications. EDK2 suffers from a security vulnerability that stems from allowing insecure default settings that allow an attacker to bypass secure boot...

6.7CVSS6.8AI score0.00256EPSS
Exploits0References7
Rows per page
Query Builder