CVE-2024-25079 |
Description: A memory corruption vulnerability in HddPassword in Insyde InsydeH2O kernel 5.2 before 05.29.09, kernel 5.3 before 05.38.09, kernel 5.4 before 05.46.09, kernel 5.5 before 05.54.09, and kernel 5.6 before 05.61.09 could lead to escalating privileges in SMM.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-25078 |
Description: A memory corruption vulnerability in StorageSecurityCommandDxe in Insyde InsydeH2O before kernel 5.2: IB19130163 in 05.29.07, kernel 5.3: IB19130163 in 05.38.07, kernel 5.4: IB19130163 in 05.46.07, kernel 5.5: IB19130163 in 05.54.07, and kernel 5.6: IB19130163 in 05.61.07 could lead to escalating privileges in SMM.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-25065 |
Description: Possible path traversal in Apache OFBiz allowing authentication bypass.
Users are recommended to upgrade to version 18.12.12, that fixes the issue.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-24790 |
Description: The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.
EPSS Score: 0.06%
February 14th, 2025 (5 months ago)
|
CVE-2024-24788 |
Description: A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-24787 |
Description: On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-24786 |
Description: The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.
EPSS Score: 0.05%
February 14th, 2025 (5 months ago)
|
CVE-2024-24785 |
Description: If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-24784 |
Description: The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|
CVE-2024-24783 |
Description: Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.
EPSS Score: 0.04%
February 14th, 2025 (5 months ago)
|