46 matches found
HPESBHF05035 rev.1 - Certain HPE ProLiant AMD Servers Using Certain AMD EPYC Processors, AMD-SB-3034: SEV-SNP Routing Misconfiguration, Local Compromise of System Integrity Vulnerability
Potential Security Impact: Local: Compromise of System Integrity SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. HPE ProLiant Compute DL325 Gen12 - Prior to 1.4001-09-2026 HPE ProLiant Compute DL345 Gen12 - Prior to 1.4001-09-2026 HPE ProLiant DL145 Gen11 - Prior to 1.8002-06-2026...
HPESBHF04937 rev.1 - Certain HPE SimpliVity Servers Using Certain Intel Processors, INTEL-SA-01280, 2025.3 IPU, Intel Chipset Firmware Advisory, Multiple Vulnerabilities
Potential Security Impact: Local: Disclosure of Information, Escalation of Privilege; Remote: Disclosure of Information SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. HPE SimpliVity 380 Gen10 Plus - Prior to SimpliVity Support Pack Gen10 SVTSPGen10 20260116 HPE SimpliVity 380 Gen...
CVE-2022-27537
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate these potential vulnerabilities...
CVE-2023-6215
A potential security vulnerability has been identified in HP Sure Start’s protection of the Intel Flash Descriptor in certain HP PC products, which might allow security bypass, arbitrary code execution, loss of integrity or confidentiality, or denial of service. HP is releasing BIOS updates to...
EUVD-2023-58462
A potential security vulnerability has been identified in HP Sure Start’s protection of the Intel Flash Descriptor in certain HP PC products, which might allow security bypass, arbitrary code execution, loss of integrity or confidentiality, or denial of service. HP is releasing BIOS updates to...
EUVD-2022-32038
Malicious code in bioql PyPI...
EUVD-2022-32039
Malicious code in bioql PyPI...
CVE-2022-27540
A potential Time-of-Check to Time-of Use TOCTOU vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability...
CVE-2022-27538
A potential Time-of-Check to Time-of-Use TOCTOU vulnerability has been identified in the BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability...
Insyde InsydeH2O kernel 安全漏洞
The Insyde InsydeH2O kernel is a kernel for updating the BIOS of computers from Insyde, a Chinese company. A security vulnerability exists in the Insyde InsydeH2O kernel versions 5.2 prior to 05.29.50, 5.3 prior to 05.38.50, 5.4 prior to 05.46.50, 5.5 prior to 05.54.50, 5.6 prior to 05.61.50, and...
Elan Fingerprint Sensor Security Update
A potential vulnerability has been identified in certain HP PC products using Elan fingerprint sensor devices, which might allow operating system authentication bypass by spoofing. HP is releasing BIOS and fingerprint sensor driver updates to address the potential vulnerability. Elan has resolved...
CVE-2024-28127
Improper input validation in UEFI firmware for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access...
HPESBHF04686 rev.1 - Certain HPE SimpliVity AMD Servers Using Certain AMD EPYC Processors, AMD-SB-7014: SMM Lock Bypass, Local Arbitrary Code Execution Vulnerability
Potential Security Impact: Local: Arbitrary Code Execution SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. HPE SimpliVity 325 Gen10 - Prior to HPE SimpliVity Gen10 Support Pack SVTSP v20241129 HPE SimpliVity 325 Gen10 Plus - Prior to HPE SimpliVity Gen10 Support Pack SVTSP v202411...
HP BIOS - EDK II Reference Vulnerabilities
Potential EDK II reference code vulnerabilities have been identified in certain HP PC products using the HP System BIOS, which might allow arbitrary code execution. HP is releasing BIOS updates to mitigate these potential vulnerabilities. HP has identified affected platforms and corresponding...
CVE-2022-27540
A potential Time-of-Check to Time-of Use TOCTOU vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability...
CVE-2022-27540
CVE-2022-27540 concerns a TOCTOU vulnerability in HP BIOS for certain HP PC products. The issue could allow arbitrary code execution, denial of service, and information disclosure. Mitigation is via HP BIOS updates; HP’s HP PC BIOS Additional Security Update documents affected platforms and minim...
Physical bypass of certain HP TamperLock features
Potential vulnerabilities have been identified in certain HP Desktop PC products using the HP TamperLock feature, which might allow intrusion detection bypass via a physical attack. HP is releasing firmware and guidance to mitigate these potential vulnerabilities. Desktop Workstation mitigation f...
The vulnerability of the optimization tool for automatic BIOS driver updates, Lenovo Vantage Service, is related to errors in the authentication process. This vulnerability allows a perpetrator to execute arbitrary code with elevated privileges.
The vulnerability of the optimization tool for automatic BIOS driver updates in Lenovo Vantage Service is related to errors in the authentication process. Exploiting this vulnerability allows an attacker to execute arbitrary code with elevated privileges...
HPESBHF04540 rev.1 - Certain HPE Cray Servers and HPE ProLiant DL/XL Servers Using AMD EPYC Processors, AMD-SB-4007, DXE Driver Memory Leaks, Local Disclosure of Sensitive Information
Potential Security Impact: Local: Disclosure of Sensitive Information SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. HPE Cray EX235n Server - Prior to BIOS 1.3.0 HFP 23.4 HPE Cray EX425 Compute Blade - Prior to BIOS 1.7.2 HFP 23.9 HPE ProLiant DL325 Gen10 Plus server - Prior to...
HPESBCR04545 rev.2 - Certain HPE Cray Servers, and HPE ProLiant DL/XL Servers Using Certain AMD EPYC Processors, AMD-SB-7005: Return Address Predictor (INCEPTION) Security Notice, Local Disclosure of Information
Potential Security Impact: Local: Disclosure of Information SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. HPE Cray EX235n Server - Prior to BIOS 1.3.1 HFP 23.9 HPE Cray EX425 Compute Blade - Prior to BIOS 1.7.2 HFP 23.9 HPE ProLiant DL325 Gen10 Plus server - Prior to BIOS 2.80 H...