Lucene search
K

285 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/10 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2021-46951

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: tpm: efi: Use local variable for calculating final log size When tpmreadlogefi is called...

5.5CVSS6.2AI score0.00235EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2024-46868

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: Fix deadlock in qcuefiacquire If the qcuefi pointer is not set,...

5.5CVSS5.6AI score0.0014EPSS
Exploits0References2
OSV
OSV
added 2025/08/07 1:15 a.m.3 views

UBUNTU-CVE-2025-3770

EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability...

7CVSS7.4AI score0.0015EPSS
Exploits0References4
OSV
OSV
added 2025/07/10 8:15 a.m.1 views

DEBIAN-CVE-2025-38315

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Check dsbr size from EFI variable Since the size of struct btinteldsbr is already known, we can just start there instead of querying the EFI variable size. If the final result doesn't match what we expect also...

5.5CVSS5.8AI score0.00135EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/07/02 12:0 a.m.5 views

The vulnerability of the drivers/firmware/EFI/libstub components of the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the drivers/firmware/EFI/libstub components of the Linux operating system is related to the allocation of unlimited memory. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS6.7AI score0.00225EPSS
Exploits0References10Affected Software4
BDU FSTEC
BDU FSTEC
added 2025/06/23 12:0 a.m.7 views

The vulnerability of the IhisiServiceSmm component in the InsydeH2O UEFI firmware creation framework allows a attacker to escalate their privileges.

The vulnerability of the IhisiServiceSmm component in the InsydeH2O UEFI firmware creation framework is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to increase their privileges remotely...

6.1CVSS5.7AI score0.00132EPSS
Exploits0References3Affected Software5
AstraLinux
AstraLinux
added 2025/06/16 11:28 a.m.10 views

Astra Linux – Vulnerability in Intel Microcode

Improper input validation in the UEFI firmware CseVariableStorageSmm for some Intel processors may allow a privileged user to potentially enable privilege escalation through local access...

8.7CVSS7.2AI score0.00237EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2025/06/16 11:28 a.m.5 views

Astra Linux – Vulnerability in Intel Microcode

Improper input validation in the XmlCli feature for UEFI firmware on some Intel processors may allow a privileged user to potentially enable privilege escalation through local access...

8.7CVSS7.2AI score0.00239EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/06/10 12:0 a.m.4 views

Insyde InsydeH2O 安全漏洞

Insyde InsydeH2O is a new EFI/UEFI specification from Insyde China. It is intended to replace the traditional BIOS Basic Input/Output System. A security vulnerability exists in Insyde InsydeH2O, which can be exploited to alter certificates and execute .efi files...

7.8CVSS9.2AI score0.00404EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 3:15 a.m.5 views

CVE-2023-22662

Improper input validation of EpsdSrMgmtConfig in UEFI firmware for some IntelR Server Board S2600BP products may allow a privileged user to potentially enable denial of service via local access...

5.8CVSS6.2AI score0.00196EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/13 12:0 a.m.3 views

Intel Server M50FCP和Intel Server D50DNP 输入验证错误漏洞

Intel Server M50FCP and Intel Server D50DNP are both servers from Intel Corporation USA. An input validation error vulnerability exists in Intel Server M50FCP and Intel Server D50DNP, which stems from improper input validation in the UEFI firmware DXE module, which could lead to elevation of...

8.7CVSS6.7AI score0.00143EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/05/13 12:0 a.m.3 views

Intel Server M50FCP和Intel Server D50DNP 安全漏洞

Intel Server M50FCP and Intel Server D50DNP are both servers from Intel Corporation USA. A security vulnerability exists in Intel Server M50FCP and Intel Server D50DNP that stems from improper initialization of the UEFI firmware, which could lead to information disclosure...

5.6CVSS6.4AI score0.00134EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/07 12:0 a.m.6 views

PT-2025-15273

Name of the Vulnerable Software and Affected Versions EDK2 affected versions not specified Description The issue is related to a vulnerability in the HashPeImageByType function, where a user can cause a read out of bounds by sending corrupted data via the network. This could lead to a loss of...

9.1CVSS6.4AI score0.73461EPSS
Exploits3References147
Microsoft Secure
Microsoft Secure
added 2025/03/31 4:0 p.m.19 views

Analyzing open-source bootloaders: Finding vulnerabilities faster with AI

By leveraging Microsoft Security Copilot to expedite the vulnerability discovery process, Microsoft Threat Intelligence uncovered several vulnerabilities in multiple open-source bootloaders, impacting all operating systems relying on Unified Extensible Firmware Interface UEFI Secure Boot as well ...

8.8CVSS8.7AI score0.01284EPSS
Exploits2
OSV
OSV
added 2025/03/27 3:15 p.m.6 views

UBUNTU-CVE-2025-21872

In the Linux kernel, the following vulnerability has been resolved: efi: Don't map the entire mokvar table to determine its size Currently, when validating the mokvar table, we remap the entire table on each iteration of the loop, adding space as we discover new entries. If the table grows over a...

5.5CVSS6.2AI score0.00189EPSS
Exploits0References25
BDU FSTEC
BDU FSTEC
added 2025/03/27 12:0 a.m.5 views

Vulnerabilities of EFI/unaccepted kernel components of the Linux operating system, allowing attackers to trigger a service failure

The vulnerability of the listdel function in efi/unaccepted kernel components of the Linux operating system is related to improper locking mechanisms. Exploiting this vulnerability could allow an attacker to trigger a service failure...

5.5CVSS6.2AI score0.00171EPSS
Exploits0References7Affected Software4
OSV
OSV
added 2025/03/14 10:15 p.m.9 views

AZL-58803 CVE-2025-2295 affecting package edk2 for versions less than 20240524git3e722403cd16-14

EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service...

3.5CVSS6.6AI score0.00226EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/11 9:48 a.m.12 views

CVE-2024-56182

A vulnerability has been identified in SIMATIC Field PG M5 All versions, SIMATIC Field PG M6 All versions V26.01.12, SIMATIC IPC BX-21A All versions V31.01.07, SIMATIC IPC BX-32A All versions V29.01.07, SIMATIC IPC BX-39A All versions V29.01.07, SIMATIC IPC BX-59A All versions V32.01.04, SIMATIC...

8.4CVSS0.00204EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/11 12:0 a.m.3 views

Siemens SIMATIC 缓冲区错误漏洞

Siemens SIMATIC is a configuration software from Siemens Germany. A buffer error vulnerability exists in Siemens SIMATIC, which arises from an inadequate protection mechanism for EFI variables, and could allow an authenticated attacker to modify the secure boot configuration. The following produc...

8.4CVSS6.5AI score0.00204EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/03/06 12:32 a.m.3 views

microcode_ctl: Improper input validation in UEFI firmware

An improper input validation flaw was found in UEFI firmware. Some IntelR processors may allow a privileged user to enable privilege escalation via local access...

8.7CVSS5.7AI score0.00259EPSS
Exploits0References5
Rows per page
Query Builder