Lucene search
K

168 matches found

Debian CVE
Debian CVE
added 2024/06/19 1:48 p.m.27 views

CVE-2024-38606

In the Linux kernel, the following vulnerability has been resolved: crypto: qat - validate slices count returned by FW The function adfsendadmintlstart enables the telemetry TL feature on a QAT device by sending the ICPQATFWTLSTART message to the firmware. This triggers the FW to start writing TL...

7.1CVSS6.3AI score0.00217EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/04/17 12:0 a.m.5 views

PT-2024-3509 · Huawei · Huawei Matebook D16

Name of the Vulnerable Software and Affected Versions: Huawei Matebook D16 Model: CREM-WXX9, BIOS: v2.26 Description: The issue is related to insufficient validation of exceptional states in the UEFI BIOS firmware of Huawei personal computers. This can be exploited by a malicious OS attacker to...

7.8CVSS7.6AI score0.00129EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/02/13 12:0 a.m.3 views

AMD EPYC Security Vulnerability

AMD EPYC is an x86 architecture server microprocessor product line from AMD Semiconductor, known in Chinese as "霄龙", which utilizes the Zen microarchitecture. A security vulnerability exists in AMD EPYC™ Processors that stems from insufficient data authenticity validation in AGESA, resulting in a...

7AI score
Exploits0References1
Prion
Prion
added 2023/12/15 12:15 p.m.14 views

Stack overflow

During the retrofit validation process, the firmware doesn't properly check the boundaries while copying some attributes to check. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device...

7.5CVSS8.3AI score0.01137EPSS
Exploits0References1Affected Software8
Cvelist
Cvelist
added 2023/08/29 8:49 a.m.27 views

CVE-2023-23773

Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent impla...

7.2CVSS9AI score0.00419EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2023/08/16 12:0 a.m.415 views

AudioCodes VoIP Phones Insufficient Firmware Validation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2022-055 Product: AudioCodes VoIP Phones Manufacturer: AudioCodes Ltd. Affected Versions: Firmware Versions = 3.4.4.1000 Tested Versions: Firmware Version 3.4.4.1000 Vulnerability Type: Missing Immutable Root of Trust in Hardware...

7.1AI score0.003EPSS
Exploits2
ATTACKERKB
ATTACKERKB
added 2023/08/11 8:15 p.m.2 views

CVE-2023-22955

An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. The validation of firmware images only consists of simple checksum checks for different firmware components. Thus, by knowing how to calculate and where to store the required checksums for the flasher tool, an attacker is...

7.8CVSS7.1AI score0.003EPSS
Exploits2References5
NVD
NVD
added 2023/08/11 8:15 p.m.24 views

CVE-2023-22955

An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. The validation of firmware images only consists of simple checksum checks for different firmware components. Thus, by knowing how to calculate and where to store the required checksums for the flasher tool, an attacker is...

7.8CVSS7.6AI score0.003EPSS
Exploits2References4
OSV
OSV
added 2023/08/11 8:15 p.m.5 views

CVE-2023-22955

An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. The validation of firmware images only consists of simple checksum checks for different firmware components. Thus, by knowing how to calculate and where to store the required checksums for the flasher tool, an attacker is...

7.8CVSS5.8AI score0.003EPSS
Exploits2References4
Prion
Prion
added 2023/08/11 8:15 p.m.22 views

Design/Logic Flaw

An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. The validation of firmware images only consists of simple checksum checks for different firmware components. Thus, by knowing how to calculate and where to store the required checksums for the flasher tool, an attacker is...

4.3CVSS7.6AI score0.003EPSS
Exploits2References4Affected Software6
Vulnrichment
Vulnrichment
added 2023/08/11 12:0 a.m.18 views

CVE-2023-22955

An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. The validation of firmware images only consists of simple checksum checks for different firmware components. Thus, by knowing how to calculate and where to store the required checksums for the flasher tool, an attacker is...

7AI score0.003EPSS
Exploits2References4
CNNVD
CNNVD
added 2023/08/11 12:0 a.m.4 views

AudioCodes VoIP Data Forgery Issue Vulnerability

AudioCodes VoIP is a series of desk phones from the Israeli company AudioCodes. A security vulnerability exists in AudioCodes VoIP desk phones version 3.4.4.1000 and prior versions, which stems from the validation of firmware images that only contain simple checksums for different firmware...

7.8CVSS6.8AI score0.003EPSS
Exploits2References6
CVE
CVE
added 2023/08/11 12:0 a.m.42 views

CVE-2023-22955

AudioCodes VoIP desk phones up to version 3.4.4.1000 are affected. The vulnerability stems from firmware-image validation that uses only simple checksums, enabling an attacker who can influence the flasher tool to inject malicious firmware. Root cause: insufficient validation allowing firmware ta...

7.8CVSS7.5AI score0.003EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2023/08/11 12:0 a.m.33 views

CVE-2023-22955

An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. The validation of firmware images only consists of simple checksum checks for different firmware components. Thus, by knowing how to calculate and where to store the required checksums for the flasher tool, an attacker is...

7.8AI score0.003EPSS
Exploits2References4
Prion
Prion
added 2023/05/22 8:15 p.m.18 views

Remote code execution

Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only calculates the MD5 hash of the firmware and does not check using a private-public key mechanism. The lack of complete PKI system firmware signature could allow attackers to upload arbitrar...

7.5CVSS9.6AI score0.00419EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/05/22 7:35 p.m.34 views

CVE-2023-28386

Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only calculates the MD5 hash of the firmware and does not check using a private-public key mechanism. The lack of complete PKI system firmware signature could allow attackers to upload arbitrar...

8.6CVSS9.7AI score0.00419EPSS
Exploits0References2
NVD
NVD
added 2023/05/10 12:15 a.m.22 views

CVE-2022-36330

A buffer overflow vulnerability was discovered on firmware version validation that could lead to an unauthenticated remote code execution in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices. An attacker would require exploitation of another vulnerability to raise their...

8.1CVSS5.7AI score0.00557EPSS
Exploits0References1
OSV
OSV
added 2023/05/10 12:15 a.m.4 views

CVE-2022-36330

A buffer overflow vulnerability was discovered on firmware version validation that could lead to an unauthenticated remote code execution in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices. An attacker would require exploitation of another vulnerability to raise their...

8.1CVSS6.3AI score0.00557EPSS
Exploits0References1
CVE
CVE
added 2023/05/09 11:16 p.m.45 views

CVE-2022-36330

CVE-2022-36330 is a buffer overflow vulnerability affecting Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices. The issue stems from firmware version validation and could enable an unauthenticated remote code execution, with exploitation requiring prior privilege escalation...

8.1CVSS6.6AI score0.00557EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/05/09 11:16 p.m.23 views

CVE-2022-36330 Buffer Overflow Vulnerability in Western Digital My Cloud Home and ibi devices

A buffer overflow vulnerability was discovered on firmware version validation that could lead to an unauthenticated remote code execution in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices. An attacker would require exploitation of another vulnerability to raise their...

1.9CVSS8.8AI score0.00557EPSS
Exploits0References1
Rows per page
Query Builder