Lucene search
+L

226 matches found

OSV
OSV
added 2023/10/09 7:15 p.m.4 views

CVE-2022-3431

A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable...

7.8CVSS5.8AI score
Exploits0References1
CNNVD
CNNVD
added 2023/10/09 12:0 a.m.20 views

Lenovo Notebook Security Breach

Lenovo Notebook is a laptop computer from Lenovo, a Chinese company. The Lenovo Notebook suffers from a security vulnerability that originates from allowing an attacker to modify the secure boot settings by modifying the NVRAM variable...

7.8CVSS6.8AI score0.00206EPSS
Exploits0References2
OSV
OSV
added 2023/09/04 3:15 a.m.4 views

CVE-2023-20821

In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07937113; Issue ID: ALPS07937113...

6.7CVSS5.9AI score0.00087EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/09/04 12:0 a.m.4 views

MediaTek Chip Buffer Error Vulnerability

MediaTek chips are a variety of MediaTek chips from MediaTek, a Chinese company. A security vulnerability exists in the MediaTek chips, which stems from a lack of bounds checking in nvram, which may result in out-of-bounds writes...

6.7CVSS6.9AI score0.00087EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/08/07 12:0 a.m.7 views

PT-2023-5745 · Mediatek · Nvram

Name of the Vulnerable Software and Affected Versions: Nvram affected versions not specified Description: The issue is related to a missing bounds check in nvram, which could lead to a possible out of bounds write. This may result in local information disclosure, requiring System execution...

4.4CVSS4.4AI score0.00085EPSS
Exploits0References7
OSV
OSV
added 2023/07/06 1:15 p.m.3 views

CVE-2023-37242

Vulnerability of commands from the modem being intercepted in the atcmdserver module. Attackers may exploit this vulnerability to rewrite the non-volatile random-access memory NVRAM, or facilitate the exploitation of other vulnerabilities...

9.8CVSS5.8AI score0.0045EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/07/05 12:0 a.m.5 views

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. The Huawei HarmonyOS and EMUI information disclosure...

9.8CVSS6.3AI score0.0045EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2023/05/29 12:0 a.m.7 views

The vulnerability of the driver for configuring WMI microprogramming systems in Lenovo laptops allows a hacker to modify security loading parameters through the NVRAM variable.

The vulnerability of the WMI driver for Lenovo notebook microprogramming systems is related to errors in the use of standard permissions. Exploiting this vulnerability allows an attacker to modify security boot parameters through the NVRAM variable...

6.8CVSS6.9AI score0.00257EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/04/22 12:0 a.m.8 views

NVIDIA DGX-2 安全漏洞

The NVIDIA DGX-2 is a high-performance workstation for deep learning from NVIDIA, Inc. The NVIDIA DGX-2™ is NVIDIA's first 2 petaFLOPS appliance to integrate 16 NVIDIA V100 Tensor core GPUs, making it an excellent platform for tackling complex AI challenges. A security vulnerability exists in...

7.5CVSS5.2AI score0.0015EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:48 a.m.2 views

SUSE CVE-2021-3947

A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvmechangednslist where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of sensitive information...

5.5CVSS7.5AI score0.00317EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/01/26 12:0 a.m.5 views

Lenovo IdeaPad Y700-14ISK 安全漏洞

Lenovo IdeaPad is a line of laptops from the Chinese company Lenovo Lenovo. A security vulnerability exists in the Lenovo IdeaPad Y700-14ISK. An attacker could exploit the vulnerability to modify the secure boot settings by modifying the NVRAM variable...

6.7CVSS6.9AI score0.00294EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/11/28 12:0 a.m.5 views

Acer Extensa Series 安全漏洞

Acer Extensa Series is a line of laptops from Acer, a Chinese company. The Acer Extensa Series suffers from a security vulnerability that stems from its HQSwSmiDxe DXE driver that allows an attacker with elevated privileges to modify the UEFI Secure Boot settings by modifying the NVRAM variable...

8.2CVSS8AI score0.00239EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2022/11/08 9:32 a.m.4 views

kernel: nvme-rdma: destroy cm id before destroy qp to avoid use after free

A vulnerability was found in the Linux kernel's nvme-rdma driver where the driver failed to destroy a component cmid before another component qp was destroyed. This issue occurs when the kernel incorrectly manages memory during RDMA, leading to a potential use-after-free...

9.8CVSS7.2AI score0.01166EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/10/19 12:0 a.m.5 views

Acer Altos W2000h-W570h F4 缓冲区错误漏洞

Acer Altos W2000h-W570h F4 is a server from Acer China. It offers best-in-class performance, innovative technology, high configurability and comprehensive management features. A security vulnerability exists in Acer Altos W2000h-W570h F4 version R01.03.0018, which originates from a discovery...

9.8CVSS8.4AI score0.00928EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/09/09 12:0 a.m.6 views

RISC-V 输入验证错误漏洞

RISC-V is an open source instruction set architecture based on the principle of reduced instruction sets, which is easily interpreted as a form of "open source hardware" corresponding to the open source software movement. The RISC-V kernel suffers from an Input Validation Error vulnerability, whi...

5.5CVSS6.5AI score0.0023EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2022/09/09 12:0 a.m.8 views

PT-2022-5838 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw in the Linux kernel may cause a denial of service if consecutive requests of the NVME IOCTL RESET and the NVME IOCTL SUBSYS RESET are made through the device file of the driver,...

8.8CVSS7.2AI score0.21314EPSS
Exploits66References998
OSV
OSV
added 2022/08/25 8:15 p.m.6 views

AZL-10721 CVE-2021-3929 affecting package qemu for versions less than 6.2.0-13

A DMA reentrancy issue was found in the NVM Express Controller NVME emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvmectrlreset, data structs will be freed leading to a use-after-free issue. A malicious guest could...

8.2CVSS7.4AI score0.00643EPSS
Exploits2References1
OSV
OSV
added 2022/07/01 11:3 a.m.4 views

OESA-2022-1733 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A DMA reentrancy issue was found in the NVM Express Controller NVME emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset...

8.2CVSS7.1AI score0.00643EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/05/12 12:0 a.m.28 views

InHand Networks InRouter302 输入验证错误漏洞

InHand Networks InRouter Series is a series of routers from InHand Networks, Inc. InHand Networks InRouter302 version V3.5.4 is vulnerable to an input validation error that originates in the libnvram.so nvramimport function userdefineinit function in the userdefinetimeoutnvram variable has...

9.9CVSS9.1AI score0.03247EPSS
Exploits1References4
OSV
OSV
added 2022/04/22 9:15 p.m.2 views

CVE-2021-3971

A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable...

6.7CVSS5.8AI score0.0129EPSS
Exploits0References1
Rows per page
Query Builder