Lucene search
K

854 matches found

OSV
OSV
added 2023/09/15 11:5 a.m.2 views

OESA-2023-1655 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space.CVE-2020-13791 An issue was...

8.8CVSS7.2AI score0.00664EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/09/04 12:0 a.m.9 views

PT-2023-9478 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the SPI peripheral in the Linux kernel, where sometimes RX SPI transfers with DMA enabled return corrupted data due to single or multiple bytes lost during DMA...

7.8CVSS6.5AI score0.08555EPSS
Exploits7References1099
RedHat Linux
RedHat Linux
added 2023/08/29 8:50 a.m.5 views

kernel: perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox()

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Fix reference count leak in hswephaslimitsbox pcigetdevice will increase the reference count for the returned 'dev'. We need to call pcidevput to decrease the reference count. Since 'dev' is only used in...

5.5CVSS6.7AI score0.00146EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/08/23 12:0 a.m.3 views

Lenovo Notebook 访问控制错误漏洞

Lenovo Notebook is a laptop computer from Lenovo, a Chinese company. The Lenovo notebook suffers from an Access Control Error vulnerability that stems from the exposure of the Embedded Controller EC interface in the LCFC BIOS, which causes certain peripheral devices to work abnormally...

6.7CVSS6.7AI score0.0017EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/08/23 12:0 a.m.6 views

PT-2023-13541 · Lenovo · Lcfc Bios

Name of the Vulnerable Software and Affected Versions: LCFC BIOS affected versions not specified Description: A potential issue was discovered in LCFC BIOS for some Lenovo consumer notebook models. This could allow a local attacker with elevated privileges to cause some peripherals to work...

6.7CVSS6.3AI score0.0017EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/07/13 12:0 a.m.4 views

BD Alaris System with Guardrails Suite MX 数据伪造问题漏洞

The BD Alaris System with Guardrails Suite MX is a medical device from Biddy Medical BD. A security vulnerability exists in the BD Alaris System with Guardrails Suite MX, which stems from a GRE dataset file in Systems Manager that can be tampered with and distributed to PCUs...

6.7CVSS6.5AI score0.00164EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/07/13 12:0 a.m.4 views

The vulnerability of the TrustZone subsystem’s networking (netdev) component in Qualcomm embedded operating systems allows a hacker to gain unauthorized access to protected information.

The vulnerability of the TrustZone subsystem for networking functions in Qualcomm embedded systems’ operating systems lies in the insufficient protection of sensitive data during the analysis of peripheral channels. Exploiting this vulnerability can allow attackers to gain unauthorized access to...

7.1CVSS5.9AI score0.00113EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/05/16 8:56 a.m.6 views

kernel: perf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map()

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Fix reference count leak in snruncoremmiomap pcigetdevice will increase the reference count for the returned pcidev, so snruncoregetmcdev will return a pcidev with its reference count increased. We need to...

5.7AI score0.00168EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/05/09 10:4 a.m.3 views

kernel: regmap: spi: Reserve space for register address/padding

In the Linux kernel, the following vulnerability has been resolved: regmap: spi: Reserve space for register address/padding Currently the maxrawread and maxrawwrite limits in regmapspi struct do not take into account the additional size of the transmitted register address and padding. This may...

5.5CVSS6.3AI score0.00194EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/05/09 10:4 a.m.3 views

kernel: PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors

In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: Deallocate EPC memory on dwpcieepinit errors If dwpcieepinit fails to perform any action after the EPC memory is initialized and the MSI memory region is allocated, the latter parts won't be undone thus causing a memory...

5.5CVSS6.3AI score0.00155EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/05/09 10:4 a.m.3 views

kernel: perf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map()

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Fix reference count leak in snruncoremmiomap pcigetdevice will increase the reference count for the returned pcidev, so snruncoregetmcdev will return a pcidev with its reference count increased. We need to...

5.7AI score0.00168EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2023/04/25 1:15 p.m.4 views

CVE-2022-42335

x86 shadow paging arbitrary pointer dereference In environments where host assisted address translation is necessary but Hardware Assisted Paging HAP is unavailable, Xen will run guests in so called shadow mode. Due to too lax a check in one of the hypervisor routines used for shadow page handlin...

7.8CVSS5.9AI score0.00264EPSS
Exploits0References7
OSV
OSV
added 2023/03/23 5:15 p.m.4 views

CVE-2023-20082

A vulnerability in Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. This...

6.8CVSS6.6AI score0.00375EPSS
Exploits0References1
OSV
OSV
added 2023/03/03 1:15 p.m.2 views

CVE-2022-45552

An Insecure Permissions vulnerability in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to obtain sensitive information via SPI bus interface connected to pinout of the NAND flash memory...

7.5CVSS5.8AI score0.00846EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:49 a.m.2 views

SUSE CVE-2011-4347

The kvmvmioctlassigndevice function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux kernel before 3.1.10 does not verify permission to access PCI configuration space and BAR resources, which allows host OS users to assign PCI devices and cause a denial of service host OS crash via a...

4CVSS5.9AI score0.00367EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:37 a.m.3 views

SUSE CVE-2013-3495

The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service kernel panic via a malformed Message Signaled Interrupt MSI from a PCI device that is bus mastering capable that triggers a System Error Reporting SERR Non-Maskable Interrupt NMI...

4.7CVSS6.3AI score0.00389EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/02/15 5:21 a.m.1 views

SUSE CVE-2015-2150

Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service non-maskable interrupt and host crash by disabling the 1 memory or 2 I/O decoding for a PCI Express device and...

4.9CVSS7.5AI score0.00534EPSS
Exploits0References14
SUSE CVE
SUSE CVE
added 2023/02/15 4:6 a.m.6 views

SUSE CVE-2019-19057

Two memory leaks in the mwifiexpcieinitevtring function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service memory consumption by triggering mwifiexmappcimemory failures, aka CID-d10dcb615c8e...

4CVSS6.8AI score0.00788EPSS
Exploits0References15
SUSE CVE
SUSE CVE
added 2023/02/15 4:6 a.m.3 views

SUSE CVE-2019-19579

An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device and assignable-add is not used, because of an incomplete fix for CVE-2019-18424. XSA-302 relies on the use of libxl's...

6.9CVSS6.2AI score0.00451EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/02/15 3:58 a.m.2 views

SUSE CVE-2020-13791

hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space...

5.5CVSS7.7AI score0.00398EPSS
Exploits0References3
Rows per page
Query Builder