Lucene search
+L

219 matches found

ATTACKERKB
ATTACKERKB
added 2026/01/15 8:24 p.m.18 views

CVE-2026-21912

A Time-of-check Time-of-use TOCTOU Race Condition vulnerability in the method to collect FPC Ethernet firmware statistics of Juniper Networks Junos OS on MX10k Series allows a local, low-privileged attacker executing the 'show system firmware' CLI command to cause an LC480 or LC2101 line card to...

6.8CVSS5.9AI score0.00103EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/01/15 8:24 p.m.7 views

EUVD-2026-2682

A Time-of-check Time-of-use TOCTOU Race Condition vulnerability in the method to collect FPC Ethernet firmware statistics of Juniper Networks Junos OS on MX10k Series allows a local, low-privileged attacker executing the 'show system firmware' CLI command to cause an LC480 or LC2101 line card to...

6.8CVSS6.6AI score0.00103EPSS
Exploits0References3
CVE
CVE
added 2026/01/15 8:24 p.m.25 views

CVE-2026-21912

CVE-2026-21912 is a TOCTOU race in Juniper Junos OS on MX10k Series affecting LC480/LC2101 line cards. Repeatedly running the CLI command “show system firmware” can cause a line card to crash and restart, with chassisd potentially crashing and generating a core dump after the line card failure. A...

6.8CVSS6.8AI score0.00103EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.14 views

PT-2026-3126

A Time-of-check Time-of-use TOCTOU Race Condition vulnerability in the method to collect FPC Ethernet firmware statistics of Juniper Networks Junos OS on MX10k Series allows a local, low-privileged attacker executing the 'show system firmware' CLI command to cause an LC480 or LC2101 line card to...

6.8CVSS7.1AI score0.00103EPSS
Exploits0References3
CVE
CVE
added 2026/01/13 3:34 p.m.34 views

CVE-2025-71101

CVE-2025-71101 stems from the Linux kernel HP-BIOSCFG driver’s ACPI package parsing: hp_populate_*_elements_from_package() reads multi-element fields (PREREQUISITES, ENUM_POSSIBLE_VALUES) using offsets like enum_obj[elem + reqs] or enum_obj[elem + pos_values], but the bounds check only validated ...

7.1CVSS6.2AI score0.00117EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 11:16 a.m.22 views

CVE-2021-0054

Improper buffer restrictions in system firmware for some IntelR NUCs may allow a privileged user to potentially enable escalation of privilege via local access...

6.7CVSS7.4AI score0.00245EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:15 a.m.6 views

CVE-2021-0067

Improper access control in system firmware for some IntelR NUCs may allow a privileged user to potentially enable escalation of privilege via local access...

6.7CVSS7AI score0.00245EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:50 a.m.6 views

CVE-2022-37018

A potential vulnerability has been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerability...

8.4CVSS7.8AI score0.00234EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:10 a.m.8 views

CVE-2019-11129

Out of bound read/write in system firmware for IntelR NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access...

6.7CVSS6.9AI score0.00392EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/12/09 3:0 p.m.5 views

CVE-2024-38798

EDK2 contains a vulnerability in BIOS where an attacker may cause “Exposure of Sensitive Information to an Unauthorized Actor” by local access. Successful exploitation of this vulnerability will lead to possible information disclosure or escalation of privilege and impact Confidentiality...

5.8CVSS5.2AI score0.00123EPSS
Exploits0
NVD
NVD
added 2025/12/02 4:15 p.m.7 views

CVE-2025-59704

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow an attacker to gain access the the BIOS menu because is has no password...

7.8CVSS0.00211EPSS
Exploits1References2
CVE
CVE
added 2025/12/02 12:0 a.m.14 views

CVE-2025-59704

The CVE-2025-59704 entry affects Entrust nShield hardware: Connect XC, 5c, and HSMi up to specific versions (through 13.6.11 and 13.7). The issue is that the BIOS menu is unpassworded, enabling an attacker with physical access to reach BIOS controls. Sources from Red Hat and NVD corroborate the B...

7.8CVSS6.8AI score0.00211EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/22 12:0 a.m.7 views

PT-2025-43104

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue within the AMD System Firmware Handler SFH HID driver. A shift operation involving the exp and shift variables can exceed the maximum allowable shift...

7.8CVSS6.3AI score0.08942EPSS
Exploits4References985
Vulnrichment
Vulnrichment
added 2025/10/14 4:42 p.m.2 views

CVE-2025-37146 Unauthorized Filesystem Operations in System Firmware allow Authenticated Remote Code Execution

A vulnerability in the web-based management interface of network access point configuration services could allow an authenticated remote attacker to perform remote command execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system...

7.2CVSS7.4AI score0.0083EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/14 4:42 p.m.10 views

CVE-2025-37146 Unauthorized Filesystem Operations in System Firmware allow Authenticated Remote Code Execution

A vulnerability in the web-based management interface of network access point configuration services could allow an authenticated remote attacker to perform remote command execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system...

7.2CVSS0.0083EPSS
Exploits0References1
CVE
CVE
added 2025/10/14 4:42 p.m.10 views

CVE-2025-37146

The CVE-2025-37146 entry describes a vulnerability in the web-based management interface of network access point configuration services (e.g., HPE ArubaOS) that can allow an authenticated remote attacker to perform remote command execution on the underlying OS. The public sources indicate exploit...

7.2CVSS7.4AI score0.0083EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/14 2:0 p.m.3 views

CVE-2025-22832 Buffer Overflow in NTFS when parsing the ATTRIBUTE_LIST

APTIOV contains a vulnerability in BIOS where an attacker may cause an Out-of-bounds Write by local. Successful exploitation of this vulnerability may lead to data corruption and loss of availability...

5.8CVSS6.6AI score0.0014EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/14 12:0 a.m.5 views

PT-2025-41983

A vulnerability in an AOS firmware binary allows an authenticated malicious actor to permanently delete necessary boot information. Successful exploitation may render the system unbootable, resulting in a Denial of Service that can only be resolved by replacing the affected hardware...

6CVSS6.7AI score0.00134EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2017-14798

Malware in sbrugna...

7.5CVSS7.6AI score0.00865EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-12835

Malware in sbrugna...

6.2CVSS6.4AI score0.00321EPSS
Exploits0References2
Rows per page
Query Builder