CVE-2023-45078

CVE-2023-45078 : A memory leakage vulnerability in the DustFilterAlertSmm SMM driver may allow a local, privileged attacker to write to NVRAM variables. Documents indicate impact as confidentiality/ integrity/ availability HIGH, with a local attack vector and low complexity, but exploitation deta...

CVE-2023-45078

A memory leakage vulnerability was reported in the DustFilterAlertSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables...

CVE-2023-45077

A memory leakage vulnerability was reported in the 534D0740 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables...

CVE-2023-45077

A memory leakage vulnerability was reported in the 534D0740 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables...

CVE-2023-45077

CVE-2023-45077 describes a memory-leak vulnerability in the 534D0740 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables. Documents consistently identify the affected component as the 534D0740 DXE driver and indicate local attack vector with high impact...

CVE-2023-45076

A memory leakage vulnerability was reported in the 534D0140 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables...

CVE-2023-45076

The CVE-2023-45076 issue is a memory leakage vulnerability in the 534D0140 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables. Affected component: 534D0140 DXE driver. Impact per sources: potential compromise of confidentiality, integrity, and availabi...

CVE-2023-45075

A memory leakage vulnerability was reported in the SWSMIShadow DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables...

PT-2023-29395 · Unknown · 534D0140 Dxe Driver

Name of the Vulnerable Software and Affected Versions: 534D0140 DXE driver affected versions not specified Description: A memory leakage issue was reported in the 534D0140 DXE driver, potentially allowing a local attacker with elevated privileges to write to NVRAM variables. Recommendations: At t...

PT-2023-29394 · Unknown · Swsmi Shadow Dxe Driver

Name of the Vulnerable Software and Affected Versions: SWSMI Shadow DXE driver affected versions not specified Description: A memory leakage issue was reported in the SWSMI Shadow DXE driver, potentially allowing a local attacker with elevated privileges to write to NVRAM variables...

PT-2023-29398 · Unknown · Nvmramsmm Smm Driver

Name of the Vulnerable Software and Affected Versions: Insufficient information is provided to determine the specific affected software versions. Description: A memory leakage issue was reported in the NvmramSmm SMM driver, potentially allowing a local attacker with elevated privileges to write t...

kernel: tcp: tcp_make_synack() can be called from process context

In the Linux kernel, the following vulnerability has been resolved: tcp: tcpmakesynack can be called from process context tcprtxsynack now could be called in process context as explained in 0a375c822497 "tcp: tcprtxsynack can be called from process context". tcprtxsynack might call tcpmakesynack,...

Information Disclosure

coldbox-elixir is vulnerable to Information Disclosure. The vulnerability exists because the library does not securely define environment variables in the defaultConfig.js variable handler, allowing an attacker to access sensitive information...

Rocky Linux 8 : container-tools:3.0 (RLSA-2021:4222)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:4222 advisory. - An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds e.g. Dockerfile RUN...

CVE-2023-3399

An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. It was possible for an unauthorised project or group member to read the CI/CD variables using the custom...

Design/Logic Flaw

An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. It was possible for an unauthorised project or group member to read the CI/CD variables using the custom...

CVE-2023-3399 Insertion of Sensitive Information Into Sent Data in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. It was possible for an unauthorised project or group member to read the CI/CD variables using the custom...

CVE-2023-3399

The CVE-2023-3399 entry affects GitLab EE: unauthenticated access to CI/CD variables read via custom project templates by unauthorized project/group members. Affected versions are GitLab EE 11.6 up to 16.3.6, 16.4 up to 16.4.2, and 16.5 up to 16.5.1. The provided sources describe the issue and it...

CVE-2023-3399

Removed by vendor...

PT-2023-24618 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 11.6 through 16.3.5 GitLab EE versions 16.4 through 16.4.1 GitLab EE versions 16.5 through 16.5.0 Description: An issue has been discovered in GitLab EE, where it was possible for an unauthorized project or group member to...