CVE-2019-20029

An exploitable privilege escalation vulnerability exists in the WebPro functionality of Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices. A specially crafted HTTP POST can cause privilege escalation resulting in a higher privileged account, including a...

EUVD-2022-43402

Malicious code in bioql PyPI...

EUVD-2021-8095

Malicious code in bioql PyPI...

.NET Bounty Program now offers up to $40,000 in awards

We’re excited to announce significant updates to the Microsoft .NET Bounty Program. These changes expand the program’s scope, simplify the award structure, and offer great incentives for security researchers. The .NET Bounty Program now offers awards up to $40,000 USD for vulnerabilities impactin...

CVE-2022-40080

Stack overflow vulnerability in Aspire E5-475G 's BIOS firmware, in the FpGui module, a second call to GetVariable services allows local attackers to execute arbitrary code in the UEFI DXE phase and gain escalated privileges...

CVE-2021-20677

UNIVERGE Aspire series PBX UNIVERGE Aspire WX from 1.00 to 3.51, UNIVERGE Aspire UX from 1.00 to 9.70, UNIVERGE SV9100 from 1.00 to 10.70, and SL2100 from 1.00 to 3.00 allows a remote authenticated attacker to cause system down and a denial of service DoS condition by sending a specially crafted...

CVE-2019-20033

On Aspire-derived NEC PBXes, including all versions of SV8100 devices, a set of documented, static login credentials may be used to access the DIM interface...

Linux Distros Unpatched Vulnerability : CVE-2022-49022

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: wifi: mac8021: fix possible oob access in ieee80211getrateduration Fix possible out-of-bound...

Observing Spin Apps with OpenTelemetry and the .NET Aspire Dashboard

Observe Spin apps locally using automatic instrumentation, the otel plug-in, and the .NET Aspire dashboard for logs, metrics, and traces...

CVE-2022-49022 wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration

In the Linux kernel, the following vulnerability has been resolved: wifi: mac8021: fix possible oob access in ieee80211getrateduration Fix possible out-of-bound access in ieee80211getrateduration routine as reported by the following UBSAN report: UBSAN: array-index-out-of-bounds in...

aspirepm.co.uk Cross Site Scripting vulnerability OBB-3295692

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2022-40080

Stack overflow vulnerability in Aspire E5-475G 's BIOS firmware, in the FpGui module, a second call to GetVariable services allows local attackers to execute arbitrary code in the UEFI DXE phase and gain escalated privileges...

CVE-2022-40080

Stack overflow vulnerability in Aspire E5-475G 's BIOS firmware, in the FpGui module, a second call to GetVariable services allows local attackers to execute arbitrary code in the UEFI DXE phase and gain escalated privileges...

Stack overflow

Stack overflow vulnerability in Aspire E5-475G 's BIOS firmware, in the FpGui module, a second call to GetVariable services allows local attackers to execute arbitrary code in the UEFI DXE phase and gain escalated privileges...

CVE-2022-40080

Stack overflow vulnerability in Aspire E5-475G 's BIOS firmware, in the FpGui module, a second call to GetVariable services allows local attackers to execute arbitrary code in the UEFI DXE phase and gain escalated privileges...

CVE-2022-40080

CVE-2022-40080 affects the Aspire E5-475G BIOS firmware, specifically the FpGui module. The vulnerability arises from a second call to the GetVariable service, which can be exploited in the UEFI DXE phase to allow a local attacker to execute arbitrary code and escalate privileges. The available d...

Acer Aspire Series 缓冲区错误漏洞

Acer Aspire Series is a series of servers from Acer China. A security vulnerability exists in the BIOS firmware of the Acer Aspire Series E5-475G, which originates from a secondary call to the GetVariable service in the FpGui module. An attacker could exploit the vulnerability to execute arbitrar...

CVE-2022-40080

Stack overflow vulnerability in Aspire E5-475G 's BIOS firmware, in the FpGui module, a second call to GetVariable services allows local attackers to execute arbitrary code in the UEFI DXE phase and gain escalated privileges...

CVE-2022-4020 Acer Aspire BIOS vulnerability

Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable...

CVE-2022-4020 Acer Aspire BIOS vulnerability

Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable...