179 matches found
CAPM3 vulnerable to Cross-Namespace resource access
Summary CAPM3 is Metal3's Cluster API CAPI provider for baremetal provisioning in Kubernetes. Multiple cross-namespace access control vulnerabilities in Cluster API Provider Metal3 allow users with permissions to create or modify CAPM3 resources in one namespace to reference, read, or claim...
[SECURITY] Fedora 43 Update: rust-coreos-installer-0.26.0-2.fc43
coreos-installer installs Fedora CoreOS or RHEL CoreOS to bare-metal machines or, occasionally, to virtual machines...
[SECURITY] Fedora 44 Update: rust-coreos-installer-0.26.0-2.fc44
coreos-installer installs Fedora CoreOS or RHEL CoreOS to bare-metal machines or, occasionally, to virtual machines...
[SECURITY] Fedora 44 Update: libmetal-2026.04.0-2.fc44
An abstraction layer across user-space Linux, baremetal, and RTOS environment s...
EUVD-2025-209793
Improper initialization in the UEFI firmware for some Intel platforms within Ring 0: Bare Metal OS may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local...
CVE-2025-35991
The CVE-2025-35991 entry describes an improper initialization in the UEFI firmware for some Intel platforms (Ring 0: Bare Metal OS) that may allow information disclosure. The issue requires a local attacker with privileged access and high attack complexity, with no user interaction, and could imp...
CVE-2025-35991
Improper initialization in the UEFI firmware for some Intel platforms within Ring 0: Bare Metal OS may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local...
PT-2026-40079
Improper initialization in the UEFI firmware for some Intel platforms within Ring 0: Bare Metal OS may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local...
OpenStack Ironic 安全漏洞
OpenStack Ironic is an integrated OpenStack application developed under the OpenStack open source framework. It is used to configure bare machines rather than virtual machines. OpenStack Ironic versions 35.x and earlier contain security vulnerabilities, which stem from the instanceinfokstemplate...
Incorrect Resource Transfer Between Spheres
Overview ironic is an OpenStack Bare Metal Provisioning Affected versions of this package are vulnerable to Incorrect Resource Transfer Between Spheres in the import process when a user invokes molds and requests authorization to be sent to a remote endpoint. The credential forwarded is a...
ADuCM302x (=0.1.0), Icarus-nrf9160-bsp (=0.0.0) +1574 more potentially affected by unknown CVE via bare-metal (>=0.1.3 <=1.0.0)
bare-metal CARGO version =0.1.3, =0.1.0, =0.1.0, =0.1.2 - PY32L020xx-pac =0.1.0 - PY32T020xx-pac =0.1.0 - PY32c610xx-pac =0.1.0 - PY32c611xx-pac =0.1.0 - PY32c640xx-pac =0.1.0 - PY32c641xx-pac =0.1.0 - PY32c670xx-pac =0.1.0 - PY32f001xx-pac =0.1.0 - PY32f002axx-pac =0.1.0 - PY32f002bxx-pac =0.1.0...
RUSTSEC-2026-0110 bare-metal is deprecated
The bare-metal crate has been deprecated and archived. For Mutex and CriticalSection, see the critical-section crate instead...
bare-metal is deprecated
The bare-metal crate has been deprecated and archived. For Mutex and CriticalSection, see the critical-section crate instead...
SUSE-SU-2026:20822-1 Security update for systemd
This update for systemd fixes the following issues: Security issues: - CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method bsc1259650. - CVE-2026-29111: local unprivileged user can trigger an assert in systemd bsc1259418. - udev: check for invalid...
[SECURITY] Fedora 42 Update: rust-coreos-installer-0.25.0-4.fc42
coreos-installer installs Fedora CoreOS or RHEL CoreOS to bare-metal machines or, occasionally, to virtual machines...
CVE-2025-24851
Uncaught exception in the firmware for some 100GbE IntelR Ethernet Controller E810 before version cvl fw 1.7.8.x within Ring 0: Bare Metal OS may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable denial of service. This...
CVE-2025-32003
CVE-2025-32003 affects the firmware of Intel’s 100GbE Ethernet Network Adapter E810. The issue is an out-of-bounds read in the firmware (pre-firmware version cvl fw 1.7.6, cpk 1.3.7) that can allow a network-adjacent attacker with authenticated access and low attack complexity to cause a Denial o...
CVE-2025-27535
Exposed ioctl with insufficient access control in the firmware for some IntelR Ethernet Connection E825-C. before version NVM ver. 3.84 within Ring 0: Bare Metal OS may allow a denial of service. System software adversary with a privileged user combined with a high complexity attack may enable...
CVE-2025-27243
Out-of-bounds write in the firmware for some IntelR Ethernet Controller E810 before version cvl fw 1.7.8.x within Ring 0: Bare Metal OS may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable denial of service. This result m...
CVE-2025-27243
Summary of CVE-2025-27243 : An out-of-bounds write in the firmware for some Intel(R) Ethernet Controller E810, prior to firmware cvl fw 1.7.8.x, can cause a denial of service. The impact is limited to availability with no confidentiality or integrity effects, but the attack is local and requires ...