25 matches found
CVE-2025-36755
The CleverDisplay BlueOne hardware player is designed with its USB interfaces physically enclosed and inaccessible under normal operating conditions. Researchers demonstrated that, after cicumventing the device’s protective enclosure, it was possible to connect a USB keyboard and press ESC during...
EUVD-2025-203082
APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient Permissions or Privileges” by local access. Successful exploitation of this vulnerability can lead to escalation of authorization and potentially impact Integrity and Availability...
EUVD-2018-12571
Malware in sbrugna...
EUVD-2024-54871
Malicious code in bioql PyPI...
EUVD-2022-41260
Malicious code in bioql PyPI...
RLSA-2025:7956 Moderate: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: dm-flakey: Fix memory corruption in optional corruptbiobyte feature CVE-2025-21966 kernel: iscsiibft: Fix UBSAN shift-out-of-bounds warning in ibftattrshownic CVE-2025-21993 For more...
AMI AptioV 安全漏洞
AMI AptioV is a firmware-related editor from AMI USA. A security vulnerability exists in AMI AptioV, which originates from a privileged user in the BIOS that could lead to writing arbitrary data and sensitive information disclosure, which could lead to information disclosure and arbitrary data...
USN-7585-6: Linux kernel (BlueField) vulnerabilities
It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls. An attacker could use this to expose sensitive information. CVE-2025-2312 Several security issues were discovered in the Linux kernel. An...
Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-7585-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7585-1 advisory. It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when...
USN-7585-2 linux-aws-fips, linux-gcp-fips vulnerabilities
It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls. An attacker could use this to expose sensitive information. CVE-2025-2312 Several security issues were discovered in the Linux kernel. An...
USN-7524-1: Linux kernel (Raspberry Pi) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - Supe...
Ubuntu 24.04 LTS : Linux kernel (Raspberry Pi) vulnerabilities (USN-7524-1)
"The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7524-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws i...
CLSA-2025-1747260502 kernel: Fix of 5 CVEs
ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices CVE-2024-53197 - Bluetooth: L2CAP: Fix slab-use-after-free Read in l2capsendcmd CVE-2025-21969 - ext4: fix OOB read when checking dotdot dir CVE-2025-37785 - iscsiibft: Fix UBSAN shift-out-of-bounds warning in...
Bringing Forensic Readiness to Modern Computer Firmware
Today's computer systems come with a pre-installed tiny operating system, which is also known as UEFI. UEFI has slowly displaced the former legacy PC-BIOS while the main task has not changed: It is responsible for booting the actual operating system. However, features like the network stack make ...
iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()
...
USN-7475-1: Linux kernel (Xilinx ZynqMP) vulnerabilities
Jann Horn discovered that the watchqueue event notification subsystem in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service system crash or escalate their privileges. CVE-2022-0995 Several security issues were discovered i...
USN-7455-5: Linux kernel (AWS) vulnerabilities
Jann Horn discovered that the watchqueue event notification subsystem in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service system crash or escalate their privileges. CVE-2022-0995 Several security issues were discovered i...
Intel Server M20NTP 资源管理错误漏洞
The Intel Server M20NTP is a server motherboard from Intel Corporation USA. A resource management error vulnerability exists in the Intel Server M20NTP BIOS UEFI. An attacker can exploit this vulnerability to elevate privileges...
The vulnerability of the tls_new_ciphertext() function in the src/net/tls.c file of the iPXE network loading standard’s Preboot Execution Environment implementation, which allows a hacker to disclose confidential information
The vulnerability of the tlsnewciphertext function in the src/net/tls.c file of the iPXE network loading standard implementation allows for unauthorized access. Exploiting this vulnerability could enable a malicious actor to disclose confidential information by manipulating the padlen argument...
grub2: bypass the GRUB password protection feature
An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a fil...