CVE-2025-36755

The CleverDisplay BlueOne hardware player is designed with its USB interfaces physically enclosed and inaccessible under normal operating conditions. Researchers demonstrated that, after cicumventing the device’s protective enclosure, it was possible to connect a USB keyboard and press ESC during...

EUVD-2025-203082

APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient Permissions or Privileges” by local access. Successful exploitation of this vulnerability can lead to escalation of authorization and potentially impact Integrity and Availability...

EUVD-2018-12571

Malware in sbrugna...

EUVD-2022-41260

Malicious code in bioql PyPI...

EUVD-2024-54871

Malicious code in bioql PyPI...

RLSA-2025:7956 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: dm-flakey: Fix memory corruption in optional corruptbiobyte feature CVE-2025-21966 kernel: iscsiibft: Fix UBSAN shift-out-of-bounds warning in ibftattrshownic CVE-2025-21993 For more...

AMI AptioV 安全漏洞

AMI AptioV is a firmware-related editor from AMI USA. A security vulnerability exists in AMI AptioV, which originates from a privileged user in the BIOS that could lead to writing arbitrary data and sensitive information disclosure, which could lead to information disclosure and arbitrary data...

USN-7585-6: Linux kernel (BlueField) vulnerabilities

It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls. An attacker could use this to expose sensitive information. CVE-2025-2312 Several security issues were discovered in the Linux kernel. An...

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-7585-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7585-1 advisory. It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when...

USN-7585-2 linux-aws-fips, linux-gcp-fips vulnerabilities

It was discovered that the CIFS network file system implementation in the Linux kernel did not properly verify the target namespace when handling upcalls. An attacker could use this to expose sensitive information. CVE-2025-2312 Several security issues were discovered in the Linux kernel. An...

USN-7524-1: Linux kernel (Raspberry Pi) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - Supe...

Ubuntu 24.04 LTS : Linux kernel (Raspberry Pi) vulnerabilities (USN-7524-1)

"The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7524-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws i...

CLSA-2025-1747260502 kernel: Fix of 5 CVEs

ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices CVE-2024-53197 - Bluetooth: L2CAP: Fix slab-use-after-free Read in l2capsendcmd CVE-2025-21969 - ext4: fix OOB read when checking dotdot dir CVE-2025-37785 - iscsiibft: Fix UBSAN shift-out-of-bounds warning in...

Bringing Forensic Readiness to Modern Computer Firmware

Today's computer systems come with a pre-installed tiny operating system, which is also known as UEFI. UEFI has slowly displaced the former legacy PC-BIOS while the main task has not changed: It is responsible for booting the actual operating system. However, features like the network stack make ...

iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()

...

USN-7475-1: Linux kernel (Xilinx ZynqMP) vulnerabilities

Jann Horn discovered that the watchqueue event notification subsystem in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service system crash or escalate their privileges. CVE-2022-0995 Several security issues were discovered i...

USN-7455-5: Linux kernel (AWS) vulnerabilities

Jann Horn discovered that the watchqueue event notification subsystem in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service system crash or escalate their privileges. CVE-2022-0995 Several security issues were discovered i...

Intel Server M20NTP 资源管理错误漏洞

The Intel Server M20NTP is a server motherboard from Intel Corporation USA. A resource management error vulnerability exists in the Intel Server M20NTP BIOS UEFI. An attacker can exploit this vulnerability to elevate privileges...

grub2: bypass the GRUB password protection feature

An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a fil...

Lenovo Bios Buffer Error Vulnerability

Lenovo Bios is a boot method for computers from the Chinese company Lenovo Lenovo. It is used to boot the system during computer startup. Lenovo Bios suffers from a buffer error vulnerability that stems from a memory leak vulnerability in the NvmramSmm SMM driver...