CVE-2025-71101

CVE-2025-71101 stems from the Linux kernel HP-BIOSCFG driver’s ACPI package parsing: hp_populate_*_elements_from_package() reads multi-element fields (PREREQUISITES, ENUM_POSSIBLE_VALUES) using offsets like enum_obj[elem + reqs] or enum_obj[elem + pos_values], but the bounds check only validated ...

CVE-2025-61675

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the...

EUVD-2025-34454

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the...

CVE-2025-61675 FreePBX Endpoint Manager vulnerable to authenticated SQL injection in multiple configuration parameters

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the...

EUVD-2016-2809

Malware in sbrugna...

EUVD-2005-1682

Malware in sbrugna...

EUVD-2005-2420

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2023-53139

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nfc: fdp: add null check of devmkmallocarray in fdpncii2creaddeviceproperties devmkmallocarray may fails, fwvsccfg might be null and cause out-of-bounds write i...

RHEL 6 : qemu-kvm-rhev (RHSA-2016:0085)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:0085 advisory. KVM Kernel-based Virtual Machine is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the...

The vulnerability of the Manageability Engine (ME) in Intel Server Platform Services (SPS) software for Lenovo ThinkSystem servers allows a malicious actor to alter the firmware configuration and trigger a service failure.

The vulnerability of the Manageability Engine ME in Intel Server Platform Services SPS of Lenovo ThinkSystem servers stems from the synchronization failure between BIOS/UEFI and ME states due to the use of non-replicable configurations. Exploiting this vulnerability can allow an attacker to alter...

K75248350: QEMU vulnerability CVE-2016-1714

Security Advisory Description The 1 fwcfgwrite and 2 fwcfgread functions in hw/nvram/fwcfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAPSYSRAWIO privilege to cause a denial of service out-of-bounds read or write access...

The vulnerability of the application package for configuring BIOS using Dell Command Configure, related to improper handling of permissions, allows a malicious individual to increase their privileges.

The vulnerability of the BIOS configuration application for Dell Command Configure is related to improper handling of permissions. Exploiting this vulnerability can allow an attacker to increase their privileges...

SUSE CVE-2016-1714

The 1 fwcfgwrite and 2 fwcfgread functions in hw/nvram/fwcfg.c in QEMU before 2.4, when built with the Firmware Configuration device emulation support, allow guest OS users with the CAPSYSRAWIO privilege to cause a denial of service out-of-bounds read or write access and process crash or possibly...

CVE-2019-19142

Intelbras WRN240 devices do not require authentication to replace the firmware via a POST request to the incoming/Firmware.cfg URI...

Amazon Linux 2 : edk2 (ALAS-2019-1290)

Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. CVE-2018-12182 Stack overflow in XHCI for EDK II may allow an unauthenticated user to...

CVE-2018-12179

Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access...

DEBIAN-CVE-2018-12179

Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access...

CVE-2018-12179

Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access...

CVE-2018-12179

Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access...

CVE-2018-12179

Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access...