Astra Linux - уязвимость в grub2

A out-of-bounds write flaw was discovered in grub2’s NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, resulting in corruption of grub’s heap metadata. In some cases, the attack may also corrupt the UEFI firmware heap metadata. As a...

Linux Distros Unpatched Vulnerability : CVE-2023-53589

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: iwlwifi: mvm: don't trust firmware nchannels If the firmware sends us a corrupted MCC response with nchannels much larger than the command response can be...

EUVD-2020-19852

Malware in sbrugna...

EUVD-2018-4498

Malware in sbrugna...

CVE-2025-7028

CVE-2025-7028 is a Gigabyte UEFI firmware vulnerability affecting the Software SMI handler. An attacker can supply a crafted pointer via RBX/RCX (FuncBlock) that is passed unchecked into flash-management calls (ReadFlash, WriteFlash, EraseFlash, GetFlashInfo), which dereference the pointer and it...

CVE-2024-22807

An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to erase a critical sector of the flash memory, causing the machine to lose network connectivity and suffer from firmware corruption...

CVE-2024-47573

An improper validation of integrity check value vulnerability CWE-354 in FortiNDR version 7.4.2 and below, version 7.2.1 and below, version 7.1.1 and below, version 7.0.6 and below may allow an authenticated attacker with at least Read/Write permission on system maintenance to install a corrupted...

CVE-2024-22807

An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to erase a critical sector of the flash memory, causing the machine to lose network connectivity and suffer from firmware corruption...

CVE-2024-22807

An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to erase a critical sector of the flash memory, causing the machine to lose network connectivity and suffer from firmware corruption...

CVE-2024-22807

An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to erase a critical sector of the flash memory, causing the machine to lose network connectivity and suffer from firmware corruption...

Tormach PathPilot Controller 安全漏洞

Tormach PathPilot Controller is a series of controllers from Tormach USA. A security vulnerability exists in Tormach PathPilot Controller version v2.9.6. An attacker exploited the vulnerability to erase critical sectors of flash memory, causing the machine to lose network connectivity and suffer...

CVE-2024-22807

An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to erase a critical sector of the flash memory, causing the machine to lose network connectivity and suffer from firmware corruption...

CVE-2024-22807

The CVE-2024-22807 vulnerability affects the Tormach xsTECH CNC Router with PathPilot Controller v2.9.6. The issue enables attackers to erase a critical sector of the flash memory, resulting in the loss of network connectivity and firmware corruption. Documented impacts include degraded device re...

PT-2024-19568 · Tormach · Tormach Xstech Cnc Router +1

Name of the Vulnerable Software and Affected Versions: Tormach xsTECH CNC Router, PathPilot Controller version 2.9.6 Description: The issue allows attackers to erase a critical sector of the flash memory, causing the machine to lose network connectivity and suffer from firmware corruption...

MoonBounce: New malware deployed by APT41 in UEFI firmware

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. MoonBounce is a new type of malware that hides in the most complex part of an Operating System OS, the Basic Input Output System BIOS chip, and thus persists even after reinstalling your OS or formatting your hard drive...

Code injection

In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. The fixed versions for this issue in the AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, and...

CVE-2020-27339

CVE-2020-27339 affects InsydeH2O kernel 5.x, where several SMM drivers (AhciBusDxe, IdeBusDxe, NvmExpressDxe, SdHostDriverDxe, SdMmcDeviceDxe) fail to validate the CommBuffer and CommBufferSize, allowing memory corruption of firmware or OS memory. The issue is fixed in kernel 5.1–5.5 with specifi...