CVE-2025-66255 Unauthenticated Arbitrary File Upload (upgrade_contents.php)

Unauthenticated Arbitrary File Upload upgradecontents.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Missing signature validation allows uploading malicious firmware packages. Th...

AMD Embedded Vulnerabilities – August 2025

Summary Potential vulnerabilities in AMD Embedded processors were reported, and mitigations are being provided through Platform Initialization PI firmware packages...

MGASA-2025-0182 Updated kernel, kmod-virtualbox, kmod-xtables-addons, dwarves, libtraceevent, libtracefs, kernel-firmware, kernel-firmware-nonfree, radeon-firmware & wireless-regdb packages fix security vulnerabilities

Upstream kernel version 6.6.93 fixes bugs and vulnerabilities. The kmod-virtualbox, kmod-xtables-addons, wireless-regdb & firmware packages have been updated to work with this new kernel; some updated build time requirement are here to allow building this kernel version. For information about the...

Updated kernel, kmod-virtualbox, kmod-xtables-addons, dwarves, libtraceevent, libtracefs, kernel-firmware, kernel-firmware-nonfree, radeon-firmware & wireless-regdb packages fix security vulnerabilities

Upstream kernel version 6.6.93 fixes bugs and vulnerabilities. The kmod-virtualbox, kmod-xtables-addons, wireless-regdb & firmware packages have been updated to work with this new kernel; some updated build time requirement are here to allow building this kernel version. For information about the...

Fedora: Security Advisory (FEDORA-2025-ceaffa7f37)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AMD Embedded Processors Vulnerabilities – February 2025

AMD ID: AMD-SB-5004 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in AMD Embedded processors were reported, and mitigations are being provided through Platform Initialization PI firmware packages...

PT-2025-6683 · Intel · Intel Server M50Fcp

Name of the Vulnerable Software and Affected Versions: IntelR Server M50FCP family versions prior to R01.02.0002 Description: The issue is related to an uncontrolled search path element in some BIOS and System Firmware Update Packages. This could potentially allow a privileged user to enable...

Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection

A security flaw has been disclosed in OpenWrt's Attended Sysupgrade ASU feature that, if successfully exploited, could have been abused to distribute malicious firmware packages. The vulnerability, tracked as CVE-2024-54143, carries a CVSS score of 9.3 out of a maximum of 10, indicating critical...

Moderate: Red Hat Security Advisory: linux-firmware security update

An update for linux-firmware is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Client Vulnerabilities – Aug 2024

Bulletin ID: AMD-SB-4004 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in AMD Secure Processor ASP, and other platform components were reported. Mitigations are being provided in Platform Initialization PI...

AMD Embedded Processors Vulnerabilities – Aug 2024

Bulletin ID: AMD-SB-5002 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in AMD Embedded processors were reported, and mitigations are being provided through Platform Initialization PI firmware packages. CVE...

RHEL 7 : linux-firmware (RHSA-2024:3939)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3939 advisory. The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Security Fixes: hw: intel:...

Important: Red Hat Security Advisory: linux-firmware security update

An update for linux-firmware is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

AMD Embedded Processors Vulnerabilities – February 2024

Bulletin ID: AMD-SB-5001 Potential Impact: Varies by CVE, see descriptions below Severity: Varies by CVE, see descriptions below Summary Potential vulnerabilities in AMD Embedded processors were reported, and mitigations are being provided through Platform Initialization PI firmware packages. CVE...

Privilege escalation

All versions of ETIC Telecom Remote Access Server RAS 4.5.0 and prior’s web portal is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and provide privilege escalation to the device...

CVE-2022-3703 ETIC Telecom Remote Access Server Insufficient Verification of Data Authenticity

All versions of ETIC Telecom Remote Access Server RAS 4.5.0 and prior’s web portal is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and provide privilege escalation to the device...

MGASA-2022-0065 Updated nonfree firmware packages fix security vulnerabilities

This update provides new and updated nonfree firmwares and fixes at least the following security issues: Improper input validation in firmware for IntelR PROSet/Wireless Wi-Fi may allow an unauthenticated user to potentially enable escalation of privilege via local access CVE-2021-0066 / SA-00539...

Binatone Motorola-branded Camera 加密问题漏洞

The Binatone Motorola-branded Camera is a Binatone licensed Motorola-branded product camera from Binatone, Inc. The vulnerability can be exploited to obtain encryption keys used to decrypt firmware update packages...

Design/Logic Flaw

Online upgrade information in some firmware packages of Dahua products is not encrypted. Attackers can obtain this information by analyzing firmware packages by specific means. Affected products include:...

Parrot Security 4.2.2 - Security GNU/Linux Distribution Designed with Cloud Pentesting and IoT Security in Mind

Updated kernel and core packages Parrot 4.2 is powered by the latestLinux 4.18 debianized kernel with all the usual wireless patches. A new version of the Debian-Installer now powers our netinstall images and the standard Parrot images. Firmware packages were updated to add broader hardware...