Rockwell Automation Allen-Bradley Stratix 5950 Improper Access Control (CVE-2019-1649)

Cisco Systems, Inc. Cisco released an advisory regarding a vulnerability in the logic that handles access control to a hardware component in Cisco's proprietary Secure Boot implementation. If successfully exploited, an attacker could write a modified firmware image to the component. The...

SUSE-SU-2025:4188-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP3 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50327: ACPI: processor: idle: Check acpifetchacpidev return value bsc1249859. - CVE-2022-50334: hugetlbfs: fix null-ptr-deref in hugetlbfsparseparam bsc1249857. ...

EUVD-2023-59907

Malicious code in bioql PyPI...

SUSE CVE-2023-53282

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write During the sysfs firmware write process, a use-after-free read warning is logged from the lpfcwrobject routine: BUG: KFENCE: use-after-free read in...

CVE-2023-53282

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write During the sysfs firmware write process, a use-after-free read warning is logged from the lpfcwrobject routine: BUG: KFENCE: use-after-free read in...

UBUNTU-CVE-2023-53282

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write During the sysfs firmware write process, a use-after-free read warning is logged from the lpfcwrobject routine: BUG: KFENCE: use-after-free read in...

CVE-2023-53282

CVE-2023-53282 concerns the Linux kernel, specifically the lpfc SCSI driver path used during a sysfs firmware write. The issue is a use-after-free KFENCE violation in lpfc_wr_object() where a pointer referencing mailbox memory is recycled before the memory is no longer in use, causing a potential...

CVE-2023-53282 scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write During the sysfs firmware write process, a use-after-free read warning is logged from the lpfcwrobject routine: BUG: KFENCE: use-after-free read in...

CVE-2023-53282 scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write During the sysfs firmware write process, a use-after-free read warning is logged from the lpfcwrobject routine: BUG: KFENCE: use-after-free read in...

CVE-2023-53282

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write During the sysfs firmware write process, a use-after-free read warning is logged from the lpfcwrobject routine: BUG: KFENCE: use-after-free read in...

CVE-2023-53282 scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write During the sysfs firmware write process, a use-after-free read warning is logged from the lpfcwrobject routine: BUG: KFENCE: use-after-free read in...

CVE-2025-6177

Privilege Escalation in MiniOS in Google ChromeOS 16063.45.2 and potentially others on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell VT3 console accessible through specific key combinations during developer mode entry and MiniOS access, even whe...

CVE-2024-21980

Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to potentially overwrite a guest's memory or UMC seed resulting in loss of confidentiality and integrity...

CVE-2023-31355

Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest's UMC seed potentially allowing reading of memory from a decommissioned guest...

DEBIAN-CVE-2021-47449

In the Linux kernel, the following vulnerability has been resolved: ice: fix locking for Tx timestamp tracking flush Commit 4dd0d5c33c3e "ice: add lock around Tx timestamp tracker flush" added a lock around the Tx timestamp tracker flow which is used to cleanup any left over SKBs and prepare for...

PT-2025-37887

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a use-after-free flaw within the lpfc wr object routine during the sysfs firmware write process. The driver accesses data through a pointer wr object after th...

CVE-2021-30028

SOOTEWAY Wi-Fi Range Extender v1.5 was discovered to use default credentials the admin password for the admin account to access the TELNET service, allowing attackers to erase/read/write the firmware remotely...

Default credentials

SOOTEWAY Wi-Fi Range Extender v1.5 was discovered to use default credentials the admin password for the admin account to access the TELNET service, allowing attackers to erase/read/write the firmware remotely...

edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe

A flaw was found in edk2. Missing checks in the IScsiHexToBin function in NetworkPkg/IScsiDxe lead to a buffer overflow allowing a remote attacker, who can inject himself in the communication between edk2 and the iSCSI target, to write arbitrary data to any address in the edk2 firmware and...

CVE-2018-12166

Insufficient write protection in firmware for IntelR OptaneTM SSD DC P4800X before version E2010435 may allow a privileged user to potentially enable a denial of service via local access...