112 matches found
CVE-2022-29493
Uncaught exception in webserver for the Integrated BMC in some IntelR platforms before versions 2.86, 2.09 and 2.78 may allow a privileged user to potentially enable denial of service via network access...
CVE-2022-29494
Improper input validation in firmware for OpenBMC in some IntelR platforms before versions egs-0.91-179 and bhs-04-45 may allow an authenticated user to potentially enable denial of service via network access...
CVE-2022-29494
Improper input validation in firmware for OpenBMC in some IntelR platforms before versions egs-0.91-179 and bhs-04-45 may allow an authenticated user to potentially enable denial of service via network access...
Input validation
Improper input validation in firmware for OpenBMC in some IntelR platforms before versions egs-0.91-179 and bhs-04-45 may allow an authenticated user to potentially enable denial of service via network access...
Design/Logic Flaw
Uncaught exception in webserver for the Integrated BMC in some IntelR platforms before versions 2.86, 2.09 and 2.78 may allow a privileged user to potentially enable denial of service via network access...
CVE-2022-29493
Uncaught exception in webserver for the Integrated BMC in some IntelR platforms before versions 2.86, 2.09 and 2.78 may allow a privileged user to potentially enable denial of service via network access...
CVE-2022-29494
CVE-2022-29494 affects OpenBMC firmware on some Intel platforms. The issue is an improper input validation in the firmware before versions egs-0.91-179 and bhs-04-45, which may allow an authenticated user to cause a denial of service over the network. Affected products include OpenBMC on Intel pl...
CVE-2022-29494
Improper input validation in firmware for OpenBMC in some IntelR platforms before versions egs-0.91-179 and bhs-04-45 may allow an authenticated user to potentially enable denial of service via network access...
CVE-2022-35729
Out of bounds read in firmware for OpenBMC in some IntelR platforms before version 0.72 may allow unauthenticated user to potentially enable denial of service via network access...
PT-2023-12972 · Intel · Openbmc
Name of the Vulnerable Software and Affected Versions: OpenBMC versions prior to egs-0.91-179 OpenBMC versions prior to bhs-04-45 Description: The issue is related to improper input validation in the firmware for OpenBMC in some Intel platforms, which may allow an authenticated user to potentiall...
PT-2023-13447 · Openbmc · Openbmc
Name of the Vulnerable Software and Affected Versions: OpenBMC versions prior to 0.72 Description: The issue is an out of bounds read in the firmware for OpenBMC in some Intel platforms, which may allow an unauthenticated user to potentially enable denial of service via network access...
SUSE CVE-2011-1476
Integer underflow in the Open Sound System OSS subsystem in the Linux kernel before 2.6.39 on unspecified non-x86 platforms allows local users to cause a denial of service memory corruption by leveraging write access to /dev/sequencer...
CVE-2022-35407
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow leads to arbitrary code execution in the SetupUtility driver on Intel platforms. An attacker can change the values of certain UEFI variables. If the size of the second variable exceeds the size of the...
Stack overflow
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow leads to arbitrary code execution in the SetupUtility driver on Intel platforms. An attacker can change the values of certain UEFI variables. If the size of the second variable exceeds the size of the...
PT-2022-22808 · Insyde · Insydeh2O
Name of the Vulnerable Software and Affected Versions: Insyde InsydeH2O versions 5.0 through 5.5 Description: A stack buffer overflow issue in the SetupUtility driver on Intel platforms leads to arbitrary code execution. This allows an attacker to change the values of certain UEFI variables by...
CVE-2022-35407
The CVE concerns InsydeH2O’s SetupUtility driver on Intel platforms, affected versions 5.0–5.5. A stack buffer overflow from handling two UEFI variables allows arbitrary code execution when the second variable exceeds the first, enabling modification of certain UEFI variables. Impact is local, wi...
CVE-2022-35407
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow leads to arbitrary code execution in the SetupUtility driver on Intel platforms. An attacker can change the values of certain UEFI variables. If the size of the second variable exceeds the size of the...
CVE-2022-35407
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. A stack buffer overflow leads to arbitrary code execution in the SetupUtility driver on Intel platforms. An attacker can change the values of certain UEFI variables. If the size of the second variable exceeds the size of the...
CVE-2022-29277
Incorrect pointer checks within the the FwBlockServiceSmm driver can allow arbitrary RAM modifications During review of the FwBlockServiceSmm driver, certain instances of SpiAccessLib could be tricked into writing 0xff to arbitrary system and SMRAM addresses. Fixed in: INTEL Purley-R: 05.21.51.00...
Intel BIOS Advisory
Summary: Potential security vulnerabilities in BIOS firmware for multiple Intel Platforms may allow escalation of privilege, denial of service and/or information disclosure. Intel is releasing BIOS updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2020-24457...