EUVD-2024-37325

Malicious code in bioql PyPI...

The vulnerability of the BMC controller software of Nuvoton BootBlock series, Nuvoton NPCM7xx, related to the bypassing of authentication due to a source error, allows a perpetrator to execute arbitrary code.

The vulnerability of the BMC controller Nuvoton BootBlock series from Nuvoton, specifically the Nuvoton NPCM7xx, relates to the bypassing of authentication due to a fundamental error in the code. Exploiting this vulnerability allows an attacker to execute arbitrary code by modifying the u-boot...

CVE-2024-38433

Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock reference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code execution...

CVE-2024-38433 Nuvoton - CWE-305: Authentication Bypass by Primary Weakness

Nuvoton - CWE-305: Authentication Bypass by Primary Weakness An attacker with write access to the SPI-Flash on an NPCM7xx BMC subsystem that uses the Nuvoton BootBlock reference code can modify the u-boot image header on flash parsed by the BootBlock which could lead to arbitrary code execution...

CVE-2024-38433

CVE-2024-38433 affects Nuvoton NPCM7xx BMC subsystem that uses the BootBlock. An attacker with write access to SPI-Flash can modify the u-boot image header parsed by BootBlock, enabling an authentication bypass and potentially arbitrary code execution. The CVSS data in the connected documents ind...