Lucene search
+L

53 matches found

NVD
NVD
added 2022/09/20 6:15 p.m.39 views

CVE-2022-26873

A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines VMs and bypassing memory isolation and...

8.2CVSS0.00402EPSS
Exploits1References3
OSV
OSV
added 2022/09/20 6:15 p.m.6 views

CVE-2022-26873

A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines VMs and bypassing memory isolation and...

8.2CVSS6AI score0.00402EPSS
Exploits1References3
Prion
Prion
added 2022/09/20 6:15 p.m.30 views

Memory corruption

A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines VMs and bypassing memory isolation and...

4CVSS8.1AI score0.00311EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/09/20 6:15 p.m.16 views

Memory corruption

A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines VMs and bypassing memory isolation and...

4CVSS8.1AI score0.00402EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/20 5:35 p.m.7 views

CVE-2022-40262 The arbitrary write vulnerability in S3Resume2Pei leads to arbitrary code execution during PEI phase.

A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines VMs and bypassing memory isolation and...

7.2AI score0.00311EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/09/20 5:35 p.m.24 views

CVE-2022-40262 The arbitrary write vulnerability in S3Resume2Pei leads to arbitrary code execution during PEI phase.

A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines VMs and bypassing memory isolation and...

8.4AI score0.00311EPSS
Exploits1References2
CVE
CVE
added 2022/09/20 5:35 p.m.70 views

CVE-2022-40262

CVE-2022-40262 concerns memory corruption in the S3Resume2Pei component that can allow arbitrary code execution during the PEI phase and affect subsequent boot stages. The affected element is injected into SMRAM, with potential to bypass mitigations, disclose physical memory, access secrets from ...

8.2CVSS8.2AI score0.00311EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/20 5:35 p.m.10 views

CVE-2022-40246 Arbitrary write vulnerability in SbPei module leads to arbitrary code execution during PEI phase.

A potential attacker can write one byte by arbitrary address at the time of the PEI phase only during S3 resume boot mode and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines V...

6.9AI score0.00463EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/09/20 5:35 p.m.34 views

CVE-2022-40246 Arbitrary write vulnerability in SbPei module leads to arbitrary code execution during PEI phase.

A potential attacker can write one byte by arbitrary address at the time of the PEI phase only during S3 resume boot mode and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines V...

7AI score0.00463EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/09/20 5:35 p.m.45 views

CVE-2022-26873 The stack buffer overflow vulnerability in PlatformInitAdvancedPreMem leads to arbitrary code execution during PEI phase.

A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines VMs and bypassing memory isolation and...

8.4AI score0.00402EPSS
Exploits1References3
CVE
CVE
added 2022/09/20 5:35 p.m.75 views

CVE-2022-26873

CVE-2022-26873 affects AMI Aptio 5.x PlatformInitAdvancedPreMem. The issue is described as a stack buffer overflow in PlatformInitAdvancedPreMem that can allow arbitrary code execution during the PEI phase, potentially enabling mitigation bypass, memory contents disclosure, VM secrets access, and...

8.2CVSS8.2AI score0.00402EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2022/09/20 12:0 a.m.6 views

Intel NUC M15 缓冲区错误漏洞

Intel NUC M15 is a laptop kit from Intel Corporation USA. A security vulnerability exists in previous versions of the Intel NUC M15 Laptop Kit BC0076, which stems from the fact that a potential attacker could write a byte through an arbitrary address during the PEI phase and affect subsequent boo...

7.2CVSS7.1AI score0.00463EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/09/20 12:0 a.m.7 views

PT-2022-25303 · Sbpei · Sbpei

Name of the Vulnerable Software and Affected Versions: SbPei affected versions not specified Description: A potential attacker can write one byte by arbitrary address at the time of the PEI phase, only during S3 resume boot mode, and influence the subsequent boot stages. This can lead to...

7.2CVSS6.8AI score0.00463EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/04/28 12:0 a.m.6 views

PT-2022-3556 · Ami · Ami Aptiov

Name of the Vulnerable Software and Affected Versions: AMI Aptio versions 5.x Description: A potential attacker can execute arbitrary code at the time of the PEI phase and influence subsequent boot stages, leading to mitigations bypassing, physical memory contents disclosure, discovery of secrets...

8.2CVSS8AI score0.00402EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2022/04/18 12:0 a.m.47 views

EulerOS Virtualization 2.10.0 : edk2 (EulerOS-SA-2022-1416)

According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of...

8.1CVSS6.7AI score0.01855EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2022/04/18 12:0 a.m.47 views

EulerOS Virtualization 2.10.1 : edk2 (EulerOS-SA-2022-1390)

According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of...

8.1CVSS6.7AI score0.01855EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2021/11/17 12:0 a.m.29 views

EulerOS Virtualization 2.9.1 : edk2 (EulerOS-SA-2021-2729)

According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to...

7.8CVSS6.5AI score0.00423EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2021/10/27 12:0 a.m.35 views

NewStart CGSL MAIN 6.02 : binutils Multiple Vulnerabilities (NS-SA-2021-0122)

The remote NewStart CGSL host, running version MAIN 6.02, has binutils packages installed that are affected by multiple vulnerabilities: - findabstractinstance in dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32, allows remote attackers to cause a...

7.8CVSS6.9AI score0.02752EPSS
Exploits3References7
NVD
NVD
added 2021/08/05 9:15 p.m.19 views

CVE-2021-28216

BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE...

7.8CVSS0.00423EPSS
Exploits1References2
OSV
OSV
added 2021/08/05 9:15 p.m.11 views

CVE-2021-28216

BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE...

7.8CVSS9.2AI score
Exploits0References2
Rows per page
Query Builder