Lucene search
K

53 matches found

Prion
Prion
added 2021/08/05 9:15 p.m.17 views

Null pointer dereference

BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE...

4.6CVSS7.4AI score0.00423EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2021/08/05 9:15 p.m.48 views

CVE-2021-28216

BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE...

7.8CVSS6.8AI score0.00423EPSS
Exploits1References1
CVE
CVE
added 2021/08/05 8:44 p.m.115 views

CVE-2021-28216

CVE-2021-28216 is described across connected advisories as a vulnerability in EDK II where a BootPerformanceTable pointer is read from an NVRAM variable in PEI. The guidance in multiple sources is to set PcdFirmwarePerformanceDataTableS3Support to FALSE to mitigate. The Debian/Amazon/Linux adviso...

7.8CVSS7.4AI score0.00423EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/08/05 8:44 p.m.21 views

CVE-2021-28216

BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE...

7.8AI score0.00423EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2021/08/05 8:44 p.m.28 views

CVE-2021-28216

BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE...

7.8CVSS6.3AI score0.00423EPSS
Exploits1
Openbugbounty
Openbugbounty
added 2020/11/03 12:30 p.m.7 views

pei-investment.com Cross Site Scripting vulnerability OBB-1479841

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Exploits0
Prion
Prion
added 2020/01/31 4:15 p.m.14 views

Integer overflow

Multiple integer overflows in the Pre-EFI Initialization PEI boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase...

7.2CVSS6.9AI score0.00504EPSS
Exploits0References1
CVE
CVE
added 2020/01/31 3:8 p.m.69 views

CVE-2014-4860

CVE-2014-4860 is an integer overflow vulnerability in the Pre-EFI Initialization (PEI) capsule update coalescing phase of the UEFI/EDK2 implementation. The issue arises when the capsule update is coalesced back to its original form, enabling a write-what-where condition and potential bypass of ac...

7.2CVSS6.3AI score0.00504EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2020/01/31 3:8 p.m.75 views

CVE-2014-4860

Multiple integer overflows in the Pre-EFI Initialization PEI boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase...

7.2CVSS6.8AI score0.00504EPSS
Exploits0
Amazon
Amazon
added 2019/08/23 12:0 a.m.55 views

Important: edk2

Issue Overview: A missing check leads to an out-of-bounds read and write flaw in NetworkPkg/DnsDxe as shipped in edk2, when it parses DNS responses. A remote attacker who controls the DNS server used by the vulnerable firmware may use this flaw to make the system crash. CVE-2018-3613 improper DNS...

9.1CVSS8.1AI score0.02271EPSS
Exploits0
Prion
Prion
added 2019/02/24 12:29 a.m.28 views

Out-of-bounds

An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfdgetl32 in libbfd.c, when called from pex64getruntimefunction in pei-x8664.c...

4.3CVSS6.1AI score0.01569EPSS
Exploits1References7Affected Software2
ThreatPost
ThreatPost
added 2017/11/14 2:21 p.m.12 views

Debugging Tool Left on OnePlus Phones, Enables Root Access

UPDATE Chinese phone maker OnePlus is accused of leaving a debugging app on its phones capable of giving adversaries root access to the devices. The application in question is called EngineerMode and is made by Qualcomm. An anonymous researcher who goes by the handle Elliot Alderson, a character ...

0.5AI score
Exploits0References3
ThreatPost
ThreatPost
added 2012/04/23 3:43 p.m.16 views

MIT Students Use LED Lights, Hack Building to Play Tetris

Students at MIT took to the university’s Cecil and Ida Green Building over the weekend to transform the 21-story research building into an oversized, playable game of Tetris. Emulating the classic ’80s video game with the help of a console and 153 color-changing LED lights, students were able to...

0.4AI score
Exploits0References4
Rows per page
Query Builder