Lucene search
K

868 matches found

BDU FSTEC
BDU FSTEC
added 2023/07/13 12:0 a.m.7 views

The vulnerability of the TrustZone subsystem’s networking (netdev) component in Qualcomm embedded operating systems allows a hacker to gain unauthorized access to protected information.

The vulnerability of the TrustZone subsystem for networking functions in Qualcomm embedded systems’ operating systems lies in the insufficient protection of sensitive data during the analysis of peripheral channels. Exploiting this vulnerability can allow attackers to gain unauthorized access to...

7.1CVSS5.9AI score0.00113EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/05/16 8:56 a.m.7 views

kernel: perf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map()

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Fix reference count leak in snruncoremmiomap pcigetdevice will increase the reference count for the returned pcidev, so snruncoregetmcdev will return a pcidev with its reference count increased. We need to...

5.7AI score0.00174EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/05/09 10:4 a.m.3 views

kernel: PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors

In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: Deallocate EPC memory on dwpcieepinit errors If dwpcieepinit fails to perform any action after the EPC memory is initialized and the MSI memory region is allocated, the latter parts won't be undone thus causing a memory...

5.5CVSS6.3AI score0.00159EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/05/09 10:4 a.m.3 views

kernel: regmap: spi: Reserve space for register address/padding

In the Linux kernel, the following vulnerability has been resolved: regmap: spi: Reserve space for register address/padding Currently the maxrawread and maxrawwrite limits in regmapspi struct do not take into account the additional size of the transmitted register address and padding. This may...

5.5CVSS6.3AI score0.00194EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/05/09 10:4 a.m.3 views

kernel: perf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map()

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Fix reference count leak in snruncoremmiomap pcigetdevice will increase the reference count for the returned pcidev, so snruncoregetmcdev will return a pcidev with its reference count increased. We need to...

5.7AI score0.00174EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2023/04/25 1:15 p.m.4 views

CVE-2022-42335

x86 shadow paging arbitrary pointer dereference In environments where host assisted address translation is necessary but Hardware Assisted Paging HAP is unavailable, Xen will run guests in so called shadow mode. Due to too lax a check in one of the hypervisor routines used for shadow page handlin...

7.8CVSS5.9AI score0.00264EPSS
Exploits0References7
OSV
OSV
added 2023/03/23 5:15 p.m.4 views

CVE-2023-20082

A vulnerability in Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. This...

6.8CVSS6.6AI score0.00375EPSS
Exploits0References1
OSV
OSV
added 2023/03/03 1:15 p.m.3 views

CVE-2022-45552

An Insecure Permissions vulnerability in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to obtain sensitive information via SPI bus interface connected to pinout of the NAND flash memory...

7.5CVSS5.8AI score0.00669EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:49 a.m.3 views

SUSE CVE-2011-4347

The kvmvmioctlassigndevice function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux kernel before 3.1.10 does not verify permission to access PCI configuration space and BAR resources, which allows host OS users to assign PCI devices and cause a denial of service host OS crash via a...

4CVSS5.9AI score0.00367EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:37 a.m.4 views

SUSE CVE-2013-3495

The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service kernel panic via a malformed Message Signaled Interrupt MSI from a PCI device that is bus mastering capable that triggers a System Error Reporting SERR Non-Maskable Interrupt NMI...

4.7CVSS6.3AI score0.00389EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/02/15 5:21 a.m.2 views

SUSE CVE-2015-2150

Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service non-maskable interrupt and host crash by disabling the 1 memory or 2 I/O decoding for a PCI Express device and...

4.9CVSS7.5AI score0.00534EPSS
Exploits0References14
SUSE CVE
SUSE CVE
added 2023/02/15 4:6 a.m.9 views

SUSE CVE-2019-19057

Two memory leaks in the mwifiexpcieinitevtring function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service memory consumption by triggering mwifiexmappcimemory failures, aka CID-d10dcb615c8e...

4CVSS6.8AI score0.00788EPSS
Exploits0References15
SUSE CVE
SUSE CVE
added 2023/02/15 4:6 a.m.3 views

SUSE CVE-2019-19579

An issue was discovered in Xen through 4.12.x allowing attackers to gain host OS privileges via DMA in a situation where an untrusted domain has access to a physical device and assignable-add is not used, because of an incomplete fix for CVE-2019-18424. XSA-302 relies on the use of libxl's...

6.9CVSS6.2AI score0.00451EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/02/15 3:58 a.m.2 views

SUSE CVE-2020-13791

hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space...

5.5CVSS7.7AI score0.00398EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/01/17 12:0 a.m.6 views

PT-2024-11863 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A reference count leak in the Linux kernel has been identified and resolved. The issue occurs in the has external pci function, where a pci dev put call is missing, leading to a...

9.1CVSS6.6AI score0.03702EPSS
Exploits12References1811
OSV
OSV
added 2023/01/13 1:15 a.m.5 views

CVE-2022-42275

NVIDIA BMC IPMI handler allows an unauthenticated host to write to a host SPI flash bypassing secureboot protections. This may lead to a loss of integrity and denial of service...

7.1CVSS5.8AI score0.00196EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/12/06 12:0 a.m.6 views

PT-2024-11822 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a missing sentinel in the struct soc device attribute array in the Linux kernel's PCI driver for mt7621. This causes an error when assessed by the soc device...

5.5CVSS6.4AI score0.00233EPSS
Exploits0References25
OSV
OSV
added 2022/11/21 5:15 p.m.3 views

CVE-2022-35897

An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading to arbitrary code execution. The specific variables are normally...

6.8CVSS6.6AI score0.00357EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/10/12 12:0 a.m.8 views

The vulnerability of the Azure RTOS operating system’s USBX implementation allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the Azure RTOS operating system’s USBX implementation lies in reading data beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause service failures remotely...

8CVSS8.3AI score0.01516EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2022/06/30 12:0 a.m.3 views

Ampere Computing Ampere Altra 安全漏洞

The Ampere Computing Ampere Altra is an 80-core server processor from Ampere Computing, USA. A security vulnerability exists in the Ampere Computing Ampere Altra that stems from a UEFI-accessible Altra reference design that allows insecure access to the SPI-NOR by operating system/manager...

9.8CVSS8.3AI score0.0122EPSS
Exploits0References4
Rows per page
Query Builder