26 matches found
MINI-465G-82JX-PMFW
Bulletin has no description...
EUVD-2023-24688
Malicious code in bioql PyPI...
EUVD-2023-24689
Malicious code in bioql PyPI...
CVE-2023-31305
Generation of weak and predictable Initialization Vector IV in PMFW Power Management Firmware may allow an attacker with privileges to reuse IV values to reverse-engineer debug data, potentially resulting in information disclosure...
CVE-2023-20513
An insufficient bounds check in PMFW Power Management Firmware may allow an attacker to utilize a malicious VF virtualization function to send a malformed message, potentially resulting in a denial of service...
CVE-2023-20512
A hardcoded AES key in PMFW may result in a privileged attacker gaining access to the key, potentially resulting in internal debug information leakage...
CVE-2023-20510
An insufficient DRAM address validation in PMFW may allow a privileged attacker to read from an invalid DRAM address to SRAM, potentially resulting in data corruption or denial of service...
CVE-2023-20509
An insufficient DRAM address validation in PMFW may allow a privileged attacker to perform a DMA read from an invalid DRAM address to SRAM, potentially resulting in loss of data integrity...
CVE-2023-31310
Improper input validation in Power Management Firmware PMFW may allow an attacker with privileges to send a malformed input for the "set temperature input selection" command, potentially resulting in a loss of integrity and/or availability...
CVE-2023-31305
CVE-2023-31305 describes weak and predictable IV generation in Power Management Firmware (PMFW). Under local access with high privileges, an attacker could reuse IV values to reverse‑engineer debug data, potentially causing information disclosure. The provided materials confirm the vulnerability ...
CVE-2023-31305
Generation of weak and predictable Initialization Vector IV in PMFW Power Management Firmware may allow an attacker with privileges to reuse IV values to reverse-engineer debug data, potentially resulting in information disclosure...
CVE-2023-31305
Generation of weak and predictable Initialization Vector IV in PMFW Power Management Firmware may allow an attacker with privileges to reuse IV values to reverse-engineer debug data, potentially resulting in information disclosure...
CVE-2023-20513
CVE-2023-20513 concerns the Power Management Firmware (PMFW). Multiple sources confirm an insufficient bounds check in PMFW can be exploited by a malicious VF (virtualization function) to send a malformed message, potentially causing a denial of service . The Red Hat/NVD/NVD-derived descriptions ...
CVE-2023-20513
An insufficient bounds check in PMFW Power Management Firmware may allow an attacker to utilize a malicious VF virtualization function to send a malformed message, potentially resulting in a denial of service...
CVE-2023-20512
A hardcoded AES key in PMFW may result in a privileged attacker gaining access to the key, potentially resulting in internal debug information leakage...
CVE-2023-20512
CVE-2023-20512 describes a hardcoded AES key in PMFW that could allow a privileged attacker to access the key and potentially leak internal debug information. Multiple connected sources corroborate PMFW as the affected component and the root cause as a hardcoded key, leading to unauthorized acces...
CVE-2023-20512
A hardcoded AES key in PMFW may result in a privileged attacker gaining access to the key, potentially resulting in internal debug information leakage...
CVE-2023-20510
CVE-2023-20510 involves insufficient DRAM address validation in PMFW, allowing a privileged local attacker to read from an invalid DRAM address into SRAM, potentially causing data corruption or a denial of service. Affected component: PMFW; underlying cause: DRAM address validation flaw. The prov...
CVE-2023-20510
An insufficient DRAM address validation in PMFW may allow a privileged attacker to read from an invalid DRAM address to SRAM, potentially resulting in data corruption or denial of service...
CVE-2023-20510
An insufficient DRAM address validation in PMFW may allow a privileged attacker to read from an invalid DRAM address to SRAM, potentially resulting in data corruption or denial of service...