EUVD-2014-4779

Malware in sbrugna...

EUVD-2022-45360

Malicious code in bioql PyPI...

Design/Logic Flaw

DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization PEIphase, where a privileged user can disable SPI flash protection, which may lead to denial of service, escalation of privileges, or data tampering...

CVE-2022-42285

DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization PEIphase, where a privileged user can disable SPI flash protection, which may lead to denial of service, escalation of privileges, or data tampering...

CVE-2022-42285

DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization PEIphase, where a privileged user can disable SPI flash protection, which may lead to denial of service, escalation of privileges, or data tampering...

CVE-2022-40246

A potential attacker can write one byte by arbitrary address at the time of the PEI phase only during S3 resume boot mode and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines V...

American Megatrends Incorporated Aptio 缓冲区错误漏洞

American Megatrends Incorporated Aptio is a BIOS configuration program. A security vulnerability exists in American Megatrends Incorporated Aptio version 5.x. An attacker could exploit the vulnerability to execute arbitrary code at the PEI stage...

OESA-2021-1458 edk2 security update

EFI Development Kit II. Security Fixes: BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE.CVE-2021-28216...

DEBIAN-CVE-2021-28216

BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE...

UBUNTU-CVE-2021-28216

BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE...

CVE-2014-4860

Multiple integer overflows in the Pre-EFI Initialization PEI boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase...

CVE-2014-4860

Multiple integer overflows in the Pre-EFI Initialization PEI boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase...

CVE-2014-4860

CVE-2014-4860 is an integer overflow vulnerability in the Pre-EFI Initialization (PEI) capsule update coalescing phase of the UEFI/EDK2 implementation. The issue arises when the capsule update is coalesced back to its original form, enabling a write-what-where condition and potential bypass of ac...