6579 matches found
IBM PowerVM Hypervisor 安全漏洞
IBM PowerVM Hypervisor is an application from Universal Business Machines IBM, Inc. provides a secure and scalable virtualization environment for applications built on the advanced RAS capabilities and leading performance of the Power Systems platform.An access control error vulnerability exists ...
UBUNTU-CVE-2021-36133
The OPTEE-OS CSU driver for NXP i.MX SoC devices lacks security access configuration for several models, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a DMA capable peripheral...
Security Bulletin: This Power System update is being released to address CVE-2018-5391
Summary POWER9: In response to a denial of service vulnerability, a new Power Systems firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE-2018-5391. A remote attacker could use large IP frames to trigger time and calculation expensive calls in the...
Security Bulletin: This Power System update is being released to address CVE-2018-12384
Summary POWER9: In response to a data leak vulnerability in the network security services, a new Power Systems firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE-2018-12384. This man-in-the-middle attack could provide false completion or errant...
The vulnerability of Intel BIOS/UEFI processor microprogramming software allows attackers to enhance their privileges and gain unauthorized access to protected information.
The vulnerability of Intel BIOS/UEFI processor microprogramming systems is related to insufficient protection of system data. Exploiting this vulnerability can allow attackers to enhance their privileges and gain unauthorized access to protected information...
The vulnerability in the implementation of the source code file arch/powerpc/kvm/book3s_hv_rmhandlers.S of Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability in the implementation of the source code file arch/powerpc/kvm/book3shvrmhandlers.S of Linux operating systems is related to the lack of checks for returned data during the processing of SRR1 values. Exploiting this vulnerability can allow an attacker to cause service failures...
ALPINE-CVE-2021-28709
issues with partially successful P2M updates on x86 This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. x86 HVM and PVH guests may be started in populate-on-demand PoD mode, to provide a way for them to later easily have...
kernel: SVM nested virtualization issue in KVM (AVIC support)
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB virtual machine control block provided by the L1 guest to spawn/handle a nested guest L2. Due to improper validation of the "intctl" field, this issue could allow a malicious ...
The vulnerability of Intel processor BIOS systems, which allows attackers to enhance their privileges
The vulnerability of Intel processor BIOS systems is related to incorrect code generation. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of Intel processor BIOS systems, which allows attackers to enhance their privileges
The vulnerability of Intel processor BIOS systems is related to insufficient checking of input data. Exploiting this vulnerability can allow attackers to enhance their privileges...
Euronet Worldwide: Speedy, Global Response to Threats Reduces Risk
After years of using manual processes and systems to manage its IT inventory and track vulnerabilities, racking up costs, and increasing the complexity of asset and vulnerability management, Euronet Worldwide needed a way to get a single, accurate and timely view of risk exposure at the group...
NVIDIA GPU 安全漏洞
Nvidia Gpu is a graphics processing unit from the American company Nvidia. It is used in machine learning, video editing, and gaming applications. A security vulnerability exists in NVIDIA GPUs and Tegra hardware that stems from a user with elevated privileges using a debugging mechanism with...
多款 MediaTek 芯片 缓冲区错误漏洞
MediaTek chips are a variety of chips from MediaTek, a Chinese company called Mediatek. A security vulnerability exists in several MediaTek chips that stems from a lack of boundary checking in apusys, which may result in memory corruption. This could result in a local elevation of privilege that...
CVE-2021-0146
CVE-2021-0146: Hardware allows activation of test or debug logic at runtime on some Intel processors, potentially enabling privilege escalation with physical access. The incident is documented in multiple sources (Intel/Broadcom advisories; Cloud Foundry USN-5486-1; AWS ALAS2-2022-1762; Gentoo GL...
CVE-2021-26335
Improper input and range checking in the AMD Secure Processor ASP boot loader image header may allow an attacker to use attacker-controlled values prior to signature validation potentially resulting in arbitrary code execution...
CVE-2021-26335
Improper input and range checking in the AMD Secure Processor ASP boot loader image header may allow an attacker to use attacker-controlled values prior to signature validation potentially resulting in arbitrary code execution...
CVE-2020-12961
A potential vulnerability exists in AMD Platform Security Processor PSP that may allow an attacker to zero any privileged register on the System Management Network which may lead to bypassing SPI ROM protections...
CVE-2020-12961
A potential vulnerability exists in AMD Platform Security Processor PSP that may allow an attacker to zero any privileged register on the System Management Network which may lead to bypassing SPI ROM protections...
CVE-2021-26315
When the AMD Platform Security Processor PSP boot rom loads, authenticates, and subsequently decrypts an encrypted FW, due to insufficient verification of the integrity of decrypted image, arbitrary code may be executed in the PSP when encrypted firmware images are used...
CVE-2021-26320
Insufficient validation of the AMD SEV Signing Key ASK in the SENDSTART command in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP...