Lenovo Desktops和ThinkStation 缓冲区错误漏洞

Lenovo Desktops and ThinkStation are both products of the Chinese company Lenovo, Lenovo Desktops are desktop computers and ThinkStation are desktop workstations. A security vulnerability exists in the SecureBootDXE BIOS of the Lenovo Desktops and ThinkStation that stems from a buffer overflow...

Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2023-1920)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

fwupd security and bug fix update

1.8.10-2.0.1 - Drop pesign.service restart in postun Orabug: 34760075 - Update signing certificate JIRA: OLDIS-16371 - Rebuild for SecureBoot signatures Orabug: 33801813 - Build with the updated Oracle certificate - Use oraclesecureboot301 as certdir Orabug: 29881368 - Use new signing certificate...

CVE-2023-0209

NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure assisted by a firmware...

CVE-2023-0209

NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure assisted by a firmware...

Design/Logic Flaw

NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure assisted by a firmware...

CVE-2023-0209

NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure assisted by a firmware...

CVE-2023-0209

The CVE-2023-0209 issue affects NVIDIA DGX-1 SBIOS Uncore PEI: missing authentication of the SSA-executed code allows files/firmware to potentially execute arbitrary code, cause DoS, privilege escalation via firmware implants, information disclosure, data tampering, and SecureBoot bypass. Red Hat...

CVE-2023-0209

NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure assisted by a firmware...

NVIDIA DGX-1 授权问题漏洞

The NVIDIA DGX-1 is a personal computing device for deep learning applications from NVIDIA Corporation. A security vulnerability exists in the NVIDIA DGX-1 SBIOS Uncore PEI prior to version 23.04.01, which stems from a lack of authentication of SSA execution code and could lead to arbitrary code...

PT-2023-16088 · Nvidia · Nvidia Dgx-1 Sbios

Name of the Vulnerable Software and Affected Versions: NVIDIA DGX-1 SBIOS affected versions not specified Description: The issue is related to a missing authentication of the code executed by SSA in the Uncore PEI module, which may lead to arbitrary code execution, denial of service, escalation o...

Security Bulletin: NVIDIA DGX-1 - April 2023

NVIDIA has released a security update for NVIDIA DGX-1 firmware. This update addresses an issue that may lead to arbitrary code execution, denial of service, escalation of privileges, information disclosure, data tampering, and SecureBoot bypass. To protect your system, download and install this...

SUSE CVE-2021-3418

If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered. This flaw is a reintroduction...

CVE-2022-42275

NVIDIA BMC IPMI handler allows an unauthenticated host to write to a host SPI flash bypassing secureboot protections. This may lead to a loss of integrity and denial of service...

CVE-2022-42275

NVIDIA BMC IPMI handler allows an unauthenticated host to write to a host SPI flash bypassing secureboot protections. This may lead to a loss of integrity and denial of service...

Code injection

NVIDIA BMC IPMI handler allows an unauthenticated host to write to a host SPI flash bypassing secureboot protections. This may lead to a loss of integrity and denial of service...

CVE-2022-42275

Mode C: Affected product is NVIDIA DGX Station A100/A800 BMC. CVE-2022-42275 concerns the IPMI handler where an unauthenticated host can write to the host SPI flash, bypassing secure boot protections, leading to loss of integrity and potential DoS. Root cause: IPMI/BMC tooling vulnerability allow...

CVE-2022-42275

NVIDIA BMC IPMI handler allows an unauthenticated host to write to a host SPI flash bypassing secureboot protections. This may lead to a loss of integrity and denial of service...

Moderate: Red Hat Security Advisory: grub2 security and bug fix update

An update for grub2 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

Stack overflow

An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading to arbitrary code execution. The specific variables are normally...