The vulnerability of the microprogramming BIOS in HP T430 and T638 thin clients allows a hacker to escalate privileges, execute arbitrary code, or cause a service failure.

The vulnerability of the microprogramming BIOS in HP T430 and T638 thin clients is related to the transmission of data in an open manner. Exploiting this vulnerability can allow attackers to increase their privileges, execute arbitrary code, or cause service failures...

CVE-2023-5409

HP is aware of a potential security vulnerability in HP t430 and t638 Thin Client PCs. These models may be susceptible to a physical attack, allowing an untrusted source to tamper with the system firmware using a publicly disclosed private key. HP is providing recommended guidance for customers t...

Design/Logic Flaw

HP is aware of a potential security vulnerability in HP t430 and t638 Thin Client PCs. These models may be susceptible to a physical attack, allowing an untrusted source to tamper with the system firmware using a publicly disclosed private key. HP is providing recommended guidance for customers t...

CVE-2023-5409

HP is aware of a potential security vulnerability in HP t430 and t638 Thin Client PCs. These models may be susceptible to a physical attack, allowing an untrusted source to tamper with the system firmware using a publicly disclosed private key. HP is providing recommended guidance for customers t...

CVE-2023-5409

CVE-2023-5409 concerns HP t430 and t638 Thin Client PCs. The vulnerability arises from physical-access risk allowing tamper with system firmware via a publicly disclosed private key. Documented impact includes potential compromises to confidentiality, integrity, and availability, with attack vect...

HP t430 and t638 Thin Clients - Firmware Tampering Vulnerability

HP is aware of a potential security vulnerability in HP t430 and t638 Thin Client PCs. These models may be susceptible to a physical attack, allowing an untrusted source to tamper with the system firmware using a publicly disclosed private key. HP is providing recommended guidance for customers t...

Rockwell Automation ThinManager Path Traversal Vulnerability (CNVD-2023-64278)

Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, Inc. It allows thin clients to be assigned to multiple remote desktop servers simultaneously. A path traversal vulnerability exists in Rockwell Automation Thinmanager Thinserver, which stems from the...

August 8, 2023—KB5029296 (Monthly Rollup)

August 8, 2023—KB5029296 Monthly Rollup REMINDER As of January 10, 2023, Microsoft no longer provides security updates or technical support for Windows 7 Service Pack 1 SP1. We recommend that you upgrade to a supported version of Windows.Upgrade to Windows 10: FAQUpgrade to Windows 11: FAQ Window...

Dell Wyse ThinOS 日志信息泄露漏洞

DELL Wyse ThinOS is a lightweight operating system designed for thin client devices, focused on providing a secure and efficient virtual desktop access experience. An information disclosure vulnerability exists in DELL Wyse ThinOS, which can be exploited by an attacker to read sensitive informati...

kernel: dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata

An ABBA deadlock flaw was found in the Linux kernel's device-mapper thin provisioning subsystem between the memory reclaim path and metadata abort handling. A local user can trigger this issue by initiating cache drop operations while dm-thin operations are active, causing process P1 to hold...

kernel: dm thin: Fix UAF in run_timer_softirq()

In the Linux kernel, the following vulnerability has been resolved: dm thin: Fix UAF in runtimersoftirq When dmresume and dmdestroy are concurrent, it will lead to UAF, as follows: BUG: KASAN: use-after-free in runtimers+0x173/0x710 Write of size 8 at addr ffff88816d9490f0 by task swapper/0/0 Cal...

kernel: dm thin: Use last transaction's pmd->root when commit failed

A metadata handling flaw was found in the Linux kernel device-mapper thin provisioning driver. After a failed metadata commit, the in-memory root pointer could reference a mixed set of fresh and stale tree nodes. Subsequent lookups may loop or stall. A local user could use this flaw to cause the...

kernel: dm thin: Use last transaction's pmd->root when commit failed

A metadata handling flaw was found in the Linux kernel device-mapper thin provisioning driver. After a failed metadata commit, the in-memory root pointer could reference a mixed set of fresh and stale tree nodes. Subsequent lookups may loop or stall. A local user could use this flaw to cause the...

kernel: dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata

An ABBA deadlock flaw was found in the Linux kernel's device-mapper thin provisioning subsystem between the memory reclaim path and metadata abort handling. A local user can trigger this issue by initiating cache drop operations while dm-thin operations are active, causing process P1 to hold...

kernel: dm thin: Fix UAF in run_timer_softirq()

In the Linux kernel, the following vulnerability has been resolved: dm thin: Fix UAF in runtimersoftirq When dmresume and dmdestroy are concurrent, it will lead to UAF, as follows: BUG: KASAN: use-after-free in runtimers+0x173/0x710 Write of size 8 at addr ffff88816d9490f0 by task swapper/0/0 Cal...

kernel: tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts.

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctltcpthinlineartimeouts. While reading sysctltcpthinlineartimeouts, it can be changed concurrently. Thus, we need to add READONCE to its reader...

CVE-2023-27856

In affected versions, path traversal exists when processing a message of type 8 in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker can exploit this vulnerability to download arbitrary files on the disk drive where ThinServer.exe is installed...

SUSE CVE-2021-3148

An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.genthin command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py...

Wyse Management Suite Improper Access Control Vulnerability

Wyse Management Suite is Dell's hybrid cloud security management solution for Wyse thin client devices, designed to simplify IT management processes and enhance device security. An improper access control vulnerability exists in Wyse Management Suite, which stems from the inclusion of incorrect...

Wyse Management Suite Improper Access Control Vulnerability (CNVD-2025-26825)

Wyse Management Suite is Dell's hybrid cloud security management solution for Wyse thin client devices, designed to simplify IT management processes and enhance device security. An Improper Access Control vulnerability exists in Wyse Management Suite that stems from incorrect access control. No...