Security
Headlines
HeadlinesLatestCVEs

Tag

#bios

CVE-2023-31081: BUG: general protection fault in vidtv_mux_stop_thread

An issue was discovered in drivers/media/test-drivers/vidtv/vidtv_bridge.c in the Linux kernel 6.2. There is a NULL pointer dereference in vidtv_mux_stop_thread. In vidtv_stop_streaming, after dvb->mux=NULL occurs, it executes vidtv_mux_stop_thread(dvb->mux).

CVE
#ios#ubuntu#linux#git#bios
CVE-2023-25509: NVIDIA Support

NVIDIA DGX-1 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service, and escalation of privileges.

CVE-2023-0207: NVIDIA Support

NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modify the ServerSetup NVRAM variable at runtime by executing privileged code. A successful exploit of this vulnerability may lead to denial of service.

Intel Prioritizes Security in Latest vPro Chips

While Intel is building more hardware protections directly into the chips, enterprises still need a strategy for applying security updates on these components.

CVE-2023-2176: Fix resolve_prepare_src error cleanup — Linux RDMA and InfiniBand development

A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege.

CVE-2023-2166: BUG: unable to handle kernel paging request in can_rcv_filter

A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service.

CVE-2023-2170: Diff [2774153:2868795] for simple-tags/trunk – WordPress Plugin Repository

The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Related Posts functionality in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Editor+ permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

RHSA-2023:1833: Red Hat Security Advisory: virt:rhel and virt-devel:rhel security and bug fix update

An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1017: An out-of-bounds write vulnerability was found in the TPM 2.0's Module Library, which allows the writing of 2-byte data after the end of the TPM command. This flaw may lead to a denial of service or arbitrary code execution within the libtpms scope. * CVE-2023-1018: An out-of-bound read v...

CVE-2021-39295: GitHub - openbmc/openbmc: OpenBMC Distribution

In OpenBMC 2.9, crafted IPMI messages allow an attacker to cause a denial of service to the BMC via the netipmid (IPMI lan+) interface.

Troubleshooting No Signal Monitor Issue: Steps to Get Computer Display Back

By Owais Sultan If you encounter a “No signal” issue on your monitor despite your computer being powered on, and you… This is a post from HackRead.com Read the original post: Troubleshooting No Signal Monitor Issue: Steps to Get Computer Display Back