Security
Headlines
HeadlinesLatestCVEs

Tag

#bios

CVE-2022-42455: Vulnerability-Disclosures/MNDT-2023-0003.md at master · mandiant/Vulnerability-Disclosures

ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by ASUS and shipped with multiple ASUS software products, contains multiple IOCTL handlers that provide raw read and write access to port I/O and MSRs via unprivileged IOCTL calls. Local users can gain privileges.

CVE
#vulnerability#ios#samba#bios#asus
RHSA-2023:0698: Red Hat Security Advisory: OpenShift Container Platform 4.10.52 security update

Red Hat OpenShift Container Platform release 4.10.52 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3064: A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document.

CVE-2022-43779: AMI UEFI Firmware December 2022 Security Update (TOCTOU)

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS) which might allow arbitrary code execution, denial of service, and information disclosure. AMI has released updates to mitigate the potential vulnerability.

CVE-2022-34377: DSA-2022-204: Dell PowerEdge Improper SMM Communication Buffer Verification Vulnerability

Dell PowerEdge BIOS contains an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

CVE-2022-24410: DSA-2022-325: Dell Client Security Update for Dell Client BIOS

Dell BIOS contains an information exposure vulnerability. An unauthenticated local attacker with physical access to the system and knowledge of the system configuration could potentially exploit this vulnerability to read system information via debug interfaces.

CVE-2023-25012: oss-sec: Linux Kernel: hid: Use-After-Free in bigben_set_led()

The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long.

CVE-2023-23692: DSA-2022-187: Dell Technologies PowerProtect Data Domain Security Update for Multiple Third-Party Component Vulnerabilities

Dell EMC prior to version DDOS 7.9 contain(s) an OS command injection Vulnerability. An authenticated non admin attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.

CVE-2021-3439: BIOS June 2021 Security Updates

HP has identified a potential vulnerability in BIOS firmware of some Workstation products. Firmware updates are being released to mitigate these potential vulnerabilities.

CVE-2022-27537: HP PC BIOS August 2022 Additional Updates for Potential SMM and TOCTOU Vulnerabilities

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate these potential vulnerabilities.

CVE-2022-27538: HP PC BIOS December 2022 Security Update (TOCTOU)

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability.