Security
Headlines
HeadlinesLatestCVEs

Tag

#bios

CVE-2022-43779: AMI UEFI Firmware December 2022 Security Update (TOCTOU)

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS) which might allow arbitrary code execution, denial of service, and information disclosure. AMI has released updates to mitigate the potential vulnerability.

CVE
Open in Source
#vulnerability#ios#dos#intel#php#bios
CVE-2022-34377: DSA-2022-204: Dell PowerEdge Improper SMM Communication Buffer Verification Vulnerability

Dell PowerEdge BIOS contains an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.

CVE-2022-24410: DSA-2022-325: Dell Client Security Update for Dell Client BIOS

Dell BIOS contains an information exposure vulnerability. An unauthenticated local attacker with physical access to the system and knowledge of the system configuration could potentially exploit this vulnerability to read system information via debug interfaces.

CVE-2023-25012: oss-sec: Linux Kernel: hid: Use-After-Free in bigben_set_led()

The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long.

CVE-2023-23692: DSA-2022-187: Dell Technologies PowerProtect Data Domain Security Update for Multiple Third-Party Component Vulnerabilities

Dell EMC prior to version DDOS 7.9 contain(s) an OS command injection Vulnerability. An authenticated non admin attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.

CVE-2021-3439: BIOS June 2021 Security Updates

HP has identified a potential vulnerability in BIOS firmware of some Workstation products. Firmware updates are being released to mitigate these potential vulnerabilities.

CVE-2022-27537: HP PC BIOS August 2022 Additional Updates for Potential SMM and TOCTOU Vulnerabilities

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate these potential vulnerabilities.

CVE-2022-27538: HP PC BIOS December 2022 Security Update (TOCTOU)

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability.

CVE-2021-3809: HP PC BIOS - May 2022 Security Updates

Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.

CVE-2022-34403: DSA-2022-327: Dell Client Security Update for Multiple Dell Client BIOS Vulnerabilities

Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker could potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter to gain arbitrary code execution in SMRAM.