Security
Headlines
HeadlinesLatestCVEs

Tag

#bios

CVE-2022-34403: DSA-2022-327: Dell Client Security Update for Multiple Dell Client BIOS Vulnerabilities

Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker could potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter to gain arbitrary code execution in SMRAM.

CVE
Open in Source
#vulnerability#ios#amd#bios#buffer_overflow#auth#dell
CVE-2022-34398: DSA-2022-339: Dell Client Security Update for a Dell Client BIOS Vulnerability

Dell BIOS contains a Time-of-check Time-of-use vulnerability. A local authenticated malicious user could\u00a0potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI to gain arbitrary code execution on the system.

CVE-2022-32482: DSA-2022-326: Dell Client Security Update for a Dell Client BIOS Vulnerability

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable.

CVE-2022-34400: DSA-2022-327: Dell Client Security Update for Multiple Dell Client BIOS Vulnerabilities

Dell BIOS contains a heap buffer overflow vulnerability. A local attacker with admin privileges could potentially exploit this vulnerability to perform an arbitrary write to SMRAM during SMM.

Red Hat OpenShift sandboxed containers: Peer-pods hands-on

<p>In this blog post, we’ll be going through deploying peer-pods on an OpenShift cluster running in AWS or vSphere cloud infrastructure. We will present how to create the virtual machine (VM) image for your peer-pod and demonstrate how to run workload in a peer-pod. The post assumes familiarity with Red Hat OpenShift and the cloud-provider which is in use.</p> <p>Peer-pods is an extension of <a href="https://www.redhat.com/en/blog/openshift-sandboxed-containers">OpenShift sandboxed containers</a>, and

CVE-2022-40137: Multi-Vendor BIOS Security Vulnerabilities (September 2022) - Lenovo Support US

A buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arbitrary code.

CVE-2020-18329: Insecure permissions in REHAU Group Unlimited Polymer Solutions implementation of Carel pCOWeb configuration tool exposes heating and temperature control systems to remote attackers.

An issue was discovered in Rehau devices that use a pCOWeb card BIOS v6.27, BOOT v5.00, web version v2.2, allows attackers to gain full unauthenticated access to the configuration and service interface.

CVE-2022-1890: Lenovo Notebook BIOS Vulnerabilities - Lenovo Support US

A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.

CVE-2022-34405: DSA-2022-316: Dell Client Security Update for a Realtek High Definition Audio Driver Vulnerability

An improper access control vulnerability was identified in the Realtek audio driver. A local authenticated malicious user may potentially exploit this vulnerability by waiting for an administrator to launch the application and attach to the process to elevate privileges on the system.

Red Hat Security Advisory 2023-0432-01

Red Hat Security Advisory 2023-0432-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include an out of bounds read vulnerability.