Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.
HP has identified a potential vulnerability in BIOS firmware of some Workstation products. Firmware updates are being released to mitigate these potential vulnerabilities.
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU (part numbers BMXP34*) (Versions prior to V3.30), Modicon M580 CPU (part numbers BMEP* and BMEH*) (Versions prior to SV3.20), Modicon MC80 (BMKC80) (Versions prior to V1.6), Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) (All Versions), Modicon Momentum MDI (171CBU*) (Versions prior to V2.3), Legacy Modicon Quantum (All Versions)
Several vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in denial of service or spoofing.
Guillaume Espanel, Pierre Libeau, Arnaud Morin and Damien Rannou
discovered that missing input sanitising in the handling of VMDK images
in Glance, the OpenStack image registry and delivery service, may result
in information disclosure.
Guillaume Espanel, Pierre Libeau, Arnaud Morin and Damien Rannou
discovered that missing input sanitising in the handling of VMDK images
in OpenStack Compute (codenamed Nova) may result in information
disclosure.
Guillaume Espanel, Pierre Libeau, Arnaud Morin and Damien Rannou
discovered that missing input sanitising in the handling of VMDK images
in Cinder, the OpenStack block storage system, may result in information
disclosure.
