196 matches found
grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process
A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access...
EulerOS 2.0 SP3 : grub2 (EulerOS-SA-2020-1834)
According to the version of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process CVE-2020-10713 Note that Tenable Network Security has extracte...
grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process
A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access...
Information disclosure
A potential security vulnerability has been identified in HPE Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting ToolKit. The vulnerability could be locally exploited to allow arbitrary code execution during the boot process. Note: This vulnerability is related to using insmod...
AZL-6456 CVE-2020-14308 affecting package grub2 for versions less than 2.06~rc1-7
In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts...
ALPINE-CVE-2020-14308
In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts...
DEBIAN-CVE-2020-14308
In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts...
CVE-2020-14308
In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts...
CVE-2020-14308
In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts...
CVE-2020-14308
In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts...
BSA-2020-1053
Security Advisory ID : BSA-2020-1053 Component : GRUB2 Revision : 1.0: Initial Security Researchers from Eclypsium disclosed “BootHole.” 1, 2.“BootHole” vulnerability in the GRUB2 bootloader opens up Windows and Linux devices using Secure Boot to attack. All operating systems using GRUB2 with...
Cisco IOS XE Software Digital Signature Verification Bypass (cisco-sa-iosxe-digsig-bypass-FYQ3bmVq)
According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability due to an improper check on the area of code that manages the verification of the digital signatures of system image files during the initial boot process. An attacker could exploit this vulnerability by...
Cisco IOS XE Data Forgery Issue Vulnerability (CNVD-2020-31991)
Cisco IOS XE is the United States Cisco Cisco company's set of operating system developed for its network equipment. A data forgery vulnerability exists in software image validation in Cisco IOS XE, which arises from a program not properly checking the code area used to manage the digital signatu...
Input validation
A vulnerability in software image verification in Cisco IOS XE Software could allow an unauthenticated, physical attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability is due to an improper check on the area of code that manag...
CVE-2020-12768
An issue was discovered in the Linux kernel before 5.6. svmcpuuninit in arch/x86/kvm/svm.c has a memory leak, aka CID-d80b64ff297e. NOTE: third parties dispute this issue because it's a one-time leak at the boot, the size is negligible, and it can't be triggered at will...
reblog
Defeating a Laptop's BIOS Password We found a laptop laying a...
Siemens SIMATIC S7-1200 CPU Access Vulnerability
Siemens SIMATIC S7-1200 CPU family products are designed for discrete and continuous control in industrial environments such as manufacturing, food and beverage, and chemical industries. A security vulnerability exists in the Siemens SIMATIC S7-1200 CPU. An attacker could exploit this security...
CVE-2019-12649
A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability exists because, under certain circumstances, an affected...
CVE-2019-12649
A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability exists because, under certain circumstances, an affected...
Design/Logic Flaw
A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability exists because, under certain circumstances, an affected...