700 matches found
Astra Linux – Vulnerability in edk2
The Ubuntu edk2 UEFI firmware packages accidentally allowed access to the UEFI Shell in Secure Boot environments, potentially enabling bypass of Secure Boot restrictions. Versions 2024.05-2ubuntu0.3 and 2024.02-2ubuntu0.3 disable the Shell. Some earlier versions introduced a security measure base...
Astra Linux – Vulnerability in grub2
A flaw was discovered in grub2. When reading the name of a symbolic link from a UFS filesystem, grub2 fails to validate the string length provided as input. This lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and potentially allowing an attacker to...
Astra Linux – Vulnerability in grub2
A carefully crafted JPEG image may cause the JPEG reader to underflow its data pointer, allowing user-controlled data to be written into the heap. For the attack to succeed, the attacker must analyze the heap layout and create an image with malicious format and payloads. This vulnerability can le...
Astra Linux – Vulnerability in grub2
A crafted 16-bit grayscale PNG image may lead to an out-of-bounds write in the heap area. An attacker may exploit this to cause heap data corruption or, ultimately, arbitrary code execution and circumvent secure boot protections. This issue is highly complex to exploit; an attacker needs to perfo...
SUSE CVE-2026-8863
Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the...
CVE-2026-8863 CVE-2026-8863
Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the...
CVE-2026-8863
CVE-2026-8863 affects multiple Microsoft-signed UEFI SHIM bootloaders and enables bypass of Secure Boot, allowing code execution before the OS loads. Root cause: vulnerable SHIM bootloaders; impact: bypass of Secure Boot and arbitrary code execution at boot. Remediation: block via a specific UEFI...
CVE-2026-48570 Secure Boot Security Feature Bypass Vulnerability
...
Microsoft Windows 安全漏洞
Microsoft Windows is an operating system used on personal devices by the American company Microsoft. There are security vulnerabilities in Microsoft Windows, which stem from SecureBoot bypasses. These vulnerabilities could allow attackers with administrative privileges or those capable of modifyi...
PT-2026-48216
Name of the Vulnerable Software and Affected Versions Spyrus WTGCreator version 4.2 Baramundi Management Suite versions prior to 2024R1 WhiteCanyon WipeDrive versions 8.0.0 through 8.1.3 Finland Matriculation Exam Abitti 1 version 1.0.0 NTC IT Rosa versions R9 and R10 PC-Doctor Service Center...
Microsoft-signed UEFI shim bootloaders vulnerable to Secure Boot bypass
Overview Microsoft-signed UEFI bootloaders of the open-source shim project, primarily from version 0.9 and earlier, were identified as vulnerable to Secure Boot bypass. To mitigate this risk, the affected bootloaders will be added to the Microsoft UEFI Forbidden Signature Database DBX. Once the D...
Security information for Hitachi Disk Array Systems
Overview CVE-2026-0390 | UEFI Secure Boot Security Feature Bypass Vulnerability CVE-2026-20806 | Windows COM Server Information Disclosure Vulnerability CVE-2026-20928 | Windows Recovery Environment Security Feature Bypass Vulnerability CVE-2026-20930 | Windows Management Services Elevation of...
Astra Linux – Vulnerability in grub2
A flaw was discovered in grub2. A specially crafted JPEG file can cause the JPEG parser in grub2 to incorrectly check the boundaries of its internal buffers, leading to an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is still a concer...
Astra Linux – Vulnerability in grub2
A flaw was discovered in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read without sufficient bounds checking, assuming that the USB device provides valid values. If exploited properly, an attacker could cause memory corruption, leading to arbitrary code...
Astra Linux - уязвимость в u-boot
The U-Boot until 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration...
Astra Linux – Vulnerability in edk2
In Ubuntu’s EDK2, a insecure default setting was left enabled, allowing UEFI Shell to be used. This enables an attacker with access to the operating system to bypass Secure Boot...
Astra Linux – Vulnerability in grub2
A flaw was discovered in grub2. During the network boot process, when attempting to search for the configuration file, grub copies data from a user-controlled environment variable into an internal buffer using the grubstrcpy function. During this step, it fails to consider the length of the...
Astra Linux – Vulnerability in grub2
A out-of-bounds write flaw was discovered in grub2’s NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, resulting in corruption of grub’s heap metadata. In some cases, the attack may also corrupt the UEFI firmware heap metadata. As a...
Astra Linux – Vulnerability in grub2
A flaw was discovered in grub2. The calculation of the translation buffer when reading a language .mo file in grubgettextgetstrfromposition may overflow, resulting in an out-of-bound write. This issue can be exploited by an attacker to overwrite grub2’s sensitive heap data, ultimately allowing th...
Astra Linux – Vulnerability in grub2
A flaw was discovered in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded. This flaw allows an attacker to force grub2 to call the hooks once the module that registered them was unloaded, resulting in a use-after-free vulnerabilit...