AZL-35258 CVE-2023-40551 affecting package shim for versions less than 15.8-3

A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or possible exposure of sensitive data during the system's boot phase...

CVE-2022-24351

TOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5.2 before version 05.27.29, Kernel 5.3 before version 05.36.29, Kernel 5.4 version before 05.44.13, and Kernel 5.5 before version 05.52.13 allows an attacker to alter data and code used by the remainder of the boot process...

Race condition

TOCTOU race-condition vulnerability in Insyde InsydeH2O with Kernel 5.2 before version 05.27.29, Kernel 5.3 before version 05.36.29, Kernel 5.4 version before 05.44.13, and Kernel 5.5 before version 05.52.13 allows an attacker to alter data and code used by the remainder of the boot process...

PT-2023-12746 · Insyde · Insydeh2O

Name of the Vulnerable Software and Affected Versions: InsydeH2O versions 5.2 before 05.27.29 InsydeH2O versions 5.3 before 05.36.29 InsydeH2O versions 5.4 before 05.44.13 InsydeH2O versions 5.5 before 05.52.13 Description: A TOCTOU race-condition issue allows an attacker to alter data and code...

Aruba Networks ArubaOS and InstantOS Security Vulnerabilities

Aruba Networks ArubaOS and Aruba Networks InstantOS are both products of Aruba Networks, Inc. Aruba Networks InstantOS is an Arch Linux-based distribution. A security vulnerability exists in Aruba Networks ArubaOS and InstantOS, which stems from the discovery of an authenticated vulnerability tha...

Lenovo Bios Buffer Error Vulnerability

Lenovo Bios is a boot method for computers from the Chinese company Lenovo Lenovo. It is used to boot the system during computer startup. Lenovo Bios suffers from a buffer error vulnerability that stems from a memory leak vulnerability in the SWSMIShadow DXE driver...

Insyde InsydeH2O 安全漏洞

The RUGGEDCOM APE1808 is a utility-grade application hosting platform that allows you to deploy a range of commercial edge computing and cybersecurity applications in harsh industrial environments. An Inside BIOS vulnerability exists in the Siemens RUGGEDCOM APE1808 product family, which is cause...

CVE-2023-38402

A vulnerability in the HPE Aruba Networking Virtual Intranet Access VIA client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM. A successful exploit could allow these malicious users to create a Denial-of-Service DoS condition affecting the Microsoft Windows...

Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Unmeasured Boot (CVE-2019-1589)

A vulnerability in the Trusted Platform Module TPM functionality of software for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an unauthenticated, local attacker with physical access to view sensitive information on an affected device. The...

VMs Boot Extremely Slowly on Specific Hosts

VMs boot extremely slowly on specific hosts, the booting process mainly stuck in the phrase when vm icon changes from yellow to blue...

PT-2023-9792 · Visteon · Visteon Infotainment App Soc

Name of the Vulnerable Software and Affected Versions: Visteon Infotainment App SoC affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations of Visteon Infotainment systems. Although authentication is required to exploit this...

PT-2025-40198

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to the handling of stack protectors during the boot process. Specifically, the issue arises from discrepancies in the stack canary values when...

CVE-2022-41505

An access control issue on TP-LInk Tapo C200 V1 devices allows physically proximate attackers to obtain root access by connecting to the UART pins, interrupting the boot process, and setting an init=/bin/sh value...

CVE-2022-41505

The CVE-2022-41505 entry concerns the TP-Link Tapo C200 V1 webcam, where an access-control flaw reportedly lets a physically proximate attacker obtain root access by connecting to UART pins, interrupting boot, and setting init=/bin/sh. Documents confirm physical access as the attack vector and th...

CVE-2022-20826

A vulnerability in the secure boot implementation of Cisco Secure Firewalls 3100 Series that are running Cisco Adaptive Security Appliance ASA Software or Cisco Firepower Threat Defense FTD Software could allow an unauthenticated attacker with physical access to the device to bypass the secure bo...

Design/Logic Flaw

A vulnerability in the secure boot implementation of Cisco Secure Firewalls 3100 Series that are running Cisco Adaptive Security Appliance ASA Software or Cisco Firepower Threat Defense FTD Software could allow an unauthenticated attacker with physical access to the device to bypass the secure bo...

CVE-2022-20826

CVE-2022-20826 affects Cisco Secure Firewalls 3100 Series running ASA or FTD software. Root cause is a logic error in the secure boot boot process, enabling an unauthenticated attacker with physical access to bypass secure boot, inject code at a specific memory location, and execute persistent co...

PT-2022-15222 · Qualcomm · Snapdragon Auto +7

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon affected versions not specified Description: The issue is related to a denial of service in the BOOT process when the partition size for a particular partition is requested. This occurs due to an integer overflow when bloc...

CVE-2022-20944 Cisco IOS XE Software for Catalyst 9200 Series Switches Arbitrary Code Execution Vulnerability

A vulnerability in the software image verification functionality of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. This vulnerability is due to an improper check in the code function tha...

CVE-2022-20944 Cisco IOS XE Software for Catalyst 9200 Series Switches Arbitrary Code Execution Vulnerability

A vulnerability in the software image verification functionality of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. This vulnerability is due to an improper check in the code function tha...