200 matches found
CVE-2020-3458
Multiple vulnerabilities in the secure boot process of Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software for the Firepower 1000 Series and Firepower 2100 Series Appliances could allow an authenticated, local attacker to bypass the secure boot mechanism. The...
CVE-2020-3458
The CVE-2020-3458 entries describe multiple vulnerabilities in the secure boot process of Cisco ASA and Firepower Threat Defense (FTD) software on Firepower 1000/2100 series appliances. A local, authenticated attacker could bypass the chain of trust by injecting code into specific files used duri...
Cisco FXOS Software for Firepower 4100/9300 Series Appliances Secure Boot Bypass Vulnerability
A vulnerability in the secure boot process of Cisco FXOS Software could allow an authenticated, local attacker to bypass the secure boot mechanisms. The vulnerability is due to insufficient protections of the secure boot process. An attacker could exploit this vulnerability by injecting code into...
PT-2020-5138 · Cisco · Cisco Ftd +1
Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software versions prior to the fixed version Cisco Firepower Threat Defense FTD Software for the Firepower 1000 Series and Firepower 2100 Series Appliances versions prior to the fixed version Description:...
grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process
A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access...
EulerOS 2.0 SP3 : grub2 (EulerOS-SA-2020-1834)
According to the version of the grub2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process CVE-2020-10713 Note that Tenable Network Security has extracte...
grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process
A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access...
Information disclosure
A potential security vulnerability has been identified in HPE Intelligent Provisioning, Service Pack for ProLiant, and HPE Scripting ToolKit. The vulnerability could be locally exploited to allow arbitrary code execution during the boot process. Note: This vulnerability is related to using insmod...
AZL-6456 CVE-2020-14308 affecting package grub2 for versions less than 2.06~rc1-7
In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts...
ALPINE-CVE-2020-14308
In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts...
DEBIAN-CVE-2020-14308
In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts...
CVE-2020-14308
In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts...
CVE-2020-14308
In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts...
CVE-2020-14308
In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on the requested allocation size. This leads the function to return invalid memory allocations which can be further used to cause possible integrity, confidentiality and availability impacts...
BSA-2020-1053
Security Advisory ID : BSA-2020-1053 Component : GRUB2 Revision : 1.0: Initial Security Researchers from Eclypsium disclosed “BootHole.” 1, 2.“BootHole” vulnerability in the GRUB2 bootloader opens up Windows and Linux devices using Secure Boot to attack. All operating systems using GRUB2 with...
Cisco IOS XE Software Digital Signature Verification Bypass (cisco-sa-iosxe-digsig-bypass-FYQ3bmVq)
According to its self-reported version, Cisco IOS XE Software is affected by a vulnerability due to an improper check on the area of code that manages the verification of the digital signatures of system image files during the initial boot process. An attacker could exploit this vulnerability by...
Cisco IOS XE Data Forgery Issue Vulnerability (CNVD-2020-31991)
Cisco IOS XE is the United States Cisco Cisco company's set of operating system developed for its network equipment. A data forgery vulnerability exists in software image validation in Cisco IOS XE, which arises from a program not properly checking the code area used to manage the digital signatu...
Input validation
A vulnerability in software image verification in Cisco IOS XE Software could allow an unauthenticated, physical attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. The vulnerability is due to an improper check on the area of code that manag...
CVE-2020-12768
An issue was discovered in the Linux kernel before 5.6. svmcpuuninit in arch/x86/kvm/svm.c has a memory leak, aka CID-d80b64ff297e. NOTE: third parties dispute this issue because it's a one-time leak at the boot, the size is negligible, and it can't be triggered at will...
reblog
Defeating a Laptop's BIOS Password We found a laptop laying a...