Lucene search
K

10464 matches found

Tenable Nessus
Tenable Nessus
added 2026/02/06 12:0 a.m.7 views

Oracle Linux 8 : osbuild-composer (ELSA-2026-2124)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-2124 advisory. 101.4-3.0.1 - Support using repository definitons with OCI variables JIRA: OLDIS-38657 - Update repositories to contain OCI variables - Remove image types...

7.5CVSS7.6AI score0.00451EPSS
Exploits2References2
OSV
OSV
added 2026/02/05 3:20 a.m.4 views

GO-2026-4432 EVE Doesn't Protect Config Partition with Measured Boot in github.com/lf-edge/eve

EVE Doesn't Protect Config Partition with Measured Boot in github.com/lf-edge/eve...

8.8CVSS5.3AI score0.00161EPSS
Exploits0References4
OSV
OSV
added 2026/02/05 3:20 a.m.7 views

GO-2026-4428 EVE's Debug Functions Unlockable Without Triggering Measured Boot in github.com/lf-edge/eve

EVE's Debug Functions Unlockable Without Triggering Measured Boot in github.com/lf-edge/eve...

8.8CVSS5.3AI score0.0016EPSS
Exploits0References6
OSV
OSV
added 2026/02/05 3:20 a.m.5 views

GO-2026-4418 EVE: SSH as Root Unlockable Without Triggering Measured Boot in github.com/lf-edge/eve

EVE: SSH as Root Unlockable Without Triggering Measured Boot in github.com/lf-edge/eve...

8.8CVSS5.3AI score0.0016EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.5 views

PT-2026-6530

EVE's Debug Functions Unlockable Without Triggering Measured Boot in github.com/lf-edge/eve...

8.8CVSS5.4AI score0.0016EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.5 views

PT-2026-6523

EVE: SSH as Root Unlockable Without Triggering Measured Boot in github.com/lf-edge/eve...

8.8CVSS5.4AI score0.0016EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.5 views

PT-2026-6532

EVE Doesn't Protect Config Partition with Measured Boot in github.com/lf-edge/eve...

8.8CVSS5.4AI score0.00161EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/02/04 11:14 p.m.11 views

EVE Doesn't Protect Rootfs

Impact Measured boot validates BIOS, grub, kernel cmdline, and initrd but not the entire rootfs. Thus, an attacker can create an EVE-OS rootfs squashfs image with some files modified and take out the disk and replace the existing rootfs image without that being detected by measure boot and remote...

8.8CVSS8.1AI score0.00125EPSS
Exploits0References7Affected Software1
Snyk
Snyk
added 2026/02/04 11:14 p.m.3 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity due to the measured boot not validating the integrity of the entire root filesystem. An attacker can gain unauthorized access to sensitive data or modify system files by physically replacin...

8.8CVSS8AI score0.00125EPSS
Exploits0References2
OSV
OSV
added 2026/02/04 11:14 p.m.5 views

GHSA-5H7V-G49C-H887 EVE Doesn't Protect Rootfs

Impact Measured boot validates BIOS, grub, kernel cmdline, and initrd but not the entire rootfs. Thus, an attacker can create an EVE-OS rootfs squashfs image with some files modified and take out the disk and replace the existing rootfs image without that being detected by measure boot and remote...

6.7CVSS5.5AI score0.00125EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/02/04 9:38 p.m.6 views

EVE Doesn't Protect Config Partition with Measured Boot

Impact Config partition measurement was moved from PCR 13 to PCR 14 in a commit, but PCR 14 was not added to the list of PCRs that seal/unseal the vault key. As a result, an attacker can remove the disk, use another server to modify the files in the config partition, and then re-insert the disk...

8.8CVSS7.8AI score0.00161EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/02/04 9:38 p.m.6 views

EUVD-2023-48034

EVE Doesn't Protect Config Partition with Measured Boot...

8.8CVSS8AI score0.00161EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/04 9:36 p.m.8 views

EUVD-2023-48033

EVE's Debug Functions Unlockable Without Triggering Measured Boot...

8.8CVSS8AI score0.0016EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/02/04 9:36 p.m.9 views

EVE's Debug Functions Unlockable Without Triggering Measured Boot

Impact On boot, Pillar checks for /config/GlobalConfig/global.json and overrides system configuration if present. This allows enabling debug functions like SSH debug.enable.ssh, USB keyboard debug.enable.usb, and VNC access app.allow.vnc without triggering the measured boot. Thus, a user with...

8.8CVSS7.8AI score0.0016EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/02/04 9:36 p.m.5 views

GHSA-4C4V-42HC-72P6 EVE's Debug Functions Unlockable Without Triggering Measured Boot

Impact On boot, Pillar checks for /config/GlobalConfig/global.json and overrides system configuration if present. This allows enabling debug functions like SSH debug.enable.ssh, USB keyboard debug.enable.usb, and VNC access app.allow.vnc without triggering the measured boot. Thus, a user with...

5.9CVSS5.2AI score0.0016EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/02/04 8:46 p.m.10 views

EVE: SSH as Root Unlockable Without Triggering Measured Boot

Impact On boot, the Pillar container checks for /config/authorizedkeys. If present with a valid public key, it enables SSH on port 22 with root login. The /config partition is not protected by measured boot, is mutable and unencrypted. This enables an attacker with physical access to the device t...

8.8CVSS5.4AI score0.0016EPSS
Exploits0References7Affected Software1
Snyk
Snyk
added 2026/02/04 8:46 p.m.4 views

Insecure Storage of Sensitive Information

Overview Affected versions of this package are vulnerable to Insecure Storage of Sensitive Information due to the /config partition not being protected by measured boot, mutable, and unencrypted. An attacker can gain unauthorized root access by physically removing the disk, modifying the /config...

8.8CVSS8AI score0.0016EPSS
Exploits0References3
OSV
OSV
added 2026/02/04 8:46 p.m.29 views

GHSA-3MQ9-XHGQ-R7GJ EVE: SSH as Root Unlockable Without Triggering Measured Boot

Impact On boot, the Pillar container checks for /config/authorizedkeys. If present with a valid public key, it enables SSH on port 22 with root login. The /config partition is not protected by measured boot, is mutable and unencrypted. This enables an attacker with physical access to the device t...

5.9CVSS5.5AI score0.0016EPSS
Exploits0References7
EUVD
EUVD
added 2026/02/04 8:46 p.m.21 views

EUVD-2023-48031

EVE: SSH as Root Unlockable Without Triggering Measured Boot...

8.8CVSS7.9AI score0.0016EPSS
Exploits0References6
EUVD
EUVD
added 2026/02/04 8:43 p.m.6 views

EUVD-2023-48030

EVE Doesn't Measure Config Partition From 2 Fronts...

8.8CVSS8AI score0.00107EPSS
Exploits0References6
Rows per page
Query Builder