Lucene search
K

160 matches found

Positive Technologies
Positive Technologies
added 2023/05/04 12:0 a.m.4 views

PT-2023-18242 · Unknown · Bootloader

Name of the Vulnerable Software and Affected Versions: Bootloader versions prior to SMR May-2023 Release 1 Description: A heap out-of-bounds write issue allows a physical attacker to execute arbitrary code. Recommendations: For versions prior to SMR May-2023 Release 1, update to SMR May-2023...

7.1CVSS6.9AI score0.00267EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/05/04 12:0 a.m.5 views

SAMSUNG Mobile devices 缓冲区错误漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, and more, from the South Korean company Samsung SAMSUNG. A security vulnerability previously existed in SAMSUNG Mobile devices SMR May-2023 Release 1 version, which stemmed from a bootloader program that...

7.1CVSS7AI score0.00267EPSS
Exploits0References2
Code423n4
Code423n4
added 2023/03/18 12:0 a.m.11 views

Operator can cause funds to be stolen by manipulating gas fee refund

Lines of code Vulnerability details Impact An operator can manipulate the refund of gas fee mechanism to steal from the bootloader balance. Inside refundCurrentL2Transaction function in the bootloader where the refund is happening for the refund recipient at L1097, the operator provides a value f...

6.6AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/03/01 12:0 a.m.9 views

The vulnerability of the Bootloader component of AMD processors allows a hacker to trigger a system failure.

The vulnerability of the Bootloader component of AMD processors exists due to insufficient checking of input data. Exploiting this vulnerability can allow a malicious actor to cause service failure remotely...

6.8CVSS6.5AI score0.00595EPSS
Exploits0References3Affected Software1
Sick AG
Sick AG
added 2023/02/20 2:0 p.m.10 views

Bootloader mode vulnerability in Flexi Soft Gateways v3

The SICK PSIRT received a report about a Missing Authentication for Critical Function vulnerability in the firmware of FX0-GPNT v3 and FX0-GENT v3. This vulnerability was introduced with the hardware redesign of the v3 of FX0-GENT and FX0-GPNT as part of the implementation of the RK512 protocol...

9.1CVSS6.9AI score0.01098EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 3:24 a.m.4 views

SUSE CVE-2022-34835

In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the doi2cmd function...

7.8CVSS7.7AI score0.02006EPSS
Exploits1References10
BDU FSTEC
BDU FSTEC
added 2023/02/15 12:0 a.m.5 views

The vulnerability of the ASP Bootloader for AMD processors allows a hacker to trigger a system failure.

The vulnerability of the ASP Bootloader for AMD processors arises from an operation that occurs outside the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause a service failure remotely...

6.8CVSS6.8AI score0.00595EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/01/10 12:0 a.m.4 views

PT-2023-1372 · Unknown · Asp Bootloader

Name of the Vulnerable Software and Affected Versions: ASP Bootloader affected versions not specified Description: The issue is related to insufficient syscall input validation in the ASP Bootloader, which may allow a privileged attacker to read memory outside the bounds of a mapped register,...

6.8CVSS7.2AI score0.00595EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/01/10 12:0 a.m.13 views

PT-2023-12087 · Amd · Amd Secure Processor

Name of the Vulnerable Software and Affected Versions: AMD Secure Processor affected versions not specified Description: The issue is related to the failure to validate the integer operand in the ASP bootloader, which may allow an attacker to introduce an integer overflow in the L2 directory tabl...

5.5CVSS4.6AI score0.00212EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/01/06 9:4 p.m.10 views

CVE-2022-2483

The bootloader in the Nokia ASIK AirScale system module versions 474021A.101 and 474021A.102 loads public keys for firmware verification signature. If an attacker modifies the flash contents to corrupt the keys, secure boot could be permanently disabled on a given device...

8.4CVSS6.9AI score0.0022EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/11/02 5:25 p.m.26 views

CVE-2022-24936 Gecko Standalone Bootloader vulnerability may allow bypassing application secure boot in some Series 2 devices

Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade...

8.3CVSS9.3AI score0.00804EPSS
Exploits1References2
Pen Test Partners Blog
Pen Test Partners Blog
added 2022/10/19 5:21 a.m.33 views

Moto E20 Readback Vulnerability

09/11/2022 Update: CVE ID CVE-2022-3917 has been reserved, with Lenovo to publish the Advisory Summary. TL;DR The Motorola E20 is an entry-level smartphone that uses a Unisoc system-on-chip. Motorola holds around 10% of the US smartphone market, though the sales of the E20 as a subset of that are...

1.5AI score0.00173EPSS
Exploits0
OSV
OSV
added 2022/09/23 1:15 p.m.2 views

DEBIAN-CVE-2022-2347

There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download...

7.1CVSS7.8AI score0.00581EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/08/09 12:0 a.m.3 views

PT-2022-4106

Name of the Vulnerable Software and Affected Versions New Horizon Datasys bootloaders before 2022-06-01 Description A flaw was found in the bootloaders, allowing an attacker to bypass or tamper with Secure Boot protections. To load and execute arbitrary code in the pre-boot stage, an attacker nee...

7.2CVSS7AI score0.01037EPSS
Exploits0References30
ATTACKERKB
ATTACKERKB
added 2022/07/28 4:15 p.m.6 views

CVE-2022-30316

Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0054, there is a Honeywell Experion PKS Safety Manager unauthenticated firmware update issue. The affected components are characterized as: Firmware update functionality. The...

6.8CVSS7.3AI score0.00361EPSS
Exploits0References3
Prion
Prion
added 2022/05/12 6:16 p.m.22 views

Out-of-bounds

A malicious or compromised UApp or ABL may be used by an attacker to send a malformed system call to the bootloader, resulting in out-of-bounds memory accesses...

4.6CVSS7.7AI score0.00229EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/05/10 12:0 a.m.5 views

AMD EPYC 安全漏洞

AMD EPYC is an x86 server microprocessor product line from AMD, known as "Xiao Long" in Chinese, which utilizes the Zen microarchitecture. A security vulnerability exists in AMD EPYC UApp/ABL. The vulnerability can be exploited by an attacker to corrupt arbitrary memory by bootloading a program,...

6.2CVSS6.6AI score0.0023EPSS
Exploits0References4
Cvelist
Cvelist
added 2021/08/11 9:33 p.m.26 views

CVE-2021-1111

Bootloader contains a vulnerability in the NV3P server where any user with physical access through USB can trigger an incorrect bounds check, which may lead to buffer overflow, resulting in limited information disclosure, limited data integrity, and denial of service across all components...

6.7CVSS6.8AI score0.00281EPSS
Exploits0References1
CNVD
CNVD
added 2021/07/12 12:0 a.m.10 views

Samsung Tizen Code Injection Vulnerability (CNVD-2021-51433)

Samsung Tizen is an open-source Linux-based mobile operating system from Samsung, South Korea, for smartphones, tablets, smartwatches, netbooks, in-vehicle messaging and entertainment devices, and smart TVs. Samsung Tizen suffers from a code injection vulnerability that stems from an input...

9.8CVSS7.7AI score0.01675EPSS
Exploits0References1
OSV
OSV
added 2021/06/22 10:15 p.m.4 views

CVE-2021-34396

Bootloader contains a vulnerability in access permission settings where unauthorized software may be able to overwrite NVIDIA MB2 code, which would result in limited denial of service...

2.3CVSS5.8AI score0.00197EPSS
Exploits0References1
Rows per page
Query Builder