CVE-2021-27430

GE UR bootloader binary versions 7.00–7.02 include unused hardcoded credentials. With physical access to the UR Intelligent Electronic Device, an attacker can interrupt the boot sequence by rebooting the UR. The issue is fixed by upgrading UR firmware to 8.10 or newer (GE publication GES-2021-004...

Intel Kernelflinger 缓冲区错误漏洞

Intel Kernelflinger is an Intel Uefi bootloader for Android /Brillo from Intel Corporation USA. A buffer error vulnerability exists in the Intel Kernelflinger open source project, which stems from a potential security hole in the Kernelflinger open source project maintained by Intel. An attacker...

The vulnerability of the Grub2 operating system loader’s “cutmem” command implementation allows a perpetrator to gain access to confidential data, affect the integrity of the data, and cause service failures.

The vulnerability of the cutmem command in the Grub2b operating system loader is related to a violation of authentication mechanisms. Exploiting this vulnerability can allow an attacker to access confidential data, compromise data integrity, and cause service failures...

The vulnerability of Grub2 operating system loaders, related to the operation of operations outside the buffer in memory, allows attackers to gain access to confidential data, affect data integrity, and cause service failures.

The vulnerability of Grub2 operating system loaders is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability can allow attackers to access confidential data, compromise data integrity, and cause service failures...

The vulnerability of Grub2 operating system loaders, related to the operation of operations outside the buffer in memory, allows attackers to gain access to confidential data, affect data integrity, and cause service failures.

The vulnerability of Grub2 operating system loaders is related to the operation of data beyond the buffer in memory, without checking data from the USB device. Exploiting this vulnerability can allow an attacker to access confidential data, compromise data integrity, and cause service failures...

Fedora: Security Advisory for grub2 (FEDORA-2021-73d63662b0)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 34 Update: grub2-2.06-9.fc34

The GRand Unified Bootloader GRUB is a highly configurable and customizable bootloader with modular architecture. It supports a rich variety of kernel formats, file systems, computer architectures and hardware devices...

[SECURITY] Fedora 35 Update: grub2-2.06-10.fc35

The GRand Unified Bootloader GRUB is a highly configurable and customizable bootloader with modular architecture. It supports a rich variety of kernel formats, file systems, computer architectures and hardware devices...

CVE-2021-37188

An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may load customized firmware because the bootloader does not verify that it is authentic, changing the behavior of the gateway...

Digi International Digi TransPort 数据伪造问题漏洞

The Digi International Digi TransPort is a full-featured cellular router from Digi International USA. The Digi TransPort suffers from a Data Forgery Issue vulnerability that originates from an authenticated attacker who could use the vulnerability to potentially load customized firmware since the...

Security Bulletin: This Power System update is being released to address CVE 2018-1992

Summary POWER9: In response to a buffer overflow vulnerability on the boot loader, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE 2018-1992. Vulnerability Details CVEID: CVE-2018-1992 DESCRIPTION: The IBM POWER9 boot firmware'...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android 11 has a security vulnerability that stems from a security flaw in the system's Pixel Bootloader...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android 11 has a security vulnerability that stems from a security flaw in the system's Pixel Bootloader...

grub2 安全漏洞

grub2 is a Linux system boot program from the American GNU community. A security vulnerability exists in grub2 that stems from incorrect permissions in grub.cfg, which allow unprivileged users to read the contents of the file...

New 'Moses Staff' Hacker Group Targets Israeli Companies With Destructive Attacks

A new politically-motivated hacker group named "Moses Staff" has been linked to a wave of targeted attacks targeting Israeli organizations since September 2021 with the goal of plundering and leaking sensitive information prior to encrypting their networks, with no option to regain access or...

AMD Secure Processor 输入验证错误漏洞

AMD Secure Processor ASP is a standalone ARM Coretex-A5 chip from AMD. An input validation error vulnerability exists in multiple AMD products that stems from incorrect input and range checking in the Platform Secure Processor PSP bootloader image header that could allow an attacker to use...

grub2: Use-after-free in rmmod command

A flaw was found in grub2. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The...

Why the Raspberry Pi isn’t suitable for IoT

Let’s start by praising the Raspberry Pi: it has brought cheap computing to many, has inspired and enabled education and undoubtedly been a huge benefit. I use my own Pi daily, and we have often used its flexibility to perform hardware testing, from accessing UART to reading flash memory. So why ...

bootloader (>=0.10.0 <=0.10.13), libertyos_kernel (>=0.14.0 <=0.17.5) +1 more potentially affected by CVE-2020-36208 via conquer-once (=0.2.1)

conquer-once CARGO version =0.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on conquer-once and may be impacted: - bootloader =0.10.0, =0.14.0, =0.1.0, =0.2.6 Source cves: CVE-2020-36208 Source advisory: OSV:GHSA-3JC5-5HC5-33GJ...

CVE-2021-1111

Bootloader contains a vulnerability in the NV3P server where any user with physical access through USB can trigger an incorrect bounds check, which may lead to buffer overflow, resulting in limited information disclosure, limited data integrity, and denial of service across all components...