Format string

The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file...

Format string

The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file...

CVE-2016-9380

CVE-2016-9380 affects the Xen pygrub boot loader emulator. When nul-delimited output is requested, a local pygrub-using guest OS administrator can read or delete arbitrary files on the host by manipulating the bootloader configuration with NUL bytes. The vulnerability arises from how pygrub outpu...

CVE-2016-9379

The CVE-2016-9379 issue affects the Xen pygrub boot loader emulator: when S-expression output is requested, string quotes and S-expressions in the bootloader config can cause information disclosure (read/delete host files) and potential privilege escalation. The vulnerability is caused by delimit...

CVE-2016-9379

The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file...

CVE-2016-9380

The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file...

CVE-2017-5554

An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2. The attacker can reboot the device into the fastboot mode, which could be done without any authentication. A physical attacker can press the "Volume Up" button during device boot, where an attacker with ADB access can iss...

Privilege escalation

An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. This issue is rated as High because it is a local permanent denial of service device interoperability: completely permanent or requiring re-flashing the entir...

CVE-2016-8467

An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. This issue is rated as High because it is a local permanent denial of service device interoperability: completely permanent or requiring re-flashing the entir...

CVE-2016-8467

An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. This issue is rated as High because it is a local permanent denial of service device interoperability: completely permanent or requiring re-flashing the entir...

UBUNTU-CVE-2016-8467

An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. This issue is rated as High because it is a local permanent denial of service device interoperability: completely permanent or requiring re-flashing the entir...

CVE-2016-8467

An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. This issue is rated as High because it is a local permanent denial of service device interoperability: completely permanent or requiring re-flashing the entir...

CVE-2016-8467

CVE-2016-8467 describes a local elevation-of-privilege flaw in the Nexus bootloader that lets an attacker change the boot mode via fastboot (e.g., fastboot oem config bootmode bp-tools), thereby gaining access to the device and potentially hidden USB interfaces. The described attack alters the an...

CVE-2016-8467

An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. This issue is rated as High because it is a local permanent denial of service device interoperability: completely permanent or requiring re-flashing the entir...

CVE-2016-8461

An information disclosure vulnerability in the bootloader could enable a local attacker to access data outside of its permission level. This issue is rated as High because it could be used to access sensitive data. Product: Android. Versions: Kernel-3.18. Android ID: A-32369621...

CVE-2016-8461

An information disclosure vulnerability in the bootloader could enable a local attacker to access data outside of its permission level. This issue is rated as High because it could be used to access sensitive data. Product: Android. Versions: Kernel-3.18. Android ID: A-32369621...

CVE-2016-8462

An information disclosure vulnerability in the bootloader could enable a local attacker to access data outside of its permission level. This issue is rated as High because it could be used to access sensitive data. Product: Android. Versions: N/A. Android ID: A-32510383...

CVE-2016-8462

An information disclosure vulnerability in the bootloader could enable a local attacker to access data outside of its permission level. This issue is rated as High because it could be used to access sensitive data. Product: Android. Versions: N/A. Android ID: A-32510383...

CVE-2016-8423

An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the...

Information disclosure

An information disclosure vulnerability in the bootloader could enable a local attacker to access data outside of its permission level. This issue is rated as High because it could be used to access sensitive data. Product: Android. Versions: N/A. Android ID: A-32510383...