GNU GRUB 安全漏洞

GNU GRUB is a Linux system boot program from the GNU community. GNU GRUB suffers from an out-of-bounds write vulnerability, which stems from an unvalidated UFS symbolic link length, that can be exploited by attackers to inject malicious code and tamper with critical data in memory...

GNU GRUB 缓冲区错误漏洞

GNU GRUB2 is an open source bootloader used to load the operating system kernel when the computer boots. GNU GRUB2 suffers from a buffer overflow vulnerability that originates from an integer overflow when reading data from the squash4 file system. An attacker can exploit this vulnerability to...

GNU GRUB 输入验证错误漏洞

GRUB2 is a multiple bootloader for the GNU Project. GNU GRUB2 suffers from a buffer overflow vulnerability that stems from a buffer overflow problem contained in reading the BFS file system. An attacker could exploit this vulnerability to cause a denial of service...

GNU GRUB 缓冲区错误漏洞

GNU GRUB2 is a Linux system bootloader from the GNU community. GNU GRUB2 suffers from a buffer overflow vulnerability that stems from the reiserfs fs module not properly checking for integer overflow issues, which can be exploited by an attacker to cause a heap out-of-bounds write, corrupt critic...

GNU GRUB 安全漏洞

GNU GRUB is a Linux system boot program from the GNU community. A security vulnerability exists in GNU GRUB, which originates from a memory allocation failure unchecked null pointer, which can cause a system crash or IVT data corruption...

GNU GRUB 安全漏洞

GRUB2 is a multiple bootloader for the GNU Project. GNU GRUB2 suffers from an out-of-bounds write vulnerability that stems from a flaw found in the HFS file system. No details of the vulnerability are provided at this time...

GNU GRUB 缓冲区错误漏洞

GNU GRUB is a Linux system boot program from the GNU community. A buffer error vulnerability exists in GNU GRUB, which originates in the grub-core/gettext module, where the system does not properly limit the size of the data, and can be exploited by an attacker to run arbitrary code in the contex...

GNU GRUB 缓冲区错误漏洞

GRUB2 is a multiple bootloader for the GNU Project. A buffer overflow vulnerability exists in GNU GRUB2, which stems from the fact that when reading a tar file, GRUB2 allocates an internal buffer for the filename, and does not properly validate the allocation for a possible integer overflow. An...

GNU GRUB 缓冲区错误漏洞

GNU GRUB is a Linux system boot program from the GNU community. GNU GRUB suffers from a buffer overflow vulnerability, which stems from an integer overflow problem contained in the read module, that can be exploited by an attacker to overwrite sensitive information, thereby bypassing secure boot...

Wattsense Bridge 6.x Remote Root / Information Disclosure

Wattsense Bridge suffers a multitude of security issues. The JTAG interface can be accessed with physical access to the PCB. After connecting to the interface, full access to the device is possible. A serial interface can be accessed with physical access to the PCB. After connecting to the...

CVE-2025-26409 Access to Bootloader and Shell Over Serial Interface

A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the interface, access to the bootloader is possible, as well as a Linux login prompt. The bootloader access can be used to gain a root shell on the device. This issue is fixed...

CVE-2025-26409

Wattsense Bridge devices are affected. A serial interface accessible with physical access to the PCB can grant bootloader access and a Linux login prompt, enabling a root shell via the bootloader. This stems from exposed serial/bootloader interfaces on the device when physically tampered. The iss...

CVE-2025-26409 Access to Bootloader and Shell Over Serial Interface

A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the interface, access to the bootloader is possible, as well as a Linux login prompt. The bootloader access can be used to gain a root shell on the device. This issue is fixed...

PT-2025-6173 · Wattsense · Wattsense Bridge

Name of the Vulnerable Software and Affected Versions: Wattsense Bridge devices versions prior to BSP 6.4.1 Description: A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the interface, access to the bootloader is possible, as well...

CVE-2025-20892

Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release 1 allows physical attackers to allow to execute fastboot command. User interaction is required for triggering this vulnerability...

CVE-2024-20397

A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification. This vulnerability is due to insecure...

CVE-2022-24936

Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade...

CVE-2022-2483

The bootloader in the Nokia ASIK AirScale system module versions 474021A.101 and 474021A.102 loads public keys for firmware verification signature. If an attacker modifies the flash contents to corrupt the keys, secure boot could be permanently disabled on a given device...

CVE-2024-32883

MCUboot is a secure bootloader for 32-bits microcontrollers. MCUboot uses a TLV tag-length-value structure to represent the meta data associated with an image. The TLVs themselves are divided into two sections, a protected and an unprotected section. The protected TLV entries are included as part...

CVE-2025-20892

Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release 1 allows physical attackers to allow to execute fastboot command. User interaction is required for triggering this vulnerability...