Google Android 安全漏洞

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. An elevation of privilege vulnerability exists in the Google Android MediaTek component bootloader. An attacker can exploit this vulnerability to achieve elevation of privilege...

PT-2024-10649 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software or version information is provided. Description: The issue is related to a possible out of bounds write in the bootloader due to a missing bounds check. This could lead to a local escalation of privilege with no additiona...

grub2 安全漏洞

grub2 is a Linux system boot program from the American GNU community. A security vulnerability exists in grub2 that originates from allowing an attacker with access to the grub shell to access files on an encrypted disk...

Google Pixel 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to a flaw in the ABL component that can be exploited by an attacker to escalate privileges...

PUB-A-325927059

There is a possible Local bypass of user interaction due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

greenboot bug fix and enhancement update

An update is available for greenboot. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Generic Health Check Framework for systemd. Bug Fixes and Enhancements: R4E...

CVE-2024-22013

U-Boot environment is read from unauthenticated partition...

CLSA-2024-1724434789 grub2: Fix of CVE-2023-4693

CVE-2023-4693: ntfs: fix an out-of-bounds read flaw on NTFS filesystem driver...

How to root an Android device for analysis and vulnerability assessment

TL;DR Rooting is useful for Android assessments The process is relatively simple It will wipe all user data from the device and void any warranty Introduction For mobile testing, be it for apps or hardware, having complete control over the device is essential for analysis and vulnerability...

DENX Software Engineering Das U-Boot 安全漏洞

DENX Software Engineering Das U-Boot is a Universal Bootloader from DENX Software Engineering, Germany. A security vulnerability exists in DENX Software Engineering Das U-Boot. An attacker exploiting this vulnerability could leak between 4 and 32 bytes of memory stored behind packets to the netwo...

August 13, 2024—KB5041573 (OS Build 25398.1085)

August 13, 2024—KB5041573 OS Build 25398.1085 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server, version 23H2, see its update history page. Improvements This security update...

Google Patches New Android Kernel Vulnerability Exploited in the Wild

Google has addressed a high-severity security flaw impacting the Android kernel that it said has been actively exploited in the wild. The vulnerability, tracked as CVE-2024-36971, has been described as a case of remote code execution impacting the kernel. "There are indications that CVE-2024-3697...

Bootloaders explained

TL;DR Modern computers have a program that starts the operating system, known as a bootloader Bootloaders can be communicated with to access storage and sometimes RAM directly They are all individual to the chipset in use. Bootloaders explained In its simplest form, a bootloader is a low-level...

PT-2024-11656 · Kostal · Kostal Piko 1.5-1 Mp Plus Hmi Oem P

Name of the Vulnerable Software and Affected Versions: Kostal PIKO 1.5-1 MP plus HMI OEM p version 1.0.1 Description: The web application for the Solar Panel is vulnerable to a Stored Cross-Site Scripting XSS attack on the API endpoint "/file.bootloader.upload.html". The application fails to...

CVE-2024-38279

The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes...

CVE-2024-38279

The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes...

CVE-2024-38279 Authentication Bypass Using an Alternate Path or Channel in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)

The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes...

CVE-2024-38279 Authentication Bypass Using an Alternate Path or Channel in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)

The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes...

Google Warns of Pixel Firmware Security Flaw Exploited as Zero-Day

Google has warned that a security flaw impacting Pixel Firmware has been exploited in the wild as a zero-day. The high-severity vulnerability, tagged as CVE-2024-32896, has been described as an elevation of privilege issue in Pixel Firmware. The company did not share any additional details relate...

PT-2024-27917 · Motorola Solutions +1 · Vigilant Fixed Lpr Coms Box +2

Name of the Vulnerable Software and Affected Versions: Affected product affected versions not specified Description: The issue allows an attacker to modify the bootloader by using custom arguments to bypass authentication, gaining access to the file system and obtaining password hashes...