1768 matches found
CVE-2023-4041
Buffer Copy without Checking Size of Input 'Classic Buffer Overflow', Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM Firmware Update File Parser modules allows Code Injection, Authentication Bypass.This issue affects "Standalone...
Buffer overflow
Buffer Copy without Checking Size of Input 'Classic Buffer Overflow', Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM Firmware Update File Parser modules allows Code Injection, Authentication Bypass.This issue affects "Standalone...
CVE-2023-4041 Second Stage Gecko Bootloader GBL Parser Buffer Overrun Vulnerability
Buffer Copy without Checking Size of Input 'Classic Buffer Overflow', Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM Firmware Update File Parser modules allows Code Injection, Authentication Bypass.This issue affects "Standalone...
CVE-2023-4041
Silicon Labs Gecko Bootloader (ARM) contains a Buffer Copy without Checking Size ('Classic Buffer Overflow') along with an Out-of-bounds Write and Download of Code Without Integrity Check in its Firmware Update File Parser. This vulnerability may allow Code Injection and Authentication Bypass in ...
Silicon Labs Gecko Bootloader 安全漏洞
Silicon Labs Gecko Bootloader is a bootloader from Silicon Labs, Inc. A security vulnerability exists in Silicon Labs Gecko Bootloader that stems from not checking input size, resulting in buffer overflows, out-of-bounds writes, and more...
CVE-2023-39950
efibootguard is a simple UEFI boot loader with support for safely switching between current and updated partition sets. Insufficient or missing validation and sanitization of input from untrustworthy bootloader environment files can cause crashes and probably also code injections into bgsetenv or...
Code injection
efibootguard is a simple UEFI boot loader with support for safely switching between current and updated partition sets. Insufficient or missing validation and sanitization of input from untrustworthy bootloader environment files can cause crashes and probably also code injections into bgsetenv or...
CVE-2023-39950 Insufficient input validation in efibootguard
efibootguard is a simple UEFI boot loader with support for safely switching between current and updated partition sets. Insufficient or missing validation and sanitization of input from untrustworthy bootloader environment files can cause crashes and probably also code injections into bgsetenv or...
CVE-2023-39950 Insufficient input validation in efibootguard
efibootguard is a simple UEFI boot loader with support for safely switching between current and updated partition sets. Insufficient or missing validation and sanitization of input from untrustworthy bootloader environment files can cause crashes and probably also code injections into bgsetenv or...
CVE-2023-39950 Insufficient input validation in efibootguard
efibootguard is a simple UEFI boot loader with support for safely switching between current and updated partition sets. Insufficient or missing validation and sanitization of input from untrustworthy bootloader environment files can cause crashes and probably also code injections into bgsetenv or...
The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain.
...
CVE-2023-3488 Uninitialized variable in Gecko Bootloader can leak secure stack
Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and earlier allows attacker to leak data from Secure stack via malformed GBL file...
CVE-2023-3488 Uninitialized variable in Gecko Bootloader can leak secure stack
Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and earlier allows attacker to leak data from Secure stack via malformed GBL file...
DEBIAN-CVE-2022-28734
Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's...
UBUNTU-CVE-2022-28735
The GRUB2's shimlock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain...
PT-2023-27441 · Silicon · Gecko Bootloader
Name of the Vulnerable Software and Affected Versions: Silicon Labs Gecko Bootloader versions affected versions not specified Description: The issue is a Buffer Copy without Checking Size of Input, also known as a 'Classic Buffer Overflow', which allows Code Injection and Authentication Bypass...
PT-2023-13634
Name of the Vulnerable Software and Affected Versions ZTE versions affected versions not specified Vivo versions affected versions not specified Description The issue concerns the locking of bootloaders by certain brands, with ZTE and Vivo being examples. ZTE has started blocking the vulnerabilit...
PT-2023-9234 · U-Boot · U-Boot
Name of the Vulnerable Software and Affected Versions: u-boot affected versions not specified Description: The issue is related to a bug in u-boot that allows for access to the u-boot shell and interrupt over UART. This is caused by a buffer overflow in memory. An attacker could exploit this to...
CVE-2021-46792
Time-of-check Time-of-use TOCTOU in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon an S3 resume event potentially leading to a denial of service...
CVE-2021-46754
Insufficient input validation in the ASP AMD Secure Processor bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU System Management Unit resulting in a potential loss of confidentiality and integrity...