12 matches found
CVE-2026-8320
CVE-2026-8320 affects jishenghua jshERP up to 3.6. The vulnerability is in the getUserByWeixinCode function of jshERP-boot/src/main/java/com/jsh/erp/service/UserService.java within the updatePlatformConfigByKey Endpoint. Manipulating the weixinUrl argument leads to server-side request forgery (SS...
EUVD-2021-13128
Malware in sbrugna...
Secure Boot bypass Vulnerability in PRIMERGY
Overview PRIMERGY is an IA server provided by Fsas Technologies Inc. PRIMERGY contains a vulnerability where Secure Boot function is bypassed. This is due to a vulnerability called "PKFail" CVE-2024-8105, which was publicly disclosed by Binarly. Fsas Technologies Inc. reported this vulnerability ...
JVN#49873988: Secure Boot bypass Vulnerability in PRIMERGY
PRIMERGY is an IA server provided by Fsas Technologies Inc. PRIMERGY contains a vulnerability where Secure Boot function is bypassed. This is due to a vulnerability called "PKFail" CVE-2024-8105, which was publicly disclosed by Binarly. Impact The product's Secure Boot function may be bypassed an...
Insecure Platform Key (PK) used in UEFI system firmware signature
Overview A vulnerability in the user of hard-coded Platform Keys PK within the UEFI framework, known as PKfail, has been discovered. This flaw allows attackers to bypass critical UEFI security mechanisms like Secure Boot, compromising the trust between the platform owner and firmware and enabling...
CVE-2024-8105 Insecure Platform Key (PK) used in UEFI system firmware signature
A vulnerability related to the use an insecure Platform Key PK has been discovered. An attacker with the compromised PK private key can create malicious UEFI software that is signed with a trusted key that has been compromised...
CVE-2024-8105 Insecure Platform Key (PK) used in UEFI system firmware signature
A vulnerability related to the use an insecure Platform Key PK has been discovered. An attacker with the compromised PK private key can create malicious UEFI software that is signed with a trusted key that has been compromised...
PT-2024-5891 · Unknown · Uefi Firmware
Name of the Vulnerable Software and Affected Versions: UEFI firmware affected versions not specified Description: A vulnerability related to the use of an insecure Platform Key PK has been discovered. An attacker with the compromised PK private key can create malicious UEFI software that is signe...
SuperMicro BIOS 安全漏洞
SuperMicro BIOS is a software from SuperMicro, Inc. that is stored on a small memory chip on the motherboard. A security vulnerability exists in SuperMicro BIOS that stems from the use of an insecure platform key PK, where an attacker utilizing a compromised PK private key can create malicious UE...
CVE-2021-26322
Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”...
CVE-2021-26322
Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”...
Linux Foundation Says UEFI Doesn't Have to Prevent Other OS Installations
The Linux Foundation has released a document outlining ways in which the UEFI secure boot specification can be used to support the installation of Linux and other open operating systems on UEFI-enabled hardware. As long as hardware vendors set up their systems in the proper way, UEFI should be no...