Lucene search
K

3607 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in grub2

A flaw was discovered in grub2. When performing a symlink lookup from a romfs filesystem, grub’s romfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size. However, it improperly checks for integer overflows. A maliciously crafted...

6.4CVSS7AI score0.00253EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in edk2

The Ubuntu edk2 UEFI firmware packages accidentally allowed access to the UEFI Shell in Secure Boot environments, potentially enabling bypass of Secure Boot restrictions. Versions 2024.05-2ubuntu0.3 and 2024.02-2ubuntu0.3 disable the Shell. Some earlier versions introduced a security measure base...

8.8CVSS5.7AI score0.00113EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in grub2

A flaw was discovered in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read without sufficient bounds checking, assuming that the USB device provides valid values. If exploited properly, an attacker could cause memory corruption, leading to arbitrary code...

7.6CVSS7.4AI score0.00794EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in grub2

A flaw was discovered in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module that serves as a dependency without checking whether any other dependent modules are still loaded, resulting in a “use-after-free” scenario. This could allow arbitrary code to be...

8.2CVSS7AI score0.01152EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.11 views

Astra Linux – Vulnerability in grub2

A flaw was discovered in grub2 in versions prior to 2.06, where it incorrectly enabled the use of the ACPI command when Secure Boot was enabled. This flaw allows an attacker with privileged access to create a Secondary System Description Table SSDT containing code that can overwrite the Linux...

7.5CVSS6.8AI score0.01738EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in grub2

A out-of-bounds write flaw was discovered in grub2’s NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, resulting in corruption of grub’s heap metadata. In some cases, the attack may also corrupt the UEFI firmware heap metadata. As a...

7.8CVSS7.2AI score0.00536EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in grub2

A crafted 16-bit grayscale PNG image may lead to an out-of-bounds write in the heap area. An attacker may exploit this to cause heap data corruption or, ultimately, arbitrary code execution and circumvent secure boot protections. This issue is highly complex to exploit; an attacker needs to perfo...

4.5CVSS7.3AI score0.00462EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in grub2

A carefully crafted JPEG image may cause the JPEG reader to underflow its data pointer, allowing user-controlled data to be written into the heap. For the attack to succeed, the attacker must analyze the heap layout and create an image with malicious format and payloads. This vulnerability can le...

7CVSS7.5AI score0.00456EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in grub2

A flaw was discovered in grub2. When reading data from a squash4 filesystem, grub’s squash4 fs module uses user-controlled parameters from the filesystem’s geometry to determine the internal buffer size. However, it improperly checks for integer overflows. A maliciously crafted filesystem may cau...

7.8CVSS7.2AI score0.00275EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in grub2

A flaw was discovered in grub2. When performing a symlink lookup, the grub’s UFS module checks the data size of the inode to allocate an internal buffer to read the file content. However, it fails to check whether the data size of the symlink has exceeded its allocated limit. As a result, the...

6.4CVSS7AI score0.00318EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/19 7:57 p.m.11 views

CVE-2026-40003

ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any location in BootROM runtime memory, thereby overwriting the stack, hijacking the execution flow,...

6.8CVSS6.1AI score0.00296EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/13 8:23 p.m.9 views

CVE-2026-41097

Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

6.7CVSS5.8AI score0.01421EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 6:30 p.m.30 views

EUVD-2026-29685

Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

6.7CVSS5.8AI score0.01421EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 6:17 p.m.7 views

CVE-2026-41097

Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

6.7CVSS0.01421EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 4:59 p.m.32 views

CVE-2026-41097 Secure Boot Security Feature Bypass Vulnerability

...

6.7CVSS0.01421EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 4:59 p.m.48 views

CVE-2026-41097

CVE-2026-41097 describes a local security bypass in Windows Secure Boot caused by reliance on a non-updateable component. An authorized attacker could bypass a security feature locally. The CVE’s metrics show a medium base score (CVSS 3.1: 6.7; Local attack vector; high confidentiality/integrity/...

6.7CVSS5.8AI score0.01421EPSS
Exploits0References1Affected Software11
Vulnrichment
Vulnrichment
added 2026/05/12 4:59 p.m.16 views

CVE-2026-41097 Secure Boot Security Feature Bypass Vulnerability

...

6.7CVSS5.8AI score0.01421EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 4:59 p.m.11 views

CVE-2026-41097

Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

6.7CVSS5.8AI score0.01421EPSS
Exploits0References2Affected Software13
Microsoft KB
Microsoft KB
added 2026/05/12 2:0 p.m.45 views

May 12, 2026—KB5087420 (OS Build 22631.7079)

May 12, 2026—KB5087420 OS Build 22631.7079 ​​​​​This cumulative update for Windows 11, version 23H2 KB5087420, includes the latest security fixes and improvements, along with non-security updates from last month’s optional preview release. To learn more about differences between security updates,...

9.8CVSS6.1AI score0.02419EPSS
Exploits4
Microsoft KB
Microsoft KB
added 2026/05/12 2:0 p.m.31 views

May 12, 2026—Hotpatch KB5087424 (OS Build 20348.5074)

None None...

9.8CVSS6.9AI score0.99962EPSS
Exploits56
Rows per page
Query Builder