UBUNTU-CVE-2026-43363

In the Linux kernel, the following vulnerability has been resolved: x86/apic: Disable x2apic on resume if the kernel expects so When resuming from s2ram, firmware may re-enable x2apic mode, which may have been disabled by the kernel during boot either because it doesn't support IRQ remapping or f...

PT-2026-39024

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the x86 APIC implementation where firmware may re-enable x2apic mode during resume from s2ram Suspend to RAM, even if the kernel disabled it during boot due to lack of...

EVE: SSH as Root Unlockable Without Triggering Measured Boot

Impact On boot, the Pillar container checks for /config/authorizedkeys. If present with a valid public key, it enables SSH on port 22 with root login. The /config partition is not protected by measured boot, is mutable and unencrypted. This enables an attacker with physical access to the device t...

Lenovo ThinkPad BIOS 安全漏洞

Lenovo ThinkPad BIOS is a program for booting the system of a laptop from the Chinese company Lenovo Lenovo. A security vulnerability exists in the Lenovo ThinkPad BIOS that stems from improper validation of the Secure Boot configuration in the BIOS, which could result in Secure Boot being disabl...

EUVD-2024-54268

Malicious code in bioql PyPI...

CVE-2024-45483

A Missing Authentication for Critical Function vulnerability in the GRUB configuration used B&R APROL 4.4-01 may allow an unauthenticated physical attacker to alter the boot configuration of the operating system...

CVE-2024-45483 Missing GRUB password in B&R APROL

A Missing Authentication for Critical Function vulnerability in the GRUB configuration used B&R APROL 4.4-01 may allow an unauthenticated physical attacker to alter the boot configuration of the operating system...

CVE-2024-45483

CVE-2024-45483 affects B&R APROL

CVE-2025-20143 Cisco IOS XR Software Secure Boot Bypass Vulnerability

A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Secure Boot functionality and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges o...

CVE-2024-56181

A vulnerability has been identified in SIMATIC Field PG M5 All versions, SIMATIC IPC BX-21A All versions V31.01.07, SIMATIC IPC BX-32A All versions V29.01.07, SIMATIC IPC BX-39A All versions V29.01.07, SIMATIC IPC BX-59A All versions V32.01.04, SIMATIC IPC PX-32A All versions V29.01.07, SIMATIC I...

CVE-2024-56181

CVE-2024-56181 affects Siemens SIMATIC devices (e.g., Field PG M5, IPC BX-21A/BX-32A/BX-39A/BX-59A, PX-32A/PX-39A, RC/RW families, IPC127E/227E/277E/3000/327G/347G/377G/427E/477E/527G/627E/647E/677E/847E, ITP1000, etc.). The vulnerability stems from insufficient protection of EFI variables stored...

CVE-2024-20456

A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Cisco Secure Boot functionality and load unverified software on an affected device. To exploit this successfully, the attacker must have root-system...

Cisco IOS XR Security Vulnerability

Cisco IOS XR is a set of operating systems developed by the U.S.-based Cisco for its network devices. A security vulnerability exists in Cisco IOS XR that stems from an error in the software build process and could allow an attacker to take control of the boot configuration, which would allow the...

Authentication Bypass

org.apache.shiro: shiro-spring is vulnerable to Authentication Bypass. The vulnerability is due to different pattern matching techniques between Spring-Boot 2.6+ and Apache Shiro. This can result in an authentication bypass. As a workaround, set the following Spring Boot configuration value:...

PVS target devices will not HA failover to another PVS server.

PVS target devices will not HA failover to another PVS server. Targets devices will freeze until the original server they were streaming from is available again. HA related configurations can be checked: The vdisk should beconfigured to use cache in ram with overflow to local device hard disk, an...

"Failed to convert Boot Configuration Data. The system cannot find the file specified. (0x00000002)"

Attemtpting to run P2pvs and get error "Failed to convert Boot Configuration Data. The system cannot find the file specified. 0x00000002" Followed https://support.citrix.com/article/CTX202159 and still same issue...

Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign

This guide provides steps that organizations can take to assess whether users have been targeted or compromised by threat actors exploiting CVE-2022-21894 via a Unified Extensible Firmware Interface UEFI bootkit called BlackLotus. UEFI bootkits are particularly dangerous as they run at computer...

[SECURITY] Fedora 36 Update: ignition-2.14.0-3.fc36

Ignition is a utility used to manipulate systems during the initramfs. This includes partitioning disks, formatting partitions, writing files regular files, systemd units, etc., and configuring users. On first boot, Ignition reads its configuration from a source of truth remote URL, network...

Das U-Boot Input Validation Error Vulnerability

Das U-Boot is a boot loader program mainly for embedded systems. The program supports many different computer system architectures such as PPC, ARM, AVR32, MIPS, x86, 68k, Nios and MicroBlaze. An input validation error vulnerability exists in Das U-Boot 2020.01 and earlier versions, which can be...

PT-2020-12267 · Denx +2 · Das U-Boot +2

Name of the Vulnerable Software and Affected Versions: Das U-Boot versions through 2020.01 Description: The issue allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration...