OESA-2026-2079 shim security update

Initial UEFI bootloader that handles chaining to a trusted full \ bootloader under secure boot environments. Security Fixes: Issue summary: When a delta CRL that contains a Delta CRL Indicator extension is processed a NULL pointer dereference might happen if the required CRL Number extension is...

Linux Distros Unpatched Vulnerability : CVE-2017-3226

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. Devices that make use of Das U-Boot's AES-CBC encryption feature...

Linux Distros Unpatched Vulnerability : CVE-2023-39950

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - efibootguard is a simple UEFI boot loader with support for safely switching between current and updated partition sets. Insufficient or missing validation and...

CVE-2024-22013

U-Boot environment is read from unauthenticated partition...

CVE-2024-22013

U-Boot environment is read from unauthenticated partition...

CVE-2024-22013

CVE-2024-22013 concerns U-Boot where the environment is read from an unauthenticated partition. Multiple sources (NVD/Red Hat/CVE list/CNNVD) reiterate this root cause, but none provide concrete affected products, versions, or a fix. The CVSS base score is 5.3 (MEDIUM) with network attack vector ...

Google Nest Wifi Point和Google Nest Wifi Router 安全漏洞

Google Nest Wifi Point and Google Nest Wifi Router are both products of Google Inc.Google Nest Wifi Point is a device that extends an existing Wi-Fi network and has a built-in Google Assistant.Google Nest Wifi Router is a smart router. The Google Nest Wifi Point is a device that extends an existi...

PT-2023-24730 · Insyde · Insydeh2O

Name of the Vulnerable Software and Affected Versions: Insyde InsydeH2O versions 5.0 through 5.5 Description: An issue was discovered in SystemFirmwareManagementRuntimeDxe. The implementation of the GetImage method retrieves the value of a runtime variable named GetImageProgress, and later uses...

CVE-2022-40080

Stack overflow vulnerability in Aspire E5-475G 's BIOS firmware, in the FpGui module, a second call to GetVariable services allows local attackers to execute arbitrary code in the UEFI DXE phase and gain escalated privileges...

Abode Systems, Inc. iota All-In-One Security Kit web interface util_set_serial_mac OS command injection vulnerability

Talos Vulnerability Report TALOS-2022-1566 Abode Systems, Inc. iota All-In-One Security Kit web interface utilsetserialmac OS command injection vulnerability October 20, 2022 CVE Number CVE-2022-29472 SUMMARY An OS command injection vulnerability exists in the web interface utilsetserialmac...

[SECURITY] Fedora 36 Update: uboot-tools-2022.04-2.fc36

This package contains a few U-Boot utilities - mkimage for creating boot imag es and fwprintenv/fwsetenv for manipulating the boot environment variables...

Dell PowerEdge Buffer Overflow Vulnerability

Dell PowerEdge Server BIOS is a system update driver from Dell, a security vulnerability in Dell PowerEdge that could be exploited by attackers to cause a denial of service, execute arbitrary code, or compromise information in a UEFI or BIOS pre-boot environment...

Dell PowerEdge 缓冲区错误漏洞

Dell PowerEdge Server BIOS is a system update driver from Dell Dell. A security vulnerability exists in Dell PowerEdge, which can be exploited by an attacker to cause a denial of service, arbitrary code execution, or information disclosure in a UEFI or BIOS pre-boot environment...

CVE-2019-16258

The bootloader of the homee Brain Cube V2 through 2.23.0 allows attackers with physical access to gain root access by manipulating the U-Boot environment via the CLI after connecting to the internal UART interface...

CVE-2019-16258

The bootloader of the homee Brain Cube V2 through 2.23.0 allows attackers with physical access to gain root access by manipulating the U-Boot environment via the CLI after connecting to the internal UART interface...

Hardcoded credentials

The bootloader of the homee Brain Cube V2 through 2.23.0 allows attackers with physical access to gain root access by manipulating the U-Boot environment via the CLI after connecting to the internal UART interface...

CVE-2019-16258

The bootloader of the homee Brain Cube V2 through 2.23.0 allows attackers with physical access to gain root access by manipulating the U-Boot environment via the CLI after connecting to the internal UART interface...

rVMI: Perform Full System Analysis with Ease

Manual dynamic analysis is an important concept. It enables us to observe the behavior of a sophisticated malware sample or exploit by executing it in a controlled environment. The information gathered through this process is often crucial in gaining a full understanding of a sample. When...

rVMI: Perform Full System Analysis with Ease

Manual dynamic analysis is an important concept. It enables us to observe the behavior of a sophisticated malware sample or exploit by executing it in a controlled environment. The information gathered through this process is often crucial in gaining a full understanding of a sample. When...

IBM Unified Extensible Firmware Interface Denial of Service Vulnerability

The IBM Unified Extensible Firmware Interface is a standard detailing type interfaces for operating systems to automatically load from a pre-booted operating environment, to an operating system that simplifies the boot process and saves time. A security vulnerability exists in IBM Unified...