53 matches found
CVE-2025-11577
Clevo’s UEFI firmware update packages, including B10717.exe, inadvertently contained private signing keys used for Boot Guard and Boot Policy Manifest verification. The exposure of these keys could allow attackers to sign malicious firmware that appears trusted by affected systems, undermining th...
EUVD-2025-34225
Clevo’s UEFI firmware update packages, including B10717.exe, inadvertently contained private signing keys used for Boot Guard and Boot Policy Manifest verification. The exposure of these keys could allow attackers to sign malicious firmware that appears trusted by affected systems, undermining th...
CVE-2025-11577
Clevo’s UEFI firmware update packages, including B10717.exe, inadvertently contained private signing keys used for Boot Guard and Boot Policy Manifest verification. The exposure of these keys could allow attackers to sign malicious firmware that appears trusted by affected systems, undermining th...
CVE-2025-11577
CVE-2025-11577 concerns Clevo UEFI firmware updates that were found to contain private signing keys used for Boot Guard and Boot Policy Manifest verification. The exposed keys could allow an attacker to sign malicious firmware that would be validated as trusted during pre-boot, potentially compro...
CVE-2025-11577 Clevo UEFI firmware exposed Boot Guard private keys, enabling potential abuse of the Boot Guard trust chain
Clevo’s UEFI firmware update packages, including B10717.exe, inadvertently contained private signing keys used for Boot Guard and Boot Policy Manifest verification. The exposure of these keys could allow attackers to sign malicious firmware that appears trusted by affected systems, undermining th...
CVE-2025-11577 Clevo UEFI firmware exposed Boot Guard private keys, enabling potential abuse of the Boot Guard trust chain
Clevo’s UEFI firmware update packages, including B10717.exe, inadvertently contained private signing keys used for Boot Guard and Boot Policy Manifest verification. The exposure of these keys could allow attackers to sign malicious firmware that appears trusted by affected systems, undermining th...
PT-2025-41852
Name of the Vulnerable Software and Affected Versions Clevo UEFI firmware update packages, including B10717.exe Description The UEFI firmware update packages inadvertently included private signing keys used for Boot Guard and Boot Policy Manifest verification. Exposure of these keys could allow...
Clevo UEFI firmware embedded BootGuard keys compromising Clevo's implementation of BootGuard
Overview Clevo’s UEFI firmware update packages included sensitive private keys used in their Intel Boot Guard implementation. This accidental exposure of the keys could be abused by an attacker to sign malicious firmware using Clevo’s Boot Guard trust chain, potentially compromising the pre-boot...
EUVD-2020-29553
Malware in sbrugna...
EUVD-2024-21085
Malicious code in bioql PyPI...
EUVD-2022-15225
Malicious code in bioql PyPI...
EUVD-2023-43648
Malicious code in bioql PyPI...
CVE-2021-3453
Some Lenovo Notebook, ThinkPad, and Lenovo Desktop systems have BIOS modules unprotected by Intel Boot Guard that could allow an attacker with physical access the ability to write to the SPI flash storage...
CVE-2020-8705
Insecure default initialization of resource in IntelR Boot Guard in IntelR CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, IntelR TXE versions before 3.1.80 and 4.0.30, IntelR SPS versions before E504.01.04.400, E304.01.04.200, SoC-X04.00.04.200...
CVE-2024-23591
ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel Boot Guard firmware integrity, SPS security...
CVE-2024-23591
ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel Boot Guard firmware integrity, SPS security...
Code injection
ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel Boot Guard firmware integrity, SPS security...
CVE-2024-23591
ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel Boot Guard firmware integrity, SPS security...
CVE-2024-23591
The CVE-2024-23591 entry concerns Lenovo ThinkSystem SR670V2 servers (manufactured roughly June 2021–July 2023) left in Manufacturing Mode. Affected scenario: an attacker with privileged logical access to the host or physical access to server internals could modify or disable Intel Boot Guard fir...
CVE-2024-23591
ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel Boot Guard firmware integrity, SPS security...