EUVD-2021-26835

Malware in sbrugna...

CVE-2021-3519

A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes...

How to Reset Account Lockout for 'Managed Hardened Repository ISO by Veeam'

Purpose This article documents how to unlock the accounts used with the Managed Hardened Repository ISO by Veeam, veeamsvc or vhradmin, when they become locked out. The Managed Hardened Repository ISO by Veeam deploys Rocky Linux with the DISA STIG security profile, which utilizes faillock to loc...

Setting vDisk Boot Menu as a Default Option

This article describes how to enable the first menu option as the default boot choice without prompting when vDisk boot menu appears. Background A Provisioning Services vDisk boot menu appears when the user is starting a provisioned Virtual Machine, but the user wants the Virtual Machine to start...

SUSE CVE-2015-5281

The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux RHEL 7, when used on UEFI systems, allows local users to bypass intended Secure Boot restrictions and execute non-verified code via a crafted 1 multiboot or 2 multiboot2 module in the configuration file or physically proximate attacke...

Fedora 访问控制错误漏洞

Fedora is a set of Linux operating systems from the Fedora community. Fedora CoreOS has a security vulnerability that stems from the fact that it allows to boot a non-default OSTree deployment without entering a password. This allows users with access to the GRUB menu to boot into an older versio...

SUSE-SU-2022:3750-1 Security update for SUSE Manager Server 4.3

This update fixes the following issues: cobbler: - Consider case of 'nextserver' being a hostname during migration of Cobbler collections. - Fix problem with 'proxyurlext' setting being None type. - Fix settings migration schema to work while upgrading on existing running Uyuni and SUSE Manager...

CVE-2021-3519

A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes...

Design/Logic Flaw

A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes...

CVE-2021-3519

CVE-2021-3519 affects some Lenovo Desktop models where enabling the BIOS setting “BIOS Password At Boot Device List” (Yes) can allow unauthorized access to the boot menu. The vulnerability is described as a physical-access issue with impact on confidentiality, integrity, and availability (CVSSv3....

ThinkStation 授权问题漏洞

Lenovo ThinkStation is a desktop workstation from the Chinese company Lenovo. An authorization issue vulnerability exists in ThinkStation, which can be exploited to gain unauthorized access to the boot menu when "BIOS Password At Boot Device List" is set to True...

OPENSUSE-SU-2021:1043-1 Security update for qemu

This update for qemu fixes the following issues: Security issues fixed: - CVE-2021-3546: Fix out-of-bounds write in virglcmdgetcapset bsc1185981 - CVE-2021-3544: Fix memory leaks found in the virtio vhost-user GPU device bsc1186010 - CVE-2021-3545: Fix information disclosure due to uninitialized...

CVE-2018-20785

Secure boot bypass and memory extraction can be achieved on Neato Botvac Connected 2.2.0 devices. During startup, the AM335x secure boot feature decrypts and executes firmware. Secure boot can be bypassed by starting with certain commands to the USB serial port. Although a power cycle occurs, thi...

Design/Logic Flaw

Secure boot bypass and memory extraction can be achieved on Neato Botvac Connected 2.2.0 devices. During startup, the AM335x secure boot feature decrypts and executes firmware. Secure boot can be bypassed by starting with certain commands to the USB serial port. Although a power cycle occurs, thi...

CVE-2018-20785

Secure boot bypass and memory extraction can be achieved on Neato Botvac Connected 2.2.0 devices. During startup, the AM335x secure boot feature decrypts and executes firmware. Secure boot can be bypassed by starting with certain commands to the USB serial port. Although a power cycle occurs, thi...

grub2: modules built in on EFI builds that allow loading arbitrary code, circumventing secure boot

It was discovered that grub2 builds for EFI systems contained modules that were not suitable to be loaded in a Secure Boot environment. An attacker could use this flaw to circumvent the Secure Boot mechanisms and load non-verified code. Attacks could use the boot menu if no password was set, or t...

Security Advisory- BootRom Menu and Boot Menu Vulnerabilities on Huawei Campus Switches

Some versions of Huawei Campus S7700/S9300/S9700 switches are affected by the BootRom and Boot Menu vulnerability. 1. Unauthorized users are allowed to upgrade the bootrom or bootload software. Vulnerability ID: HWPSIRT-2014-0315 2. The BootRom Menu vulnerability allows unauthorized users to bypa...

SECURITY vulnerability in ECS-K7S5A(L) boards

A repost, my previous one seem to have failed. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SECURITY vulnerability in ECS-K7S5AL boards DESCRIPTION =========== The administrator-password set in the BIOS of the K7S5AL locks out BIOS-access from the console. However, it does not disable access to...