PT-2026-25845

Name of the Vulnerable Software and Affected Versions IncusOS versions prior to 202603142010 Description The default configuration of systemd-cryptenroll, as used by IncusOS through mkosi, allows an attacker with physical access to the machine to access encrypted data without requiring interactio...

Oracle Linux 9 : osbuild-composer (ELSA-2026-3753)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-3753 advisory. 149-4.0.1 - Add missing dependency over dracut-config-rescue for image-installer ORABUG: 38587453 - Switch to UEKR8 repositories for OL9.6 Orabug:...

osbuild-composer security update

101.4-3.0.1 - Support using repository definitons with OCI variables JIRA: OLDIS-38657 - Update repositories to contain OCI variables - Remove image types Minimal-raw and wsl JIRA: OLDIS-38123 - Increase default /boot size to 1GB Orabug: 36827079 - support for building OL8/9 images on Oracle Linu...

Oracle Linux 8 : osbuild-composer (ELSA-2026-2124)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-2124 advisory. 101.4-3.0.1 - Support using repository definitons with OCI variables JIRA: OLDIS-38657 - Update repositories to contain OCI variables - Remove image types...

Oracle Linux 8 : osbuild-composer (ELSA-2026-1380)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-1380 advisory. 101.4-2.0.1 - Support using repository definitons with OCI variables JIRA: OLDIS-38657 - Update repositories to contain OCI variables - Remove image types...

CVE-2023-20940

In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

NSA Releases Guide to Combat Powerful BlackLotus Bootkit Targeting Windows Systems

The U.S. National Security Agency NSA on Thursday released guidance to help organizations detect and prevent infections of a Unified Extensible Firmware Interface UEFI bootkit called BlackLotus. To that end, the agency is recommending that "infrastructure owners take action by hardening user...

CVE-2023-20940

In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2023-20940

In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2023-20940

In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

ASB-A-256237041

In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2022-22078

Denial of service in BOOT when partition size for a particular partition is requested due to integer overflow when blocks are calculated in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables...

SUSE SLED11 / SLES11 Security Update : grub2 (SUSE-SU-2015:2385-1)

This update for grub2 provides the following fixes : A security issues with a bufferoverflow when reading username and password was fixed bsc956631, CVE-2015-8370 Also following bugs were fixed : - Fix buffer overflows when reading username and password. bsc956631, CVE-2015-8370 - Expand list of...

The default NTFS permissions are not applied to a converted boot partition on Microsoft Windows 2000 and Windows XP systems when CONVERT.EXE is used

Overview Several commercial desktops and laptops from OEM distributors ship with insecure permissions set on files and directories. It has been confirmed that this is due to the use of Microsoft's CONVERT.EXE utility. Description Microsoft's CONVERT.EXE program is used to convert FAT32 file syste...