EulerOS Virtualization 2.12.1 : grub2 (EulerOS-SA-2026-1429)

According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the...

MiracleLinux 8 : grub2-2.02-90.1.0.1.el8 (AXSA:2021-1565:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1565:02 advisory. grub2: acpi command allows privileged user to load crafted ACPI tables when Secure Boot is enabled CVE-2020-14372 grub2: Use-after-free in rmmod...

EUVD-2020-3968

Malware in sbrugna...

EUVD-2021-14184

Malware in sbrugna...

Analyzing open-source bootloaders: Finding vulnerabilities faster with AI

By leveraging Microsoft Security Copilot to expedite the vulnerability discovery process, Microsoft Threat Intelligence uncovered several vulnerabilities in multiple open-source bootloaders, impacting all operating systems relying on Unified Extensible Firmware Interface UEFI Secure Boot as well ...

PC System Recovery Bootloader Vulnerabilities - Lenovo Support US

No description provided...

[SECURITY] [DSA 4867-1] grub2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4867-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 02, 2021 https://www.debian.org/security/faq -...

BootStomp: Find Mobile Device Bootloader Vulnerabilities

PenTestIT RSS Feed Oh boy! This post is going to be interesting as it is about an interesting topic - mobile bootloaders. Specifically, this post is about BootStomp, which helps you find vulnerabilities in the bootloader. All of us know; as the name suggests, that bootloader is a program loads th...

CVE-2017-1000363

Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parportptr integer is static, a 'secure boot' kernel command line adversary can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partia...

CVE-2017-1000363

Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parportptr integer is static, a 'secure boot' kernel command line adversary can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partia...

Google Patches Six Critical Mediaserver Bugs in Android

Google pushed out its monthly Android patches Monday, addressing 17 critical vulnerabilities, six of which are tied to its problematic Mediaserver component. An additional four critical vulnerabilities related to Qualcomm components in Android handsets including Google’s own Nexus 6P, Pixel XL an...