1788 matches found
[SECURITY] Fedora 34 Update: grub2-2.06-9.fc34
The GRand Unified Bootloader GRUB is a highly configurable and customizable bootloader with modular architecture. It supports a rich variety of kernel formats, file systems, computer architectures and hardware devices...
[SECURITY] Fedora 35 Update: grub2-2.06-10.fc35
The GRand Unified Bootloader GRUB is a highly configurable and customizable bootloader with modular architecture. It supports a rich variety of kernel formats, file systems, computer architectures and hardware devices...
CVE-2021-37188
An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may load customized firmware because the bootloader does not verify that it is authentic, changing the behavior of the gateway...
Digi International Digi TransPort 数据伪造问题漏洞
The Digi International Digi TransPort is a full-featured cellular router from Digi International USA. The Digi TransPort suffers from a Data Forgery Issue vulnerability that originates from an authenticated attacker who could use the vulnerability to potentially load customized firmware since the...
Security Bulletin: This Power System update is being released to address CVE 2018-1992
Summary POWER9: In response to a buffer overflow vulnerability on the boot loader, a new Power System firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE 2018-1992. Vulnerability Details CVEID: CVE-2018-1992 DESCRIPTION: The IBM POWER9 boot firmware'...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google. Google Android 11 has a security vulnerability that stems from a security flaw in the system's Pixel Bootloader...
Google Android 安全漏洞
Google Android is a Linux-based open source operating system from Google. Google Android 11 has a security vulnerability that stems from a security flaw in the system's Pixel Bootloader...
grub2 安全漏洞
grub2 is a Linux system boot program from the American GNU community. A security vulnerability exists in grub2 that stems from incorrect permissions in grub.cfg, which allow unprivileged users to read the contents of the file...
New 'Moses Staff' Hacker Group Targets Israeli Companies With Destructive Attacks
A new politically-motivated hacker group named "Moses Staff" has been linked to a wave of targeted attacks targeting Israeli organizations since September 2021 with the goal of plundering and leaking sensitive information prior to encrypting their networks, with no option to regain access or...
AMD Secure Processor 输入验证错误漏洞
AMD Secure Processor ASP is a standalone ARM Coretex-A5 chip from AMD. An input validation error vulnerability exists in multiple AMD products that stems from incorrect input and range checking in the Platform Secure Processor PSP bootloader image header that could allow an attacker to use...
grub2: Use-after-free in rmmod command
A flaw was found in grub2. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. The...
Why the Raspberry Pi isn’t suitable for IoT
Let’s start by praising the Raspberry Pi: it has brought cheap computing to many, has inspired and enabled education and undoubtedly been a huge benefit. I use my own Pi daily, and we have often used its flexibility to perform hardware testing, from accessing UART to reading flash memory. So why ...
bootloader (>=0.10.0 <=0.10.13), libertyos_kernel (>=0.14.0 <=0.17.5) +1 more potentially affected by CVE-2020-36208 via conquer-once (=0.2.1)
conquer-once CARGO version =0.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on conquer-once and may be impacted: - bootloader =0.10.0, =0.14.0, =0.1.0, =0.2.6 Source cves: CVE-2020-36208 Source advisory: OSV:GHSA-3JC5-5HC5-33GJ...
CVE-2021-1111
Bootloader contains a vulnerability in the NV3P server where any user with physical access through USB can trigger an incorrect bounds check, which may lead to buffer overflow, resulting in limited information disclosure, limited data integrity, and denial of service across all components...
CVE-2021-1111
Bootloader contains a vulnerability in the NV3P server where any user with physical access through USB can trigger an incorrect bounds check, which may lead to buffer overflow, resulting in limited information disclosure, limited data integrity, and denial of service across all components...
Buffer overflow
Bootloader contains a vulnerability in the NV3P server where any user with physical access through USB can trigger an incorrect bounds check, which may lead to buffer overflow, resulting in limited information disclosure, limited data integrity, and denial of service across all components...
CVE-2021-1111
The CVE-2021-1111 entry concerns NVIDIA Jetson bootloader (NV3P server). Affected components are bootloader code on Jetson Linux devices (Jetson AGX Xavier, Jetson Xavier NX, Jetson TX2 series, Jetson TX2 NX, Jetson Nano). The vulnerability arises from an incorrect bounds check in the bootloader ...
CVE-2021-1111
Bootloader contains a vulnerability in the NV3P server where any user with physical access through USB can trigger an incorrect bounds check, which may lead to buffer overflow, resulting in limited information disclosure, limited data integrity, and denial of service across all components...
Breaking the Android Bootloader on the Qualcomm Snapdragon 660
This post is a companion to the DEF CON 29 video available here. A few months ago I purchased an Android phone to do some research around a specific series of NFC chips, which required me to gain root access to the device in order to fully access its hardware capabilities. Gaining root access on...
NVIDIA Bootloader Buffer Overflow Vulnerability
NVIDIA Bootloader is a bootloader component from Nvidia Corporation. NVIDIA Bootloader is vulnerable to a buffer overflow vulnerability that can be exploited by attackers to cause information disclosure, data integrity, and information disclosure restrictions across all components...