CVE-2024-56336

A vulnerability has been identified in SINAMICS S200 All versions with serial number beginning with SZVS8, SZVS9, SZVS0 or SZVSN and the FS number is 02. The affected device contains an unlocked bootloader. This security oversight enables attackers to inject malicious code, or install untrusted...

grub2: net: Out-of-bounds write in grub_net_search_config_file()

A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grubstrcpy function. During this step, it fails to consider the environment variable length...

CVE-2024-56336

A vulnerability has been identified in SINAMICS S200 All versions with serial number beginning with SZVS8, SZVS9, SZVS0 or SZVSN and the FS number is 02. The affected device contains an unlocked bootloader. This security oversight enables attackers to inject malicious code, or install untrusted...

CVE-2024-56336

The CVE-2024-56336 issue affects Siemens SINAMICS S200 devices with serial prefixes SZVS8/SZVS9/SZVS0/SZVSN and FS 02, where an unlocked bootloader enables injection of malicious code or installation of untrusted firmware. The vulnerability stems from the unsecured bootloader, compromising device...

CVE-2024-56336

A vulnerability has been identified in SINAMICS S200 All versions with serial number beginning with SZVS8, SZVS9, SZVS0 or SZVSN and the FS number is 02. The affected device contains an unlocked bootloader. This security oversight enables attackers to inject malicious code, or install untrusted...

CVE-2024-56336

A vulnerability has been identified in SINAMICS S200 All versions with serial number beginning with SZVS8, SZVS9, SZVS0 or SZVSN and the FS number is 02. The affected device contains an unlocked bootloader. This security oversight enables attackers to inject malicious code, or install untrusted...

Siemens SINAMICS S200

SUMMARY A specific range of produced SINAMICS S200 devices contains an unlocked bootloader vulnerability that could allow an attacker to download untrusted firmware that could damage or compromise the device. For delivered products listed below Siemens recommends countermeasures. 2. GENERAL...

Siemens SINAMICS S200 授权问题漏洞

The Siemens SINAMICS S200 is a single-axis AC servo drive system from Siemens, Germany. An authorization issue vulnerability exists in the Siemens SINAMICS S200 that originates from an unlocked bootloader and could allow an attacker to inject malicious code or install untrusted firmware...

GNU GRUB2 Buffer Overflow Vulnerability

GNU GRUB2 is an open source bootloader used to load the operating system kernel when the computer boots. GNU GRUB2 suffers from a buffer overflow vulnerability that originates from an integer overflow when reading data from the squash4 file system. An attacker can exploit this vulnerability to...

Linux Distros Unpatched Vulnerability : CVE-2022-34302

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In...

Linux Distros Unpatched Vulnerability : CVE-2022-34303

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to lo...

DEBIAN-CVE-2024-45782

A flaw was found in the HFS filesystem. When reading an HFS volume's name at grubfsmount, the HFS filesystem driver performs a strcpy using the user-provided volume name as input without properly validating the volume name's length. This issue may read to a heap-based out-of-bounds writer,...

DEBIAN-CVE-2025-1125

When reading data from a hfs filesystem, grub's hfs filesystem module uses user-controlled parameters from the filesystem metadata to calculate the internal buffers size, however it misses to properly check for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size...

DEBIAN-CVE-2025-0689

When reading data from disk, the grub's UDF filesystem module utilizes the user controlled data length metadata to allocate its internal buffers. In certain scenarios, while iterating through disk sectors, it assumes the read size from the disk is always smaller than the allocated buffer size whi...

AZL-57552 CVE-2024-45779 affecting package grub2 for versions less than 2.06-15

An integer overflow flaw was found in the BFS file system driver in grub2. When reading a file with an indirect extent map, grub2 fails to validate the number of extent entries to be read. A crafted or corrupted BFS filesystem may cause an integer overflow during the file reading, leading to a he...

A dive into the Rockchip Bootloader

TL;DR Rockchip has a structured sequence of bootloaders. Using various plugs can allow access to the MCU’s RAM and storage. There are many utilities to allow reading of information from the MCU. Use this guide to access and reverse engineer bootloaders. Introduction Rockchip are a Chinese company...

SUSE CVE-2024-45777

A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grubgettextgetstrfromposition may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data, eventually leading to the...

SUSE CVE-2024-45782

A flaw was found in the HFS filesystem. When reading an HFS volume's name at grubfsmount, the HFS filesystem driver performs a strcpy using the user-provided volume name as input without properly validating the volume name's length. This issue may read to a heap-based out-of-bounds writer,...

SUSE CVE-2025-0677

A flaw was found in grub2. When performing a symlink lookup, the grub's UFS module checks the inode's data size to allocate the internal buffer to read the file content, however, it fails to check if the symlink data size has overflown. When this occurs, grubmalloc may be called with a smaller...

SUSE CVE-2025-0686

A flaw was found in grub2. When performing a symlink lookup from a romfs filesystem, grub's romfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted...