GNU GRUB 缓冲区错误漏洞

GNU GRUB is a Linux system boot program from the GNU community. GNU GRUB suffers from a buffer overflow vulnerability, which stems from an integer overflow problem contained in the read module, that can be exploited by an attacker to overwrite sensitive information, thereby bypassing secure boot...

Wattsense Bridge 6.x Remote Root / Information Disclosure

Wattsense Bridge suffers a multitude of security issues. The JTAG interface can be accessed with physical access to the PCB. After connecting to the interface, full access to the device is possible. A serial interface can be accessed with physical access to the PCB. After connecting to the...

CVE-2025-26409 Access to Bootloader and Shell Over Serial Interface

A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the interface, access to the bootloader is possible, as well as a Linux login prompt. The bootloader access can be used to gain a root shell on the device. This issue is fixed...

CVE-2025-26409

Wattsense Bridge devices are affected. A serial interface accessible with physical access to the PCB can grant bootloader access and a Linux login prompt, enabling a root shell via the bootloader. This stems from exposed serial/bootloader interfaces on the device when physically tampered. The iss...

CVE-2025-26409 Access to Bootloader and Shell Over Serial Interface

A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the interface, access to the bootloader is possible, as well as a Linux login prompt. The bootloader access can be used to gain a root shell on the device. This issue is fixed...

PT-2025-6173 · Wattsense · Wattsense Bridge

Name of the Vulnerable Software and Affected Versions: Wattsense Bridge devices versions prior to BSP 6.4.1 Description: A serial interface can be accessed with physical access to the PCB of Wattsense Bridge devices. After connecting to the interface, access to the bootloader is possible, as well...

CVE-2025-20892

Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release 1 allows physical attackers to allow to execute fastboot command. User interaction is required for triggering this vulnerability...

CVE-2024-20397

A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification. This vulnerability is due to insecure...

CVE-2022-24936

Out-of-Bounds error in GBL parser in Silicon Labs Gecko Bootloader version 4.0.1 and earlier allows attacker to overwrite flash Sign key and OTA decryption key via malicious bootloader upgrade...

CVE-2022-2483

The bootloader in the Nokia ASIK AirScale system module versions 474021A.101 and 474021A.102 loads public keys for firmware verification signature. If an attacker modifies the flash contents to corrupt the keys, secure boot could be permanently disabled on a given device...

CVE-2024-32883

MCUboot is a secure bootloader for 32-bits microcontrollers. MCUboot uses a TLV tag-length-value structure to represent the meta data associated with an image. The TLVs themselves are divided into two sections, a protected and an unprotected section. The protected TLV entries are included as part...

CVE-2025-20892

Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release 1 allows physical attackers to allow to execute fastboot command. User interaction is required for triggering this vulnerability...

CVE-2025-20892

Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release 1 allows physical attackers to allow to execute fastboot command. User interaction is required for triggering this vulnerability...

CVE-2025-20892

Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release 1 allows physical attackers to allow to execute fastboot command. User interaction is required for triggering this vulnerability...

CVE-2025-20892

Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release 1 allows physical attackers to allow to execute fastboot command. User interaction is required for triggering this vulnerability...

CVE-2025-20892

CVE-2025-20892 concerns a protection mechanism failure in the bootloader of Samsung Mobile devices prior to SMR January 2025 Release 1. The issue enables physical attackers to execute the fastboot command, with user interaction required to trigger it. Reported impact scores (CVSS v3.1) indicate a...

PT-2025-4174 · Smr · Smr

Name of the Vulnerable Software and Affected Versions: SMR versions prior to January 2025 Release 1 Description: A failure in the protection mechanism of the bootloader allows physical attackers to execute the fastboot command. User interaction is required to trigger this issue. Recommendations:...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from South Korea's Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices SMR Jan-2025 Release 1, which stems from a protection mechanism failure issue contained in the bootload...

Howyar Reloader UEFI bootloader vulnerable to unsigned software execution

Overview The Howyar UEFI Application "Reloader" 32-bit and 64-bit, distributed as part of SysReturn prior to version 10.2.02320240919, is vulnerable to the execution of arbitrary software from a hard-coded path. An attacker who successfully exploits this vulnerability can bypass the UEFI Secure...

SUSE CVE-2024-56737

GNU GRUB aka GRUB2 through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem...