Google Pixel 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to a flaw in the ABL component that can be exploited by an attacker to escalate privileges...

PUB-A-325927059

There is a possible Local bypass of user interaction due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

greenboot bug fix and enhancement update

An update is available for greenboot. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Generic Health Check Framework for systemd. Bug Fixes and Enhancements: R4E...

CVE-2024-22013

U-Boot environment is read from unauthenticated partition...

CLSA-2024-1724434789 grub2: Fix of CVE-2023-4693

CVE-2023-4693: ntfs: fix an out-of-bounds read flaw on NTFS filesystem driver...

How to root an Android device for analysis and vulnerability assessment

TL;DR Rooting is useful for Android assessments The process is relatively simple It will wipe all user data from the device and void any warranty Introduction For mobile testing, be it for apps or hardware, having complete control over the device is essential for analysis and vulnerability...

DENX Software Engineering Das U-Boot 安全漏洞

DENX Software Engineering Das U-Boot is a Universal Bootloader from DENX Software Engineering, Germany. A security vulnerability exists in DENX Software Engineering Das U-Boot. An attacker exploiting this vulnerability could leak between 4 and 32 bytes of memory stored behind packets to the netwo...

August 13, 2024—KB5041573 (OS Build 25398.1085)

August 13, 2024—KB5041573 OS Build 25398.1085 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server, version 23H2, see its update history page. Improvements This security update...

Google Patches New Android Kernel Vulnerability Exploited in the Wild

Google has addressed a high-severity security flaw impacting the Android kernel that it said has been actively exploited in the wild. The vulnerability, tracked as CVE-2024-36971, has been described as a case of remote code execution impacting the kernel. "There are indications that CVE-2024-3697...

Bootloaders explained

TL;DR Modern computers have a program that starts the operating system, known as a bootloader Bootloaders can be communicated with to access storage and sometimes RAM directly They are all individual to the chipset in use. Bootloaders explained In its simplest form, a bootloader is a low-level...

PT-2024-11656 · Kostal · Kostal Piko 1.5-1 Mp Plus Hmi Oem P

Name of the Vulnerable Software and Affected Versions: Kostal PIKO 1.5-1 MP plus HMI OEM p version 1.0.1 Description: The web application for the Solar Panel is vulnerable to a Stored Cross-Site Scripting XSS attack on the API endpoint "/file.bootloader.upload.html". The application fails to...

CVE-2024-38279

The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes...

CVE-2024-38279

The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes...

CVE-2024-38279 Authentication Bypass Using an Alternate Path or Channel in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)

The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes...

CVE-2024-38279 Authentication Bypass Using an Alternate Path or Channel in Motorola Solutions Vigilant Fixed LPR Coms Box (BCAV1F2-C600)

The affected product is vulnerable to an attacker modifying the bootloader by using custom arguments to bypass authentication and gain access to the file system and obtain password hashes...

Google Warns of Pixel Firmware Security Flaw Exploited as Zero-Day

Google has warned that a security flaw impacting Pixel Firmware has been exploited in the wild as a zero-day. The high-severity vulnerability, tagged as CVE-2024-32896, has been described as an elevation of privilege issue in Pixel Firmware. The company did not share any additional details relate...

PT-2024-27917 · Motorola Solutions +1 · Vigilant Fixed Lpr Coms Box +2

Name of the Vulnerable Software and Affected Versions: Affected product affected versions not specified Description: The issue allows an attacker to modify the bootloader by using custom arguments to bypass authentication, gaining access to the file system and obtaining password hashes...

Motorola Solutions Vigilant Fixed LPR Coms Box Security Vulnerability

Motorola Solutions Vigilant Fixed LPR Coms Box is a license plate recognition system from Motorola Solutions USA. A security vulnerability exists in Motorola Solutions Vigilant Fixed LPR Coms Box, which originates from an attacker being able to modify the bootloader with custom parameters to bypa...

Important: kernel

Issue Overview: An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x8664 lacks consistency checks for CR0 and CR4. CVE-2023-30456 In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix invalid address access in lookuprec when...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ext4: block range must be validated before use in ext4mbclearbb CVE-2022-50021 In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix possible uaf for 'bfqq-bic' CVE-2022-50488 In the...