CVE-2025-52638

HCL AION is affected by a vulnerability where container base images are not properly authenticated, potentially allowing use of untrusted images. The CVE-2025-52638 entry lists a CVSSv3.1 base score of 5.6 (Medium) with local attack vector, high attack complexity, and high privileges required wit...

CVE-2025-52638 Multiple security vulnerabilities affect HCL AION

HCL AION is affected by a vulnerability where generated containers may execute binaries with root-level privileges. Running containers with root privileges may increase the potential security risk, as it grants elevated permissions within the container environment. Aligning container configuratio...

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security bypass vulnerability that is caused by a container base image not being properly authenticated. An attacker can exploit the vulnerability to cause the use of an untrusted container image...

EUVD-2009-0658

Malware in sbrugna...

EUVD-2018-5830

Malware in sbrugna...

EUVD-2014-1003

Malware in sbrugna...

CVE-2022-20060

In preloader usb, there is a possible permission bypass due to a missing proper image authentication. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitatio...

CVE-2018-13896

XBLSEC image authentication and other crypto related validations are accessible to a compromised OEM XBL Loader due to missing lock at XBLSEC stage.. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon...

CVE-2024-10237 SMC BMC Firmware Image Authentication Design Issue

There is a vulnerability in the BMC firmware image authentication design at Supermicro MBD-X12DPG-OA6 . An attacker can modify the firmware to bypass BMC inspection and bypass the signature verification process...

CVE-2024-21482

CVE-2024-21482 : Memory corruption during the secure boot process in the Linux boot loader when the bootm command is used, bypassing authentication of the kernel/rootfs image. Affected component is the boot loader used in Qualcomm/Linux environments; the vulnerability enables potential unauthoriz...

CVE-2022-20060

In preloader usb, there is a possible permission bypass due to a missing proper image authentication. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitatio...

CVE-2022-20060

In preloader usb, there is a possible permission bypass due to a missing proper image authentication. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitatio...

Design/Logic Flaw

In preloader usb, there is a possible permission bypass due to a missing proper image authentication. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitatio...

PT-2022-14307 · Preloader · Preloader

Name of the Vulnerable Software and Affected Versions: preloader usb affected versions not specified Description: The issue is related to a missing proper image authentication in the preloader, which could lead to a permission bypass. This might result in a local escalation of privilege for an...

Donate With QRCode < 1.4.5 - Stored Cross-Site Scripting

The plugin does not sanitise or escape its QRCode Image setting, which result into a Stored Cross-Site Scripting XSS. Furthermore, the plugin also does not have any CSRF and capability checks in place when saving such setting, allowing any authenticated user as low as subscriber, or unauthenticat...

Sherloq - An Open-Source Digital Image Forensic Toolset

An open source image forensic toolset Introduction "Forensic ImageAnalysis is the application of image science and domain expertise to interpret the content of an image and/or the image itself in legal matters. Major subdisciplines of Forensic Image Analysis with law enforcement applications...

CVE-2018-13896

XBLSEC image authentication and other crypto related validations are accessible to a compromised OEM XBL Loader due to missing lock at XBLSEC stage.. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon...

CVE-2018-13896

CVE-2018-13896 affects Qualcomm closed-source components (XBL_SEC image authentication and related crypto checks) across Snapdragon platforms. Root cause: missing lock at the XBL_SEC stage allowing a compromised OEM XBL Loader to access image authentication and crypto validations. Impact per sour...

Authentication flaw

The imageverify function in platform/msmshared/imageverify.c in the Little Kernel LK bootloader, as distributed with Qualcomm Innovation Center QuIC Android contributions for MSM devices and other products, does not check whether a certain digest size is consistent with the RSApublicdecrypt API...

CVE-2014-0973

CVE-2014-0973 affects the Little Kernel (LK) bootloader used with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices. The image_verify function in platform/msm_shared/image_verify.c does not ensure the digest size is consistent with the RSA_public_decrypt API, enabling bypass...