CVE-2021-3418

If certificates that signed grub are installed into db, grub can be booted directly. It will then boot any kernel without signature validation. The booted kernel will think it was booted in secureboot mode and will implement lockdown, yet it could have been tampered. This flaw is a reintroduction...

CVE-2020-28974

An out-of-bounds OOB SLAB memory access flaw was found in the Linux kernel's fbcon driver module. A bounds check failure allows a local attacker with special user privileges to gain access to out-of-bounds memory, leading to a system crash or leaking of internal kernel information. The highest...

CVE-2020-12880

An issue was discovered in Pulse Policy Secure PPS and Pulse Connect Secure PCS Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available and...

CVE-2020-12880

An issue was discovered in Pulse Policy Secure PPS and Pulse Connect Secure PCS Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available and...

Hardcoded credentials

An issue was discovered in Pulse Policy Secure PPS and Pulse Connect Secure PCS Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available and...

CVE-2020-12880

CVE-2020-12880 affects Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance prior to 9.1R8. By manipulating a kernel boot parameter, an insider can drop into a root shell in a pre-install phase where the appliance source code is accessible. Root access risk is limited to the...

PT-2020-13313 · Pulse · Pulse Policy Secure +1

Name of the Vulnerable Software and Affected Versions: Pulse Policy Secure PPS and Pulse Connect Secure PCS Virtual Appliance versions prior to 9.1R8 Description: An issue was discovered in the affected software. By manipulating a certain kernel boot parameter, it can be tricked into dropping int...

CVE-2013-0404

Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel/Boot...

Design/Logic Flaw

Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel/Boot...

Solaris 10 (sparc) : 148112-02 (deprecated)

Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite subcomponent: Kernel/Boot. The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized...

Solaris 10 (x86) : 148113-02 (deprecated)

Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite subcomponent: Kernel/Boot. The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized...

Scientific Linux Security Update : xen on SL5.x i386/x86_64

CVE-2009-3525 Xen: PyGrub missing support for password configuration command The pyGrub boot loader did not honor the 'password' option in the grub.conf file for para-virtualized guests. Users with access to a guest's console could use this flaw to bypass intended access restrictions and boot the...

RedHat Security Advisory RHSA-2009:1472

The remote host is missing updates announced in advisory RHSA-2009:1472. Xen is an open source virtualization framework. Virtualization allows users to run guest operating systems in virtual machines on top of a host operating system. The pyGrub boot loader did not honor the password option in th...

CVE-2009-3525

The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not support the password option in grub.conf for para-virtualized guests, which allows attackers with access to the para-virtualized guest console to boot the guest or modify the guest's kernel boot parameters without providing the...