46 matches found
EUVD-2021-27176
Malware in sbrugna...
EUVD-2021-27177
Malware in sbrugna...
EUVD-2021-14906
Malware in sbrugna...
EUVD-2022-42808
Malicious code in bioql PyPI...
EUVD-2022-44608
Malicious code in bioql PyPI...
EUVD-2022-42806
Malicious code in bioql PyPI...
EUVD-2022-51399
Malicious code in bioql PyPI...
A Vulnerability in UEFI Applications allows for secure boot bypass via misused NVRAM variable
Overview UEFI firmware applications DTBios and BiosFlashShell from DTResearch contain a vulnerability that allows Secure Boot to be bypassed using a specially crafted NVRAM variable. The vulnerability stems from improper handling of a runtime NVRAM variable that enables an arbitrary write...
A vulnerability in Insyde H2O UEFI application allows for digital certificate injection via NVRAM variable
Overview A vulnerability in an Insyde H2O UEFI firmware application allows digital certificate injection through an unprotected NVRAM variable. This issue arises from the unsafe use of an NVRAM variable, which is used as trusted storage for a digital certificate in the trust validation chain. An...
CVE-2022-3432
A potential vulnerability in a driver used during manufacturing process on the Ideapad Y700-14ISK that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable...
CVE-2022-3430
A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable...
CVE-2021-3971
A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable...
CVE-2021-28216
BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE...
PT-2025-19327 · Intel · Intel Uefi
Name of the Vulnerable Software and Affected Versions: Intel UEFI affected versions not specified Description: A vulnerability in the digital signature verification process does not properly validate variable attributes, which allows an attacker to bypass signature verification by creating a...
CVE-2022-4020
Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable...
PT-2025-3047 · Apple · Apple Macos
Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.7.2 macOS versions prior to 14.7.2 macOS versions prior to 15.2 Description: The issue is related to insufficient authorization mechanisms in the NVRAM Variable Handler component of MacOS operating systems. This can...
CVE-2024-23238
An access issue was addressed with improved access restrictions. This issue is fixed in macOS Sonoma 14.4. An app may be able to edit NVRAM variables...
CVE-2022-3431
A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable...
Design/Logic Flaw
A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable...
CVE-2022-3431
A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable...