Количество 25
Количество 25
ELSA-2023-2487
ELSA-2023-2487: fwupd security and bug fix update (MODERATE)
CVE-2022-34301
A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
CVE-2022-34301
A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
CVE-2022-34301
CERT/CC: CVE-2022-34301 Eurosoft Boot Loader Bypass
GHSA-7j33-663j-fx7f
A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
BDU:2022-04955
Уязвимость загрузщика Eurosoft операционных систем Windows, позволяющая нарушителю обойти существующие ограничения безопасности
CVE-2022-34302
A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
CVE-2022-34302
A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
CVE-2022-34302
CERT/CC: CVE-2022-34302 New Horizon Data Systems Inc Boot Loader Bypass
GHSA-77q2-m9gq-g982
A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
BDU:2022-04945
Уязвимость загрузчика New Horizon Data Systems операционных систем Windows, позволяющая нарушителю обойти существующие ограничения безопасности
CVE-2022-34303
A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
CVE-2022-34303
A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
CVE-2022-34303
CERT/CC: CVE-20220-34303 Crypto Pro Boot Loader Bypass
CVE-2022-3287
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.
CVE-2022-3287
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.
CVE-2022-3287
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file.
CVE-2022-3287
When creating an OPERATOR user account on the BMC, the redfish plugin ...
GHSA-2hf7-qg9c-qf4h
A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
BDU:2022-05163
Уязвимость загрузчика Crypto Pro операционной системы Windows, позволяющая нарушителю обойти ограничения безопасности и получить несанкционированный доступ к системе
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| ELSA-2023-2487 ELSA-2023-2487: fwupd security and bug fix update (MODERATE) | около 2 лет назад | ||
 | CVE-2022-34301 A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. | CVSS3: 7.2 | 0% Низкий | почти 3 года назад |
 | CVE-2022-34301 A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. | CVSS3: 6.7 | 0% Низкий | почти 3 года назад |
 | CVE-2022-34301 CERT/CC: CVE-2022-34301 Eurosoft Boot Loader Bypass | 0% Низкий | почти 3 года назад | |
| GHSA-7j33-663j-fx7f A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. | CVSS3: 6.7 | 0% Низкий | почти 3 года назад |
 | BDU:2022-04955 Уязвимость загрузщика Eurosoft операционных систем Windows, позволяющая нарушителю обойти существующие ограничения безопасности | CVSS3: 6.8 | 0% Низкий | почти 3 года назад |
| CVE-2022-34302 A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. | CVSS3: 7.5 | 0% Низкий | почти 3 года назад |
| CVE-2022-34302 A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. | CVSS3: 6.7 | 0% Низкий | почти 3 года назад |
| CVE-2022-34302 CERT/CC: CVE-2022-34302 New Horizon Data Systems Inc Boot Loader Bypass | 0% Низкий | почти 3 года назад | |
| GHSA-77q2-m9gq-g982 A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. | CVSS3: 6.7 | 0% Низкий | почти 3 года назад |
| BDU:2022-04945 Уязвимость загрузчика New Horizon Data Systems операционных систем Windows, позволяющая нарушителю обойти существующие ограничения безопасности | CVSS3: 6.8 | 0% Низкий | почти 3 года назад |
| CVE-2022-34303 A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. | CVSS3: 7.2 | 0% Низкий | почти 3 года назад |
| CVE-2022-34303 A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. | CVSS3: 6.7 | 0% Низкий | почти 3 года назад |
| CVE-2022-34303 CERT/CC: CVE-20220-34303 Crypto Pro Boot Loader Bypass | 0% Низкий | почти 3 года назад | |
 | CVE-2022-3287 When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file. | CVSS3: 6.5 | 0% Низкий | почти 3 года назад |
| CVE-2022-3287 When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file. | CVSS3: 5.5 | 0% Низкий | почти 3 года назад |
| CVE-2022-3287 When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file. | CVSS3: 6.5 | 0% Низкий | почти 3 года назад |
| CVE-2022-3287 When creating an OPERATOR user account on the BMC, the redfish plugin ... | CVSS3: 6.5 | 0% Низкий | почти 3 года назад |
| GHSA-2hf7-qg9c-qf4h A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. | CVSS3: 6.7 | 0% Низкий | почти 3 года назад |
| BDU:2022-05163 Уязвимость загрузчика Crypto Pro операционной системы Windows, позволяющая нарушителю обойти ограничения безопасности и получить несанкционированный доступ к системе | CVSS3: 5.5 | 0% Низкий | почти 3 года назад |
Уязвимостей на страницу