Show filters
183 Total Results
Displaying 171-180 of 183
Sort by:
Attacker Value
Unknown

GIGABYTE BRIX UEFI firmware fails to securely implement BIOS write protection

Disclosure Date: July 09, 2018 (last updated November 27, 2024)
GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 (version F6) and GB-BXi7-5775 (version F2) platforms does not securely implement BIOSWE, BLE, SMM_BWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash.
0
Attacker Value
Unknown

GIGABYTE BRIX UEFI firmware is not cryptographically signed

Disclosure Date: July 09, 2018 (last updated November 27, 2024)
GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served over HTTP. An attacker can make arbitrary modifications to firmware images without being detected.
0
Attacker Value
Unknown

CVE-2017-3775

Disclosure Date: May 04, 2018 (last updated November 26, 2024)
Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code.
0
Attacker Value
Unknown

CVE-2017-5699

Disclosure Date: January 18, 2018 (last updated November 26, 2024)
Input validation error in Intel MinnowBoard 3 Firmware versions prior to 0.65 allow local attacker to cause denial of service via UEFI APIs.
0
Attacker Value
Unknown

CVE-2017-3771

Disclosure Date: October 26, 2017 (last updated November 26, 2024)
System boot process is not adequately secured In Lenovo E95 and ThinkCentre M710s/M710t because systems were shipped from factory without completing BIOS/UEFI initialization process.
0
Attacker Value
Unknown

CVE-2015-7837

Disclosure Date: September 19, 2017 (last updated November 26, 2024)
The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot.
0
Attacker Value
Unknown

CVE-2017-3753

Disclosure Date: August 10, 2017 (last updated November 26, 2024)
A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. (AMI). With this vulnerability, conditions exist where an attacker with administrative privileges or physical access to a system may be able to run specially crafted code that can allow them to bypass system protections such as Device Guard and Hyper-V.
0
Attacker Value
Unknown

CVE-2017-9457

Disclosure Date: July 25, 2017 (last updated November 26, 2024)
Intense PC Phoenix SecureCore UEFI firmware does not perform capsule signature validation before upgrading the system firmware. The absence of signature validation allows an attacker with administrator privileges to flash a modified UEFI BIOS.
0
Attacker Value
Unknown

CVE-2016-8226

Disclosure Date: January 26, 2017 (last updated November 25, 2024)
The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure.
0
Attacker Value
Unknown

CVE-2016-3699

Disclosure Date: October 07, 2016 (last updated November 25, 2024)
The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd.
0