CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0CVE-2022-34302 – shim: 3rd party shim allow secure boot bypass
https://notcve.org/view.php?id=CVE-2022-34302
26 Aug 2022 — A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. Se ha encontrado un fallo en los cargadores de arranque de New Horizon Datasys versiones anteriores a... • https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot • CWE-494: Download of Code Without Integrity Check •
CVSS: 7.2EPSS: 0%CPEs: 19EXPL: 0CVE-2022-34303 – shim: 3rd party shim allow secure boot bypass
https://notcve.org/view.php?id=CVE-2022-34303
26 Aug 2022 — A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. Se ha encontrado un fallo en los cargadores de arranque de Eurosoft versiones anteriores a 01-06-2022. • https://edk2-docs.gitbook.io/understanding-the-uefi-secure-boot-chain/secure_boot_chain_in_uefi/uefi_secure_boot • CWE-494: Download of Code Without Integrity Check •