64 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-28737
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There's a possible overflow in handleimage when shim tries to load and execute crafted EFI executables; The handleimage function takes into account the...
Azure Linux 3.0 Security Update: shim / shim-unsigned-aarch64 (CVE-2022-28737)
The version of shim / shim-unsigned-aarch64 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-28737 advisory. - There's a possible overflow in handleimage when shim tries to load and execute crafted...
CVE-2022-28737 affecting package shim-unsigned-aarch64 for versions less than 15.8-5
CVE-2022-28737 affecting package shim-unsigned-aarch64 for versions less than 15.8-5. An upgraded version of the package is available that resolves this issue...
CVE-2022-28737 affecting package shim for versions less than 15.8-5
CVE-2022-28737 affecting package shim for versions less than 15.8-5. An upgraded version of the package is available that resolves this issue...
CVE-2022-28737 affecting package shim-unsigned-x64 for versions less than 15.8-5
CVE-2022-28737 affecting package shim-unsigned-x64 for versions less than 15.8-5. An upgraded version of the package is available that resolves this issue...
CBL Mariner 2.0 Security Update: shim / shim-unsigned-aarch64 (CVE-2022-28737)
The version of shim / shim-unsigned-aarch64 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-28737 advisory. - There's a possible overflow in handleimage when shim tries to load and execute crafted...
CVE-2022-28737 affecting package shim for versions less than 15.8-1
CVE-2022-28737 affecting package shim for versions less than 15.8-1. An upgraded version of the package is available that resolves this issue...
SUSE: Security Advisory (SUSE-SU-2024:1462-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2024:1461-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES12 Security Update : shim (SUSE-SU-2024:1462-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1462-1 advisory. - Update shim-install to set the TPM2 SRK algorithm bsc1213945 - Limit the requirement of fde-tpm-helper-macros to the distro with...
openSUSE Security Advisory (SUSE-SU-2024:1368-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : shim (SUSE-SU-2024:1368-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1368-1 advisory. - Update shim-install to set the TPM2 SRK algorithm bsc1213945 - Limit the requirement of...
AZL-41063 CVE-2022-28737 affecting package shim-unsigned-x64 for versions less than 15.8-3
There's a possible overflow in handleimage when shim tries to load and execute crafted EFI executables; The handleimage function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code...
UBUNTU-CVE-2022-28737
There's a possible overflow in handleimage when shim tries to load and execute crafted EFI executables; The handleimage function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code...
CVE-2022-28737 There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables
There's a possible overflow in handleimage when shim tries to load and execute crafted EFI executables; The handleimage function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code...
CVE-2022-28737 There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables
There's a possible overflow in handleimage when shim tries to load and execute crafted EFI executables; The handleimage function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code...
CVE-2022-28737 There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables
There's a possible overflow in handleimage when shim tries to load and execute crafted EFI executables; The handleimage function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code...
CVE-2022-28737
CVE-2022-28737 is confirmed with concrete technical details in connected records. The issue is an out-of-bounds write in the shim loading path, caused by handling of the SizeOfRawData field in EFI sections via handle_image(), leading to memory corruption and potential arbitrary code execution. Af...
SUSE SLES12 Security Update : shim (SUSE-SU-2023:2150-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2023:2150-1 advisory. - Updated shim signature after shim 15.7 be signed back: signature-sles.x8664.asc, signature-sles.aarch64.asc bsc1198458 - Add POSTPROCESSPEFLAGS=-N to...
SUSE: Security Advisory (SUSE-SU-2023:2150-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...