Lucene search
K

64 matches found

nessus
nessus
added 2025/03/05 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-28737

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There's a possible overflow in handleimage when shim tries to load and execute crafted EFI executables; The handleimage function takes into account the...

7.8CVSS7.5AI score0.00332EPSS
Exploits0References3
nessus
nessus
added 2025/02/10 12:0 a.m.7 views

Azure Linux 3.0 Security Update: shim / shim-unsigned-aarch64 (CVE-2022-28737)

The version of shim / shim-unsigned-aarch64 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-28737 advisory. - There's a possible overflow in handleimage when shim tries to load and execute crafted...

7.8CVSS7.6AI score0.00332EPSS
Exploits0References2
cbl_mariner
cbl_mariner
added 2024/12/06 4:2 p.m.7 views

CVE-2022-28737 affecting package shim-unsigned-aarch64 for versions less than 15.8-5

CVE-2022-28737 affecting package shim-unsigned-aarch64 for versions less than 15.8-5. An upgraded version of the package is available that resolves this issue...

7.8CVSS6.7AI score0.00332EPSS
Exploits0
cbl_mariner
cbl_mariner
added 2024/12/06 3:52 p.m.5 views

CVE-2022-28737 affecting package shim for versions less than 15.8-5

CVE-2022-28737 affecting package shim for versions less than 15.8-5. An upgraded version of the package is available that resolves this issue...

7.8CVSS6.7AI score0.00332EPSS
Exploits0
cbl_mariner
cbl_mariner
added 2024/12/06 3:52 p.m.15 views

CVE-2022-28737 affecting package shim-unsigned-x64 for versions less than 15.8-5

CVE-2022-28737 affecting package shim-unsigned-x64 for versions less than 15.8-5. An upgraded version of the package is available that resolves this issue...

7.8CVSS6.7AI score0.00332EPSS
Exploits0
nessus
nessus
added 2024/09/12 12:0 a.m.15 views

CBL Mariner 2.0 Security Update: shim / shim-unsigned-aarch64 (CVE-2022-28737)

The version of shim / shim-unsigned-aarch64 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-28737 advisory. - There's a possible overflow in handleimage when shim tries to load and execute crafted...

7.8CVSS7.7AI score0.00332EPSS
Exploits0References2
cbl_mariner
cbl_mariner
added 2024/09/03 11:12 a.m.25 views

CVE-2022-28737 affecting package shim for versions less than 15.8-1

CVE-2022-28737 affecting package shim for versions less than 15.8-1. An upgraded version of the package is available that resolves this issue...

7.8CVSS7AI score0.00332EPSS
Exploits0
openvas
openvas
added 2024/05/07 12:0 a.m.20 views

SUSE: Security Advisory (SUSE-SU-2024:1462-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.3CVSS7.3AI score0.04852EPSS
Exploits0References15
openvas
openvas
added 2024/05/07 12:0 a.m.20 views

SUSE: Security Advisory (SUSE-SU-2024:1461-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.3CVSS7.3AI score0.04852EPSS
Exploits0References15
nessus
nessus
added 2024/04/30 12:0 a.m.36 views

SUSE SLES12 Security Update : shim (SUSE-SU-2024:1462-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1462-1 advisory. - Update shim-install to set the TPM2 SRK algorithm bsc1213945 - Limit the requirement of fde-tpm-helper-macros to the distro with...

8.3CVSS7.1AI score0.04852EPSS
Exploits0References27
openvas
openvas
added 2024/04/23 12:0 a.m.31 views

openSUSE Security Advisory (SUSE-SU-2024:1368-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.3CVSS7.3AI score0.04852EPSS
Exploits0References15
nessus
nessus
added 2024/04/23 12:0 a.m.36 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : shim (SUSE-SU-2024:1368-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1368-1 advisory. - Update shim-install to set the TPM2 SRK algorithm bsc1213945 - Limit the requirement of...

8.3CVSS7.1AI score0.04852EPSS
Exploits0References27
osv
osv
added 2023/07/20 1:15 a.m.13 views

AZL-41063 CVE-2022-28737 affecting package shim-unsigned-x64 for versions less than 15.8-3

There's a possible overflow in handleimage when shim tries to load and execute crafted EFI executables; The handleimage function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code...

7.8CVSS7.4AI score0.00332EPSS
Exploits0References1
osv
osv
added 2023/07/20 1:15 a.m.4 views

UBUNTU-CVE-2022-28737

There's a possible overflow in handleimage when shim tries to load and execute crafted EFI executables; The handleimage function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code...

7.8CVSS7.4AI score0.00332EPSS
Exploits0References4
cvelist
cvelist
added 2023/07/20 12:26 a.m.20 views

CVE-2022-28737 There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables

There's a possible overflow in handleimage when shim tries to load and execute crafted EFI executables; The handleimage function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code...

6.5CVSS8.3AI score0.00332EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2023/07/20 12:26 a.m.15 views

CVE-2022-28737 There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables

There's a possible overflow in handleimage when shim tries to load and execute crafted EFI executables; The handleimage function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code...

6.5CVSS7.5AI score0.00332EPSS
Exploits0References2
osv
osv
added 2023/07/20 12:26 a.m.24 views

CVE-2022-28737 There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables

There's a possible overflow in handleimage when shim tries to load and execute crafted EFI executables; The handleimage function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code...

6.5CVSS7.3AI score0.00332EPSS
Exploits0References5
cve
cve
added 2023/07/20 12:26 a.m.563 views

CVE-2022-28737

CVE-2022-28737 is confirmed with concrete technical details in connected records. The issue is an out-of-bounds write in the shim loading path, caused by handling of the SizeOfRawData field in EFI sections via handle_image(), leading to memory corruption and potential arbitrary code execution. Af...

7.8CVSS7.6AI score0.00332EPSS
Exploits0References2Affected Software1
nessus
nessus
added 2023/05/13 12:0 a.m.23 views

SUSE SLES12 Security Update : shim (SUSE-SU-2023:2150-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2023:2150-1 advisory. - Updated shim signature after shim 15.7 be signed back: signature-sles.x8664.asc, signature-sles.aarch64.asc bsc1198458 - Add POSTPROCESSPEFLAGS=-N to...

7.8CVSS7.2AI score0.00332EPSS
Exploits0References15
openvas
openvas
added 2023/05/10 12:0 a.m.10 views

SUSE: Security Advisory (SUSE-SU-2023:2150-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.4AI score0.00332EPSS
Exploits0References15
Rows per page
Query Builder