kernel: efi: Do not import certificates from UEFI Secure Boot for T2 Macs

In the Linux kernel, the following vulnerability has been resolved: efi: Do not import certificates from UEFI Secure Boot for T2 Macs On Apple T2 Macs, when Linux attempts to read the db and dbx efi variables at early boot to load UEFI Secure Boot certificates, a page fault occurs in Apple firmwa...

Nginx UI Path Traversal Vulnerability

Nginx UI is a WebUI for Nginx by Jacky Personal Developer. A path traversal vulnerability exists in versions of Nginx UI prior to 2.0.0.beta.12, which stems from the Import Certificates feature that allows arbitrary writes, which does not check if user-supplied input is a certificate or key, and...

MailMate Resource Management Error Vulnerability

MailMate is a macOS-based IMAP email client. A resource management error vulnerability exists in MailMate versions prior to 1.11, which stems from the program automatically importing S/MIME certificates and replacing pre-existing certificates by default. An attacker can exploit this vulnerability...

CVE-2018-9867

In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Ge...

CVE-2017-17541

A Cross-site Scripting XSS vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature...