Critical Boot Loader Vulnerability in Shim Impacts Nearly All Linux Distros

The maintainers of shim have released version 15.8 to address six security flaws, including a critical bug that could pave the way for remote code execution under specific circumstances. Tracked as CVE-2023-40547 CVSS score: 9.8, the vulnerability could be exploited to achieve a Secure Boot bypas...

CVE-2023-33069

Memory corruption in Audio while processing the calibration data returned from ACDB loader...

Memory corruption

Memory corruption in Audio while processing the calibration data returned from ACDB loader...

CVE-2023-33069 Buffer Copy Without Checking Size of Input in Audio

Memory corruption in Audio while processing the calibration data returned from ACDB loader...

CVE-2023-33069 Buffer Copy Without Checking Size of Input in Audio

Memory corruption in Audio while processing the calibration data returned from ACDB loader...

CVE-2023-33069

CVE-2023-33069 concerns a memory corruption vulnerability in the Audio path when processing calibration data returned from the ACDB loader, observed in Qualcomm chipsets. Affected component is the Audio subsystem responsible for calibration data handling; root cause is memory mismanagement during...

PT-2024-12394 · Qualcomm · 9206 Lte Modem Firmware +106

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves memory corruption in the Audio component when processing calibration data returned from the ACDB loader. No information is provided...

OESA-2024-1119 shim security update

Initial UEFI bootloader that handles chaining to a trusted full \ bootloader under secure boot environments. Security Fixes: A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker...

Icons Font Loader < 1.1.5 - Authenticated(Administrator+) Arbitrary File Upload

Description The Icons Font Loader plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in versions up to, and including, 1.1.4. This makes it possible for authenticated attackers, with administrator access and above, to upload...

WordPress Icons Font Loader Plugin <= 1.1.4 is vulnerable to Arbitrary File Upload

Software Icons Font Loader Type Plugin Vulnerable versions = 1.1.4 Fixed in 1.1.5 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-24714 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID 8add145a8567 Credits Vulzap Required privilege Administrator...

Advisory ROSA-SA-2024-2332

Software: glibc 2.28 OS: ROSA Virtualization 2.1 packageevrstring: glibc-2.28-225.rv3.src.rpm CVE-ID: CVE-2023-4527 BDU-ID: 2023-06332 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the getaddrinfo function of the glibc system library is related to reading data outside of buffer boundaries in...

DEBIAN-CVE-2023-40549

An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service...

Malicious code in o2-ionic-image-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1d248abb658f1d8182b04e7135dedf8d2d25735b9f551142b202be9044280580 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in o2-ionic-image-loader-v7 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c645fd90c285367a338c640179963eff4cec0a670e47392a050ca826671442bd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-941 Malicious code in o2-ionic-image-loader-v7 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c645fd90c285367a338c640179963eff4cec0a670e47392a050ca826671442bd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Red Hat Shim Security Breach

Red Hat Shim is a simple software package from Red Hat. It is intended to be used as a first-stage boot loader on UEFI systems. A security vulnerability exists in Red Hat Shim that stems from an out-of-bounds read issue, which could result in the exposure of sensitive data during the system boot...

CVE-2022-48622

In GNOME GdkPixbuf aka gdk-pixbuf through 2.42.10, the ANI Windows animated cursor decoder encounters heap memory corruption in aniloadchunk in io-ani.c when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or...

PT-2024-15922

Name of the Vulnerable Software and Affected Versions van der Schaar LAB synthcity version 0.2.9 Description A critical issue has been found in the function load from file of the component PKL File Handler, leading to deserialization. The attack may be launched remotely. The vendor was contacted...

Publitas: CVE-2018-6389 exploitation - using scripts loader

An unauthenticated denial of service vulnerability in WordPress was discovered, tracked as CVE-2018-6389. By requesting a large number of JavaScript files through the load-scripts.php endpoint, an attacker could consume excessive resources on the server. This vulnerability could allow denial of...

Moderate: Red Hat Security Advisory: grub2 security update

An update for grub2 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...