Microsoft-signed UEFI shim bootloaders vulnerable to Secure Boot bypass

Overview Microsoft-signed UEFI bootloaders of the open-source shim project, primarily from version 0.9 and earlier, were identified as vulnerable to Secure Boot bypass. To mitigate this risk, the affected bootloaders will be added to the Microsoft UEFI Forbidden Signature Database DBX. Once the D...

Astra Linux - уязвимость в linux

The Linux kernel up to version 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database also known as dbx protection mechanism. This issue affects the certs/blacklist.c and certs/systemkeyring.c files...

Unity Linux 20.1060e / 20.1070e Security Update: clamav (UTSA-2026-017365)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017365 advisory. A vulnerability in the regex module used by the signature database load module of Clam AntiVirus ClamAV versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and...

VULNEXPO

🔥 VULNEXPO — Vulnerability Detection & Exploitation Framework...

EUVD-2020-28339

Malware in sbrugna...

CVE-2024-8105

A flaw was found in PKfail, a firmware supply-chain issue affecting hundreds of device models in the UEFI ecosystem. The Secure Boot "master key," known as the Platform Key, which manages the Secure Boot databases and maintains the chain of trust from firmware to the operating system, is often no...

USN-6568-1: ClamAV update

The ClamAV package was updated to a new upstream version to remain compatible with signature database downloads...

Microsoft Guidance for Addressing Security Feature Bypass in Trend Micro EFI Modules

Trend Micro has released CVE-2023-28005 to address a secure boot bypass. Subsequently Microsoft has released the July Windows security updates to block the vulnerable UEFI modules by using the DBX UEFI Secure Boot Forbidden Signature Database disallow list. To exploit this vulnerability, an...

SUSE CVE-2022-20792

A vulnerability in the regex module used by the signature database load module of Clam AntiVirus ClamAV versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly gain code execution...

August 9, 2022—KB5016627 (OS Build 20348.887)

August 9, 2022—KB5016627 OS Build 20348.887 NEW 8/26/22IMPORTANT Microsoft released KB5012170 on August 9, 2022. It provides support for Secure Boot Forbidden Signature Database DBX. This is a standalone, security update. Windows 8.1 and newer clients and Windows Server 2012 and newer servers mus...

August 9, 2022—KB5016681 (Monthly Rollup)

August 9, 2022—KB5016681 Monthly Rollup IMPORTANT Microsoft released update KB5012170 on August 9, 2022. It provides support for Secure Boot Forbidden Signature Database DBX. This is a standalone, security update. Windows 8.1 and newer clients and Windows Server 2012 and newer servers must instal...

August 9, 2022—KB5016683 (Security-only update)

August 9, 2022—KB5016683 Security-only update IMPORTANT Microsoft released update KB5012170 on August 9, 2022. It provides support for Secure Boot Forbidden Signature Database DBX. This is a standalone, security update. Windows 8.1 and newer clients and Windows Server 2012 and newer servers must...

Security update for the Linux Kernel (important)

openSUSE Security Update: Security update for the Linux Kernel Announcement ID: openSUSE-SU-2022:2177-1 Rating: important References: 1055117 1061840 1065729 1103269 1118212 1153274 1154353 1156395 1158266 1167773 1176447 1177282 1178134 1180100 1183405 1188885 1195826 1196426 1196478 1196570...

DEBIAN-CVE-2022-20792

A vulnerability in the regex module used by the signature database load module of Clam AntiVirus ClamAV versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly gain code execution...

Heap overflow

A vulnerability in the regex module used by the signature database load module of Clam AntiVirus ClamAV versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly gain code execution...

CVE-2022-20792

A vulnerability in the regex module used by the signature database load module of Clam AntiVirus ClamAV versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly gain code execution...

SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2377-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2377-1 advisory. - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database aka dbx protection...

USN-5423-2: ClamAV vulnerabilities

USN-5423-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Original advisory details: Michał Dardas discovered that ClamAV incorrectly handled parsing CHM files. A remote attacker could possibly use this issue to cause...

USN-5423-2 clamav vulnerabilities

USN-5423-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Original advisory details: Michał Dardas discovered that ClamAV incorrectly handled parsing CHM files. A remote attacker could possibly use this issue to cause...

USN-5423-1 clamav vulnerabilities

Michał Dardas discovered that ClamAV incorrectly handled parsing CHM files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. CVE-2022-20770 Michał Dardas discovered that ClamAV incorrectly handled parsing TIFF files. A remote...