Azure Linux 3.0 Security Update: shim-unsigned-aarch64 (CVE-2019-14584)

The version of shim-unsigned-aarch64 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2019-14584 advisory. - Null pointer dereference in Tianocore EDK2 May allow an authenticated user to potentially...

CVE-2021-23841 affecting package shim-unsigned-aarch64 for versions less than 15.8-5

CVE-2021-23841 affecting package shim-unsigned-aarch64 for versions less than 15.8-5. A patched version of the package is available...

CVE-2023-0215 affecting package shim-unsigned-aarch64 15-5

CVE-2023-0215 affecting package shim-unsigned-aarch64 15-5. This CVE either no longer is or was never applicable...

CVE-2023-0215 affecting package shim-unsigned-aarch64 15-5

CVE-2023-0215 affecting package shim-unsigned-aarch64 15-5. This CVE either no longer is or was never applicable...

CVE-2023-40546 affecting package shim-unsigned-aarch64 for versions less than 15.8-5

CVE-2023-40546 affecting package shim-unsigned-aarch64 for versions less than 15.8-5. An upgraded version of the package is available that resolves this issue...

CVE-2023-40549 affecting package shim-unsigned-aarch64 for versions less than 15.8-5

CVE-2023-40549 affecting package shim-unsigned-aarch64 for versions less than 15.8-5. An upgraded version of the package is available that resolves this issue...

CVE-2022-28737 affecting package shim-unsigned-aarch64 for versions less than 15.8-5

CVE-2022-28737 affecting package shim-unsigned-aarch64 for versions less than 15.8-5. An upgraded version of the package is available that resolves this issue...

CVE-2019-14584 affecting package shim-unsigned-aarch64 for versions less than 15.8-5

CVE-2019-14584 affecting package shim-unsigned-aarch64 for versions less than 15.8-5. An upgraded version of the package is available that resolves this issue...

CVE-2023-40550 affecting package shim-unsigned-aarch64 for versions less than 15.8-5

CVE-2023-40550 affecting package shim-unsigned-aarch64 for versions less than 15.8-5. An upgraded version of the package is available that resolves this issue...

CVE-2023-40548 affecting package shim-unsigned-aarch64 for versions less than 15.8-5

CVE-2023-40548 affecting package shim-unsigned-aarch64 for versions less than 15.8-5. An upgraded version of the package is available that resolves this issue...

CVE-2023-40547 affecting package shim-unsigned-aarch64 for versions less than 15.8-5

CVE-2023-40547 affecting package shim-unsigned-aarch64 for versions less than 15.8-5. An upgraded version of the package is available that resolves this issue...

Fedora: Security Advisory for shim-unsigned-aarch64 (FEDORA-2024-2aa28a4cfc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AZL-35265 CVE-2023-40550 affecting package shim-unsigned-aarch64 for versions less than 15.8-3

An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue may expose sensitive data during the system's boot phase...

AZL-35263 CVE-2023-40548 affecting package shim-unsigned-aarch64 for versions less than 15.8-3

A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This fl...

AZL-35267 CVE-2023-40547 affecting package shim-unsigned-aarch64 for versions less than 15.8-3

A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete...

AZL-40910 CVE-2022-28737 affecting package shim-unsigned-aarch64 for versions less than 15.8-3

There's a possible overflow in handleimage when shim tries to load and execute crafted EFI executables; The handleimage function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code...

Fedora: Security Advisory for shim-unsigned-aarch64 (FEDORA-2022-98830efc68)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: shim-unsigned-aarch64-15.6-1

Initial UEFI bootloader that handles chaining to a trusted full bootloader under secure boot environments...

new packages: shim-unsigned-aarch64

An update is available for shim-unsigned-aarch64. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...

AZL-40833 CVE-2019-14584 affecting package shim-unsigned-aarch64 for versions less than 15.8-3

Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access...