new packages: shim-unsigned-aarch64

An update is available for shim-unsigned-aarch64. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the...

GHSA-J4QF-3W33-8CGC SimpleSAMLphp Signature validation bypass

A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid...

Yelp OSXCollector Improper Certificate Validation

An issue was discovered in Yelp OSXCollector. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious...

CVE-2022-30557

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution...

CVE-2022-30557

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution...

Apple macOS Security Feature Issue Vulnerability (CNVD-2024-17859)

Apple macOS is a specialized operating system developed by Apple for Mac computers. A security signature issue vulnerability exists in Apple macOS prior to version 11.4, which originates in the Kext Management subsystem, and can be exploited by a local attacker to bypass implemented security...

The vulnerability of the microprogramming software check function for Cisco Small Business routers such as RV160, RV160W, RV260, RV260P, RV260W, RV340, RV340W, RV345, and RV345P allows attackers to install and load malicious software or execute unsigned binary files on vulnerable devices.

The vulnerability of the microprogramming software-based image verification function in Cisco Small Business RV160, RV160W, RV260, RV260P, RV260W, RV340, RV340W, RV345, and RV345P routers is related to improper verification of the cryptographic signature. Exploiting this vulnerability can allow...

OSV-2022-295 Use-of-uninitialized-value in unsigned long grk::N_SSE4::vscheduler<grk::N_SSE4::DecompressDcShiftIrrev>

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46241 Crash type: Use-of-uninitialized-value Crash state: unsigned long grk::NSSE4::vscheduler std::1::function::funcunsigned long grk::NSSE4::vschedulergrk::NSSE4:: tf::Executor::invoke...

Man-in-the-Middle (MitM)

salt is vulnerable to man in the middle attacks. The vulnerability exists because the salt masters don't sign pillar data with minion's public key which allows a malicious attacker to substitute pillar data and perform unauthorized actions...

CLSA-2022-1648142109 Fix CVE(s): CVE-2020-27762, CVE-2020-27770, CVE-2020-27760, CVE-2020-25665, CVE-2020-19667, CVE-2020-25674, CVE-2017-13144, CVE-2020-25676, CVE-2020-25664, CVE-2020-27753, CVE-2020-27750

SECURITY UPDATE: Crash if image dimensions are too large - debian/patches/CVE-2017-13144-.patch: Fix memory leak in MPC image format - CVE-2017-13144 SECURITY UPDATE: Stack-based buffer overflow - debian/patches/CVE-2020-19667.patch: Zero-out memory before use - CVE-2020-19667 SECURITY UPDATE:...

CLSA-2022-1648136411 Fix of CVE: CVE-2022-22721, CVE-2022-22719, CVE-2022-23943, CVE-2022-22720

CVE-2022-22719: modlua: error out if luareadbody or luawritebody fail - CVE-2022-22720: simpler connection close logic if discarding the request body fails - CVE-2022-22721: make sure and check that LimitXMLRequestBody fits in system memory - CVE-2022-23943: modsed: use sizet to allow for larger...

CVE-2022-22819

NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, LPC55S69JBD64, LPC55S69JBD100, and LPC55S69JEV98 microcontrollers ROM version 1B have a buffer overflow in parsing SB2 updates before the signature is verified. This can allow an attacker to achieve non-persistent code execution via a crafted...

Buffer overflow

NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, LPC55S69JBD64, LPC55S69JBD100, and LPC55S69JEV98 microcontrollers ROM version 1B have a buffer overflow in parsing SB2 updates before the signature is verified. This can allow an attacker to achieve non-persistent code execution via a crafted...

CVE-2022-22819

NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, LPC55S69JBD64, LPC55S69JBD100, and LPC55S69JEV98 microcontrollers ROM version 1B have a buffer overflow in parsing SB2 updates before the signature is verified. This can allow an attacker to achieve non-persistent code execution via a crafted...

Nxp Semiconductors Nxp Lpc55S69 安全漏洞

The Nxp Semiconductors Nxp Lpc55S69 is a development board from Nxp Semiconductors, Netherlands. It is used to add off-the-shelf add-on boards for networking, sensors, displays and other interfaces. A security vulnerability exists in the Nxp Semiconductors Nxp Lpc55S69, which originates from a...

Critical Bugs Could Let Attackers Remotely Hack, Damage APC Smart-UPS Devices

Three high-impact security vulnerabilities have been disclosed in APC Smart-UPS devices that could be abused by remote adversaries as a physical weapon to access and control them in an unauthorized manner. Collectively dubbed TLStorm, the flaws "allow for complete remote takeover of Smart-UPS...

CVE-2021-20319

An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image...

CVE-2021-20319

An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image...

Design/Logic Flaw

An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image...

CVE-2021-20319

An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image...