AZL-50342 CVE-2024-47661 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid overflow from uint32t to uint8t WHAT & HOW dmubrbcmd's rampingboundary has size of uint8t and it is assigned 0xFFFF. Fix it by changing it to uint8t with value of 0xFF. This fixes 2 INTEGEROVERFLOW issues...

kernel: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Avoid test/setbit operating in non-allocated memory There is a potential out-of-bounds access when using testbit on a single word. The testbit and setbit functions operate on long values, and when testing or settin...

CLSA-2024-1726773716 Fix CVE(s): CVE-2024-21011, CVE-2024-21068, CVE-2024-21085, CVE-2024-21094

Backport upstream's fixes from OpenJDK 8u412 release. - CVE-2024-21011: possible crash on long exception message in Hotspot. - CVE-2024-21068: incorrect applying an unsigned integer left shift in Hotspot. - CVE-2024-21085: incorrect memory size validation by the NativeUnpack class. -...

CLSA-2024-1726773559 Fix of 5 CVEs

Backport upstream's fixes from OpenJDK 11.0.23 release. - CVE-2024-21011: possible crash on long exception message in Hotspot. - CVE-2024-21012: incorrect performing a reverse DNS query in ConnectionPool class. - CVE-2024-21068: incorrect applying an unsigned integer left shift in Hotspot. -...

CVE-2024-42501

An authenticated Path Traversal vulnerabilities exists in the ArubaOS. Successful exploitation of this vulnerability allows an attacker to install unsigned packages on the underlying operating system, enabling the threat actor to execute arbitrary code or install implants...

CVE-2024-42501 Authenticated Path Traversal Vulnerability Leads to a Remote Command Execution (RCE)

An authenticated Path Traversal vulnerabilities exists in the ArubaOS. Successful exploitation of this vulnerability allows an attacker to install unsigned packages on the underlying operating system, enabling the threat actor to execute arbitrary code or install implants...

CVE-2024-42501 Authenticated Path Traversal Vulnerability Leads to a Remote Command Execution (RCE)

An authenticated Path Traversal vulnerabilities exists in the ArubaOS. Successful exploitation of this vulnerability allows an attacker to install unsigned packages on the underlying operating system, enabling the threat actor to execute arbitrary code or install implants...

CVE-2024-42501

ArubaOS is affected by an authenticated Path Traversal vulnerability (CVE-2024-42501). The issue allows a remote attacker, with network access and high privileges, to install unsigned packages on the underlying OS and execute arbitrary code or implant software. The vulnerability source is ArubaOS...

ArubaOS 安全漏洞

ArubaOS is an operating system for Aruba Mobility-Defined Networks including Mobility Controllers and Mobility Access Switches from Aruba, USA. A security vulnerability exists in ArubaOS. An attacker could exploit the vulnerability by installing unsigned software packages on the underlying...

RHSA-2022:5099 Red Hat Security Advisory: grub2, mokutil, shim, and shim-unsigned-x64 security update

Bulletin has no description...

RHSA-2022:5095 Red Hat Security Advisory: grub2, mokutil, shim, and shim-unsigned-x64 security update

Bulletin has no description...

RHSA-2022:5096 Red Hat Security Advisory: grub2, mokutil, shim, and shim-unsigned-x64 security update

Bulletin has no description...

CBL Mariner 2.0 Security Update: shim / shim-unsigned-aarch64 / shim-unsigned-x64 (CVE-2023-40548)

The version of shim / shim-unsigned-aarch64 / shim-unsigned-x64 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-40548 advisory. - A buffer overflow was found in Shim in the 32-bit system. The...

CBL Mariner 2.0 Security Update: shim / shim-unsigned-aarch64 / shim-unsigned-x64 (CVE-2023-40549)

The version of shim / shim-unsigned-aarch64 / shim-unsigned-x64 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-40549 advisory. - An out-of-bounds read flaw was found in Shim due to the lack of...

CVE-2024-45281

SAP BusinessObjects Business Intelligence Platform allows a high privilege user to run client desktop applications even if some of the DLLs are not digitally signed or if the signature is broken. The attacker needs to have local access to the vulnerable system to perform DLL related tasks. This...

SAP BusinessObjects Business Intelligence Platform 代码问题漏洞

SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and quickly and...

CVE-2023-40550 affecting package shim-unsigned-x64 for versions less than 15.8-1

CVE-2023-40550 affecting package shim-unsigned-x64 for versions less than 15.8-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-40548 affecting package shim-unsigned-x64 for versions less than 15.8-1

CVE-2023-40548 affecting package shim-unsigned-x64 for versions less than 15.8-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-40546 affecting package shim-unsigned-x64 for versions less than 15.8-1

CVE-2023-40546 affecting package shim-unsigned-x64 for versions less than 15.8-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-40547 affecting package shim-unsigned-x64 for versions less than 15.8-1

CVE-2023-40547 affecting package shim-unsigned-x64 for versions less than 15.8-1. An upgraded version of the package is available that resolves this issue...