shim security update

An update is available for shim-unsigned-aarch64. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The shim package contains a first-stage UEFI boot loader that...

OESA-2021-1148 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

CVE-2021-31532

NXP LPC55S6x microcontrollers 0A and 1B, i.MX RT500 silicon rev B1 and B2, i.MX RT600 silicon rev A0, B0, LPC55S6x, LPC55S2x, LPC552x silicon rev 0A, 1B, LPC55S1x, LPC551x silicon rev 0A and LPC55S0x, LPC550x silicon rev 0A include an undocumented ROM patch peripheral that allows unsigned,...

PT-2024-11061 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to an offset overflow in the index converting function idx to offset in the Linux kernel's tools/power turbostat. The function returns a 32-bit signed integer, but...

Fedora: Security Advisory for shim-unsigned-x64 (FEDORA-2021-f6c91e2b75)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2021-26807

GalaxyClient version 2.0.28.9 loads unsigned DLLs such as zlib1.dll, libgccsdw2-1.dll and libwinpthread-1.dll from PATH, which allows an attacker to potentially run code locally through unsigned DLL loading...

CVE-2021-26807

GalaxyClient version 2.0.28.9 loads unsigned DLLs such as zlib1.dll, libgccsdw2-1.dll and libwinpthread-1.dll from PATH, which allows an attacker to potentially run code locally through unsigned DLL loading...

Design/Logic Flaw

GalaxyClient version 2.0.28.9 loads unsigned DLLs such as zlib1.dll, libgccsdw2-1.dll and libwinpthread-1.dll from PATH, which allows an attacker to potentially run code locally through unsigned DLL loading...

CVE-2021-26807

GalaxyClient version 2.0.28.9 loads unsigned DLLs such as zlib1.dll, libgccsdw2-1.dll and libwinpthread-1.dll from PATH, which allows an attacker to potentially run code locally through unsigned DLL loading...

Boost Connect community Galaxy Client 代码问题漏洞

Boost Connect community Galaxy Client is a Boost Connect community open source application. It provides a function to remove unused PC programs. A code issue vulnerability exists in Galaxy Client 2.0.28.9, which can be exploited by an attacker to potentially run code locally via an unsigned DLL...

[SECURITY] Fedora 33 Update: shim-unsigned-x64-15.4-5.fc33

Initial UEFI bootloader that handles chaining to a trusted full bootloader under secure boot environments...

OSV-2021-703 Container-overflow in unsigned long jsoncons::detail::escape_string<char, jsoncons::string_sink<std::_

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33781 Crash type: Container-overflow READ 1 Crash state: unsigned long jsoncons::detail::escapestring::key...

[SECURITY] Fedora 34 Update: shim-unsigned-aarch64-15.4-1.fc34

Initial UEFI bootloader that handles chaining to a trusted full bootloader under secure boot environments...

SUSE: Security Advisory (SUSE-SU-2018:4127-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2017:2344-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2017:2040-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2021-7995 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a buffer overflow in the io provide buffers prep function, which could allow a remote attacker to impact the confidentiality, integrity, and availability of dat...

GO-2020-0050 XML digital signature validation bypass in github.com/russellhaering/goxmldsig

Due to the behavior of encoding/xml, a crafted XML document may cause XML Digital Signature validation to be entirely bypassed, causing an unsigned document to appear signed...

GO-2021-0060 Authentication bypass in github.com/russellhaering/gosaml2

Due to the behavior of encoding/xml, a crafted XML document may cause XML Digital Signature validation to be entirely bypassed, causing an unsigned document to appear signed...

CVE-2021-28460

Azure Sphere Unsigned Code Execution Vulnerability...