Количество 14
Количество 14
CVE-2023-40547
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.
CVE-2023-40547
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.
CVE-2023-40547
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully.
CVE-2023-40547
Redhat: CVE-2023-40547 Shim - RCE in HTTP boot support may lead to secure boot bypass
CVE-2023-40547
A remote code execution vulnerability was found in Shim. The Shim boot ...
GHSA-qjqj-4cq6-6f2f
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise.
BDU:2024-00725
Уязвимость UEFI-загрузчика shim, существующая из-за непринятия мер по нейтрализации специальных элементов, позволяющая нарушителю выполнить произвольный код
ELSA-2024-1959
ELSA-2024-1959: shim security update (IMPORTANT)
ELSA-2024-1903
ELSA-2024-1903: shim bug fix update (IMPORTANT)
ELSA-2024-1902
ELSA-2024-1902: shim security update (IMPORTANT)
SUSE-SU-2024:1462-1
Security update for shim
SUSE-SU-2024:1461-1
Security update for shim
SUSE-SU-2024:1368-1
Security update for shim
ROS-20240411-07
Множественные уязвимости shim
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-40547 A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully. | CVSS3: 8.3 | 4% Низкий | больше 1 года назад |
 | CVE-2023-40547 A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully. | CVSS3: 8.3 | 4% Низкий | больше 1 года назад |
 | CVE-2023-40547 A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this vulnerability successfully. | CVSS3: 8.3 | 4% Низкий | больше 1 года назад |
 | CVE-2023-40547 Redhat: CVE-2023-40547 Shim - RCE in HTTP boot support may lead to secure boot bypass | CVSS3: 8.3 | 4% Низкий | около 1 месяца назад |
| CVE-2023-40547 A remote code execution vulnerability was found in Shim. The Shim boot ... | CVSS3: 8.3 | 4% Низкий | больше 1 года назад |
| GHSA-qjqj-4cq6-6f2f A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. | CVSS3: 8.3 | 4% Низкий | больше 1 года назад |
 | BDU:2024-00725 Уязвимость UEFI-загрузчика shim, существующая из-за непринятия мер по нейтрализации специальных элементов, позволяющая нарушителю выполнить произвольный код | CVSS3: 8.3 | 4% Низкий | больше 1 года назад |
| ELSA-2024-1959 ELSA-2024-1959: shim security update (IMPORTANT) | около 1 года назад | ||
| ELSA-2024-1903 ELSA-2024-1903: shim bug fix update (IMPORTANT) | около 1 года назад | ||
| ELSA-2024-1902 ELSA-2024-1902: shim security update (IMPORTANT) | около 1 года назад | ||
 | SUSE-SU-2024:1462-1 Security update for shim | около 1 года назад | ||
| SUSE-SU-2024:1461-1 Security update for shim | около 1 года назад | ||
| SUSE-SU-2024:1368-1 Security update for shim | около 1 года назад | ||
 | ROS-20240411-07 Множественные уязвимости shim | CVSS3: 8.3 | около 1 года назад |
Уязвимостей на страницу