Summary
Go-Attestation: Hash injection into trusted measurement list via unskipped SignatureHeaderSize vendor bytes in parseEfiSignatureList()
References
Related vulnerabilities
All Supply chain →- HIGHGHSA-9PQ8-M8GP-4P53
n8n: Python sandbox escape
- HIGHGHSA-2PVR-WF23-7PC7
Astro: Host header SSRF in prerendered error page fetch
- MEDIUMGHSA-CH3Q-CW5R-F4HG
ConnectBot SSH Client Library: Unbounded SSH field lengths can cause excessive memory allocation
- HIGHGHSA-FP5J-4FJ2-4JVQ
Radius Controller May Delete a Container Resource via an Injected Deployment Annotation (Multi-Tenant Installs)
- MEDIUMGHSA-X4R9-GMW3-HXWW
GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution
- MEDIUMGHSA-HHPQ-7WG4-36JM
CakePHP Authentication: Open redirect weakness via backslash bypass