#ios

An update is now available for Red Hat Satellite 6.10 for RHEL 7.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2019-14853: python-ecdsa: Unexpected and undocumented exceptions during signature decoding * CVE-2019-14859: python-ecdsa: DER encoding is not being verified in signatures * CVE-2019-25025: rubygem-activerecord-session_store: hijack sessions by using timing attacks targeting the session id * CVE-2020-8130: rake: OS Command Injection via egrep in Rake::FileList * CVE-2020-8908: guava: local information disclosure via temporary directory created with unsafe permissions * CVE-2020-14343: PyYAML: incomplete fix for CVE-2020-1747 * CVE-2020-26247: rubygem-nokogiri: XML external entity injection via Nokogiri::XML::Schema * CVE-2021...

Zoho Web mail version NA is affected by an incorrect access control vulnerability. Before a domain expires one needs to configure with Zoho web mail to send mails. Upon domain expiry, the person would still be able to send mail with that account, despite losing ownership of domain.

An update for the virt:av module is now available for Red Hat Enterprise Linux Advanced Virtualization 8.5.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3975: libvirt: segmentation fault during VM shutdown can lead to vdsm hung

ASUS P453UJ contains the Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. With a general user’s permission, local attackers can modify the BIOS by replacing or filling in the content of the designated Memory DataBuffer, which causing a failure of integrity verification and further resulting in a failure to boot.

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Dell EMC PowerScale Nodes contain a hardware design flaw. This may allow a local unauthenticated user to escalate privileges. This also affects Compliance mode and for Compliance mode clusters, is a critical vulnerability. Dell EMC recommends applying the workaround at your earliest opportunity.

A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes.

A denial of service vulnerability was reported in some ThinkPad models that could cause a system to crash when the Enhanced Biometrics setting is enabled in BIOS.

Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity

The Keybase Client for Windows before version 5.7.0 contains a path traversal vulnerability when checking the name of a file uploaded to a team folder. A malicious user could upload a file to a shared folder with a specially crafted file name which could allow a user to execute an application which was not intended on their host machine. If a malicious user leveraged this issue with the public folder sharing feature of the Keybase client, this could lead to remote code execution.