#ios

An update for the virt:av module is now available for Red Hat Enterprise Linux Advanced Virtualization 8.5.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3975: libvirt: segmentation fault during VM shutdown can lead to vdsm hung

ASUS P453UJ contains the Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. With a general user’s permission, local attackers can modify the BIOS by replacing or filling in the content of the designated Memory DataBuffer, which causing a failure of integrity verification and further resulting in a failure to boot.

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM.

Dell EMC PowerScale Nodes contain a hardware design flaw. This may allow a local unauthenticated user to escalate privileges. This also affects Compliance mode and for Compliance mode clusters, is a critical vulnerability. Dell EMC recommends applying the workaround at your earliest opportunity.

A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes.

A denial of service vulnerability was reported in some ThinkPad models that could cause a system to crash when the Enhanced Biometrics setting is enabled in BIOS.

Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity

The Keybase Client for Windows before version 5.7.0 contains a path traversal vulnerability when checking the name of a file uploaded to a team folder. A malicious user could upload a file to a shared folder with a specially crafted file name which could allow a user to execute an application which was not intended on their host machine. If a malicious user leveraged this issue with the public folder sharing feature of the Keybase client, this could lead to remote code execution.

Red Hat Advanced Cluster Management for Kubernetes 2.4.0 General Availability release images, which fix several bugs and security issues. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3711: openssl: SM2 Decryption Buffer Overflow * CVE-2021-3712: openssl: Read buffer overruns processing ASN.1 strings * CVE-2021-3749: nodejs-axios: Regular expression denial of service in trim function * CVE-2021-23017: nginx: Off-by-one in ngx_resolver_copy() when labels are followed ...

Visitors to pro-democracy and media sites in the region were infected with malware that could download files, steal data, and more.