"AMD plans to release the Platform Initialization (PI) firmware version indicated below. " The release scheduled is mentioned there:

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html

It also depends of the AGESA update process for some motherboards.

• KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932

As mentioned in this toot, it seems the group name is ESX Admins and not ESXi Admins.

The timeline on https://bugzilla.tianocore.org/show_bug.cgi?id=3387 is interesting:

• 2021-05-10 16:43 UTC - Bug reported by John Mathews
• 2021-07-07 14:02:27 - Working patch mentioned by Vincent Zimmer (and also recommends the need of a CVE)
• 2022-05-10 21:04:45 UTC "Blackduck has this CVE in their database so this CVE is being flagged for all edk2 products that are scanned."
• 2022-06-14 05:52:10 UTC - Patch doesn't build.
• 2022-11-04 - Patch merged in the repo https://github.com/tianocore/edk2/commit/cab1f02565d3b29081dd21afb074f35fdb4e1fd6

But the vulnerability was published 2022-03-03 21:53 or is the timeline incorrect?

Additional information from CSIRT/CERTs about Cisco Secure Email Gateway vulnerability

• IE
• FI
• SE
• ES

Exploited Unauthenticated RCE Vulnerability CVE-2023-6548 in Citrix NetScaler ADC and NetScaler Gateway

New intelligence shows that exploitation of this RCE vulnerability does not require authentication

https://digital.nhs.uk/cyber-alerts/2024/cc-4525

The NHS England National Cyber Security Operations Centre (CSOC) is aware of intelligence provided by CrowdStrike that contrary to Citrix’s initial disclosure, the vulnerability known as CVE-2023-6548 does not require user privileges for exploitation. NHS England National CSOC now assesses CVE-2023-6548 as a critical vulnerability that can allow a remote, unauthenticated attacker to execute remote code on a vulnerable NetScaler Gateway or NetScaler ADC device.

CVE-2023-6548 has two different CVSSv3 scores attributed to it. The NIST National Vulnerability Database (NVD) has classified it as having a score of 8.8, while Citrix rates the vulnerability at 5.5. The weakness is Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway and could allow a remote, unauthenticated attacker with access to the management interface to execute arbitrary code.

Detecting script in Postscript - if you run a vulnerable version of Ghostscript

https://codeanlabs.com/wp-content/uploads/2024/06/CVE-2024-29510_testkit.ps

ghostscript -q -dNODISPLAY -dBATCH CVE-2024-29510_testkit.ps

For more details about the vulnerability https://codeanlabs.com/blog/research/cve-2024-29510-ghostscript-format-string-exploitation/

Reference to the patch: https://ghostscript.readthedocs.io/en/gs10.03.1/News.html?utm_source=ghostscript&utm_medium=website&utm_content=inline-link#Version10.03.1

CVE-2024-6387 HASSH Fingerprints

HASSH fingerprints for identifying OpenSSH servers potentially vulnerable to CVE-2024-6387 (regreSSHion).

The primary goal of this repository is to share the generated HASSH fingerprint database. The scripts use the Shodan API to compile a list of HASSH fingerprints for vulnerable OpenSSH versions. The generated database can be used to query Shodan or Censys to identify potentially vulnerable OpenSSH servers. The hasshdb.txt database can also be used with my Nmap NSE script available at hassh-utils.

from: https://github.com/0x4D31/cve-2024-6387_hassh

The most important part of this CSAF entry "Currently, no products are known to be affected. " It could be changed soon depending of the findings.