EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.

Security Fix(es):

edk2: Function GetEfiGlobalVariable2() return value not checked in DxeImageVerificationHandler() (CVE-2019-14560)
openssl: Possible DoS translating ASN.1 object identifiers (CVE-2023-2650)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References

access.redhat.com/errata/RHSA-2023:6330

access.redhat.com/security/cve/CVE-2019-14560

access.redhat.com/security/cve/CVE-2023-2650

bugzilla.redhat.com/1858038

bugzilla.redhat.com/2207947

errata.almalinux.org/9/ALSA-2023-6330.html

almalinux 2

redhat 4

oraclelinux 2

debiancve 2

nessus 73

cve 2

redhatcve 2

osv 8

ubuntucve 2

openvas 55

cloudlinux 1

cbl_mariner 5

freebsd 1

mageia 1

ibm 18

cvelist 1

githubexploit 1

amazon 3

redos 1

openssl 1

slackware 1

veracode 1

cgr 1

f5 1

prion 1

broadcom 1

ubuntu 3

alpinelinux 1

wolfi 1

cloudfoundry 1

debian 2

almalinux

Moderate: edk2 security, bug fix, and enhancement update

2023-11-07 00:00:00

Moderate: edk2 security and bug fix update

2023-11-14 00:00:00

redhat

(RHSA-2023:6330) Moderate: edk2 security, bug fix, and enhancement update

2023-11-07 06:02:04

(RHSA-2023:6919) Moderate: edk2 security and bug fix update

2023-11-14 08:40:18

(RHSA-2024:0408) Moderate: edk2 security update

2024-01-24 14:40:19

oraclelinux

edk2 security, bug fix, and enhancement update

2023-11-11 00:00:00

edk2 security and bug fix update

2023-11-17 00:00:00

debiancve

CVE-2019-14560

2023-02-28 19:15:00

CVE-2023-2650

2023-05-30 14:15:09

nessus

CentOS 8 : edk2 (CESA-2023:6919)

2023-11-14 00:00:00

Oracle Linux 8 : edk2 (ELSA-2023-6919)

2023-11-21 00:00:00

RHEL 8 : edk2 (RHSA-2023:6919)

2023-11-14 00:00:00

cve

CVE-2019-14560

2023-02-28 19:15:13

CVE-2023-2650

2023-05-30 14:15:09

redhatcve

CVE-2019-14560

2020-07-16 21:07:36

CVE-2023-2650

2023-05-30 15:11:50

osv

Moderate: edk2 security and bug fix update

2023-11-14 00:00:00

openssl vulnerability

2023-06-22 14:53:11

CVE-2023-2650

2023-05-30 14:15:09

ubuntucve

CVE-2019-14560

2019-12-31 00:00:00

CVE-2023-2650

2023-05-30 00:00:00

openvas

SUSE: Security Advisory (SUSE-SU-2023:1968-1)

2023-04-25 00:00:00

SUSE: Security Advisory (SUSE-SU-2023:1921-1)

2023-04-20 00:00:00

SUSE: Security Advisory (SUSE-SU-2023:1958-1)

2023-04-24 00:00:00

cloudlinux

openssl: Fix of CVE-2023-2650

2023-06-20 13:49:26

cbl_mariner

CVE-2023-2650 affecting package openssl 1.1.1k-15

2023-06-27 21:25:25

CVE-2023-2650 affecting package edk2 for versions less than 20230301gitf80f052277c8-37

2023-11-08 02:07:28

CVE-2023-2650 affecting package kata-containers-cc for versions less than 0.4.1-2

2024-06-01 21:07:45

freebsd

OpenSSL -- Possible DoS translating ASN.1 identifiers

2023-05-30 00:00:00

mageia

Updated openssl packages fix security vulnerability

2023-06-08 22:34:59

ibm

Security Bulletin: IBM MQ is affected by a denial of service vulnerability in OpenSSL (CVE-2023-2650)

2023-09-05 17:56:17

Security Bulletin: IBM MQ Appliance potentially vulnerable to a denial of service (CVE-2023-2650)

2023-08-31 23:59:31

Security Bulletin: IBM MQ is affected by OpenSSL vulnerability (CVE-2023-2650)

2023-08-31 15:28:15

cvelist

CVE-2023-2650 Possible DoS translating ASN.1 object identifiers

2023-05-30 13:40:11

githubexploit

Exploit for Allocation of Resources Without Limits or Throttling in Openssl

2023-06-05 17:40:59

amazon

Medium: openssl11

2023-06-21 19:11:00

Medium: openssl

2023-06-05 16:39:00

Medium: openssl

2023-06-05 16:39:00

redos

ROS-20230621-05

2023-06-21 00:00:00

openssl

Vulnerability in OpenSSL CVE-2023-2650

2023-05-30 00:00:00

slackware

[slackware-security] openssl

2023-05-31 01:33:48

veracode

Denial Of Service (DoS)

2023-06-05 02:04:40

cgr

CVE-2023-2650 vulnerabilities

2024-05-19 03:07:16

K000135178 : OpenSSL vulnerability CVE-2023-2650

2023-06-22 00:00:00

prion

Authentication flaw

2023-05-30 14:15:00

broadcom

Possible DoS translating ASN.1 object identifiers (CVE-2023-2650)

2024-04-17 00:00:00

ubuntu

OpenSSL vulnerability

2023-06-22 00:00:00

OpenSSL vulnerabilities

2023-05-30 00:00:00

Node.js vulnerabilities

2024-03-04 00:00:00

alpinelinux

CVE-2023-2650

2023-05-30 14:15:09

wolfi

CVE-2023-2650 vulnerabilities

2024-06-01 21:07:39

cloudfoundry

USN-6119-1: OpenSSL vulnerabilities | Cloud Foundry

2023-06-30 00:00:00

debian

[SECURITY] [DLA 3449-1] openssl security update

2023-06-08 16:32:59

[SECURITY] [DSA 5417-1] openssl security update

2023-05-31 14:50:37

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.2%

JSON

Related for OSV:ALSA-2023:6330