39 matches found
USN-7894-2: EDK II regression
USN-7894-1 fixed vulnerabilities in EDK II. The update introduced a regression in the UEFI network boot. This update reverts the corresponding fixes for CVE-2023-45236 and CVE-2023-45237 pending further investigation. We apologize for the inconvenience. Original advisory details: It was discovere...
CLSA-2025-1764062286 edk2: Fix of 2 CVEs
CVE-2023-45236: fix TCP Initial Sequence Number generation in NetworkPkg to prevent predictable sequence numbers - CVE-2023-45237: fix weak pseudo-random number generator in NetworkPkg to prevent predictable TCP sequence numbers...
Huawei EulerOS: Security Advisory for edk2 (EulerOS-SA-2025-1470)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RockyLinux 8 : edk2 (RLSA-2024:5297)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:5297 advisory. edk2: Predictable TCP Initial Sequence Numbers CVE-2023-45236 edk2: Use of a Weak PseudoRandom Number Generator CVE-2023-45237 edk2: Temporary DoS...
Linux Distros Unpatched Vulnerability : CVE-2023-45236
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized acce...
SUSE SLES15 Security Update : ovmf (SUSE-SU-2025:0690-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0690-1 advisory. - PXE boot is failing due to patches applied to fix CVE-2023-45236 and CVE-2023-45237 bsc1237084. Tenable has extracted the precedi...
SUSE: Security Advisory (SUSE-SU-2025:0690-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for ovmf
This update for ovmf fixes the following issues: PXE boot is failing due to patches applied to fix CVE-2023-45236 and CVE-2023-45237 bsc1237084. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively yo...
SUSE-SU-2025:0690-1 Security update for ovmf
This update for ovmf fixes the following issues: - PXE boot is failing due to patches applied to fix CVE-2023-45236 and CVE-2023-45237 bsc1237084...
SUSE SLES15 / openSUSE 15 Security Update : ovmf (SUSE-SU-2025:0608-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0608-1 advisory. - PXE boot is failing due to patches applied to fix CVE-2023-45236 and CVE-2023-45237 bsc1237084. Tenable has extract...
SUSE SLES15 Security Update : ovmf (SUSE-SU-2025:0609-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0609-1 advisory. - PXE boot is failing due to patches applied to fix CVE-2023-45236 and CVE-2023-45237 bsc1237084. Tenable has extracted the precedi...
SUSE-SU-2025:0609-1 Security update for ovmf
This update for ovmf fixes the following issues: - PXE boot is failing due to patches applied to fix CVE-2023-45236 and CVE-2023-45237 bsc1237084...
SUSE-SU-2025:0608-1 Security update for ovmf
This update for ovmf fixes the following issues: - PXE boot is failing due to patches applied to fix CVE-2023-45236 and CVE-2023-45237 bsc1237084...
edk2 security update
Mon Sep 09 2024 Aaron Young - Create new 20240909 release for OL9 which includes the following fixed CVEs: - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access Orabug: 36990130 CVE-2024-1298 - EDK...
Oracle Linux 8 : edk2 (ELSA-2024-12795)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12795 advisory. - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division- By-Zero due to a UNIT32 overflow via local...
Oracle Linux 7 : edk2 (ELSA-2024-12793)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-12793 advisory. - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division- By-Zero due to a UNIT32 overflow via local...
edk2 security update
1.7.1 - Create new 1.7.1 release for OL7 which includes the following fixed CVEs: - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access Orabug: 36990130 CVE-2024-1298 - EDK2: In the Linux kernel...
edk2 security update
1.7.1 - Create new 1.7.1 release for OL7 which includes the following fixed CVEs: - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access Orabug: 36990130 CVE-2024-1298 - EDK2: In the Linux kernel...
CVE-2023-45236 affecting package edk2 for versions less than 20230301gitf80f052277c8-40
CVE-2023-45236 affecting package edk2 for versions less than 20230301gitf80f052277c8-40. A patched version of the package is available...
Moderate: Red Hat Security Advisory: edk2 security update
An update for edk2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...