Astra Linux - уязвимость в edk2

EDK2’s Network Package is vulnerable to a buffer overflow vulnerability when processing the DNS Server option from a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity, and/or...

Astra Linux - уязвимость в edk2

NetworkPkg/IScsiDxe has remotely exploitable buffer overflows...

RHEL 10 : edk2 (RHSA-2026:18465)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18465 advisory. EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: edk2 (UTSA-2026-017405)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017405 advisory. A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as we...

Astra Linux - уязвимость в edk2

EDK2 contains a vulnerability in the BIOS, where an attacker can cause a “Protection Mechanism Failure” through local access. Successful exploitation of this vulnerability will lead to the execution of arbitrary code, compromising Confidentiality, Integrity, and Availability...

Astra Linux - уязвимость в edk2

EDK2 contains a vulnerability when the S3 sleep mechanism is activated. In this case, an attacker may cause a Division-by-Zero error due to a UNIT32 overflow through local access. Successful exploitation of this vulnerability could result in a loss of availability...

Fedora 43 : edk2 (2026-a484707720)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-a484707720 advisory. unbreak https boot ---- update openssl to 3.5.6 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

EulerOS Virtualization 2.12.1 : edk2 (EulerOS-SA-2026-1471)

According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful...

Huawei EulerOS: Security Advisory for edk2 (EulerOS-SA-2026-1110)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.10.0 : edk2 (EulerOS-SA-2026-1161)

According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage. An Attacker may cause memory corruption due to an overflow via an...

AZL-75908 CVE-2025-15467 affecting package edk2 for versions less than 20240524git3e722403cd16-14

Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS...

MiracleLinux 8 : edk2-20190829git37eef91017ad-9.el8 (AXSA:2020-915:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-915:01 advisory. edk2: numeric truncation in MdeModulePkg/PiDxeS3BootScriptLib CVE-2019-14563 Tenable has extracted the preceding description block directly from the...

MiracleLinux 9 : edk2-20240524-6.el9_5.3 (AXSA:2024-9492:14)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9492:14 advisory. edk2: Integer overflows in PeCoffLoaderRelocateImage CVE-2024-38796 Tenable has extracted the preceding description block directly from the MiracleLinux...

MiracleLinux 9 : edk2-20240524-6.el9 (AXSA:2024-9428:12)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9428:12 advisory. mysql: openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC CVE-2023-6129 openssl: Excessive time spent checking invalid RSA...

MiracleLinux 9 : edk2-20230524-4.el9 (AXSA:2023-6904:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6904:04 advisory. edk2: Function GetEfiGlobalVariable2 return value not checked in DxeImageVerificationHandler CVE-2019-14560 openssl: Possible DoS translating ASN.1...

MiracleLinux 8 : edk2-20200602gitca407c7246bf-3.el8 (AXSA:2021-1237:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2021-1237:01 advisory. edk2: memory leak in ArpOnFrameRcvdDpc CVE-2019-14559 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

Amazon Linux 2 : edk2, --advisory ALAS2-2025-3116 (ALAS-2025-3116)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3116 advisory. EDK2 contains a vulnerability in BIOS where an attacker may cause Exposure of Sensitive Information to an Unauthorized Actor by local access. Successful exploitation of this vulnerability will le...

EulerOS Virtualization 2.13.0 : EDK2 (EulerOS-SA-2025-2571)

According to the versions of the EDK2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : EDK2 contains a vulnerability in BIOS where an attacker may cause 'Protection Mechanism Failure' by local access. Successful...

CVE-2025-2296

EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentiality, Integrity, and...

TencentOS Server 4: edk2 (TSSA-2025:0336)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0336 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...