Lucene search
+L

96 matches found

OSV
OSV
added 2024/01/09 4:15 p.m.11 views

AZL-38308 CVE-2022-36763 affecting package edk2 for versions less than 20240223gitedc6681206c1-1

EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability...

7.8CVSS7AI score0.00288EPSS
Exploits0References1
OSV
OSV
added 2024/01/09 4:15 p.m.7 views

AZL-38920 CVE-2022-36765 affecting package edk2 for versions less than 20240223gitedc6681206c1-1

EDK2 is susceptible to a vulnerability in the CreateHob function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability...

7.8CVSS7.1AI score0.00287EPSS
Exploits0References1
OSV
OSV
added 2024/01/09 4:15 p.m.7 views

AZL-39247 CVE-2022-36763 affecting package edk2 for versions less than 20230301gitf80f052277c8-40

EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability...

7.8CVSS7AI score0.00288EPSS
Exploits0References1
CBLMariner
CBLMariner
added 2023/11/08 2:7 a.m.27 views

CVE-2023-2650 affecting package edk2 for versions less than 20230301gitf80f052277c8-37

CVE-2023-2650 affecting package edk2 for versions less than 20230301gitf80f052277c8-37. A patched version of the package is available...

6.5CVSS7.4AI score0.75116EPSS
Exploits0
CBLMariner
CBLMariner
added 2023/11/08 2:7 a.m.27 views

CVE-2023-3817 affecting package edk2 for versions less than 20230301gitf80f052277c8-37

CVE-2023-3817 affecting package edk2 for versions less than 20230301gitf80f052277c8-37. A patched version of the package is available...

5.3CVSS6.5AI score0.02577EPSS
Exploits0
OSV
OSV
added 2023/07/31 4:15 p.m.10 views

AZL-34669 CVE-2023-3817 affecting package edk2 for versions less than 20230301gitf80f052277c8-37

Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHcheck, DHcheckex or EVPPKEYparamcheck to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been...

5.3CVSS6.6AI score0.02577EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/06/07 12:0 a.m.16 views

EulerOS Virtualization 2.11.1 : edk2 (EulerOS-SA-2023-2083)

According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of...

9.8CVSS7.7AI score0.59501EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/06/06 12:0 a.m.21 views

EulerOS Virtualization 2.11.0 : edk2 (EulerOS-SA-2023-2135)

According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of...

9.8CVSS7.7AI score0.59501EPSS
Exploits0References6
OSV
OSV
added 2023/03/28 3:15 p.m.8 views

AZL-31145 CVE-2023-0465 affecting package edk2 for versions less than 20230301gitf80f052277c8-37

Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that...

5.3CVSS6.6AI score0.01583EPSS
Exploits0References1
OSV
OSV
added 2023/03/22 5:15 p.m.6 views

AZL-31141 CVE-2023-0464 affecting package edk2 for versions less than 20230301gitf80f052277c8-34

A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of...

7.5CVSS6.5AI score0.03658EPSS
Exploits0References1
OSV
OSV
added 2023/02/08 8:15 p.m.9 views

AZL-31140 CVE-2022-4304 affecting package edk2 for versions less than 20230301gitf80f052277c8-42

A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages fo...

5.9CVSS6.9AI score0.16195EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2022/07/14 12:0 a.m.16 views

Huawei EulerOS: Security Advisory for edk2 (EulerOS-SA-2022-2072)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.6AI score0.01165EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/05/05 12:0 a.m.30 views

EulerOS Virtualization 2.9.0 : edk2 (EulerOS-SA-2022-1620)

According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. CVE-2021-38575 Note that Tenable Network Security has extracted the...

8.1CVSS6.9AI score0.01855EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2021/11/17 12:0 a.m.36 views

EulerOS Virtualization 2.9.0 : edk2 (EulerOS-SA-2021-2764)

According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to...

7.8CVSS6.5AI score0.00423EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2020/05/01 12:0 a.m.38 views

Ubuntu: Security Advisory (USN-4349-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS7.3AI score0.02271EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/04/30 12:0 a.m.39 views

Huawei EulerOS: Security Advisory for edk2 (EulerOS-SA-2020-1574)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.1AI score0.23047EPSS
Exploits7References2
Rows per page
Query Builder