96 matches found
AZL-38308 CVE-2022-36763 affecting package edk2 for versions less than 20240223gitedc6681206c1-1
EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability...
AZL-38920 CVE-2022-36765 affecting package edk2 for versions less than 20240223gitedc6681206c1-1
EDK2 is susceptible to a vulnerability in the CreateHob function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability...
AZL-39247 CVE-2022-36763 affecting package edk2 for versions less than 20230301gitf80f052277c8-40
EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability...
CVE-2023-2650 affecting package edk2 for versions less than 20230301gitf80f052277c8-37
CVE-2023-2650 affecting package edk2 for versions less than 20230301gitf80f052277c8-37. A patched version of the package is available...
CVE-2023-3817 affecting package edk2 for versions less than 20230301gitf80f052277c8-37
CVE-2023-3817 affecting package edk2 for versions less than 20230301gitf80f052277c8-37. A patched version of the package is available...
AZL-34669 CVE-2023-3817 affecting package edk2 for versions less than 20230301gitf80f052277c8-37
Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DHcheck, DHcheckex or EVPPKEYparamcheck to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been...
EulerOS Virtualization 2.11.1 : edk2 (EulerOS-SA-2023-2083)
According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of...
EulerOS Virtualization 2.11.0 : edk2 (EulerOS-SA-2023-2135)
According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of...
AZL-31145 CVE-2023-0465 affecting package edk2 for versions less than 20230301gitf80f052277c8-37
Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that...
AZL-31141 CVE-2023-0464 affecting package edk2 for versions less than 20230301gitf80f052277c8-34
A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of...
AZL-31140 CVE-2022-4304 affecting package edk2 for versions less than 20230301gitf80f052277c8-42
A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages fo...
Huawei EulerOS: Security Advisory for edk2 (EulerOS-SA-2022-2072)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 2.9.0 : edk2 (EulerOS-SA-2022-1620)
According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. CVE-2021-38575 Note that Tenable Network Security has extracted the...
EulerOS Virtualization 2.9.0 : edk2 (EulerOS-SA-2021-2764)
According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to...
Ubuntu: Security Advisory (USN-4349-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for edk2 (EulerOS-SA-2020-1574)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...