Lucene search
K

209 matches found

Tenable Nessus
Tenable Nessus
added 2025/05/14 12:0 a.m.8 views

Alibaba Cloud Linux 3 : 0178: edk2 (ALINUX3-SA-2024:0178)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0178 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-45236: EDK2's Network Package is...

7.5CVSS7.7AI score0.00986EPSS
Exploits0References4
Snyk
Snyk
added 2025/03/13 5:47 a.m.3 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the xengineVerify method in EdDSAEngine.java, which does not comply with RFC 8032 specifications for signature maleability. An attacker can create new valid signatures different from...

7.5CVSS6.9AI score0.00133EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2023-45231

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing Neighbor Discovery Redirect message. This vulnerability can be...

6.5CVSS7.4AI score0.00849EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2023-45235

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - EDK2's Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option from a DHCPv6 proxy Advertise message. This vulnerabilit...

8.8CVSS6.9AI score0.01213EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2023-45229

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IANA or IATA option in a DHCPv6 Advertise message. This...

6.5CVSS7.4AI score0.00937EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2023-45237

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized acce...

7.5CVSS7.4AI score0.00986EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2025/02/14 6:12 a.m.1 views

SUSE CVE-2023-45231

EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing Neighbor Discovery Redirect message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality...

6.5CVSS6.9AI score0.00849EPSS
Exploits1References8
AstraLinux
AstraLinux
added 2025/02/11 7:35 a.m.7 views

Astra Linux – Vulnerability in edk2

EDK2’s Network Package is vulnerable to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of confidentiality...

7.5CVSS6.8AI score0.00986EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/05 11:15 a.m.10 views

CVE-2024-21488

Versions of the package network before 0.7.0 are vulnerable to Arbitrary Command Injection due to use of the childprocess exec function without input sanitization. If attacker-controlled user input is given to the macaddressfor function of the package, it is possible for the attacker to execute...

9.8CVSS7.9AI score0.03274EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2024/11/12 9:14 a.m.3 views

golang: net: malformed DNS message can cause infinite loop

A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service DoS conditions...

5.9CVSS7.3AI score0.01001EPSS
Exploits0References5
OSV
OSV
added 2024/10/25 11:9 a.m.3 views

OESA-2024-2301 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access...

7.5CVSS7AI score0.00986EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/10/23 12:0 a.m.54 views

Oracle Linux 8 : edk2 (ELSA-2024-12795)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12795 advisory. - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division- By-Zero due to a UNIT32 overflow via local...

7.5CVSS7.2AI score0.00986EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/10/21 12:0 a.m.35 views

Oracle Linux 7 : edk2 (ELSA-2024-12793)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-12793 advisory. - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division- By-Zero due to a UNIT32 overflow via local...

7.5CVSS7.2AI score0.00986EPSS
Exploits0References5
Oracle linux
Oracle linux
added 2024/10/18 12:0 a.m.42 views

edk2 security update

20240909 - Create new 20240909 release for OL8 which includes the following fixed CVEs: - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access Orabug: 36990130 CVE-2024-1298 - EDK2: In the Linux...

7.5CVSS7.6AI score0.00986EPSS
Exploits0
Oracle linux
Oracle linux
added 2024/10/18 12:0 a.m.67 views

edk2 security update

1.7.1 - Create new 1.7.1 release for OL7 which includes the following fixed CVEs: - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access Orabug: 36990130 CVE-2024-1298 - EDK2: In the Linux kernel...

7.5CVSS7.3AI score0.00986EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/10/09 1:43 p.m.7 views

golang: net: malformed DNS message can cause infinite loop

A flaw was found in the net package of the Go stdlib. When a malformed DNS message is received as a response to a query, the Lookup functions within the net package can get stuck in an infinite loop. This issue can lead to resource exhaustion and denial of service DoS conditions...

5.9CVSS7.3AI score0.01001EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/07/18 12:0 a.m.25 views

EulerOS Virtualization 2.10.0 : edk2 (EulerOS-SA-2024-1996)

According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : EDK2's Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option from a DHCPv6 proxy Advertise...

8.8CVSS7.9AI score0.02084EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2024/07/03 12:0 a.m.30 views

CBL Mariner 2.0 Security Update: edk2 / hvloader (CVE-2023-45236)

The version of edk2 / hvloader installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-45236 advisory. - EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This...

7.5CVSS7.7AI score0.00986EPSS
Exploits0References2
OSV
OSV
added 2024/06/25 1:37 p.m.5 views

MAL-2024-5403 Malicious code in networkpackage (PyPI)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/05/29 12:0 a.m.39 views

EulerOS Virtualization 2.11.1 : edk2 (EulerOS-SA-2024-1722)

According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable function, allowing a user to trigger a heap buffer overflow via a...

8.8CVSS8AI score0.02084EPSS
Exploits1References10
Rows per page
Query Builder