75 matches found
Astra Linux - уязвимость в edk2
EDK2’s Network Package is vulnerable to a buffer overflow vulnerability when processing the DNS Server option from a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity, and/or...
MiracleLinux 9 : edk2-20230524-4.el9_3.2.ML.1 (AXSA:2024-7573:04)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7573:04 advisory. edk2: Buffer overflow in the DHCPv6 client via a long Server ID option CVE-2023-45230 edk2: Buffer overflow when processing DNS Servers option in a...
CLSA-2025-1763716672 edk2: Fix of 7 CVEs
CVE-2023-45229: fix IPv6 malformed option handling to prevent parsing loop - CVE-2023-45230: fix DHCPv6 ServerID length validation to prevent buffer overflow - CVE-2023-45231: fix IPv6 Redirect bounds checks to avoid out-of-bounds access - CVE-2023-45232: fix IPv6 destination option parsing to...
EUVD-2022-34217
Malicious code in bioql PyPI...
EUVD-2023-49540
Malicious code in bioql PyPI...
EUVD-2023-49535
Malicious code in bioql PyPI...
PT-2024-35453 · Riot · Riot
Name of the Vulnerable Software and Affected Versions: RIOT versions 2024.04 and prior Description: The issue is related to the parse advertise function, located in /sys/net/application layer/dhcpv6/client.c, which lacks a minimum header length check for dhcpv6 opt t after processing dhcpv6 msg t...
edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message
A security flaw involving buffer overflow was identified in EDK2, the open-source reference implementation of the UEFI specification. This vulnerability enables an unauthorized attacker within the vicinity network to transmit a specifically crafted DHCPv6 proxy Advertise message, resulting in the...
edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message
A security flaw involving buffer overflow was identified in EDK2, the open-source reference implementation of the UEFI specification. This vulnerability enables an unauthorized attacker within the vicinity network to transmit a specifically crafted DHCPv6 proxy Advertise message, resulting in the...
edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message
A security flaw involving buffer overflow was identified in EDK2, the open-source reference implementation of the UEFI specification. This vulnerability enables an unauthorized attacker within the vicinity network to transmit a specifically crafted DHCPv6 proxy Advertise message, resulting in the...
edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message
A security flaw involving buffer overflow was identified in EDK2, the open-source reference implementation of the UEFI specification. This vulnerability enables an unauthorized attacker within the vicinity network to transmit a specifically crafted DHCPv6 proxy Advertise message, resulting in the...
edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message
A security weakness was identified in EDK2, the open-source reference implementation of the UEFI specification, revealing a buffer overflow vulnerability. This vulnerability enables an unauthorized attacker within proximity on the network to transmit a specifically crafted DHCPv6 Advertise messag...
edk2: Buffer overflow when handling Server ID option from a DHCPv6 proxy Advertise message
A security flaw involving buffer overflow was identified in EDK2, the open-source reference implementation of the UEFI specification. This vulnerability enables an unauthorized attacker within the vicinity network to transmit a specifically crafted DHCPv6 proxy Advertise message, resulting in the...
edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message
A security weakness was identified in EDK2, the open-source reference implementation of the UEFI specification, revealing a buffer overflow vulnerability. This vulnerability enables an unauthorized attacker within proximity on the network to transmit a specifically crafted DHCPv6 Advertise messag...
OESA-2024-1318 edk2 security update
EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage function, allowing a user to trigger a heap buffer overflow via a local network. Successful...
OESA-2024-1319 edk2 security update
EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage function, allowing a user to trigger a heap buffer overflow via a local network. Successful...
OESA-2024-1314 edk2 security update
EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage function, allowing a user to trigger a heap buffer overflow via a local network. Successful...
OESA-2024-1317 edk2 security update
EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage function, allowing a user to trigger a heap buffer overflow via a local network. Successful...
edk2: Buffer overflow when processing DNS Servers option in a DHCPv6 Advertise message
A security weakness was identified in EDK2, the open-source reference implementation of the UEFI specification, revealing a buffer overflow vulnerability. This vulnerability enables an unauthorized attacker within proximity on the network to transmit a specifically crafted DHCPv6 Advertise messag...
Important: Red Hat Security Advisory: edk2 security update
An update for edk2 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Red Hat Product Security has rated this update as havi...