22 matches found
MiracleLinux 7 : ovmf-20180508-3.gitee3198e672e2.el7.1 (AXSA:2019-3846:01)
The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2019-3846:01 advisory. Security Fix - ovmf IO CVE-2018-12180 CVEJVNhttp://jvndb.jvn.jp/ Tenable has extracted the preceding description block directly from the MiracleLinux securit...
Oracle Linux 7 : edk2 (ELSA-2019-4785)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-4785 advisory. 1:1.2-5.el7 - Update spec file to remove 'modprobe kvm-intel' and remove --enable-kvm arg to ovmfvarsgenerator so qemu will not require kvm kernel...
CentOS 8 : edk2 (CESA-2019:0968)
The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2019:0968 advisory. - edk2: Buffer Overflow in BlockIo service for RAM disk CVE-2018-12180 Note that Nessus has not tested for this issue but has instead relied only on the...
Ubuntu: Security Advisory (USN-4349-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 16.04 LTS / 18.04 LTS : EDK II vulnerabilities (USN-4349-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4349-1 advisory. A buffer overflow was discovered in the network stack. An unprivileged user could potentially enable escalation of privilege and/or denial of...
USN-4349-1: EDK II vulnerabilities
A buffer overflow was discovered in the network stack. An unprivileged user could potentially enable escalation of privilege and/or denial of service. This issue was already fixed in a previous release for 18.04 LTS and 19.10. CVE-2018-12178 A buffer overflow was discovered in BlockIo service. An...
Important: edk2
Issue Overview: A missing check leads to an out-of-bounds read and write flaw in NetworkPkg/DnsDxe as shipped in edk2, when it parses DNS responses. A remote attacker who controls the DNS server used by the vulnerable firmware may use this flaw to make the system crash. CVE-2018-3613 improper DNS...
NewStart CGSL CORE 5.04 / MAIN 5.04 : ovmf Vulnerability (NS-SA-2019-0076)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ovmf packages installed that are affected by a vulnerability: - Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or...
NewStart CGSL CORE 5.05 / MAIN 5.05 : ovmf Vulnerability (NS-SA-2019-0083)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has ovmf packages installed that are affected by a vulnerability: - Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or...
Important: Red Hat Security Advisory: redhat-virtualization-host security update
An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
RHEL 8 : edk2 (RHSA-2019:0968)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:0968 advisory. EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU a...
CentOS 7 : ovmf (CESA-2019:0809)
An update for ovmf is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
Scientific Linux Security Update : ovmf on (20190423)
Security Fixes : - edk2: Buffer Overflow in BlockIo service for RAM disk CVE-2018-12180 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid124262; scriptversion"1.4"; scriptsetattributeattribute:"pluginmodificationdate",...
RHEL 7 : ovmf (RHSA-2019:0809)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:0809 advisory. OVMF Open Virtual Machine Firmware is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for...
Important: Red Hat Security Advisory: ovmf security update
An update for ovmf is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
Security fix for the ALT Linux 10 package edk2 version 20190308-alt1
April 2, 2019 Alexey Shabalin 20190308-alt1 - edk2-stable201903 Fixes: CVE-2018-12178, CVE-2018-12180, CVE-2018-12181, CVE-2018-3630...
openSUSE Security Update : ovmf (openSUSE-2019-1083)
This update for ovmf fixes the following issues : Security issues fixed : - CVE-2018-12180: Fixed a buffer overflow in BlockIo service, which could lead to memory read/write overrun bsc1127820. - CVE-2018-12178: Fixed an improper DNS check upon receiving a new DNS packet bsc1127821. -...
Security update for ovmf (important)
openSUSE Security Update: Security update for ovmf Announcement ID: openSUSE-SU-2019:1083-1 Rating: important References: 1127820 1127821 1127822 Cross-References: CVE-2018-12178 CVE-2018-12180 CVE-2018-3630 Affected Products: openSUSE Leap 15.0 An update that fixes three vulnerabilities is now...
CVE-2018-12180
Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access...
CVE-2018-12180
CVE-2018-12180 refers to a Buffer Overflow in the BlockIo service of EDK II (RAM Disk). The vulnerability enables an unauthenticated attacker to potentially escalate privileges, disclose information, or cause denial of service via network access. Connected advisories (Ubuntu USN-4349-1, CentOS 8 ...