Astra Linux - уязвимость в edk2

Unlimited recursion in DxeCore in EDK II...

CVE-2025-20073

Improper buffer restrictions in the UEFI DXE module for some IntelR Reference Platforms within UEFI may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local...

CVE-2025-20073

Improper buffer restrictions in the UEFI DXE module for some IntelR Reference Platforms within UEFI may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local...

MiracleLinux 9 : edk2-20230524-4.el9 (AXSA:2023-6904:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6904:04 advisory. edk2: Function GetEfiGlobalVariable2 return value not checked in DxeImageVerificationHandler CVE-2019-14560 openssl: Possible DoS translating ASN.1...

CVE-2023-45076

A memory leakage vulnerability was reported in the 534D0140 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables...

CVE-2023-45077

A memory leakage vulnerability was reported in the 534D0740 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables...

EUVD-2017-9439

Malware in sbrugna...

EUVD-2022-52332

Malicious code in bioql PyPI...

EUVD-2022-43402

Malicious code in bioql PyPI...

EUVD-2023-49398

Malicious code in bioql PyPI...

EUVD-2023-49397

Malicious code in bioql PyPI...

EUVD-2023-49396

Malicious code in bioql PyPI...

EUVD-2023-24773

Malicious code in bioql PyPI...

EUVD-2023-24776

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-28213

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks. CVE-2021-28213 Note that Nessus relies on the presence of the package a...

CVE-2023-28468

An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS...

CVE-2023-39281

A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase...

CVE-2022-30426

There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. An attack could exploit this vulnerability to escalate privilege from ring 3 to ring 0, and hijack control flow during UEFI DXE execution. This affects Altos T110...

CVE-2022-1892

A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code...

CVE-2024-49200

An issue was discovered in AcpiS3SaveDxe and ChipsetSvcDxe in Insyde InsydeH2O with kernel 5.2 though 5.7. A potential DXE memory corruption vulnerability has been identified. The root cause is use of a pointer originating from the value of an NVRAM variable as the target of a write operation. Th...