MiracleLinux 9 : edk2-20230524-4.el9_3.2.ML.1 (AXSA:2024-7573:04)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7573:04 advisory. edk2: Buffer overflow in the DHCPv6 client via a long Server ID option CVE-2023-45230 edk2: Buffer overflow when processing DNS Servers option in a...

MiracleLinux 8 : edk2-20220126gitbb1bba3d77-13.el8_10.2 (AXSA:2024-8666:08)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-8666:08 advisory. edk2: Predictable TCP Initial Sequence Numbers CVE-2023-45236 edk2: Use of a Weak PseudoRandom Number Generator CVE-2023-45237 edk2: Temporary DoS...

NewStart CGSL MAIN 7.02 : edk2 Multiple Vulnerabilities (NS-SA-2025-0105)

The remote NewStart CGSL host, running version MAIN 7.02, has edk2 packages installed that are affected by multiple vulnerabilities: - EDK2's Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option from a DHCPv6 proxy Advertise message. This vulnerability...

TencentOS Server 4: edk2 (TSSA-2024:0897)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0897 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Debian dla-4207 : ovmf - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4207 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4207-1 [email protected]...

CVE-2024-2511 affecting package edk2 for versions less than 20240524git3e722403cd16-8

CVE-2024-2511 affecting package edk2 for versions less than 20240524git3e722403cd16-8. A patched version of the package is available...

RockyLinux 8 : edk2 (RLSA-2024:5297)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:5297 advisory. edk2: Predictable TCP Initial Sequence Numbers CVE-2023-45236 edk2: Use of a Weak PseudoRandom Number Generator CVE-2023-45237 edk2: Temporary DoS...

RockyLinux 9 : edk2 (RLSA-2024:9088)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:9088 advisory. mysql: openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC CVE-2023-6129 openssl: Excessive time spent checking invalid RSA public...

SUSE SLES15 Security Update : ovmf (SUSE-SU-2025:0503-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0503-1 advisory. - CVE-2024-1298: potential division-by-zero crash in edk2 due to UINT32 overflow in S3 ResumeCount. bsc1225889 - CVE-2023-45229:...

SUSE SLES15 Security Update : ovmf (SUSE-SU-2025:0407-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0407-1 advisory. - CVE-2023-45229: out-of-bounds read in edk2 when processing IANA/IATA options in DHCPv6 Advertise messages. bsc1218879 -...

Security update for ovmf

This update for ovmf fixes the following issues: CVE-2023-45229: out-of-bounds read in edk2 when processing IANA/IATA options in DHCPv6 Advertise messages. bsc1218879 CVE-2023-45230: buffer overflow in the DHCPv6 client in edk2 via a long Server ID option. bsc1218880 CVE-2023-45231: out-of-bounds...

Amazon Linux 2 : edk2 (ALAS-2024-2722)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2722 advisory. A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. CVE-2021-28211 BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting...

Oracle Linux 9 : edk2 (ELSA-2024-12842)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12842 advisory. - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division- By-Zero due to a UNIT32 overflow via local...

Oracle Linux 9 : edk2 (ELSA-2024-9088)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9088 advisory. - Resolves: RHEL-55336 CVE-2024-6119 edk2/openssl: Possible denial of service in X.509 name checks rhel-9.5 - Resolves: RHEL-21653 CVE-2023-6237 edk2:...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : EDK II vulnerabilities (USN-6638-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6638-1 advisory. Marc Beatove discovered buffer overflows exit in EDK2. An attacker on the local network could potentially use this to impact...