986 matches found
CVE-2026-22796 affecting package edk2 for versions less than 20240524git3e722403cd16-14
CVE-2026-22796 affecting package edk2 for versions less than 20240524git3e722403cd16-14. A patched version of the package is available...
CVE-2025-68160 affecting package edk2 for versions less than 20240524git3e722403cd16-14
CVE-2025-68160 affecting package edk2 for versions less than 20240524git3e722403cd16-14. A patched version of the package is available...
CVE-2025-69421 affecting package edk2 for versions less than 20240524git3e722403cd16-14
CVE-2025-69421 affecting package edk2 for versions less than 20240524git3e722403cd16-14. A patched version of the package is available...
CVE-2026-22795 affecting package edk2 for versions less than 20240524git3e722403cd16-14
CVE-2026-22795 affecting package edk2 for versions less than 20240524git3e722403cd16-14. A patched version of the package is available...
CVE-2025-2295 affecting package edk2 for versions less than 20240524git3e722403cd16-14
CVE-2025-2295 affecting package edk2 for versions less than 20240524git3e722403cd16-14. A patched version of the package is available...
CVE-2025-69420 affecting package edk2 for versions less than 20240524git3e722403cd16-14
CVE-2025-69420 affecting package edk2 for versions less than 20240524git3e722403cd16-14. A patched version of the package is available...
CVE-2025-2295 affecting package edk2 for versions less than 20230301gitf80f052277c8-45
CVE-2025-2295 affecting package edk2 for versions less than 20230301gitf80f052277c8-45. A patched version of the package is available...
CVE-2025-15467 affecting package edk2 for versions less than 20240524git3e722403cd16-12
CVE-2025-15467 affecting package edk2 for versions less than 20240524git3e722403cd16-12. A patched version of the package is available...
Huawei EulerOS: Security Advisory for edk2 (EulerOS-SA-2026-1110)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 2.10.1 : edk2 (EulerOS-SA-2026-1110)
According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage. An Attacker may cause memory corruption due to an overflow via an...
EulerOS Virtualization 2.10.0 : edk2 (EulerOS-SA-2026-1161)
According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage. An Attacker may cause memory corruption due to an overflow via an...
AZL-76119 CVE-2026-22795 affecting package edk2 for versions less than 20230301gitf80f052277c8-47
Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS12 file. Impact summary: An application processing a malformed PKCS12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type...
AZL-75905 CVE-2026-22796 affecting package edk2 for versions less than 20240524git3e722403cd16-14
Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS7 data where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS7 data. Impact summary: An application...
AZL-76122 CVE-2025-69420 affecting package edk2 for versions less than 20230301gitf80f052277c8-47
Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An...
AZL-75896 CVE-2025-69420 affecting package edk2 for versions less than 20240524git3e722403cd16-14
Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An...
AZL-76113 CVE-2025-69421 affecting package edk2 for versions less than 20230301gitf80f052277c8-47
Issue summary: Processing a malformed PKCS12 file can trigger a NULL pointer dereference in the PKCS12itemdecryptd2iex function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS12 files. The PKCS12itemdecryptd2iex...
AZL-76116 CVE-2025-69419 affecting package edk2 for versions less than 20230301gitf80f052277c8-47
Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption...
AZL-75908 CVE-2025-15467 affecting package edk2 for versions less than 20240524git3e722403cd16-14
Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS...
Azure Linux 3.0 Security Update: edk2 (CVE-2022-3996)
The version of edk2 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-3996 advisory. - If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write...
MiracleLinux 8 : edk2-20220126gitbb1bba3d77-6.el8_9.3 (AXSA:2024-7542:02)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-7542:02 advisory. openssl: Excessive time spent checking DH keys and parameters CVE-2023-3446 Tenable has extracted the preceding description block directly from the...