147 matches found
CVE-2025-69418 affecting package hvloader for versions less than 1.0.1-18
CVE-2025-69418 affecting package hvloader for versions less than 1.0.1-18. A patched version of the package is available...
CVE-2025-68160 affecting package hvloader for versions less than 1.0.1-18
CVE-2025-68160 affecting package hvloader for versions less than 1.0.1-18. A patched version of the package is available...
CVE-2026-22796 affecting package hvloader for versions less than 1.0.1-18
CVE-2026-22796 affecting package hvloader for versions less than 1.0.1-18. A patched version of the package is available...
CVE-2025-69419 affecting package hvloader for versions less than 1.0.1-17
CVE-2025-69419 affecting package hvloader for versions less than 1.0.1-17. A patched version of the package is available...
CVE-2025-69421 affecting package hvloader for versions less than 1.0.1-17
CVE-2025-69421 affecting package hvloader for versions less than 1.0.1-17. A patched version of the package is available...
CVE-2026-22795 affecting package hvloader for versions less than 1.0.1-17
CVE-2026-22795 affecting package hvloader for versions less than 1.0.1-17. A patched version of the package is available...
CVE-2025-69420 affecting package hvloader for versions less than 1.0.1-17
CVE-2025-69420 affecting package hvloader for versions less than 1.0.1-17. A patched version of the package is available...
CVE-2025-2295 affecting package hvloader for versions less than 1.0.1-16
CVE-2025-2295 affecting package hvloader for versions less than 1.0.1-16. A patched version of the package is available...
AZL-76161 CVE-2026-22796 affecting package hvloader for versions less than 1.0.1-18
Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS7 data where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing malformed PKCS7 data. Impact summary: An application...
AZL-76155 CVE-2026-22795 affecting package hvloader for versions less than 1.0.1-18
Issue summary: An invalid or NULL pointer dereference can happen in an application processing a malformed PKCS12 file. Impact summary: An application processing a malformed PKCS12 file can be caused to dereference an invalid or NULL pointer on memory read, resulting in a Denial of Service. A type...
AZL-76167 CVE-2025-69420 affecting package hvloader for versions less than 1.0.1-18
Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An...
AZL-76170 CVE-2025-69421 affecting package hvloader for versions less than 1.0.1-18
Issue summary: Processing a malformed PKCS12 file can trigger a NULL pointer dereference in the PKCS12itemdecryptd2iex function. Impact summary: A NULL pointer dereference can trigger a crash which leads to Denial of Service for an application processing PKCS12 files. The PKCS12itemdecryptd2iex...
AZL-76152 CVE-2025-69419 affecting package hvloader for versions less than 1.0.1-18
Issue summary: Calling PKCS12getfriendlyname function on a maliciously crafted PKCS12 file with a BMPString UTF-16BE friendly name containing non-ASCII BMP code point can trigger a one byte write before the allocated buffer. Impact summary: The out-of-bounds write can cause a memory corruption...
AZL-76158 CVE-2025-69418 affecting package hvloader for versions less than 1.0.1-18
Issue summary: When using the low-level OCB API directly with AES-NI orother hardware-accelerated code paths, inputs whose length is not a multipleof 16 bytes can leave the final partial block unencrypted and unauthenticated.Impact summary: The trailing 1-15 bytes of a message may be exposed...
AZL-76164 CVE-2025-68160 affecting package hvloader for versions less than 1.0.1-18
Issue summary: Writing large, newline-free data into a BIO chain using the line-buffering filter where the next BIO performs short writes can trigger a heap-based out-of-bounds write. Impact summary: This out-of-bounds write can cause memory corruption which typically results in a crash, leading ...
CVE-2025-2296 affecting package hvloader for versions less than 1.0.1-15
CVE-2025-2296 affecting package hvloader for versions less than 1.0.1-15. A patched version of the package is available...
AZL-72559 CVE-2025-2296 affecting package hvloader for versions less than 1.0.1-15
EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentiality, Integrity, and...
CVE-2025-3770 affecting package hvloader for versions less than 1.0.1-14
CVE-2025-3770 affecting package hvloader for versions less than 1.0.1-14. A patched version of the package is available...
CVE-2024-38796 affecting package hvloader for versions less than 1.0.1-13
CVE-2024-38796 affecting package hvloader for versions less than 1.0.1-13. A patched version of the package is available...
AZL-66122 CVE-2025-3770 affecting package hvloader for versions less than 1.0.1-14
EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability...