CVE-2025-69418 affecting package hvloader for versions less than 1.0.1-18

CVE-2025-69418 affecting package hvloader for versions less than 1.0.1-18. A patched version of the package is available...

CVE-2025-69420 affecting package hvloader for versions less than 1.0.1-17

CVE-2025-69420 affecting package hvloader for versions less than 1.0.1-17. A patched version of the package is available...

AZL-76167 CVE-2025-69420 affecting package hvloader for versions less than 1.0.1-18

Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1TYPE union member is accessed without first validating the type, causing an invalid or NULL pointer dereference when processing a malformed TimeStamp Response file. Impact summary: An...

AZL-66122 CVE-2025-3770 affecting package hvloader for versions less than 1.0.1-14

EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability...

AZL-58828 CVE-2025-2295 affecting package hvloader for versions less than 1.0.1-16

EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service...

Azure Linux 3.0 Security Update: hvloader / openssl (CVE-2022-2097)

The version of hvloader / openssl installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-2097 advisory. - AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not...

CBL Mariner 2.0 Security Update: hvloader (CVE-2024-23170)

The version of hvloader installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-23170 advisory. - An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channe...

CBL Mariner 2.0 Security Update: hvloader (CVE-2024-45157)

The version of hvloader installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-45157 advisory. - An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorit...

CBL Mariner 2.0 Security Update: hvloader / openssl (CVE-2024-9143)

The version of hvloader / openssl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-9143 advisory. - Use of the low-level GF2^m elliptic curve APIs with untrusted explicit values for the field...

CBL Mariner 2.0 Security Update: hvloader (CVE-2024-23775)

The version of hvloader installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-23775 advisory. - Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cau...

CBL Mariner 2.0 Security Update: hvloader (CVE-2024-45159)

The version of hvloader installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-45159 advisory. - An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional...

CBL Mariner 2.0 Security Update: hvloader (CVE-2024-28960)

The version of hvloader installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-28960 advisory. - An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed...

AZL-52910 CVE-2024-4741 affecting package hvloader for versions less than 1.0.1-6

Issue summary: Calling the OpenSSL API function SSLfreebuffers may cause memory to be accessed that was previously freed in some situations Impact summary: A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code...

AZL-42337 CVE-2024-1298 affecting package hvloader for versions less than 1.0.1-3

EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability...

AZL-47703 CVE-2024-28960 affecting package hvloader for versions less than 1.0.1-6

An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory...

AZL-39319 CVE-2023-45235 affecting package hvloader for versions less than 1.0.1-9

EDK2's Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option from a DHCPv6 proxy Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or...

AZL-39388 CVE-2023-45236 affecting package hvloader for versions less than 1.0.1-3

EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality...

AZL-39559 CVE-2022-36763 affecting package hvloader for versions less than 1.0.1-3

EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability...

AZL-39424 CVE-2022-36765 affecting package hvloader for versions less than 1.0.1-3

EDK2 is susceptible to a vulnerability in the CreateHob function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability...

AZL-37716 CVE-2023-0465 affecting package hvloader for versions less than 1.0.1-9

Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that...