76 matches found
Amazon Linux 2 : edk2 (ALAS-2024-2722)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2722 advisory. A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. CVE-2021-28211 BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting...
kernel: TCP-spoofed ghost ACKs and leak leak initial sequence number
A flaw was found in the Linux kernel. Two TCP spoofing primitives exist where an attacker can brute force the server-chosen send window by acknowledging data that was never sent, called "ghost ACKs." There are side channels that also allow the attacker to leak the otherwise secret server-chosen...
K000148479: Linux kernel vulnerability CVE-2023-52881
Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: tcp: do not accept ACK of bytes we never sent This patch is based on a detailed report and ideas from Yepeng Pan and Christian Rossow. ACK seq validation is currently following RFC 5961 5.2 guideline...
Oracle Linux 8 : edk2 (ELSA-2024-12795)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12795 advisory. - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division- By-Zero due to a UNIT32 overflow via local...
Oracle Linux 7 : edk2 (ELSA-2024-12793)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-12793 advisory. - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division- By-Zero due to a UNIT32 overflow via local...
Oracle Linux 7 : edk2 (ELSA-2024-12794)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-12794 advisory. - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division- By-Zero due to a UNIT32 overflow via local...
edk2 security update
20240909 - Create new 20240909 release for OL8 which includes the following fixed CVEs: - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access Orabug: 36990130 CVE-2024-1298 - EDK2: In the Linux...
kernel: TCP-spoofed ghost ACKs and leak leak initial sequence number
A flaw was found in the Linux kernel. Two TCP spoofing primitives exist where an attacker can brute force the server-chosen send window by acknowledging data that was never sent, called "ghost ACKs." There are side channels that also allow the attacker to leak the otherwise secret server-chosen...
Important: Red Hat Security Advisory: kernel security update
An update for kernel is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
kernel: TCP-spoofed ghost ACKs and leak leak initial sequence number
A flaw was found in the Linux kernel. Two TCP spoofing primitives exist where an attacker can brute force the server-chosen send window by acknowledging data that was never sent, called "ghost ACKs." There are side channels that also allow the attacker to leak the otherwise secret server-chosen...
kernel: TCP-spoofed ghost ACKs and leak leak initial sequence number
A flaw was found in the Linux kernel. Two TCP spoofing primitives exist where an attacker can brute force the server-chosen send window by acknowledging data that was never sent, called "ghost ACKs." There are side channels that also allow the attacker to leak the otherwise secret server-chosen...
CBL Mariner 2.0 Security Update: edk2 / hvloader (CVE-2023-45236)
The version of edk2 / hvloader installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-45236 advisory. - EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This...
kernel: TCP-spoofed ghost ACKs and leak leak initial sequence number
A flaw was found in the Linux kernel. Two TCP spoofing primitives exist where an attacker can brute force the server-chosen send window by acknowledging data that was never sent, called "ghost ACKs." There are side channels that also allow the attacker to leak the otherwise secret server-chosen...
CVE-2023-52881
A flaw was found in the Linux kernel. Two TCP spoofing primitives exist where an attacker can brute force the server-chosen send window by acknowledging data that was never sent, called "ghost ACKs." There are side channels that also allow the attacker to leak the otherwise secret server-chosen...
kernel: TCP-spoofed ghost ACKs and leak leak initial sequence number
A flaw was found in the Linux kernel. Two TCP spoofing primitives exist where an attacker can brute force the server-chosen send window by acknowledging data that was never sent, called "ghost ACKs." There are side channels that also allow the attacker to leak the otherwise secret server-chosen...
CVE-2023-45237
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality...
CVE-2023-45236
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality...
AZL-39454 CVE-2023-45236 affecting package edk2 for versions less than 20230301gitf80f052277c8-40
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality...
DEBIAN-CVE-2023-45236
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality...
Design/Logic Flaw
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality...