Lucene search
+L

76 matches found

nessus
nessus
added 2024/12/23 12:0 a.m.19 views

Amazon Linux 2 : edk2 (ALAS-2024-2722)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2722 advisory. A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. CVE-2021-28211 BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting...

9.8CVSS7.3AI score0.05966EPSS
Exploits2References18
redhat
redhat
added 2024/12/04 12:51 a.m.7 views

kernel: TCP-spoofed ghost ACKs and leak leak initial sequence number

A flaw was found in the Linux kernel. Two TCP spoofing primitives exist where an attacker can brute force the server-chosen send window by acknowledging data that was never sent, called "ghost ACKs." There are side channels that also allow the attacker to leak the otherwise secret server-chosen...

5.5CVSS6.8AI score0.00227EPSS
Exploits0References6
f5
f5
added 2024/11/11 11:14 p.m.35 views

K000148479: Linux kernel vulnerability CVE-2023-52881

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: tcp: do not accept ACK of bytes we never sent This patch is based on a detailed report and ideas from Yepeng Pan and Christian Rossow. ACK seq validation is currently following RFC 5961 5.2 guideline...

5.5CVSS6.2AI score0.00227EPSS
Exploits0Affected Software17
nessus
nessus
added 2024/10/23 12:0 a.m.54 views

Oracle Linux 8 : edk2 (ELSA-2024-12795)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12795 advisory. - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division- By-Zero due to a UNIT32 overflow via local...

7.5CVSS7.2AI score0.00994EPSS
Exploits0References5
nessus
nessus
added 2024/10/21 12:0 a.m.35 views

Oracle Linux 7 : edk2 (ELSA-2024-12793)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-12793 advisory. - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division- By-Zero due to a UNIT32 overflow via local...

7.5CVSS7.2AI score0.00994EPSS
Exploits0References5
nessus
nessus
added 2024/10/21 12:0 a.m.36 views

Oracle Linux 7 : edk2 (ELSA-2024-12794)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-12794 advisory. - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division- By-Zero due to a UNIT32 overflow via local...

7.5CVSS7.2AI score0.00994EPSS
Exploits0References5
oraclelinux
oraclelinux
added 2024/10/18 12:0 a.m.43 views

edk2 security update

20240909 - Create new 20240909 release for OL8 which includes the following fixed CVEs: - EDK2: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access Orabug: 36990130 CVE-2024-1298 - EDK2: In the Linux...

7.5CVSS7.6AI score0.00994EPSS
Exploits0
redhat
redhat
added 2024/09/03 3:48 p.m.5 views

kernel: TCP-spoofed ghost ACKs and leak leak initial sequence number

A flaw was found in the Linux kernel. Two TCP spoofing primitives exist where an attacker can brute force the server-chosen send window by acknowledging data that was never sent, called "ghost ACKs." There are side channels that also allow the attacker to leak the otherwise secret server-chosen...

5.5CVSS6.8AI score0.00227EPSS
Exploits0References6
redhat
redhat
added 2024/09/03 3:48 p.m.47 views

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

9.1CVSS6.9AI score0.0117EPSS
Exploits0References35
redhat
redhat
added 2024/08/13 3:9 p.m.4 views

kernel: TCP-spoofed ghost ACKs and leak leak initial sequence number

A flaw was found in the Linux kernel. Two TCP spoofing primitives exist where an attacker can brute force the server-chosen send window by acknowledging data that was never sent, called "ghost ACKs." There are side channels that also allow the attacker to leak the otherwise secret server-chosen...

5.5CVSS6.8AI score0.00227EPSS
Exploits0References6
redhat
redhat
added 2024/07/08 2:5 a.m.5 views

kernel: TCP-spoofed ghost ACKs and leak leak initial sequence number

A flaw was found in the Linux kernel. Two TCP spoofing primitives exist where an attacker can brute force the server-chosen send window by acknowledging data that was never sent, called "ghost ACKs." There are side channels that also allow the attacker to leak the otherwise secret server-chosen...

5.5CVSS6.8AI score0.00227EPSS
Exploits0References6
nessus
nessus
added 2024/07/03 12:0 a.m.30 views

CBL Mariner 2.0 Security Update: edk2 / hvloader (CVE-2023-45236)

The version of edk2 / hvloader installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-45236 advisory. - EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This...

7.5CVSS7.7AI score0.00994EPSS
Exploits0References2
redhat
redhat
added 2024/07/02 9:2 a.m.4 views

kernel: TCP-spoofed ghost ACKs and leak leak initial sequence number

A flaw was found in the Linux kernel. Two TCP spoofing primitives exist where an attacker can brute force the server-chosen send window by acknowledging data that was never sent, called "ghost ACKs." There are side channels that also allow the attacker to leak the otherwise secret server-chosen...

5.5CVSS6.8AI score0.00227EPSS
Exploits0References6
redhatcve
redhatcve
added 2024/05/29 12:25 p.m.51 views

CVE-2023-52881

A flaw was found in the Linux kernel. Two TCP spoofing primitives exist where an attacker can brute force the server-chosen send window by acknowledging data that was never sent, called "ghost ACKs." There are side channels that also allow the attacker to leak the otherwise secret server-chosen...

5.9CVSS6.3AI score0.00227EPSS
Exploits0References5
redhat
redhat
added 2024/04/30 9:57 a.m.3 views

kernel: TCP-spoofed ghost ACKs and leak leak initial sequence number

A flaw was found in the Linux kernel. Two TCP spoofing primitives exist where an attacker can brute force the server-chosen send window by acknowledging data that was never sent, called "ghost ACKs." There are side channels that also allow the attacker to leak the otherwise secret server-chosen...

5.5CVSS6.8AI score0.00227EPSS
Exploits0References6
alpinelinux
alpinelinux
added 2024/01/16 4:15 p.m.26 views

CVE-2023-45237

EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality...

7.5CVSS6.6AI score0.00994EPSS
Exploits0References4
nvd
nvd
added 2024/01/16 4:15 p.m.17 views

CVE-2023-45236

EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality...

7.5CVSS6.5AI score0.00994EPSS
Exploits0References4
osv
osv
added 2024/01/16 4:15 p.m.8 views

AZL-39454 CVE-2023-45236 affecting package edk2 for versions less than 20230301gitf80f052277c8-40

EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality...

7.5CVSS7AI score0.00994EPSS
Exploits0References1
osv
osv
added 2024/01/16 4:15 p.m.2 views

DEBIAN-CVE-2023-45236

EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality...

7.5CVSS7AI score0.00994EPSS
Exploits0References1
prion
prion
added 2024/01/16 4:15 p.m.26 views

Design/Logic Flaw

EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality...

5CVSS7.1AI score0.00994EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder