Astra Linux - уязвимость в edk2

Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privileges, denial of service, and/or information disclosure through physical access...

edk2 security update

20241117-4.0.1.el97.3 - Replace upstream references Orabug:36569119 20241117-4.el97.3 - edk2-OvmfPkg-MemEncryptSevLib-Evict-cache-lines-during-SN.patch RHEL-125104 - edk2-MdePkg-Add-the-COHERENCYSFWNO-CPUID-bit-field.patch RHEL-125104 -...

Security update for ovmf

This update for ovmf fixes the following issues: CVE-2024-1298: MdeModulePkg: Potential UINT32 overflow in S3 ResumeCount bsc1225889 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run th...

FalconHound - A Blue Team Multi-Tool. It Allows You To Utilize And Enhance The Power Of Blo odHound In A More Automated Fashion

FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is designed to be used in conjunction with a SIEM or other log aggregation tool. One of the challenging aspects of BloodHound is that it is a snapshot in time...

mde utilities contains Prototype Pollution

All versions of the package utilities are vulnerable to Prototype Pollution via the mix function...

mde utilities 安全漏洞

mde utilities is a classic collection of JavaScript utilities. A security vulnerability exists in mde utilities that stems from the presence of a prototype contamination vulnerability...

SUSE CVE-2019-11098

Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access...

OESA-2022-1988 edk2 security update

Security Fixes: Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.CVE-2019-11098...

OESA-2022-1987 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.CVE-2019-14584 Insufficie...

August 2, 2022, update for Office 2013 (KB5002250)

August 2, 2022, update for Office 2013 KB5002250 This article describes update 5002250 for Microsoft Office 2013 that was released on August 2, 2022. This update also applies to Office Home and Student 2013 RT.Be aware that the update in the Microsoft Download Center applies to the Microsoft...

Description of the security update for Office 2013: July 12, 2022 (KB5002121)

Description of the security update for Office 2013: July 12, 2022 KB5002121 Summary This security update resolves a Microsoft Office security feature bypass vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2022-33632. Note: To apply this...

USN-5088-1 edk2 vulnerabilities

It was discovered that EDK II incorrectly handled input validation in MdeModulePkg. A local user could possibly use this issue to cause EDK II to crash, resulting in a denial of service, obtain sensitive information or execute arbitrary code. CVE-2019-11098 Paul Kehrer discovered that OpenSSL use...

UBUNTU-CVE-2019-11098

Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access...

EDKII MdeModulePkg 输入验证错误漏洞

EDKII is an open source project that provides a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications developed and maintained by the UEFI Forum. A security vulnerability exists in EDKII MdeModulePkg that stems from insufficient input validation ...

PT-2019-6169 · Intel +5 · Edk Ii +5

Name of the Vulnerable Software and Affected Versions: EDKII affected versions not specified Description: The issue is related to insufficient input validation in the MdeModulePkg component of EDKII, which may allow an unauthenticated user with physical access to potentially enable escalation of...

CVE-2018-1593

CVE-2018-1593 affects IBM Multi-Cloud Data Encryption (MDE) 2.1. The vulnerability stems from missing file checksums, enabling an unauthorized user to manipulate data. Affected versions are MDE 2.1–2.1.0.1. IBM’s bulletin lists remediation: upgrade to MDE 2.1.0.2 (Multiplatform English via Passpo...

Security Bulletin: Multi-Cloud Data Encryption (MDE) is affected by an Information Exposure vulnerability

Summary Multi-Cloud Data Encryption MDE has addressed the following information exposure vulnerability. Vulnerability Details CVEID: CVE-2018-1592 DESCRIPTION: PEN-TEST: Query Parameter in SSL Request CVSS Base Score: 6.5 CVSS Temporal Score: See Not Applicable for the current score CVSS...

Security Bulletin: Multi-Cloud Data Encryption (MDE) is affected by an SSL Query Parameter Exposure vulnerability

Summary Multi-Cloud Data Encryption MDE has addressed the following query parameter exposure vulnerability. Vulnerability Details CVEID: CVE-2018-1592 DESCRIPTION: IBM Multi-Cloud Data Encryption MDE stores sensitive information in URL parameters. This may lead to information disclosure if...

Security Bulletin: Multi-Cloud Data Encryption (MDE) is affected by an Insufficient Session Expiration vulnerability.

Summary Multi-Cloud Data Encryption MDE has addressed the following Insufficient Session Expiration vulnerability. Vulnerability Details CVEID: CVE-2018-1590 DESCRIPTION: IBM Multi-Cloud Data Encryption MDE does not invalidate session tokens in a timely manner. The lack of proper session expirati...