RHEL 7 : ovmf (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openssl: Malformed X.509 IPAdressFamily could cause OOB read CVE-2017-3735 - edk2: numeric truncation in...

Huawei EulerOS: Security Advisory for edk2 (EulerOS-SA-2023-1945)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for edk2 (EulerOS-SA-2023-1914)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2023:1968-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2023:1921-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2023:0036-1 Security update for ovmf

This update for ovmf fixes the following issues: - CVE-2019-11098: Fixed insufficient input validation in MdeModulePkg bsc1188371...

SUSE-SU-2023:0004-1 Security update for ovmf

This update for ovmf fixes the following issues: - CVE-2019-11098: Fixed insufficient input validation in MdeModulePkg bsc1188371...

CVE-2019-11098

An improper input validation flaw in the MdeModulePkg module of edk2 may allow an unauthenticated attacker with physical access to the system handled by edk2 to escalate his privileges and cause a denial of service or disclose information...

DEBIAN-CVE-2019-11098

Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access...

CVE-2019-11098

Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access...

Input validation

Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access...

CVE-2019-11098

Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access...

CVE-2019-11098

Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access...

CentOS 8 : edk2 (CESA-2020:1712)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:1712 advisory. - edk2: numeric truncation in MdeModulePkg/PiDxeS3BootScriptLib CVE-2019-14563 Note that Nessus has not tested for this issue but has instead relied only on the...

Ubuntu 16.04 LTS / 18.04 LTS : EDK II vulnerabilities (USN-4349-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4349-1 advisory. A buffer overflow was discovered in the network stack. An unprivileged user could potentially enable escalation of privilege and/or denial of...

edk2: numeric truncation in MdeModulePkg/PiDxeS3BootScriptLib

Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access...

Important: edk2

Issue Overview: A missing check leads to an out-of-bounds read and write flaw in NetworkPkg/DnsDxe as shipped in edk2, when it parses DNS responses. A remote attacker who controls the DNS server used by the vulnerable firmware may use this flaw to make the system crash. CVE-2018-3613 improper DNS...

Privilege Escalation

edk2 is vulnerable to privilege escalation. The attack is due to a logic error in MdeModulePkg in EDK II firmware, allowing an authenticated users to trigger the attack...

edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users

Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access...

SUSE SLES15 Security Update : ovmf (SUSE-SU-2019:0804-1)

This update for ovmf fixes the following issues : Security issues fixed : CVE-2019-0160: Fixed multiple buffer overflows in UDF-related codes in MdeModulePkg\Universal\Disk\PartitionDxe\Udf.c and MdeModulePkg\Universal\Disk\UdfDxe bsc1130267. CVE-2018-12181: Fixed a stack-based buffer overflow in...