Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: edk2 (UTSA-2026-017403)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017403 advisory. NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. Tenable has extracted the preceding description block directly from the Unity Linux security advisory...

EUVD-2021-25017

Malware in sbrugna...

HP PC BIOS Security Update for EDK2 NetworkPkg

Potential vulnerabilities have been identified in the system BIOS for certain HP PC products, which might allow code execution, denial of service, and/or information disclosure. HP is releasing mitigation for these potential vulnerabilities. HP has identified affected platforms and corresponding...

Oracle Linux 8 : edk2 (ELSA-2024-5297)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-5297 advisory. - edk2-NetworkPkg-SECURITY-PATCH-CVE-2023-45237.patch RHEL-21854 RHEL-21856 RHEL-40099 - edk2-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch...

Oracle Linux 9 : edk2 (ELSA-2024-4749)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-4749 advisory. - edk2-NetworkPkg-SECURITY-PATCH-CVE-2023-45237.patch RHEL-40270 RHEL-40272 - edk2-NetworkPkg-TcpDxe-SECURITY-PATCH-CVE-2023-45236.patch RHEL-40270...

PixieFail UEFI Flaws Expose Millions of Computers to RCE, DoS, and Data Theft

Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface UEFI specification used widely in modern computers. Collectively dubbed PixieFail by Quarkslab, the nine issues reside...

CVE-2023-45229

A vulnerability has been identified in the NetworkPkg IP stack of EDK2, the open-source reference implementation of the UEFI specification. This flaw enables an unauthenticated attacker within the same network vicinity to transmit a specifically crafted DHCPv6 message. Exploiting this vulnerabili...

Vulnerabilities in EDK2 NetworkPkg IP stack implementation.

Overview Multiple vulnerabilities were discovered in the TCP/IP stack NetworkPkg of Tianocore EDKII, an open source implementation of Unified Extensible Firmware Interface UEFI. Researchers at Quarkslab have identified a total of 9 vulnerabilities that if exploited via network can lead to remote...

RHEL 8 : edk2 (RHSA-2021:3066)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:3066 advisory. EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU a...

Oracle Linux 8 : edk2 (ELSA-2021-3066)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-3066 advisory. 20200602gitca407c7246bf-4.el84.2 - edk2-NetworkPkg-IScsiDxe-wrap-IScsiCHAP-source-files-to-8.patch bz1956676 -...

EulerOS Virtualization 2.10.1 : edk2 (EulerOS-SA-2022-1390)

According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of...

EulerOS Virtualization 2.10.0 : edk2 (EulerOS-SA-2022-1416)

According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of...

CVE-2021-38575

NetworkPkg/IScsiDxe has remotely exploitable buffer overflows...

CVE-2021-38575

NetworkPkg/IScsiDxe has remotely exploitable buffer overflows...

Buffer overflow

NetworkPkg/IScsiDxe has remotely exploitable buffer overflows...

CVE-2021-38575

CVE-2021-38575 affects NetworkPkg/IScsiDxe in EDK II. Remotely exploitable buffer overflows are indicated, with potential denial of service or arbitrary code execution. Public disclosures in Debian and Ubuntu advisories show fixes in edk2 (e.g., Debian 11 security update 2020.11-2+deb11u3) and in...

CVE-2021-38575

NetworkPkg/IScsiDxe has remotely exploitable buffer overflows...

CVE-2021-38575

NetworkPkg/IScsiDxe has remotely exploitable buffer overflows...

CVE-2021-38575

NetworkPkg/IScsiDxe has remotely exploitable buffer overflows...

Important: edk2 security update

EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: edk2: remote buffer overflow in IScsiHexToBin function in NetworkPkg/IScsiDxe BZ1956284 For more details about the security...