Search CVE reports
31 – 40 of 123 results
Some fixes available 3 of 6
EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss...
1 affected package
edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| edk2 | Not affected | Fixed | Fixed | Needs evaluation |
Some fixes available 1 of 6
EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access...
1 affected package
edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| edk2 | Not affected | Fixed | Vulnerable | Needs evaluation |
Some fixes available 6 of 10
Issue summary: Checking excessively long invalid RSA public keys may take a long time. Impact summary: Applications that use the function EVP_PKEY_public_check() to check RSA public keys may experience long delays. Where the key...
4 affected packages
openssl, openssl1.0, nodejs, edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | Fixed | Fixed | Not affected | Not affected |
| openssl1.0 | Not in release | Not in release | Not in release | Not affected |
| nodejs | Not affected | Vulnerable | Not affected | Not affected |
| edk2 | Vulnerable | Not affected | Not affected | Not affected |
Some fixes available 3 of 6
EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of...
1 affected package
edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| edk2 | Not affected | Fixed | Fixed | Needs evaluation |
Some fixes available 3 of 6
EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of...
1 affected package
edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| edk2 | Not affected | Fixed | Fixed | Needs evaluation |
Some fixes available 3 of 6
EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of...
1 affected package
edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| edk2 | Not affected | Fixed | Fixed | Needs evaluation |
Some fixes available 6 of 9
Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector...
4 affected packages
openssl, openssl1.0, nodejs, edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | Fixed | Fixed | Not affected | Not affected |
| openssl1.0 | Not in release | Not in release | Not in release | Not affected |
| nodejs | Not affected | Vulnerable | Not affected | Not affected |
| edk2 | Not affected | Not affected | Not affected | Not affected |
Some fixes available 10 of 20
Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key...
4 affected packages
openssl1.0, nodejs, edk2, openssl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl1.0 | Not in release | Not in release | Not in release | Fixed |
| nodejs | Not affected | Vulnerable | Not affected | Not affected |
| edk2 | Vulnerable | Vulnerable | Vulnerable | Needs evaluation |
| openssl | Fixed | Fixed | Fixed | Fixed |
Some fixes available 7 of 8
Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A...
4 affected packages
openssl, openssl1.0, nodejs, edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | Fixed | Fixed | Not affected | Not affected |
| openssl1.0 | Not in release | Not in release | Not in release | Not affected |
| nodejs | Not affected | Vulnerable | Not affected | Not affected |
| edk2 | Not affected | Not affected | Not affected | Not affected |
Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X86_64 processors supporting...
4 affected packages
openssl, openssl1.0, nodejs, edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | Not affected | Not affected | Not affected | Not affected |
| openssl1.0 | Not in release | Not in release | Not in release | Not affected |
| nodejs | Not affected | Not affected | Not affected | Not affected |
| edk2 | Not affected | Not affected | Not affected | Not affected |