Search CVE reports


Toggle filters

61 – 70 of 103 results


CVE-2021-4044

Medium priority
Fixed

Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory)....

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Not affected
nodejs Not affected Not affected Not affected Not affected
openssl Fixed Not affected Not affected Not affected
openssl1.0 Not in release Not in release Not affected Not in release
Show less packages

CVE-2021-38575

Medium priority
Fixed

NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.

1 affected package

edk2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Fixed Fixed Fixed
Show less packages

CVE-2021-3712

Medium priority

Some fixes available 15 of 19

ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Needs evaluation Fixed Needs evaluation Needs evaluation
nodejs Not affected Not affected Not affected Not affected Not affected
openssl Fixed Fixed Fixed Fixed Fixed
openssl1.0 Not in release Not in release Not in release Fixed Not in release
Show less packages

CVE-2021-3711

High priority
Fixed

In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and,...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Not affected Not affected
nodejs Not affected Not affected Not affected Not affected Not affected
openssl Fixed Fixed Fixed Fixed Not affected
openssl1.0 Not in release Not in release Not in release Not affected Not in release
Show less packages

CVE-2021-28216

Low priority
Vulnerable

BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE.

1 affected package

edk2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Vulnerable Vulnerable Needs evaluation
Show less packages

CVE-2019-11098

Low priority

Some fixes available 2 of 5

Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.

1 affected package

edk2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Fixed Vulnerable Needs evaluation
Show less packages

CVE-2021-28213

Low priority
Vulnerable

Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks.

1 affected package

edk2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Vulnerable Needs evaluation
Show less packages

CVE-2021-3450

High priority
Not affected

The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected
nodejs Not affected Not affected Not affected
openssl Not affected Not affected Not affected
openssl1.0 Not in release Not affected Not in release
Show less packages

CVE-2021-3449

High priority

Some fixes available 15 of 16

An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial...

10 affected packages

edk2, nodejs, openssl, openssl1.0, postgresql-10...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Not affected Not affected
nodejs Not affected Not affected Not affected Not affected Not affected
openssl Fixed Fixed Fixed Fixed Not affected
openssl1.0 Not in release Not in release Not in release Not affected Not in release
postgresql-10 Not in release Not in release Not in release Fixed Not in release
postgresql-12 Not in release Not in release Fixed Not in release Not in release
postgresql-13 Not in release Not in release Not in release Not in release Not in release
postgresql-9.1 Not in release Not in release Not in release Not in release Not in release
postgresql-9.3 Not in release Not in release Not in release Not in release Not in release
postgresql-9.5 Not in release Not in release Not in release Not in release Not affected
Show all 10 packages Show less packages

CVE-2021-28211

Medium priority
Fixed

A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.

1 affected package

edk2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Fixed Fixed Fixed
Show less packages