Search CVE reports


Toggle filters

71 – 80 of 103 results


CVE-2021-28210

Medium priority
Fixed

An unlimited recursion in DxeCore in EDK II.

1 affected package

edk2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Fixed Fixed Fixed
Show less packages

CVE-2021-23841

Medium priority
Fixed

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected
nodejs Not affected Not affected Not affected
openssl Fixed Fixed Fixed
openssl1.0 Not in release Fixed Not in release
Show less packages

CVE-2021-23840

Low priority

Some fixes available 16 of 20

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Fixed Vulnerable Needs evaluation
nodejs Not affected Vulnerable Not affected Not affected Not affected
openssl Fixed Fixed Fixed Fixed Fixed
openssl1.0 Not in release Not in release Not in release Fixed Not in release
Show less packages

CVE-2021-23839

Low priority
Not affected

OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more recent SSL and TLS versions then a check is made for a version rollback attack when unpadding an...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected
nodejs Not affected Not affected Not affected
openssl Not affected Not affected Not affected
openssl1.0 Not in release Not affected Not in release
Show less packages

CVE-2020-1971

High priority
Fixed

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected
nodejs Not affected Not affected Not affected
openssl Fixed Fixed Fixed
openssl1.0 Not in release Fixed Not in release
Show less packages

CVE-2019-14562

Low priority
Fixed

Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access.

1 affected package

edk2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Fixed Fixed Fixed
Show less packages

CVE-2019-14553

Negligible priority
Needs evaluation

Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access.

1 affected package

edk2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Needs evaluation Needs evaluation
Show less packages

CVE-2020-1968

Low priority

Some fixes available 3 of 4

The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. In such a case this...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Not affected Vulnerable
nodejs Not affected Not affected Not affected Not affected Not affected
openssl Not affected Not affected Not affected Not affected Fixed
openssl1.0 Not in release Not in release Not in release Fixed Not in release
Show less packages

CVE-2020-1967

High priority
Fixed

Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert" TLS...

3 affected packages

edk2, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected
openssl Fixed Not affected Not affected
openssl1.0 Not in release Not affected Not in release
Show less packages

CVE-2014-4860

Medium priority
Not affected

Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing...

1 affected package

edk2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2
Show less packages