Search CVE reports


Toggle filters

91 – 100 of 103 results


CVE-2019-1563

Low priority

Some fixes available 15 of 21

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Vulnerable Vulnerable
nodejs Not affected Vulnerable Not affected Not affected Not affected
openssl Fixed Fixed Fixed Fixed Fixed
openssl1.0 Not in release Not in release Not in release Fixed Not in release
Show less packages

CVE-2019-1549

Low priority

Some fixes available 5 of 7

OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected
nodejs Not affected Not affected Not affected
openssl Fixed Fixed Not affected
openssl1.0 Not in release Not affected Not in release
Show less packages

CVE-2019-1547

Low priority

Some fixes available 6 of 7

Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected
nodejs Not affected Not affected Not affected
openssl Fixed Fixed Fixed
openssl1.0 Not in release Fixed Not in release
Show less packages

CVE-2019-1552

Low priority
Not affected

OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected
nodejs Not affected Not affected
openssl Not affected Not affected
openssl1.0 Not affected Not in release
Show less packages

CVE-2019-0161

Medium priority
Fixed

Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access.

1 affected packages

edk2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Fixed Fixed
Show less packages

CVE-2019-0160

Medium priority

Some fixes available 1 of 2

Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.

1 affected packages

edk2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Fixed Not affected
Show less packages

CVE-2018-3613

Low priority

Some fixes available 2 of 3

Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.

1 affected packages

edk2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Fixed Fixed
Show less packages

CVE-2018-12183

Low priority

Some fixes available 1 of 2

Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.

1 affected packages

edk2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Fixed Not affected
Show less packages

CVE-2018-12182

Low priority

Some fixes available 2 of 4

Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.

1 affected packages

edk2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Fixed Fixed
Show less packages

CVE-2018-12181

Medium priority

Some fixes available 2 of 3

Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access.

1 affected packages

edk2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Fixed Fixed
Show less packages