Search CVE reports
91 – 100 of 101 results
CVE-2019-1547
Low prioritySome fixes available 6 of 7
Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | — | — | Not affected | Not affected | Not affected |
nodejs | — | — | Not affected | Not affected | Not affected |
openssl | — | — | Fixed | Fixed | Fixed |
openssl1.0 | — | — | Not in release | Fixed | Not in release |
CVE-2019-1552
Low priorityOpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | — | — | — | Not affected | Not affected |
nodejs | — | — | — | Not affected | Not affected |
openssl | — | — | — | Not affected | Not affected |
openssl1.0 | — | — | — | Not affected | Not in release |
CVE-2019-0161
Medium priorityStack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access.
1 affected packages
edk2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
CVE-2019-0160
Medium prioritySome fixes available 1 of 2
Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.
1 affected packages
edk2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Not affected | Not affected | Not affected | Fixed | Not affected |
CVE-2018-3613
Low prioritySome fixes available 2 of 3
Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.
1 affected packages
edk2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Not affected | Not affected | Not affected | Fixed | Fixed |
CVE-2018-12183
Low prioritySome fixes available 1 of 2
Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.
1 affected packages
edk2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Not affected | Not affected | Not affected | Fixed | Not affected |
CVE-2018-12182
Low prioritySome fixes available 2 of 4
Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.
1 affected packages
edk2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Not affected | Not affected | Not affected | Fixed | Fixed |
CVE-2018-12181
Medium prioritySome fixes available 2 of 3
Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access.
1 affected packages
edk2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | — | — | Not affected | Fixed | Fixed |
CVE-2018-12180
Medium prioritySome fixes available 2 of 3
Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access.
1 affected packages
edk2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | — | — | Not affected | Fixed | Fixed |
CVE-2018-12179
Negligible priorityImproper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.
1 affected packages
edk2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | — | — | — | Not affected | Not affected |