CVE search results

1 – 10 of 101 results

Detailed view

Sort by:

CVE-2024-6119

Medium priority

Some fixes available 2 of 10

Issue summary: Applications performing certificate name checks (e.g., TLS clients checking server certificates) may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
edk2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
nodejs	Not affected	Vulnerable	Not affected	Needs evaluation	Needs evaluation
openssl	Fixed	Fixed	Not affected	Not affected	Not affected
openssl1.0	Not in release	Not in release	Not in release	Not affected	—

CVE-2024-41996

Medium priority

Vulnerable

Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
edk2	Needs evaluation	Not affected	Not affected	Not affected	Not affected
nodejs	Not affected	Needs evaluation	Not affected	Not affected	Not affected
openssl	Vulnerable	Vulnerable	Not affected	Not affected	Not affected
openssl1.0	Not in release	Not in release	Not in release	Not affected	—

CVE-2024-5535

Low priority

Some fixes available 3 of 17

Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
edk2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation
nodejs	Not affected	Vulnerable	Not affected	Needs evaluation	Needs evaluation
openssl	Fixed	Fixed	Fixed	Needs evaluation	Needs evaluation
openssl1.0	Not in release	Not in release	Not in release	Needs evaluation	—

CVE-2024-1298

Medium priority

Needs evaluation

EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability.

1 affected packages

edk2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
edk2	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2024-4741

Low priority

Some fixes available 3 of 16

Use After Free with SSL_free_buffers

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
edk2	Vulnerable	Vulnerable	Vulnerable	Needs evaluation	Needs evaluation
nodejs	Not affected	Vulnerable	Not affected	Needs evaluation	Needs evaluation
openssl	Fixed	Fixed	Fixed	Needs evaluation	Needs evaluation
openssl1.0	Not in release	Not in release	Not in release	Not affected	—

CVE-2024-4603

Low priority

Some fixes available 2 of 7

Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVP_PKEY_param_check() or EVP_PKEY_public_check() to check a DSA public key or DSA parameters...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
edk2	Vulnerable	Not affected	Not affected	Not affected	Not affected
nodejs	Not affected	Vulnerable	Not affected	Needs evaluation	Needs evaluation
openssl	Fixed	Fixed	Not affected	Not affected	Not affected
openssl1.0	Not in release	Not in release	Not in release	Not affected	—

CVE-2024-2511

Low priority

Some fixes available 3 of 16

Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
edk2	Vulnerable	Vulnerable	Vulnerable	Needs evaluation	Needs evaluation
nodejs	Not affected	Vulnerable	Not affected	Needs evaluation	Needs evaluation
openssl	Fixed	Fixed	Fixed	Needs evaluation	Needs evaluation
openssl1.0	Not in release	Not in release	Not in release	Not affected	—

CVE-2023-48733

Medium priority

Some fixes available 4 of 7

An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot.

1 affected packages

edk2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
edk2	Fixed	Fixed	Fixed	Needs evaluation	Needs evaluation

CVE-2024-0727

Low priority

Some fixes available 8 of 19

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
edk2	Vulnerable	Vulnerable	Vulnerable	Needs evaluation	Needs evaluation
nodejs	Not affected	Vulnerable	Not affected	Needs evaluation	Needs evaluation
openssl	Fixed	Fixed	Fixed	Fixed	Fixed
openssl1.0	Not in release	Not in release	Not in release	Fixed	Not in release

CVE-2023-45237

Medium priority

Vulnerable

EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.

1 affected packages

edk2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
edk2	Vulnerable	Vulnerable	Vulnerable	Vulnerable	Vulnerable

Export to JSON

Results by page:

Search CVE reports