Search CVE reports
81 – 90 of 101 results
CVE-2019-14586
Low priorityUse after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.
1 affected packages
edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | — | — | Not affected | Fixed | Fixed |
CVE-2019-14584
Low priorityNull pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.
1 affected packages
edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | — | — | Fixed | Fixed | Fixed |
CVE-2019-14575
Low priorityLogic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
1 affected packages
edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | — | — | Not affected | Fixed | Fixed |
CVE-2019-14563
Low priorityInteger truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
1 affected packages
edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | — | — | Not affected | Fixed | Fixed |
CVE-2019-14559
Low priorityUncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.
1 affected packages
edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | — | — | Not affected | Fixed | Fixed |
CVE-2019-14558
Medium priorityInsufficient control flow management in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable denial of...
1 affected packages
edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | — | — | Not affected | Fixed | Fixed |
CVE-2019-1551
Low prioritySome fixes available 5 of 7
There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | — | — | Not affected | Not affected | Not affected |
| nodejs | — | — | Not affected | Not affected | Not affected |
| openssl | — | — | Fixed | Fixed | Fixed |
| openssl1.0 | — | — | Not in release | Fixed | Not in release |
CVE-2017-5731
Medium priorityBounds checking in Tianocompress before November 7, 2017 may allow an authenticated user to potentially enable an escalation of privilege via local access.
1 affected packages
edk2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | Not affected | Not affected | Not affected | Fixed | Fixed |
CVE-2019-1563
Low prioritySome fixes available 14 of 20
In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | Not affected | Not affected | Not affected | Vulnerable | Vulnerable |
| nodejs | Not affected | Vulnerable | Not affected | Not affected | Not affected |
| openssl | Fixed | Fixed | Fixed | Fixed | Fixed |
| openssl1.0 | Not in release | Not in release | Not in release | Fixed | Not in release |
CVE-2019-1549
Low prioritySome fixes available 5 of 7
OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG...
4 affected packages
edk2, nodejs, openssl, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| edk2 | — | — | Not affected | Not affected | Not affected |
| nodejs | — | — | Not affected | Not affected | Not affected |
| openssl | — | — | Fixed | Fixed | Not affected |
| openssl1.0 | — | — | Not in release | Not affected | Not in release |