 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.1.10.2021.0035 |
| Kategorie: | Mageia Linux Local Security Checks |
| Titel: | Mageia: Security Advisory (MGASA-2021-0035) |
| Zusammenfassung: | The remote host is missing an update for the 'edk2' package(s) announced via the MGASA-2021-0035 advisory. |
| Beschreibung: | Summary: The remote host is missing an update for the 'edk2' package(s) announced via the MGASA-2021-0035 advisory. Vulnerability Insight: Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. (CVE-2018-12179). Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. (CVE-2018-12182). Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. (CVE-2018-12183). Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access. (CVE-2019-0160). Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access. (CVE-2019-0161). Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access. (CVE-2019-14553). Insufficient control flow management in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable denial of service via adjacent access. (CVE-2019-14558). Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access. (CVE-2019-14559). Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. (CVE-2019-14563). Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. (CVE-2019-14575). EDK II incorrectly parsed signed PKCS #7 data. An attacker could use this issue to cause EDK II to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-14584). Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access. (CVE-2019-14586). Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access. (CVE-2019-14587). Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access. (CVE-2019-14562). Affected Software/OS: 'edk2' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2018-12179 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/ Common Vulnerability Exposure (CVE) ID: CVE-2018-12182 BugTraq ID: 107648 http://www.securityfocus.com/bid/107648 Common Vulnerability Exposure (CVE) ID: CVE-2018-12183 BugTraq ID: 107643 http://www.securityfocus.com/bid/107643 Common Vulnerability Exposure (CVE) ID: CVE-2019-0160 https://tianocore-docs.github.io/SecurityAdvisory/draft/partitiondxe-and-udf-buffer-overflow.html Common Vulnerability Exposure (CVE) ID: CVE-2019-0161 https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html RedHat Security Advisories: RHSA-2019:2125 https://access.redhat.com/errata/RHSA-2019:2125 RedHat Security Advisories: RHSA-2019:2437 https://access.redhat.com/errata/RHSA-2019:2437 SuSE Security Announcement: openSUSE-SU-2019:1352 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00019.html SuSE Security Announcement: openSUSE-SU-2019:1425 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00046.html Common Vulnerability Exposure (CVE) ID: CVE-2019-14553 https://bugzilla.tianocore.org/show_bug.cgi?id=960 Common Vulnerability Exposure (CVE) ID: CVE-2019-14558 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00356.html Common Vulnerability Exposure (CVE) ID: CVE-2019-14559 https://bugzilla.tianocore.org/show_bug.cgi?id=2031 Common Vulnerability Exposure (CVE) ID: CVE-2019-14562 https://bugzilla.tianocore.org/show_bug.cgi?id=2215 Common Vulnerability Exposure (CVE) ID: CVE-2019-14563 https://bugzilla.tianocore.org/show_bug.cgi?id=2001 Common Vulnerability Exposure (CVE) ID: CVE-2019-14575 https://bugzilla.tianocore.org/show_bug.cgi?id=1608 Common Vulnerability Exposure (CVE) ID: CVE-2019-14584 https://bugzilla.redhat.com/show_bug.cgi?id=1889486 Common Vulnerability Exposure (CVE) ID: CVE-2019-14586 https://bugzilla.tianocore.org/show_bug.cgi?id=1995 Common Vulnerability Exposure (CVE) ID: CVE-2019-14587 https://bugzilla.tianocore.org/show_bug.cgi?id=1989 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |