 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.1.10.2021.0035 |
| Categoría: | Mageia Linux Local Security Checks |
| Título: | Mageia: Security Advisory (MGASA-2021-0035) |
| Resumen: | The remote host is missing an update for the 'edk2' package(s) announced via the MGASA-2021-0035 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'edk2' package(s) announced via the MGASA-2021-0035 advisory. Vulnerability Insight: Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. (CVE-2018-12179). Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. (CVE-2018-12182). Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. (CVE-2018-12183). Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access. (CVE-2019-0160). Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access. (CVE-2019-0161). Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access. (CVE-2019-14553). Insufficient control flow management in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable denial of service via adjacent access. (CVE-2019-14558). Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access. (CVE-2019-14559). Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. (CVE-2019-14563). Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. (CVE-2019-14575). EDK II incorrectly parsed signed PKCS #7 data. An attacker could use this issue to cause EDK II to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-14584). Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access. (CVE-2019-14586). Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access. (CVE-2019-14587). Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access. (CVE-2019-14562). Affected Software/OS: 'edk2' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2018-12179 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/ Common Vulnerability Exposure (CVE) ID: CVE-2018-12182 BugTraq ID: 107648 http://www.securityfocus.com/bid/107648 Common Vulnerability Exposure (CVE) ID: CVE-2018-12183 BugTraq ID: 107643 http://www.securityfocus.com/bid/107643 Common Vulnerability Exposure (CVE) ID: CVE-2019-0160 https://tianocore-docs.github.io/SecurityAdvisory/draft/partitiondxe-and-udf-buffer-overflow.html Common Vulnerability Exposure (CVE) ID: CVE-2019-0161 https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html RedHat Security Advisories: RHSA-2019:2125 https://access.redhat.com/errata/RHSA-2019:2125 RedHat Security Advisories: RHSA-2019:2437 https://access.redhat.com/errata/RHSA-2019:2437 SuSE Security Announcement: openSUSE-SU-2019:1352 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00019.html SuSE Security Announcement: openSUSE-SU-2019:1425 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00046.html Common Vulnerability Exposure (CVE) ID: CVE-2019-14553 https://bugzilla.tianocore.org/show_bug.cgi?id=960 Common Vulnerability Exposure (CVE) ID: CVE-2019-14558 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00356.html Common Vulnerability Exposure (CVE) ID: CVE-2019-14559 https://bugzilla.tianocore.org/show_bug.cgi?id=2031 Common Vulnerability Exposure (CVE) ID: CVE-2019-14562 https://bugzilla.tianocore.org/show_bug.cgi?id=2215 Common Vulnerability Exposure (CVE) ID: CVE-2019-14563 https://bugzilla.tianocore.org/show_bug.cgi?id=2001 Common Vulnerability Exposure (CVE) ID: CVE-2019-14575 https://bugzilla.tianocore.org/show_bug.cgi?id=1608 Common Vulnerability Exposure (CVE) ID: CVE-2019-14584 https://bugzilla.redhat.com/show_bug.cgi?id=1889486 Common Vulnerability Exposure (CVE) ID: CVE-2019-14586 https://bugzilla.tianocore.org/show_bug.cgi?id=1995 Common Vulnerability Exposure (CVE) ID: CVE-2019-14587 https://bugzilla.tianocore.org/show_bug.cgi?id=1989 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |