ovmf (SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSS) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSS package ovmf, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (10)
CVE-2023-45235 — CVSS 8.3 (high): EDK2's Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option from a DHCPv6 proxy Advertise…
CVE-2023-45234 — CVSS 8.3 (high): EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise…
CVE-2023-45230 — CVSS 8.3 (high): EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This vulnerability…
CVE-2023-45232 — CVSS 7.5 (high): EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of…
CVE-2023-45233 — CVSS 7.5 (high): EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of…
CVE-2021-38578 — CVSS 7.4 (high): Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.
CVE-2019-11098 — CVSS 6.8 (medium): Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege…
CVE-2023-45231 — CVSS 6.5 (medium): EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing Neighbor Discovery Redirect message. This…
CVE-2023-45229 — CVSS 6.5 (medium): EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA_NA or IA_TA option in a DHCPv6…
CVE-2019-14560: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any…