Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Edk_ii
(Tianocore)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 11 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-03-27 | CVE-2018-12179 | Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. | Edk_ii | 7.8 | ||
| 2019-03-27 | CVE-2018-12180 | Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access. | Leap, Edk_ii | 8.8 | ||
| 2019-03-27 | CVE-2018-12181 | Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access. | Edk_ii | 6.0 | ||
| 2019-03-27 | CVE-2018-12182 | Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. | Edk_ii | 6.7 | ||
| 2019-03-27 | CVE-2018-12183 | Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. | Edk_ii | 6.8 | ||
| 2019-03-27 | CVE-2018-3613 | Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. | Edk_ii | 7.8 | ||
| 2019-03-27 | CVE-2019-0160 | Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access. | Fedora, Leap, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Edk_ii | 9.8 | ||
| 2019-03-27 | CVE-2019-0161 | Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access. | Edk_ii | 5.5 | ||
| 2021-08-05 | CVE-2021-28216 | BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE. | Edk_ii | 7.8 | ||
| 2021-07-14 | CVE-2019-11098 | Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access. | Edk_ii | 6.8 |