NotCVE - vendor:"Tianocore" product:"Edk Ii"

Page 2 of 11 results (0.017 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-12179

https://notcve.org/view.php?id=CVE-2018-12179

Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. Configuración incorrecta en el firmware del sistema para EDK II podría permitir que un usuario no autenticado escale privilegios, divulgue información y/o provoque una denegación de servicio mediante acceso local. • https://edk2-docs.gitbooks.io/security-advisory/content/opal-blocksid-setting-disabled-after-s3.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us •

CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0

CVE-2019-0160 – edk2: Buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media

https://notcve.org/view.php?id=CVE-2019-0160

Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access. Desbordamiento de búfer en el firmware del sistema para EDK II podría permitir que un usuario no autenticado escale privilegios y/o provoque una denegación de servicio mediante acceso de red. Buffer overflows were discovered in UDF-related codes under MdeModulePkg\Universal\Disk\PartitionDxe\Udf.c and MdeModulePkg\Universal\Disk\UdfDxe, which could be triggered with long file names or invalid formatted UDF media. • https://tianocore-docs.github.io/SecurityAdvisory/draft/partitiondxe-and-udf-buffer-overflow.html https://access.redhat.com/security/cve/CVE-2019-0160 https://bugzilla.redhat.com/show_bug.cgi?id=1691640 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-12178

https://notcve.org/view.php?id=CVE-2018-12178

Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network. Desbordamiento de búfer en la pila de red para EDK II podría permitir que un usuario sin privilegios escale privilegios y/o provoque una denegación de servicio mediante acceso de red. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00046.html https://edk2-docs.gitbooks.io/security-advisory/content/dns-pack-size-check.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us https://usn.ubuntu.com/4349-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-12182

https://notcve.org/view.php?id=CVE-2018-12182

Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. Comprobación de escritura en memoria insuficiente en el servicio SMM para EDK II podría permitir que un usuario autenticado escale privilegios, divulgue información y/o provoque una denegación de servicio mediante acceso local. • http://www.securityfocus.com/bid/107648 https://edk2-docs.gitbooks.io/security-advisory/content/sw-smi-confused-deputy-smramsavestate_c.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us • CWE-441: Unintended Proxy or Intermediary ('Confused Deputy') •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-12183

https://notcve.org/view.php?id=CVE-2018-12183

Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. Desbordamiento de pila en DxeCore para EDK II podría permitir que un usuario no autenticado escale privilegios, divulgue información y/o provoque una denegación de servicio mediante acceso local. • http://www.securityfocus.com/bid/107643 https://edk2-docs.gitbooks.io/security-advisory/content/unlimited-fv-recursion.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us • CWE-787: Out-of-bounds Write •

1 2 3