CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11098 – Ubuntu Security Notice USN-5088-1
https://notcve.org/view.php?id=CVE-2019-11098
14 Jul 2021 — Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access. Una comprobación insuficiente de entrada en la función MdeModulePkg en EDKII, puede permitir a un usuario no autenticado habilitar potencialmente una escalada de privilegios, Denegación de Servicio y/o Divulgación de Información por medio de acceso físico It was discovered that EDK II incorrectly handled i... • https://edk2-docs.gitbook.io/security-advisory/bootguard-toctou-vulnerability • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-28213
https://notcve.org/view.php?id=CVE-2021-28213
11 Jun 2021 — Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks. La clave privada cifrada Example EDK2 en el archivo IpSecDxe.efi presenta riesgos potenciales de seguridad • https://bugzilla.tianocore.org/show_bug.cgi?id=1866 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28210 – edk2: unlimited FV recursion, round 2
https://notcve.org/view.php?id=CVE-2021-28210
02 Apr 2021 — An unlimited recursion in DxeCore in EDK II. Una recursión ilimitada en la función DxeCore en EDK II A flaw was found in edk2. An unlimited recursion in DxeCore may allow an attacker to corrupt the system memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. It was discovered that EDK II did not check the buffer length in XHCI, which could lead to a stack overflow. • https://bugzilla.tianocore.org/show_bug.cgi?id=1743 • CWE-674: Uncontrolled Recursion •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28211 – edk2: possible heap corruption with LzmaUefiDecompressGetInfo
https://notcve.org/view.php?id=CVE-2021-28211
02 Apr 2021 — A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. Un desbordamiento de la pila en la función zmaUefiDecompressGetInfo en EDK II A flaw was found in edk2. A possible heap corruption in LzmaUefiDecompressGetInfo function may allow an attacker to execute code on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. It was discovered that EDK II did not check the buffer length in XHCI, which could lead to a stack overflow. • https://bugzilla.tianocore.org/show_bug.cgi?id=1816 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14584 – edk2: NULL pointer dereference in AuthenticodeVerify()
https://notcve.org/view.php?id=CVE-2019-14584
22 Dec 2020 — Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access. La desviación del puntero null en Tianocore EDK2 puede permitir a un usuario autenticado permitir potencialmente una escalada de privilegios por medio de acceso local Laszlo Ersek discovered that EDK II incorrectly validated certain signed images. An attacker could possibly use this issue with a specially crafted image to cause EDK II to hang, resulting in a denial of se... • https://bugzilla.redhat.com/show_bug.cgi?id=1889486 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-14562 – Ubuntu Security Notice USN-4684-1
https://notcve.org/view.php?id=CVE-2019-14562
23 Nov 2020 — Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access. Un desbordamiento de enteros en la función DxeImageVerificationHandler() en EDK II, puede habilitar a un usuario autenticado para permitir potencialmente una denegación de servicio por medio del acceso local Laszlo Ersek discovered that EDK II incorrectly validated certain signed images. An attacker could possibly use this issue with a specially crafted image to ... • https://bugzilla.tianocore.org/show_bug.cgi?id=2215 • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14553
https://notcve.org/view.php?id=CVE-2019-14553
23 Nov 2020 — Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access. Una autenticación inapropiada en EDK II, puede permitir a un usuario privilegiado habilitar potencialmente una divulgación de información por medio del acceso a la red • https://bugzilla.tianocore.org/show_bug.cgi?id=960 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14559 – edk2: memory leak in ArpOnFrameRcvdDpc
https://notcve.org/view.php?id=CVE-2019-14559
01 May 2020 — Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access. Un consumo incontrolado de recursos en EDK II, puede permitir a un usuario no autenticado habilitar potencialmente una denegación de servicio por medio del acceso a la red A buffer overflow was discovered in the network stack. An unprivileged user could potentially enable escalation of privilege and/or denial of service. This issue was already fixed in a previous release ... • https://bugzilla.tianocore.org/show_bug.cgi?id=2031 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-14575 – Ubuntu Security Notice USN-4349-1
https://notcve.org/view.php?id=CVE-2019-14575
01 May 2020 — Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. Un problema lógico en la función DxeImageVerificationHandler() para EDK II, puede habilitar a un usuario autenticado para permitir potencialmente una escalada de privilegios por medio de un acceso local A buffer overflow was discovered in the network stack. An unprivileged user could potentially enable escalation of privilege and/or denial of service. This i... • https://bugzilla.tianocore.org/show_bug.cgi?id=1608 •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2019-14586 – Ubuntu Security Notice USN-4349-1
https://notcve.org/view.php?id=CVE-2019-14586
01 May 2020 — Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access. Una vulnerabilidad de uso de la memoria previamente liberada en EDK II, puede habilitar a un usuario autenticado para permitir potencialmente una escalada de privilegios, una divulgación de información y/o una denegación de servicio por medio de un acceso adyacente A buffer overflow was discovered in the network stack. An u... • https://bugzilla.tianocore.org/show_bug.cgi?id=1995 • CWE-416: Use After Free •