CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28211 – edk2: possible heap corruption with LzmaUefiDecompressGetInfo
https://notcve.org/view.php?id=CVE-2021-28211
21 Apr 2021 — A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. Un desbordamiento de la pila en la función zmaUefiDecompressGetInfo en EDK II A flaw was found in edk2. A possible heap corruption in LzmaUefiDecompressGetInfo function may allow an attacker to execute code on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. It was discovered that EDK II did not check the buffer length in XHCI, which could lead to a stack overflow. • https://bugzilla.tianocore.org/show_bug.cgi?id=1816 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14584 – edk2: NULL pointer dereference in AuthenticodeVerify()
https://notcve.org/view.php?id=CVE-2019-14584
07 Jan 2021 — Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access. La desviación del puntero null en Tianocore EDK2 puede permitir a un usuario autenticado permitir potencialmente una escalada de privilegios por medio de acceso local Laszlo Ersek discovered that EDK II incorrectly validated certain signed images. An attacker could possibly use this issue with a specially crafted image to cause EDK II to hang, resulting in a denial of se... • https://bugzilla.redhat.com/show_bug.cgi?id=1889486 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-14562 – Ubuntu Security Notice USN-4684-1
https://notcve.org/view.php?id=CVE-2019-14562
23 Nov 2020 — Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access. Un desbordamiento de enteros en la función DxeImageVerificationHandler() en EDK II, puede habilitar a un usuario autenticado para permitir potencialmente una denegación de servicio por medio del acceso local Laszlo Ersek discovered that EDK II incorrectly validated certain signed images. An attacker could possibly use this issue with a specially crafted image to ... • https://bugzilla.tianocore.org/show_bug.cgi?id=2215 • CWE-190: Integer Overflow or Wraparound •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14553
https://notcve.org/view.php?id=CVE-2019-14553
23 Nov 2020 — Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access. Una autenticación inapropiada en EDK II, puede permitir a un usuario privilegiado habilitar potencialmente una divulgación de información por medio del acceso a la red • https://bugzilla.tianocore.org/show_bug.cgi?id=960 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2019-14559 – edk2: memory leak in ArpOnFrameRcvdDpc
https://notcve.org/view.php?id=CVE-2019-14559
01 May 2020 — Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access. Un consumo incontrolado de recursos en EDK II, puede permitir a un usuario no autenticado habilitar potencialmente una denegación de servicio por medio del acceso a la red A buffer overflow was discovered in the network stack. An unprivileged user could potentially enable escalation of privilege and/or denial of service. This issue was already fixed in a previous release ... • https://bugzilla.tianocore.org/show_bug.cgi?id=2031 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-14575 – Ubuntu Security Notice USN-4349-1
https://notcve.org/view.php?id=CVE-2019-14575
01 May 2020 — Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. Un problema lógico en la función DxeImageVerificationHandler() para EDK II, puede habilitar a un usuario autenticado para permitir potencialmente una escalada de privilegios por medio de un acceso local A buffer overflow was discovered in the network stack. An unprivileged user could potentially enable escalation of privilege and/or denial of service. This i... • https://bugzilla.tianocore.org/show_bug.cgi?id=1608 •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2019-14586 – Ubuntu Security Notice USN-4349-1
https://notcve.org/view.php?id=CVE-2019-14586
01 May 2020 — Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access. Una vulnerabilidad de uso de la memoria previamente liberada en EDK II, puede habilitar a un usuario autenticado para permitir potencialmente una escalada de privilegios, una divulgación de información y/o una denegación de servicio por medio de un acceso adyacente A buffer overflow was discovered in the network stack. An u... • https://bugzilla.tianocore.org/show_bug.cgi?id=1995 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-14587 – Ubuntu Security Notice USN-4349-1
https://notcve.org/view.php?id=CVE-2019-14587
01 May 2020 — Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access. Un problema lógico de EDK II, puede habilitar a un usuario no autenticado para permitir potencialmente una denegación de servicio por medio de un acceso adyacente A buffer overflow was discovered in the network stack. An unprivileged user could potentially enable escalation of privilege and/or denial of service. This issue was already fixed in a previous release for 18.04 LTS and 19.10. A buffer... • https://bugzilla.tianocore.org/show_bug.cgi?id=1989 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-14563 – edk2: numeric truncation in MdeModulePkg/PiDxeS3BootScriptLib
https://notcve.org/view.php?id=CVE-2019-14563
28 Apr 2020 — Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. Un truncamiento de enteros en EDK II, puede habilitar a un usuario autenticado para permitir potencialmente una escalada de privilegios por medio de un acceso local A buffer overflow was discovered in the network stack. An unprivileged user could potentially enable escalation of privilege and/or denial of service. This issue was already fixed in a previous release for 18.04 LTS and 19... • https://bugzilla.tianocore.org/show_bug.cgi?id=2001 • CWE-190: Integer Overflow or Wraparound CWE-681: Incorrect Conversion between Numeric Types CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8271
https://notcve.org/view.php?id=CVE-2014-8271
06 Feb 2020 — Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 16280 allows physically proximate attackers to gain privileges via a long variable name. Un desbordamiento del búfer en la función Reclaim en Tianocore EDK2 versiones anteriores a SVN 16280, permite a atacantes físicamente próximos alcanzar privilegios por medio de un nombre de variable largo. • http://sourceforge.net/p/edk2/code/16280 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •