CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-14575 – Ubuntu Security Notice USN-4349-1
https://notcve.org/view.php?id=CVE-2019-14575
01 May 2020 — Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. Un problema lógico en la función DxeImageVerificationHandler() para EDK II, puede habilitar a un usuario autenticado para permitir potencialmente una escalada de privilegios por medio de un acceso local A buffer overflow was discovered in the network stack. An unprivileged user could potentially enable escalation of privilege and/or denial of service. This i... • https://bugzilla.tianocore.org/show_bug.cgi?id=1608 •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2019-14586 – Ubuntu Security Notice USN-4349-1
https://notcve.org/view.php?id=CVE-2019-14586
01 May 2020 — Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access. Una vulnerabilidad de uso de la memoria previamente liberada en EDK II, puede habilitar a un usuario autenticado para permitir potencialmente una escalada de privilegios, una divulgación de información y/o una denegación de servicio por medio de un acceso adyacente A buffer overflow was discovered in the network stack. An u... • https://bugzilla.tianocore.org/show_bug.cgi?id=1995 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-14587 – Ubuntu Security Notice USN-4349-1
https://notcve.org/view.php?id=CVE-2019-14587
01 May 2020 — Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access. Un problema lógico de EDK II, puede habilitar a un usuario no autenticado para permitir potencialmente una denegación de servicio por medio de un acceso adyacente A buffer overflow was discovered in the network stack. An unprivileged user could potentially enable escalation of privilege and/or denial of service. This issue was already fixed in a previous release for 18.04 LTS and 19.10. A buffer... • https://bugzilla.tianocore.org/show_bug.cgi?id=1989 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-14563 – edk2: numeric truncation in MdeModulePkg/PiDxeS3BootScriptLib
https://notcve.org/view.php?id=CVE-2019-14563
28 Apr 2020 — Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. Un truncamiento de enteros en EDK II, puede habilitar a un usuario autenticado para permitir potencialmente una escalada de privilegios por medio de un acceso local A buffer overflow was discovered in the network stack. An unprivileged user could potentially enable escalation of privilege and/or denial of service. This issue was already fixed in a previous release for 18.04 LTS and 19... • https://bugzilla.tianocore.org/show_bug.cgi?id=2001 • CWE-190: Integer Overflow or Wraparound CWE-681: Incorrect Conversion between Numeric Types CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8271
https://notcve.org/view.php?id=CVE-2014-8271
06 Feb 2020 — Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 16280 allows physically proximate attackers to gain privileges via a long variable name. Un desbordamiento del búfer en la función Reclaim en Tianocore EDK2 versiones anteriores a SVN 16280, permite a atacantes físicamente próximos alcanzar privilegios por medio de un nombre de variable largo. • http://sourceforge.net/p/edk2/code/16280 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-0161 – edk2: stack overflow in XHCI causing denial of service
https://notcve.org/view.php?id=CVE-2019-0161
27 Mar 2019 — Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access. Desbordamiento de pila en XHCI para EDK II podría permitir que un usuario no autenticado provoque una denegación de servicio mediante acceso local. It was discovered that EDK II did not check the buffer length in XHCI, which could lead to a stack overflow. A local attacker could potentially use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubu... • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00019.html • CWE-400: Uncontrolled Resource Consumption CWE-787: Out-of-bounds Write •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12181 – edk2: Stack buffer overflow with corrupted BMP
https://notcve.org/view.php?id=CVE-2018-12181
27 Mar 2019 — Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access. Desbordamiento de pila en un bmp corrupto para EDK II podría permitir que un usuario privilegiado provoque una denegación de servicio o una elevación de privilegios mediante acceso local. A stack-based buffer overflow was discovered in edk2 when the HII database contains a Bitmap that claims to be 4-bit or 8-bit per pixel, but the palette contains more th... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00030.html • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2018-12180 – edk2: Buffer Overflow in BlockIo service for RAM disk
https://notcve.org/view.php?id=CVE-2018-12180
27 Mar 2019 — Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access. Desbordamiento de búfer en el servicio BlockIo para EDK II podría permitir que un usuario no autenticado escale privilegios, divulgue información y/o provoque una denegación de servicio mediante acceso de red. A flaw was found in edk2. When registering a RAM disk whose size is not a multiple of 512 bytes, the BlockI... • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00046.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12179
https://notcve.org/view.php?id=CVE-2018-12179
27 Mar 2019 — Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. Configuración incorrecta en el firmware del sistema para EDK II podría permitir que un usuario no autenticado escale privilegios, divulgue información y/o provoque una denegación de servicio mediante acceso local. • https://edk2-docs.gitbooks.io/security-advisory/content/opal-blocksid-setting-disabled-after-s3.html •
CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0CVE-2019-0160 – edk2: Buffer overflows in PartitionDxe and UdfDxe with long file names and invalid UDF media
https://notcve.org/view.php?id=CVE-2019-0160
27 Mar 2019 — Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access. Desbordamiento de búfer en el firmware del sistema para EDK II podría permitir que un usuario no autenticado escale privilegios y/o provoque una denegación de servicio mediante acceso de red. Buffer overflows were discovered in UDF-related codes under MdeModulePkg\Universal\Disk\PartitionDxe\Udf.c and MdeModulePkg\Universal\Disk\UdfDxe, which... • https://tianocore-docs.github.io/SecurityAdvisory/draft/partitiondxe-and-udf-buffer-overflow.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •