CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28216
https://notcve.org/view.php?id=CVE-2021-28216
BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE. El puntero BootPermaneranceTable es leído desde una variable NVRAM en PEI. Se recomienda establecer PcdFirmwarePermaneranceDataTableS3Support en FALSE • https://bugzilla.tianocore.org/show_bug.cgi?id=2957 • CWE-587: Assignment of a Fixed Address to a Pointer CWE-763: Release of Invalid Pointer or Reference •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-11098
https://notcve.org/view.php?id=CVE-2019-11098
Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access. Una comprobación insuficiente de entrada en la función MdeModulePkg en EDKII, puede permitir a un usuario no autenticado habilitar potencialmente una escalada de privilegios, Denegación de Servicio y/o Divulgación de Información por medio de acceso físico • https://edk2-docs.gitbook.io/security-advisory/bootguard-toctou-vulnerability • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-28213
https://notcve.org/view.php?id=CVE-2021-28213
Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks. La clave privada cifrada Example EDK2 en el archivo IpSecDxe.efi presenta riesgos potenciales de seguridad • https://bugzilla.tianocore.org/show_bug.cgi?id=1866 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28210 – edk2: unlimited FV recursion, round 2
https://notcve.org/view.php?id=CVE-2021-28210
An unlimited recursion in DxeCore in EDK II. Una recursión ilimitada en la función DxeCore en EDK II A flaw was found in edk2. An unlimited recursion in DxeCore may allow an attacker to corrupt the system memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://bugzilla.tianocore.org/show_bug.cgi?id=1743 https://access.redhat.com/security/cve/CVE-2021-28210 https://bugzilla.redhat.com/show_bug.cgi?id=1883552 • CWE-674: Uncontrolled Recursion •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28211 – edk2: possible heap corruption with LzmaUefiDecompressGetInfo
https://notcve.org/view.php?id=CVE-2021-28211
A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. Un desbordamiento de la pila en la función zmaUefiDecompressGetInfo en EDK II A flaw was found in edk2. A possible heap corruption in LzmaUefiDecompressGetInfo function may allow an attacker to execute code on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://bugzilla.tianocore.org/show_bug.cgi?id=1816 https://access.redhat.com/security/cve/CVE-2021-28211 https://bugzilla.redhat.com/show_bug.cgi?id=1883529 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •