CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-28213
https://notcve.org/view.php?id=CVE-2021-28213
Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks. La clave privada cifrada Example EDK2 en el archivo IpSecDxe.efi presenta riesgos potenciales de seguridad • https://bugzilla.tianocore.org/show_bug.cgi?id=1866 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28210 – edk2: unlimited FV recursion, round 2
https://notcve.org/view.php?id=CVE-2021-28210
An unlimited recursion in DxeCore in EDK II. Una recursión ilimitada en la función DxeCore en EDK II A flaw was found in edk2. An unlimited recursion in DxeCore may allow an attacker to corrupt the system memory. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://bugzilla.tianocore.org/show_bug.cgi?id=1743 https://access.redhat.com/security/cve/CVE-2021-28210 https://bugzilla.redhat.com/show_bug.cgi?id=1883552 • CWE-674: Uncontrolled Recursion •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28211 – edk2: possible heap corruption with LzmaUefiDecompressGetInfo
https://notcve.org/view.php?id=CVE-2021-28211
A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. Un desbordamiento de la pila en la función zmaUefiDecompressGetInfo en EDK II A flaw was found in edk2. A possible heap corruption in LzmaUefiDecompressGetInfo function may allow an attacker to execute code on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://bugzilla.tianocore.org/show_bug.cgi?id=1816 https://access.redhat.com/security/cve/CVE-2021-28211 https://bugzilla.redhat.com/show_bug.cgi?id=1883529 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14584 – edk2: NULL pointer dereference in AuthenticodeVerify()
https://notcve.org/view.php?id=CVE-2019-14584
Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access. La desviación del puntero null en Tianocore EDK2 puede permitir a un usuario autenticado permitir potencialmente una escalada de privilegios por medio de acceso local • https://bugzilla.redhat.com/show_bug.cgi?id=1889486 https://access.redhat.com/security/cve/CVE-2019-14584 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-14562
https://notcve.org/view.php?id=CVE-2019-14562
Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access. Un desbordamiento de enteros en la función DxeImageVerificationHandler() en EDK II, puede habilitar a un usuario autenticado para permitir potencialmente una denegación de servicio por medio del acceso local • https://bugzilla.tianocore.org/show_bug.cgi?id=2215 https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html • CWE-190: Integer Overflow or Wraparound •