CVE-2018-12178
https://notcve.org/view.php?id=CVE-2018-12178
Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network. Desbordamiento de búfer en la pila de red para EDK II podría permitir que un usuario sin privilegios escale privilegios y/o provoque una denegación de servicio mediante acceso de red. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00046.html https://edk2-docs.gitbooks.io/security-advisory/content/dns-pack-size-check.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us https://usn.ubuntu.com/4349-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2018-12182
https://notcve.org/view.php?id=CVE-2018-12182
Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. Comprobación de escritura en memoria insuficiente en el servicio SMM para EDK II podría permitir que un usuario autenticado escale privilegios, divulgue información y/o provoque una denegación de servicio mediante acceso local. • http://www.securityfocus.com/bid/107648 https://edk2-docs.gitbooks.io/security-advisory/content/sw-smi-confused-deputy-smramsavestate_c.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us • CWE-441: Unintended Proxy or Intermediary ('Confused Deputy') •
CVE-2018-12183
https://notcve.org/view.php?id=CVE-2018-12183
Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. Desbordamiento de pila en DxeCore para EDK II podría permitir que un usuario no autenticado escale privilegios, divulgue información y/o provoque una denegación de servicio mediante acceso local. • http://www.securityfocus.com/bid/107643 https://edk2-docs.gitbooks.io/security-advisory/content/unlimited-fv-recursion.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us • CWE-787: Out-of-bounds Write •
CVE-2018-3613 – edk2: Logic error in MdeModulePkg in EDK II firmware allows for privilege escalation by authenticated users
https://notcve.org/view.php?id=CVE-2018-3613
Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. Problema de lógica en el módulo del servicio variable para EDK II/UDK2018/UDK2017/UDK2015 podría permitir que un usuario autenticado escale privilegios, divulgue información y/o provoque una denegación de servicio mediante acceso local. • https://access.redhat.com/errata/RHSA-2019:2125 https://edk2-docs.gitbooks.io/security-advisory/content/authvariable-timestamp-zeroing-on-append_write.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4ABTDKZK2G5XP6JCO3HXMPOA2NRTIYDZ https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03912en_us https://access.redhat.com/security/cve/CVE-2018-3613 https://bugzilla.redhat.com/show_bug.cgi?id=1641433 • CWE-287: Improper Authentication •
CVE-2014-4859
https://notcve.org/view.php?id=CVE-2014-4859
Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data. Un desbordamiento de enteros en la fase Drive Execution Environment (DXE) en la funcionalidad Capsule Update en la implementación de UEFI en EDK2, permite a atacantes físicamente próximos omitir las restricciones de acceso previstas por medio de datos diseñados. • http://www.kb.cert.org/vuls/id/552286 • CWE-190: Integer Overflow or Wraparound •