rpm package

opensuse/ovmf&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/ovmf&distro=openSUSE%20Tumbleweed

Vulnerabilities (38)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2021-28210	—	< 202105-3.4	202105-3.4	Jun 11, 2021	An unlimited recursion in DxeCore in EDK II.
CVE-2019-14584	—	< 202105-3.4	202105-3.4	Jun 3, 2021	Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-14587	—	< 202105-3.4	202105-3.4	Nov 23, 2020	Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2019-14586	—	< 202105-3.4	202105-3.4	Nov 23, 2020	Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.
CVE-2019-14575	—	< 202105-3.4	202105-3.4	Nov 23, 2020	Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-14563	—	< 202105-3.4	202105-3.4	Nov 23, 2020	Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-14562	—	< 202105-3.4	202105-3.4	Nov 23, 2020	Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access.
CVE-2019-14559	—	< 202105-3.4	202105-3.4	Nov 23, 2020	Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.
CVE-2019-14553	—	< 202105-3.4	202105-3.4	Nov 23, 2020	Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access.
CVE-2019-14558	—	< 202105-3.4	202105-3.4	Oct 5, 2020	Insufficient control flow management in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable denial of service via adjacent access.
CVE-2017-5731	—	< 202105-3.4	202105-3.4	Oct 28, 2019	Bounds checking in Tianocompress before November 7, 2017 may allow an authenticated user to potentially enable an escalation of privilege via local access.
CVE-2019-0161	—	< 202105-3.4	202105-3.4	Mar 27, 2019	Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access.
CVE-2018-12181	—	< 202105-3.4	202105-3.4	Mar 27, 2019	Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access.
CVE-2018-12180	—	< 202105-3.4	202105-3.4	Mar 27, 2019	Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access.
CVE-2019-0160	—	< 202105-3.4	202105-3.4	Mar 27, 2019	Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.
CVE-2018-12178	—	< 202105-3.4	202105-3.4	Mar 27, 2019	Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network.
CVE-2018-3613	—	< 202105-3.4	202105-3.4	Mar 27, 2019	Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.
CVE-2018-0739	—	< 202105-3.4	202105-3.4	Mar 27, 2018	Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from u

CVE-2021-28210Jun 11, 2021
affected < 202105-3.4fixed 202105-3.4
An unlimited recursion in DxeCore in EDK II.
CVE-2019-14584Jun 3, 2021
affected < 202105-3.4fixed 202105-3.4
Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-14587Nov 23, 2020
affected < 202105-3.4fixed 202105-3.4
Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2019-14586Nov 23, 2020
affected < 202105-3.4fixed 202105-3.4
Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.
CVE-2019-14575Nov 23, 2020
affected < 202105-3.4fixed 202105-3.4
Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-14563Nov 23, 2020
affected < 202105-3.4fixed 202105-3.4
Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-14562Nov 23, 2020
affected < 202105-3.4fixed 202105-3.4
Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access.
CVE-2019-14559Nov 23, 2020
affected < 202105-3.4fixed 202105-3.4
Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.
CVE-2019-14553Nov 23, 2020
affected < 202105-3.4fixed 202105-3.4
Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access.
CVE-2019-14558Oct 5, 2020
affected < 202105-3.4fixed 202105-3.4
Insufficient control flow management in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable denial of service via adjacent access.
CVE-2017-5731Oct 28, 2019
affected < 202105-3.4fixed 202105-3.4
Bounds checking in Tianocompress before November 7, 2017 may allow an authenticated user to potentially enable an escalation of privilege via local access.
CVE-2019-0161Mar 27, 2019
affected < 202105-3.4fixed 202105-3.4
Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access.
CVE-2018-12181Mar 27, 2019
affected < 202105-3.4fixed 202105-3.4
Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access.
CVE-2018-12180Mar 27, 2019
affected < 202105-3.4fixed 202105-3.4
Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access.
CVE-2019-0160Mar 27, 2019
affected < 202105-3.4fixed 202105-3.4
Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.
CVE-2018-12178Mar 27, 2019
affected < 202105-3.4fixed 202105-3.4
Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network.
CVE-2018-3613Mar 27, 2019
affected < 202105-3.4fixed 202105-3.4
Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.
CVE-2018-0739Mar 27, 2018
affected < 202105-3.4fixed 202105-3.4
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from u

Page 2 of 2