rpm package
suse/ovmf&distro=SUSE Linux Enterprise Server 12 SP2-BCL
pkg:rpm/suse/ovmf&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL
Vulnerabilities (9)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-38578 | — | < 2015+git1462940744.321151f-19.26.1 | 2015+git1462940744.321151f-19.26.1 | Mar 3, 2022 | Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize. | ||
| CVE-2021-28211 | — | < 2015+git1462940744.321151f-19.23.1 | 2015+git1462940744.321151f-19.23.1 | Jun 11, 2021 | A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. | ||
| CVE-2021-28210 | — | < 2015+git1462940744.321151f-19.23.1 | 2015+git1462940744.321151f-19.23.1 | Jun 11, 2021 | An unlimited recursion in DxeCore in EDK II. | ||
| CVE-2019-14584 | — | < 2015+git1462940744.321151f-19.23.1 | 2015+git1462940744.321151f-19.23.1 | Jun 3, 2021 | Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2019-14575 | — | < 2015+git1462940744.321151f-19.10.3 | 2015+git1462940744.321151f-19.10.3 | Nov 23, 2020 | Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2019-14563 | — | < 2015+git1462940744.321151f-19.10.3 | 2015+git1462940744.321151f-19.10.3 | Nov 23, 2020 | Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2019-14562 | — | < 2015+git1462940744.321151f-19.15.1 | 2015+git1462940744.321151f-19.15.1 | Nov 23, 2020 | Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access. | ||
| CVE-2019-14559 | — | < 2015+git1462940744.321151f-19.10.3 | 2015+git1462940744.321151f-19.10.3 | Nov 23, 2020 | Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access. | ||
| CVE-2018-0739 | — | < 2015+git1462940744.321151f-19.10.3 | 2015+git1462940744.321151f-19.10.3 | Mar 27, 2018 | Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from u |
- CVE-2021-38578Mar 3, 2022affected < 2015+git1462940744.321151f-19.26.1fixed 2015+git1462940744.321151f-19.26.1
Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.
- CVE-2021-28211Jun 11, 2021affected < 2015+git1462940744.321151f-19.23.1fixed 2015+git1462940744.321151f-19.23.1
A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.
- CVE-2021-28210Jun 11, 2021affected < 2015+git1462940744.321151f-19.23.1fixed 2015+git1462940744.321151f-19.23.1
An unlimited recursion in DxeCore in EDK II.
- CVE-2019-14584Jun 3, 2021affected < 2015+git1462940744.321151f-19.23.1fixed 2015+git1462940744.321151f-19.23.1
Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2019-14575Nov 23, 2020affected < 2015+git1462940744.321151f-19.10.3fixed 2015+git1462940744.321151f-19.10.3
Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2019-14563Nov 23, 2020affected < 2015+git1462940744.321151f-19.10.3fixed 2015+git1462940744.321151f-19.10.3
Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2019-14562Nov 23, 2020affected < 2015+git1462940744.321151f-19.15.1fixed 2015+git1462940744.321151f-19.15.1
Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2019-14559Nov 23, 2020affected < 2015+git1462940744.321151f-19.10.3fixed 2015+git1462940744.321151f-19.10.3
Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.
- CVE-2018-0739Mar 27, 2018affected < 2015+git1462940744.321151f-19.10.3fixed 2015+git1462940744.321151f-19.10.3
Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from u