VYPR

EDK II

by Tianocore

CVEs (16)

  • CVE-2021-38578Mar 3, 2022
    risk 0.00cvss epss 0.01

    Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.

  • CVE-2021-38575Dec 1, 2021
    risk 0.00cvss epss 0.02

    NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.

  • CVE-2021-28216Aug 5, 2021
    risk 0.00cvss epss 0.00

    BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE.

  • CVE-2021-28213Jun 11, 2021
    risk 0.00cvss epss 0.01

    Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks.

  • CVE-2021-28210Jun 11, 2021
    risk 0.00cvss epss 0.00

    An unlimited recursion in DxeCore in EDK II.

  • CVE-2021-28211Jun 11, 2021
    risk 0.00cvss epss 0.00

    A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.

  • CVE-2019-14587Nov 23, 2020
    risk 0.00cvss epss 0.01

    Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access.

  • CVE-2019-14586Nov 23, 2020
    risk 0.00cvss epss 0.01

    Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.

  • CVE-2019-14575Nov 23, 2020
    risk 0.00cvss epss 0.00

    Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2019-14563Nov 23, 2020
    risk 0.00cvss epss 0.00

    Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2019-14562Nov 23, 2020
    risk 0.00cvss epss 0.00

    Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access.

  • CVE-2019-14559Nov 23, 2020
    risk 0.00cvss epss 0.01

    Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.

  • CVE-2019-0161Mar 27, 2019
    risk 0.00cvss epss 0.00

    Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access.

  • CVE-2018-12180Mar 27, 2019
    risk 0.00cvss epss 0.02

    Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access.

  • CVE-2019-0160Mar 27, 2019
    risk 0.00cvss epss 0.01

    Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.

  • CVE-2018-12178Mar 27, 2019
    risk 0.00cvss epss 0.02

    Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network.