EDK II
Products
2- 10 CVEs
- 2 CVEs
Recent CVEs
12| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-14586 | Hig | 0.52 | 8.0 | 0.01 | Nov 23, 2020 | Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access. | ||
| CVE-2021-28210 | Hig | 0.51 | 7.8 | 0.00 | Jun 11, 2021 | An unlimited recursion in DxeCore in EDK II. | ||
| CVE-2019-14575 | Hig | 0.51 | 7.8 | 0.00 | Nov 23, 2020 | Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2019-14563 | Hig | 0.51 | 7.8 | 0.00 | Nov 23, 2020 | Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. | ||
| CVE-2018-3613 | Hig | 0.51 | 7.8 | 0.00 | Mar 27, 2019 | Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. | ||
| CVE-2019-14559 | Hig | 0.49 | 7.5 | 0.01 | Nov 23, 2020 | Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access. | ||
| CVE-2021-28211 | Med | 0.44 | 6.7 | 0.00 | Jun 11, 2021 | A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. | ||
| CVE-2018-12183 | Med | 0.44 | 6.8 | 0.01 | Mar 27, 2019 | Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. | ||
| CVE-2019-14587 | Med | 0.42 | 6.5 | 0.01 | Nov 23, 2020 | Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access. | ||
| CVE-2019-14562 | Med | 0.36 | 5.5 | 0.00 | Nov 23, 2020 | Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access. | ||
| CVE-2019-0161 | Med | 0.36 | 5.5 | 0.00 | Mar 27, 2019 | Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access. | ||
| CVE-2019-14553 | Med | 0.32 | 4.9 | 0.01 | Nov 23, 2020 | Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access. |
- risk 0.52cvss 8.0epss 0.01
Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.
- risk 0.51cvss 7.8epss 0.00
An unlimited recursion in DxeCore in EDK II.
- risk 0.51cvss 7.8epss 0.00
Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.51cvss 7.8epss 0.00
Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
- risk 0.51cvss 7.8epss 0.00
Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.
- risk 0.49cvss 7.5epss 0.01
Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.
- risk 0.44cvss 6.7epss 0.00
A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.
- risk 0.44cvss 6.8epss 0.01
Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.
- risk 0.42cvss 6.5epss 0.01
Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access.
- risk 0.36cvss 5.5epss 0.00
Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access.
- risk 0.36cvss 5.5epss 0.00
Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access.
- risk 0.32cvss 4.9epss 0.01
Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access.