Product:

Edk_ii

(Tianocore)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 11
Date Id Summary Products Score Patch Annotated
2019-03-27 CVE-2018-12179 Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. Edk_ii 7.8
2019-03-27 CVE-2018-12180 Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access. Leap, Edk_ii 8.8
2019-03-27 CVE-2018-12181 Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access. Edk_ii 6.0
2019-03-27 CVE-2018-12182 Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. Edk_ii 6.7
2019-03-27 CVE-2018-12183 Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. Edk_ii 6.8
2019-03-27 CVE-2018-3613 Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. Edk_ii 7.8
2019-03-27 CVE-2019-0160 Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access. Fedora, Leap, Enterprise_linux, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Edk_ii 9.8
2019-03-27 CVE-2019-0161 Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access. Edk_ii 5.5
2021-08-05 CVE-2021-28216 BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE. Edk_ii 7.8
2021-07-14 CVE-2019-11098 Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access. Edk_ii 6.8