Lucene search
K

4 matches found

OSV
OSV
added 2020/01/31 4:15 p.m.7 views

CVE-2014-4860

Multiple integer overflows in the Pre-EFI Initialization PEI boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase...

6.8CVSS6.6AI score
Exploits0References1
CVE
CVE
added 2020/01/31 3:8 p.m.68 views

CVE-2014-4860

CVE-2014-4860 is an integer overflow vulnerability in the Pre-EFI Initialization (PEI) capsule update coalescing phase of the UEFI/EDK2 implementation. The issue arises when the capsule update is coalesced back to its original form, enabling a write-what-where condition and potential bypass of ac...

7.2CVSS6.3AI score0.00504EPSS
Exploits0References1Affected Software1
Lenovo
Lenovo
added 2016/07/22 12:0 a.m.108 views

UEFI EDK2 Capsule Update Vulnerabilities

Lenovo Security Advisory: LEN-2014-001 Potential Impact: Execution of arbitrary code Severity: Medium Summary: The EDK2 UEFI reference implementation contains multiple vulnerabilities in the Capsule Update mechanism. Description: The open source EDK2 project provides a reference implementation of...

3.7CVSS7.4AI score0.00587EPSS
Exploits0
F5 Networks
F5 Networks
added 2014/10/09 12:0 a.m.68 views

SOL15679 - UEFI EDK2 Capsule Update vulnerabilities CVE-2014-4859 / CVE-2014-4860

Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

7.2CVSS3.1AI score0.00587EPSS
Exploits0References5
Rows per page
Query Builder