Edk Ii Security Vulnerabilities and Issues — Edk Ii CVE List

Lucene search

TianocoreEdk Ii

11 matches found

CVE•added 2019/03/27 8:29 p.m.•223 views

CVE-2019-0161

Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access.

5.5CVSS6.2AI score0.00122EPSS

CVE•added 2019/03/27 8:29 p.m.•221 views

CVE-2019-0160

Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.

9.8CVSS9.5AI score0.00868EPSS

CVE•added 2019/03/27 8:29 p.m.•200 views

CVE-2018-12181

Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access.

6CVSS7.2AI score0.0019EPSS

CVE•added 2019/03/27 8:29 p.m.•135 views

CVE-2018-12180

Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access.

8.8CVSS8.5AI score0.02139EPSS

CVE•added 2019/03/27 8:29 p.m.•129 views

CVE-2018-3613

Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.

7.8CVSS7.3AI score0.00103EPSS

CVE•added 2019/03/27 8:29 p.m.•116 views

CVE-2018-12178

Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network.

9.1CVSS8.5AI score0.00613EPSS

CVE•added 2021/08/05 9:15 p.m.•91 views

CVE-2021-28216

BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE.

7.8CVSS7.4AI score0.00149EPSS

CVE•added 2021/07/14 2:15 p.m.•88 views

CVE-2019-11098

Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.

6.8CVSS6.9AI score0.00052EPSS

CVE•added 2019/03/27 8:29 p.m.•57 views

CVE-2018-12179

Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.

7.8CVSS8.3AI score0.00201EPSS

CVE•added 2019/03/27 8:29 p.m.•57 views

CVE-2018-12182

Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.

6.7CVSS7.5AI score0.00132EPSS

CVE•added 2019/03/27 8:29 p.m.•56 views

CVE-2018-12183

Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.

6.8CVSS7.9AI score0.00223EPSS