Tianocore

Edk Ii

11 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2021-28216

Exploit
  • EPSS 0.1%
  • Published 05.08.2021 21:15:11
  • Last modified 21.11.2024 05:59:22

BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE.

6.8

CVE-2019-11098

  • EPSS 0.05%
  • Published 14.07.2021 14:15:07
  • Last modified 21.11.2024 04:20:32

Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.

9.1

CVE-2018-12178

  • EPSS 0.52%
  • Published 27.03.2019 20:29:03
  • Last modified 21.11.2024 03:44:42

Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network.

7.8

CVE-2018-12179

  • EPSS 0.2%
  • Published 27.03.2019 20:29:03
  • Last modified 21.11.2024 03:44:42

Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.

8.8

CVE-2018-12180

  • EPSS 1.81%
  • Published 27.03.2019 20:29:03
  • Last modified 21.11.2024 03:44:42

Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access.

6

CVE-2018-12181

  • EPSS 0.16%
  • Published 27.03.2019 20:29:03
  • Last modified 21.11.2024 03:44:42

Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access.

6.7

CVE-2018-12182

  • EPSS 0.1%
  • Published 27.03.2019 20:29:03
  • Last modified 21.11.2024 03:44:42

Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.

6.8

CVE-2018-12183

  • EPSS 0.14%
  • Published 27.03.2019 20:29:03
  • Last modified 21.11.2024 03:44:42

Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.

7.8

CVE-2018-3613

  • EPSS 0.13%
  • Published 27.03.2019 20:29:03
  • Last modified 21.11.2024 04:05:46

Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.

9.8

CVE-2019-0160

  • EPSS 0.33%
  • Published 27.03.2019 20:29:03
  • Last modified 21.11.2024 04:16:22

Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.