cbcvebase.

Debian Edk2 vulnerabilities

50 known vulnerabilities affecting debian/edk2.

Total CVEs
50
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH18MEDIUM19LOW12

Vulnerabilities

Page 3 of 3
CVE-2019-0160LOWCVSS 9.8fixed in edk2 0~20181115.85588389-1 (bookworm)2019
CVE-2019-0160 [CRITICAL] CVE-2019-0160: edk2 - Buffer overflow in system firmware for EDK II may allow unauthenticated user to ... Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access. Scope: local bookworm: resolved (fixed in 0~20181115.85588389-1) bullseye: resolved (fixed in 0~20181115.85588389-1) forky: resolved (fixed in 0~20181115.85588389-1) sid: resolved (fixed in 0~20181115.
debian
CVE-2019-14575LOWCVSS 7.8fixed in edk2 0~20200229.4c0f6e34-1 (bookworm)2019
CVE-2019-14575 [HIGH] CVE-2019-14575: edk2 - Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticat... Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. Scope: local bookworm: resolved (fixed in 0~20200229.4c0f6e34-1) bullseye: resolved (fixed in 0~20200229.4c0f6e34-1) forky: resolved (fixed in 0~20200229.4c0f6e34-1) sid: resolved (fixed in 0~20200229.4c0f6e34-1) trixie
debian
CVE-2018-12178CRITICALCVSS 9.1fixed in edk2 0~20181115.85588389-3 (bookworm)2018
CVE-2018-12178 [CRITICAL] CVE-2018-12178: edk2 - Buffer overflow in network stack for EDK II may allow unprivileged user to poten... Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of service via network. Scope: local bookworm: resolved (fixed in 0~20181115.85588389-3) bullseye: resolved (fixed in 0~20181115.85588389-3) forky: resolved (fixed in 0~20181115.85588389-3) sid: resolved (fixed in 0~20181115.85588389-3
debian
CVE-2018-12180HIGHCVSS 8.8fixed in edk2 0~20181115.85588389-3 (bookworm)2018
CVE-2018-12180 [HIGH] CVE-2018-12180: edk2 - Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user ... Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access. Scope: local bookworm: resolved (fixed in 0~20181115.85588389-3) bullseye: resolved (fixed in 0~20181115.85588389-3) forky: resolved (fixed in 0~20181115.85588389-3) sid: resol
debian
CVE-2018-12181MEDIUMCVSS 6.0fixed in edk2 0~20181115.85588389-3 (bookworm)2018
CVE-2018-12181 [MEDIUM] CVE-2018-12181: edk2 - Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potent... Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access. Scope: local bookworm: resolved (fixed in 0~20181115.85588389-3) bullseye: resolved (fixed in 0~20181115.85588389-3) forky: resolved (fixed in 0~20181115.85588389-3) sid: resolved (fixed in 0~20181115.85588389-3) t
debian
CVE-2018-12183MEDIUMCVSS 6.8fixed in edk2 0~20181115.85588389-1 (bookworm)2018
CVE-2018-12183 [MEDIUM] CVE-2018-12183: edk2 - Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potent... Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. Scope: local bookworm: resolved (fixed in 0~20181115.85588389-1) bullseye: resolved (fixed in 0~20181115.85588389-1) forky: resolved (fixed in 0~20181115.85588389-1) sid: resolved (fixe
debian
CVE-2018-12182LOWCVSS 6.72018
CVE-2018-12182 [MEDIUM] CVE-2018-12182: edk2 - Insufficient memory write check in SMM service for EDK II may allow an authentic... Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved
debian
CVE-2018-12179LOWCVSS 7.8fixed in edk2 0~20190606.20d2e5a1-2 (bookworm)2018
CVE-2018-12179 [HIGH] CVE-2018-12179: edk2 - Improper configuration in system firmware for EDK II may allow unauthenticated u... Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. Scope: local bookworm: resolved (fixed in 0~20190606.20d2e5a1-2) bullseye: resolved (fixed in 0~20190606.20d2e5a1-2) forky: resolved (fixed in 0~20190606.20d2e5a1-2) sid: res
debian
CVE-2014-4860LOWCVSS 6.82014
CVE-2014-4860 [MEDIUM] CVE-2014-4860: edk2 - Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the... Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid:
debian
CVE-2014-4859LOWCVSS 6.82014
CVE-2014-4859 [MEDIUM] CVE-2014-4859: edk2 - Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule U... Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved
debian
← Previous3 / 3