Tianocore Edk2 vulnerabilities

52 known vulnerabilities affecting tianocore/edk2.

Total CVEs
52
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH26MEDIUM21LOW2

Vulnerabilities

Page 3 of 3
CVE-2019-14587MEDIUMCVSS 6.5≥ 0, < 0~20200229.4c0f6e34-12020-11-23
CVE-2019-14587 [MEDIUM] CVE-2019-14587: Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access.
osv
CVE-2019-14558MEDIUMCVSS 5.7≥ 0, < 0~20200229.4c0f6e34-12020-10-05
CVE-2019-14558 [MEDIUM] CVE-2019-14558: Insufficient control flow management in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Serie Insufficient control flow management in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable denial of service via adjacent access.
osv
CVE-2018-12178CRITICALCVSS 9.1≥ 0, < 0~20160408.ffea0a2c-2ubuntu0.1≥ 0, < 0~20180205.c0d9813c-2ubuntu0.22020-04-30
CVE-2018-12178 [CRITICAL] edk2 vulnerabilities edk2 vulnerabilities A buffer overflow was discovered in the network stack. An unprivileged user could potentially enable escalation of privilege and/or denial of service. This issue was already fixed in a previous release for 18.04 LTS and 19.10. (CVE-2018-12178) A buffer overflow was discovered in BlockIo service. An unauthenticated user could potentially enable escalation of privilege, information disclosure and/or denial of service. This issue
osv
CVE-2014-8271MEDIUMCVSS 6.8fixed in svn_16280vbefore SVN 162802020-02-06
CVE-2014-8271 [MEDIUM] CWE-120 CVE-2014-8271: Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 16280 allows physically proxima Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 16280 allows physically proximate attackers to gain privileges via a long variable name.
cvelistv5nvd
CVE-2017-5731HIGHCVSS 7.8fixed in 2017-11-072019-10-28
CVE-2017-5731 [HIGH] CWE-119 CVE-2017-5731: Bounds checking in Tianocompress before November 7, 2017 may allow an authenticated user to potentia Bounds checking in Tianocompress before November 7, 2017 may allow an authenticated user to potentially enable an escalation of privilege via local access.
nvdosv
CVE-2019-0160CRITICALCVSS 9.8≥ 0, < 0~20181115.85588389-12019-03-27
CVE-2019-0160 [CRITICAL] CVE-2019-0160: Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service vi Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.
osv
CVE-2018-12180HIGHCVSS 8.8≥ 0, < 0~20181115.85588389-32019-03-27
CVE-2018-12180 [HIGH] CVE-2018-12180: Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access.
osv
CVE-2018-3613HIGHCVSS 7.8≥ 0, < 0~20160408.ffea0a2c-2ubuntu0.2+esm1≥ 0, < 0~20180205.c0d9813c-2ubuntu0.3+esm12019-03-27
CVE-2018-3613 [HIGH] CVE-2018-3613: Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privileg Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.
osv
CVE-2018-12179HIGHCVSS 7.8≥ 0, < 0~20190606.20d2e5a1-22019-03-27
CVE-2018-12179 [HIGH] CVE-2018-12179: Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclos Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.
osv
CVE-2018-12182MEDIUMCVSS 6.7≥ 0, < 0~20160408.ffea0a2c-2ubuntu0.2+esm1≥ 0, < 0~20180205.c0d9813c-2ubuntu0.3+esm12019-03-27
CVE-2018-12182 [MEDIUM] CVE-2018-12182: Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information d Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.
osv
CVE-2018-12181MEDIUMCVSS 6.0≥ 0, < 0~20181115.85588389-32019-03-27
CVE-2018-12181 [MEDIUM] CVE-2018-12181: Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local acc Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access.
osv
CVE-2018-12183MEDIUMCVSS 6.8≥ 0, < 0~20181115.85588389-12019-03-27
CVE-2018-12183 [MEDIUM] CVE-2018-12183: Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or de Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.
osv
← Previous3 / 3