CRITICAL9.8CVE-2021-38578Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize. from 0, < 2020.11-2+deb11u3
CRITICAL9.8CVE-2019-0160Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of… from 0, < 0~20181115.85588389-1
CRITICAL9.1Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of serv…
from 0, < 0~20181115.85588389-3
HIGH8.8The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI Shell to be accessed in Secure Boot environments, possibly allowing by…
from 0, < 2020.11-2+deb11u2
HIGH8.8EDK2's Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option from a DHCPv6 proxy Advertise messa…
from 0, < 2020.11-2+deb11u3
HIGH8.8EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message.
from 0, < 2020.11-2+deb11u3
HIGH8.8EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client.
from 0, < 2020.11-2+deb11u3
HIGH8.8Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information…
from 0, < 0~20181115.85588389-3
HIGH8.1NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.
from 0, < 2020.11-2+deb11u3
HIGH8.0Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosur…
from 0, < 0~20200229.4c0f6e34-1
HIGH7.8EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a…
from 0, < 2020.11-2+deb11u3
HIGH7.8EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local…
from 0, < 2020.11-2+deb11u3
HIGH7.8EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local…
from 0, < 2020.11-2+deb11u3
HIGH7.8edk2 - security update
from 0, < 2020.11-2+deb11u3
HIGH7.8edk2 - security update
from 0, < 2020.11-2+deb11u3
HIGH7.8An unlimited recursion in DxeCore in EDK II.
from 0, < 2020.11-1
HIGH7.8Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.
from 0, < 2020.11-1
HIGH7.8Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via l…
from 0, < 0~20200229.4c0f6e34-1
HIGH7.8Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
from 0, < 0~20200229.4c0f6e34-1
HIGH7.8Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, informat…
from 0, < 0~20190606.20d2e5a1-2
HIGH7.5EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number.
from 0
HIGH7.5EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number.
from 0
HIGH7.5EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6.
from 0, < 2020.11-2+deb11u3
HIGH7.5EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of I…
from 0, < 2020.11-2+deb11u3
HIGH7.5A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty.
from 0, < 2020.11-2+deb11u3
HIGH7.5Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks.
from 0, < 0~20190606.20d2e5a1-2
HIGH7.5Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.
from 0, < 0~20200229.4c0f6e34-1
HIGH7.0EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access.
from 0
MEDIUM6.8Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, den…
from 0, < 2020.11-2+deb11u1
MEDIUM6.8Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows phy…
from 0
MEDIUM6.8Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation in EDK2…
from 0
MEDIUM6.8Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosur…
from 0, < 0~20181115.85588389-1
MEDIUM6.7edk2 - security update
from 0, < 2020.11-2+deb11u2
MEDIUM6.7edk2 - security update
from 0, < 0~20181115.85588389-3+deb10u4
MEDIUM6.7edk2 - security update
from 0, < 2020.11-2+deb11u2
MEDIUM6.7A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.
from 0, < 2020.11-1
MEDIUM6.5EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing Neighbor Discovery Redirect message.
from 0, < 2020.11-2+deb11u3
MEDIUM6.5EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertis…
from 0, < 2020.11-2+deb11u3
MEDIUM6.5Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access.
from 0, < 0~20200229.4c0f6e34-1
MEDIUM6.3EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means.
from 0
MEDIUM6.0EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local…
from 0, < 2020.11-2+deb11u3
MEDIUM6.0Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege vi…
from 0, < 0~20181115.85588389-3
MEDIUM5.9EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage().
from 0, < 2020.11-2+deb11u3
MEDIUM5.7Insufficient control flow management in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 &…
from 0, < 0~20200229.4c0f6e34-1
MEDIUM5.5Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local…
from 0, < 2020.05-4
MEDIUM5.5edk2 - security update
from 0, < 0~20180803.dd4cae4d-1
MEDIUM5.5edk2 - security update
from 0, < 0~20161202.7bbe0b3e-1+deb9u2
MEDIUM4.9Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access.
from 0, < 0~20190828.37eef910-4
MEDIUM4.6EDK2 contains a vulnerability in the HashPeImageByType().
from 0
MEDIUM4.1openssl - security update
from 0
LOW3.5EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means.
from 0
—(no summary)
from 0
—EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access.
from 0
—EDK2 contains a vulnerability in BIOS where an attacker may cause “Exposure of Sensitive Information to an Unauthorized Actor” by local acc…
from 0