Search CVE reports


Toggle filters

81 – 90 of 103 results


CVE-2014-4859

Medium priority
Not affected

Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data.

1 affected packages

edk2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2
Show less packages

CVE-2019-14587

Medium priority
Fixed

Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access.

1 affected packages

edk2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Fixed Fixed
Show less packages

CVE-2019-14586

Low priority
Fixed

Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.

1 affected packages

edk2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Fixed Fixed
Show less packages

CVE-2019-14584

Low priority
Fixed

Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.

1 affected packages

edk2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Fixed Fixed Fixed
Show less packages

CVE-2019-14575

Low priority
Fixed

Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.

1 affected packages

edk2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Fixed Fixed
Show less packages

CVE-2019-14563

Low priority
Fixed

Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.

1 affected packages

edk2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Fixed Fixed
Show less packages

CVE-2019-14559

Low priority
Fixed

Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.

1 affected packages

edk2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Fixed Fixed
Show less packages

CVE-2019-14558

Medium priority
Fixed

Insufficient control flow management in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable denial of...

1 affected packages

edk2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Fixed Fixed
Show less packages

CVE-2019-1551

Low priority

Some fixes available 5 of 7

There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024...

4 affected packages

edk2, nodejs, openssl, openssl1.0

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected
nodejs Not affected Not affected Not affected
openssl Fixed Fixed Fixed
openssl1.0 Not in release Fixed Not in release
Show less packages

CVE-2017-5731

Medium priority
Fixed

Bounds checking in Tianocompress before November 7, 2017 may allow an authenticated user to potentially enable an escalation of privilege via local access.

1 affected packages

edk2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
edk2 Not affected Not affected Not affected Fixed Fixed
Show less packages