Search CVE reports
81 – 90 of 103 results
CVE-2014-4859
Medium priorityInteger overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data.
1 affected package
edk2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | — | — | — | — | — |
CVE-2019-14587
Medium priorityLogic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access.
1 affected package
edk2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | — | — | Not affected | Fixed | Fixed |
CVE-2019-14586
Low priorityUse after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.
1 affected package
edk2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | — | — | Not affected | Fixed | Fixed |
CVE-2019-14584
Low priorityNull pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.
1 affected package
edk2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | — | — | Fixed | Fixed | Fixed |
CVE-2019-14575
Low priorityLogic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
1 affected package
edk2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | — | — | Not affected | Fixed | Fixed |
CVE-2019-14563
Low priorityInteger truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
1 affected package
edk2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | — | — | Not affected | Fixed | Fixed |
CVE-2019-14559
Low priorityUncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.
1 affected package
edk2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | — | — | Not affected | Fixed | Fixed |
CVE-2019-14558
Medium priorityInsufficient control flow management in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable denial of...
1 affected package
edk2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | — | — | Not affected | Fixed | Fixed |
CVE-2019-1551
Low prioritySome fixes available 5 of 7
There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024...
4 affected packages
edk2, nodejs, openssl, openssl1.0
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | — | — | Not affected | Not affected | Not affected |
nodejs | — | — | Not affected | Not affected | Not affected |
openssl | — | — | Fixed | Fixed | Fixed |
openssl1.0 | — | — | Not in release | Fixed | Not in release |
CVE-2017-5731
Medium priorityBounds checking in Tianocompress before November 7, 2017 may allow an authenticated user to potentially enable an escalation of privilege via local access.
1 affected package
edk2
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
edk2 | Not affected | Not affected | Not affected | Fixed | Fixed |