Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
---|
CVE-2024-38796 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable (no DSA) | fixed | fixed | EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An A ... |
CVE-2024-1298 | vulnerable | vulnerable | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | EDK2 contains a vulnerability when S3 sleep is activated where an Atta ... |
CVE-2023-48733 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | fixed | An insecure default to allow UEFI Shell in EDK2 was left enabled in Ub ... |
CVE-2023-45237 | vulnerable | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | vulnerable | EDK2's Network Package is susceptible to a predictable TCP Initial Seq ... |
CVE-2023-45236 | vulnerable | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | vulnerable | EDK2's Network Package is susceptible to a predictable TCP Initial Seq ... |
CVE-2023-45235 | vulnerable | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | EDK2's Network Package is susceptible to a buffer overflow vulnerabili ... |
CVE-2023-45234 | vulnerable | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | EDK2's Network Package is susceptible to a buffer overflow vulnerabili ... |
CVE-2023-45233 | vulnerable | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | EDK2's Network Package is susceptible to an infinite lop vulnerability ... |
CVE-2023-45232 | vulnerable | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | EDK2's Network Package is susceptible to an infinite loop vulnerabilit ... |
CVE-2023-45231 | vulnerable | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | EDK2's Network Package is susceptible to an out-of-bounds read vulner ... |
CVE-2023-45230 | vulnerable | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | EDK2's Network Package is susceptible to a buffer overflow vulnerabili ... |
CVE-2023-45229 | vulnerable | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | EDK2's Network Package is susceptible to an out-of-bounds read vulner ... |
CVE-2022-36765 | vulnerable | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | EDK2 is susceptible to a vulnerability in the CreateHob() function, al ... |
CVE-2022-36764 | vulnerable | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() fun ... |
CVE-2022-36763 | vulnerable | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() fu ... |
CVE-2021-38578 | vulnerable | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | Existing CommBuffer checks in SmmEntryPoint will not catch underflow w ... |
CVE-2021-38576 | vulnerable | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | A BIOS bug in firmware for a particular PC model leaves the Platform a ... |
CVE-2021-38575 | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. |
CVE-2021-28216 | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | BootPerformanceTable pointer is read from an NVRAM variable in PEI. Re ... |
CVE-2021-28211 | vulnerable | fixed | vulnerable (no DSA) | fixed | fixed | fixed | fixed | A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. |
CVE-2021-28210 | vulnerable | fixed | vulnerable (no DSA) | fixed | fixed | fixed | fixed | An unlimited recursion in DxeCore in EDK II. |
CVE-2019-14587 | vulnerable | fixed | fixed | fixed | fixed | fixed | fixed | Logic issue EDK II may allow an unauthenticated user to potentially en ... |
CVE-2019-14586 | vulnerable | fixed | fixed | fixed | fixed | fixed | fixed | Use after free vulnerability in EDK II may allow an authenticated user ... |
CVE-2019-14584 | vulnerable | fixed | fixed | fixed | fixed | fixed | fixed | Null pointer dereference in Tianocore EDK2 may allow an authenticated ... |
CVE-2019-14575 | vulnerable | fixed | fixed | fixed | fixed | fixed | fixed | Logic issue in DxeImageVerificationHandler() for EDK II may allow an a ... |
CVE-2019-14563 | vulnerable | fixed | fixed | fixed | fixed | fixed | fixed | Integer truncation in EDK II may allow an authenticated user to potent ... |
CVE-2019-14562 | vulnerable | fixed | fixed | fixed | fixed | fixed | fixed | Integer overflow in DxeImageVerificationHandler() EDK II may allow an ... |
CVE-2019-14559 | vulnerable | fixed | fixed | fixed | fixed | fixed | fixed | Uncontrolled resource consumption in EDK II may allow an unauthenticat ... |
CVE-2019-14558 | vulnerable | fixed | fixed | fixed | fixed | fixed | fixed | Insufficient control flow management in BIOS firmware for 8th, 9th, 10 ... |
CVE-2019-11098 | vulnerable | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | fixed | Insufficient input validation in MdeModulePkg in EDKII may allow an un ... |
CVE-2019-0161 | vulnerable | fixed | fixed | fixed | fixed | fixed | fixed | Stack overflow in XHCI for EDK II may allow an unauthenticated user to ... |
CVE-2019-0160 | vulnerable | vulnerable | fixed | fixed | fixed | fixed | fixed | Buffer overflow in system firmware for EDK II may allow unauthenticate ... |
CVE-2018-12183 | vulnerable | vulnerable (no DSA, ignored) | fixed | fixed | fixed | fixed | fixed | Stack overflow in DxeCore for EDK II may allow an unauthenticated user ... |
CVE-2018-12181 | vulnerable | fixed | fixed | fixed | fixed | fixed | fixed | Stack overflow in corrupted bmp for EDK II may allow unprivileged user ... |
CVE-2018-12180 | vulnerable | fixed | fixed | fixed | fixed | fixed | fixed | Buffer overflow in BlockIo service for EDK II may allow an unauthentic ... |
CVE-2018-12178 | vulnerable | fixed | fixed | fixed | fixed | fixed | fixed | Buffer overflow in network stack for EDK II may allow unprivileged use ... |