ovmf (SUSE:Linux Enterprise Server 12 SP4) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 12 SP4 package ovmf, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (16)
CVE-2019-0160 — CVSS 9.8 (critical): Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of…
CVE-2018-12178 — CVSS 9.1 (critical): Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of…
CVE-2018-12180 — CVSS 8.8 (high): Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information…
CVE-2019-14575 — CVSS 7.8 (high): Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via…
CVE-2018-3613 — CVSS 7.8 (high): Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation…
CVE-2019-14563 — CVSS 7.8 (high): Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2017-5731 — CVSS 7.8 (high): Bounds checking in Tianocompress before November 7, 2017 may allow an authenticated user to potentially enable an escalation of privilege…
CVE-2019-14559 — CVSS 7.5 (high): Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.
CVE-2018-12181 — CVSS 6.0 (medium): Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege…
CVE-2019-0161 — CVSS 5.5 (medium): Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access.
CVE-2019-14553 — CVSS 4.9 (medium): Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access.
CVE-2017-5732: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any…
CVE-2018-3630: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any…
CVE-2017-5735: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any…
CVE-2017-5734: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none
CVE-2017-5733: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any…