ovmf (SUSE:Linux Enterprise Server 12 SP5) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 12 SP5 package ovmf, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (10)
CVE-2019-14575 — CVSS 7.8 (high): Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via…
CVE-2019-14584 — CVSS 7.8 (high): Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-14563 — CVSS 7.8 (high): Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-14559 — CVSS 7.5 (high): Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.
CVE-2021-38578 — CVSS 7.4 (high): Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.
CVE-2019-14562 — CVSS 5.5 (medium): Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local…
CVE-2019-14553 — CVSS 4.9 (medium): Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access.
CVE-2019-14560: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any…