Every CVE whose affected-product data names Tianocore Edk Ii, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2019-0160 — CVSS 9.8 (critical): Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of…
CVE-2018-12178 — CVSS 9.1 (critical): Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of…
CVE-2018-12180 — CVSS 8.8 (high): Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information…
CVE-2021-28216 — CVSS 7.8 (high): BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE.
CVE-2018-12179 — CVSS 7.8 (high): Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege…
CVE-2018-3613 — CVSS 7.8 (high): Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation…
CVE-2019-11098 — CVSS 6.8 (medium): Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege…
CVE-2018-12183 — CVSS 6.8 (medium): Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information…
CVE-2018-12182 — CVSS 6.7 (medium): Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege…
CVE-2018-12181 — CVSS 6.0 (medium): Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege…
CVE-2019-0161 — CVSS 5.5 (medium): Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access.