Vulnerabilities > Tianocore > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-23 | CVE-2019-14563 | Incorrect Conversion between Numeric Types vulnerability in multiple products Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.6 |
| 2020-11-23 | CVE-2019-14559 | Memory Leak vulnerability in Tianocore Edk2 Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access. | 5.0 |
| 2020-11-23 | CVE-2019-14553 | Improper Authentication vulnerability in Tianocore Edk2 Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access. | 4.0 |
| 2020-02-06 | CVE-2014-8271 | Classic Buffer Overflow vulnerability in Tianocore Edk2 20171107 Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 16280 allows physically proximate attackers to gain privileges via a long variable name. | 4.6 |
| 2019-10-28 | CVE-2017-5731 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tianocore Edk2 Bounds checking in Tianocompress before November 7, 2017 may allow an authenticated user to potentially enable an escalation of privilege via local access. | 4.6 |
| 2019-03-27 | CVE-2019-0161 | Out-of-bounds Write vulnerability in Tianocore EDK II Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access. | 5.5 |
| 2019-03-27 | CVE-2018-12183 | Out-of-bounds Write vulnerability in Tianocore EDK II Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. | 6.8 |
| 2019-03-27 | CVE-2018-12182 | Confused Deputy vulnerability in Tianocore EDK II Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. | 6.7 |
| 2019-03-27 | CVE-2018-12181 | Out-of-bounds Write vulnerability in Tianocore EDK II Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege via local access. | 6.0 |