| Bug | stretch | buster | bullseye | sid | Description |
|---|
| CVE-2019-14587 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | |
| CVE-2019-14586 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | |
| CVE-2019-14584 | vulnerable (no DSA, ignored) | vulnerable (no DSA) | vulnerable | vulnerable | |
| CVE-2019-14575 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | DxeImageVerificationHandler() fails open in case of dbx signature check |
| CVE-2019-14563 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | numeric truncation in MdeModulePkg/PiDxeS3BootScriptLib |
| CVE-2019-14562 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | |
| CVE-2019-14560 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | vulnerable | GetEfiGlobalVariable2() return value not checked |
| CVE-2019-14559 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | memory leak in ArpOnFrameRcvdDpc |
| CVE-2019-14558 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | Insufficient control flow management in BIOS firmware for 8th, 9th, 10 ... |
| CVE-2019-0161 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | Stack overflow in XHCI for EDK II may allow an unauthenticated user to ... |
| CVE-2019-0160 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | Buffer overflow in system firmware for EDK II may allow unauthenticate ... |
| CVE-2018-12183 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | Stack overflow in DxeCore for EDK II may allow an unauthenticated user ... |