| Bug | stretch | buster | bullseye | sid | Description |
|---|
| CVE-2021-28211 | vulnerable | vulnerable (no DSA) | fixed | fixed | possible heap corruption with LzmaUefiDecompressGetInfo |
| CVE-2021-28210 | vulnerable | vulnerable (no DSA) | fixed | fixed | unlimited FV recursion, round 2 |
| CVE-2019-14587 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | Logic issue EDK II may allow an unauthenticated user to potentially en ... |
| CVE-2019-14586 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | Use after free vulnerability in EDK II may allow an authenticated user ... |
| CVE-2019-14584 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | |
| CVE-2019-14575 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | Logic issue in DxeImageVerificationHandler() for EDK II may allow an a ... |
| CVE-2019-14563 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | Integer truncation in EDK II may allow an authenticated user to potent ... |
| CVE-2019-14562 | vulnerable (no DSA) | fixed | fixed | fixed | Integer overflow in DxeImageVerificationHandler() EDK II may allow an ... |
| CVE-2019-14560 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | GetEfiGlobalVariable2() return value not checked |
| CVE-2019-14559 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | Uncontrolled resource consumption in EDK II may allow an unauthenticat ... |
| CVE-2019-14558 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | Insufficient control flow management in BIOS firmware for 8th, 9th, 10 ... |
| CVE-2019-0161 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | Stack overflow in XHCI for EDK II may allow an unauthenticated user to ... |
| CVE-2019-0160 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | Buffer overflow in system firmware for EDK II may allow unauthenticate ... |
| CVE-2018-12183 | vulnerable (no DSA, ignored) | fixed | fixed | fixed | Stack overflow in DxeCore for EDK II may allow an unauthenticated user ... |