| Bug | jessie | stretch | buster | bullseye | sid | Description |
|---|
| CVE-2019-14575 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | DxeImageVerificationHandler() fails open in case of dbx signature check |
| CVE-2019-14563 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | numeric truncation in MdeModulePkg/PiDxeS3BootScriptLib |
| CVE-2019-14559 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | memory leak in ArpOnFrameRcvdDpc |
| CVE-2019-0161 | vulnerable | vulnerable (no DSA) | fixed | fixed | fixed | Stack overflow in XHCI for EDK II may allow an unauthenticated user to ... |
| CVE-2019-0160 | vulnerable | vulnerable (no DSA) | fixed | fixed | fixed | Buffer overflow in system firmware for EDK II may allow unauthenticate ... |
| CVE-2018-12183 | vulnerable | vulnerable (no DSA) | fixed | fixed | fixed | Stack overflow in DxeCore for EDK II may allow an unauthenticated user ... |
| CVE-2018-12181 | vulnerable | fixed | fixed | fixed | fixed | Stack overflow in corrupted bmp for EDK II may allow unprivileged user ... |
| CVE-2018-12180 | vulnerable | fixed | fixed | fixed | fixed | Buffer overflow in BlockIo service for EDK II may allow an unauthentic ... |
| CVE-2018-12178 | vulnerable | fixed | fixed | fixed | fixed | Buffer overflow in network stack for EDK II may allow unprivileged use ... |