All the vulnerabilites related to Phoenix Technologies Ltd. - SCT3
cve-2014-4860
Vulnerability from cvelistv5
Published
2020-01-31 15:08
Modified
2024-08-06 11:27
Severity ?
Summary
Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase.
References
http://www.kb.cert.org/vuls/id/552286x_refsource_MISC
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T11:27:36.943Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/552286"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SCT3",
          "vendor": "Phoenix Technologies Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "before 5/23/2014"
            }
          ]
        },
        {
          "product": "BIOS",
          "vendor": "American Megatrends Incorporated (AMI)",
          "versions": [
            {
              "status": "affected",
              "version": "unknown"
            }
          ]
        }
      ],
      "datePublic": "2014-08-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Other",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-31T15:08:16",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.kb.cert.org/vuls/id/552286"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2014-4860",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SCT3",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before 5/23/2014"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Phoenix Technologies Ltd."
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "BIOS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "unknown"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "American Megatrends Incorporated (AMI)"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.kb.cert.org/vuls/id/552286",
              "refsource": "MISC",
              "url": "http://www.kb.cert.org/vuls/id/552286"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2014-4860",
    "datePublished": "2020-01-31T15:08:16",
    "dateReserved": "2014-07-10T00:00:00",
    "dateUpdated": "2024-08-06T11:27:36.943Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-4859
Vulnerability from cvelistv5
Published
2020-01-31 15:08
Modified
2024-08-06 11:27
Severity ?
Summary
Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data.
References
http://www.kb.cert.org/vuls/id/552286x_refsource_MISC
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T11:27:36.851Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/552286"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SCT3",
          "vendor": "Phoenix Technologies Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "before 5/23/2014"
            }
          ]
        },
        {
          "product": "BIOS",
          "vendor": "American Megatrends Incorporated (AMI)",
          "versions": [
            {
              "status": "affected",
              "version": "unknown"
            }
          ]
        }
      ],
      "datePublic": "2014-08-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Integer Overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-31T15:08:20",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.kb.cert.org/vuls/id/552286"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2014-4859",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SCT3",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before 5/23/2014"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Phoenix Technologies Ltd."
              },
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "BIOS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "unknown"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "American Megatrends Incorporated (AMI)"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Integer Overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.kb.cert.org/vuls/id/552286",
              "refsource": "MISC",
              "url": "http://www.kb.cert.org/vuls/id/552286"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2014-4859",
    "datePublished": "2020-01-31T15:08:20",
    "dateReserved": "2014-07-10T00:00:00",
    "dateUpdated": "2024-08-06T11:27:36.851Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}