Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Edk2
(Tianocore)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 30 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2024-01-16 | CVE-2023-45236 | EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. | Edk2 | 7.5 | ||
2024-01-16 | CVE-2023-45237 | EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. | Edk2 | 7.5 | ||
2021-12-01 | CVE-2021-38575 | NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. | Kernel, Edk2 | 8.1 | ||
2022-03-03 | CVE-2021-38578 | Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize. | Kernel, Edk2 | 9.8 | ||
2021-06-11 | CVE-2021-28213 | Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks. | Edk2 | 7.5 | ||
2022-01-03 | CVE-2021-38576 | A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system. | Edk2 | 7.5 | ||
2020-11-23 | CVE-2019-14559 | Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access. | Edk2 | 7.5 | ||
2020-11-23 | CVE-2019-14563 | Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. | Debian_linux, Edk2 | 7.8 | ||
2020-11-23 | CVE-2019-14562 | Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access. | Debian_linux, Edk2 | 5.5 | ||
2020-11-23 | CVE-2019-14575 | Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. | Debian_linux, Edk2 | 7.8 |