Product:

Edk2

(Tianocore)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 30
Date Id Summary Products Score Patch Annotated
2024-01-16 CVE-2023-45236 EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. Edk2 7.5
2024-01-16 CVE-2023-45237 EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. Edk2 7.5
2021-12-01 CVE-2021-38575 NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. Kernel, Edk2 8.1
2022-03-03 CVE-2021-38578 Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize. Kernel, Edk2 9.8
2021-06-11 CVE-2021-28213 Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks. Edk2 7.5
2022-01-03 CVE-2021-38576 A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system. Edk2 7.5
2020-11-23 CVE-2019-14559 Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access. Edk2 7.5
2020-11-23 CVE-2019-14563 Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. Debian_linux, Edk2 7.8
2020-11-23 CVE-2019-14562 Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access. Debian_linux, Edk2 5.5
2020-11-23 CVE-2019-14575 Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. Debian_linux, Edk2 7.8