Product:

Edk2

(Tianocore)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 30
Date Id Summary Products Score Patch Annotated
2021-06-11 CVE-2021-28210 An unlimited recursion in DxeCore in EDK II. Edk2 7.8
2021-06-11 CVE-2021-28211 A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. Edk2 6.7
2021-06-11 CVE-2021-28213 Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks. Edk2 7.5
2021-12-01 CVE-2021-38575 NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. Kernel, Edk2 8.1
2022-01-03 CVE-2021-38576 A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system. Edk2 7.5
2022-03-03 CVE-2021-38578 Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize. Kernel, Edk2 9.8
2024-01-16 CVE-2023-45229 EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. Edk2 6.5
2024-01-16 CVE-2023-45231 EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing  Neighbor Discovery Redirect message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. Edk2 6.5
2020-11-23 CVE-2019-14559 Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access. Edk2 7.5
2020-11-23 CVE-2019-14563 Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. Debian_linux, Edk2 7.8