Vulnerabilities > Tianocore

DATE CVE VULNERABILITY TITLE RISK
2021-08-05 CVE-2021-28216 Release of Invalid Pointer or Reference vulnerability in Tianocore EDK II
BootPerformanceTable pointer is read from an NVRAM variable in PEI.
local
low complexity
tianocore CWE-763
4.6
2021-07-14 CVE-2019-11098 Improper Input Validation vulnerability in Tianocore EDK II
Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.
local
low complexity
tianocore CWE-20
4.6
2021-06-11 CVE-2021-28210 Uncontrolled Recursion vulnerability in Tianocore Edk2
An unlimited recursion in DxeCore in EDK II.
local
low complexity
tianocore CWE-674
4.6
2021-06-11 CVE-2021-28211 Out-of-bounds Write vulnerability in Tianocore Edk2 202008
A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.
local
low complexity
tianocore CWE-787
4.6
2021-06-11 CVE-2021-28213 Inadequate Encryption Strength vulnerability in Tianocore Edk2 201905
Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks.
network
low complexity
tianocore CWE-326
5.0
2021-06-03 CVE-2019-14584 NULL Pointer Dereference vulnerability in Tianocore Edk2 20171107
Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
tianocore CWE-476
4.6
2020-11-23 CVE-2019-14587 Unspecified vulnerability in Tianocore Edk2
Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access.
low complexity
tianocore
3.3
2020-11-23 CVE-2019-14586 Use After Free vulnerability in Tianocore Edk2
Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.
low complexity
tianocore CWE-416
5.2
2020-11-23 CVE-2019-14575 Unspecified vulnerability in Tianocore Edk2
Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
tianocore
4.6
2020-11-23 CVE-2019-14563 Integer Overflow or Wraparound vulnerability in Tianocore Edk2
Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
tianocore CWE-190
4.6