Vulnerabilities > Tianocore

DATE CVE VULNERABILITY TITLE RISK
2022-03-03 CVE-2021-38577 Out-of-bounds Write vulnerability in Tianocore Edk2
Heap Overflow in BaseBmpSupportLib.
network
low complexity
tianocore CWE-787
7.5
2022-03-03 CVE-2021-38578 Out-of-bounds Write vulnerability in Tianocore Edk2
Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.
network
low complexity
tianocore CWE-787
7.5
2022-01-03 CVE-2021-38576 Unspecified vulnerability in Tianocore Edk2
A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty.
network
low complexity
tianocore
7.8
2021-12-01 CVE-2021-38575 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tianocore Edk2
NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.
network
tianocore CWE-119
6.8
2021-08-05 CVE-2021-28216 Release of Invalid Pointer or Reference vulnerability in Tianocore EDK II
BootPerformanceTable pointer is read from an NVRAM variable in PEI.
local
low complexity
tianocore CWE-763
4.6
2021-07-14 CVE-2019-11098 Improper Input Validation vulnerability in Tianocore EDK II
Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.
local
low complexity
tianocore CWE-20
4.6
2021-06-11 CVE-2021-28210 Uncontrolled Recursion vulnerability in Tianocore Edk2
An unlimited recursion in DxeCore in EDK II.
local
low complexity
tianocore CWE-674
4.6
2021-06-11 CVE-2021-28211 Out-of-bounds Write vulnerability in Tianocore Edk2 202008
A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.
local
low complexity
tianocore CWE-787
4.6
2021-06-11 CVE-2021-28213 Inadequate Encryption Strength vulnerability in Tianocore Edk2 201905
Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks.
network
low complexity
tianocore CWE-326
5.0
2021-06-03 CVE-2019-14584 NULL Pointer Dereference vulnerability in Tianocore Edk2 20171107
Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.
local
low complexity
tianocore CWE-476
4.6