Vulnerabilities > Tianocore
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-03 | CVE-2021-38577 | Out-of-bounds Write vulnerability in Tianocore Edk2 Heap Overflow in BaseBmpSupportLib. | 7.5 |
| 2022-03-03 | CVE-2021-38578 | Out-of-bounds Write vulnerability in Tianocore Edk2 Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize. | 9.8 |
| 2022-01-03 | CVE-2021-38576 | Unspecified vulnerability in Tianocore Edk2 A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. | 7.8 |
| 2021-12-01 | CVE-2021-38575 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tianocore Edk2 NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. | 6.8 |
| 2021-08-05 | CVE-2021-28216 | Release of Invalid Pointer or Reference vulnerability in Tianocore EDK II BootPerformanceTable pointer is read from an NVRAM variable in PEI. | 4.6 |
| 2021-07-14 | CVE-2019-11098 | Improper Input Validation vulnerability in Tianocore EDK II Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access. | 4.6 |
| 2021-06-11 | CVE-2021-28210 | Uncontrolled Recursion vulnerability in Tianocore Edk2 An unlimited recursion in DxeCore in EDK II. | 4.6 |
| 2021-06-11 | CVE-2021-28211 | Out-of-bounds Write vulnerability in Tianocore Edk2 202008 A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. | 4.6 |
| 2021-06-11 | CVE-2021-28213 | Unspecified vulnerability in Tianocore Edk2 201905 Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks. | 5.0 |
| 2021-06-03 | CVE-2019-14584 | NULL Pointer Dereference vulnerability in Tianocore Edk2 20171107 Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.6 |