Vulnerabilities > Tianocore > Edk2 > 2017.11.07
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-09 | CVE-2022-36764 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tianocore Edk2 EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. | 7.8 |
| 2024-01-09 | CVE-2022-36765 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tianocore Edk2 EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. | 7.8 |
| 2022-03-03 | CVE-2021-38578 | Out-of-bounds Write vulnerability in multiple products Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize. | 9.8 |
| 2021-12-01 | CVE-2021-38575 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. | 8.1 |
| 2021-06-11 | CVE-2021-28210 | Uncontrolled Recursion vulnerability in Tianocore Edk2 An unlimited recursion in DxeCore in EDK II. | 7.8 |
| 2021-06-03 | CVE-2019-14584 | NULL Pointer Dereference vulnerability in Tianocore Edk2 20171107 Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
| 2020-02-06 | CVE-2014-8271 | Classic Buffer Overflow vulnerability in Tianocore Edk2 Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 16280 allows physically proximate attackers to gain privileges via a long variable name. | 6.8 |