Vulnerabilities > Tianocore > Edk2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-09 | CVE-2022-36764 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tianocore Edk2 EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. | 7.8 |
| 2024-01-09 | CVE-2022-36765 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tianocore Edk2 EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. | 7.8 |
| 2022-03-03 | CVE-2021-38578 | Out-of-bounds Write vulnerability in multiple products Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize. | 9.8 |
| 2022-01-03 | CVE-2021-38576 | Unspecified vulnerability in Tianocore Edk2 A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. | 7.8 |
| 2021-12-01 | CVE-2021-38575 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. | 8.1 |
| 2021-06-11 | CVE-2021-28210 | Uncontrolled Recursion vulnerability in Tianocore Edk2 An unlimited recursion in DxeCore in EDK II. | 4.6 |
| 2021-06-11 | CVE-2021-28211 | Out-of-bounds Write vulnerability in Tianocore Edk2 202008 A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. | 4.6 |
| 2021-06-11 | CVE-2021-28213 | Unspecified vulnerability in Tianocore Edk2 201905 Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks. | 5.0 |
| 2021-06-03 | CVE-2019-14584 | NULL Pointer Dereference vulnerability in Tianocore Edk2 20171107 Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.6 |
| 2020-11-23 | CVE-2019-14587 | Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 3.3 |