Vulnerabilities > Tianocore > Edk2 > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-16 | CVE-2023-45230 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tianocore Edk2 EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. | 8.8 |
| 2024-01-16 | CVE-2023-45232 | Infinite Loop vulnerability in Tianocore Edk2 EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. | 7.5 |
| 2024-01-16 | CVE-2023-45233 | Infinite Loop vulnerability in Tianocore Edk2 EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. | 7.5 |
| 2024-01-16 | CVE-2023-45234 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tianocore Edk2 EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. | 8.8 |
| 2024-01-16 | CVE-2023-45235 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tianocore Edk2 EDK2's Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option from a DHCPv6 proxy Advertise message. | 8.8 |
| 2024-01-16 | CVE-2023-45236 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Tianocore Edk2 EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. | 7.5 |
| 2024-01-16 | CVE-2023-45237 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Tianocore Edk2 EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. | 7.5 |
| 2024-01-09 | CVE-2022-36763 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tianocore Edk2 EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. | 7.8 |
| 2024-01-09 | CVE-2022-36764 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tianocore Edk2 EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. | 7.8 |
| 2024-01-09 | CVE-2022-36765 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Tianocore Edk2 EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. | 7.8 |