Vulnerabilities > Tianocore > Edk2 > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-16 | CVE-2023-45229 | Out-of-bounds Read vulnerability in Tianocore Edk2 EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. | 6.5 |
| 2024-01-16 | CVE-2023-45231 | Out-of-bounds Read vulnerability in Tianocore Edk2 EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing Neighbor Discovery Redirect message. | 6.5 |
| 2021-06-11 | CVE-2021-28210 | Uncontrolled Recursion vulnerability in Tianocore Edk2 An unlimited recursion in DxeCore in EDK II. | 4.6 |
| 2021-06-11 | CVE-2021-28211 | Out-of-bounds Write vulnerability in Tianocore Edk2 202008 A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. | 4.6 |
| 2021-06-11 | CVE-2021-28213 | Unspecified vulnerability in Tianocore Edk2 201905 Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks. | 5.0 |
| 2021-06-03 | CVE-2019-14584 | NULL Pointer Dereference vulnerability in Tianocore Edk2 20171107 Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.6 |
| 2020-11-23 | CVE-2019-14586 | Use After Free vulnerability in multiple products Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access. | 5.2 |
| 2020-11-23 | CVE-2019-14575 | Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.6 |
| 2020-11-23 | CVE-2019-14563 | Incorrect Conversion between Numeric Types vulnerability in multiple products Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.6 |
| 2020-11-23 | CVE-2019-14559 | Memory Leak vulnerability in Tianocore Edk2 Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access. | 5.0 |