Vulnerabilities > Tianocore > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-03 | CVE-2021-38576 | Unspecified vulnerability in Tianocore Edk2 A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. | 7.8 |
| 2021-12-01 | CVE-2021-38575 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. | 8.1 |
| 2020-01-31 | CVE-2014-4860 | Integer Overflow or Wraparound vulnerability in Tianocore Edk2 Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended access restrictions by providing crafted data that is not properly handled during the coalescing phase. | 7.2 |
| 2020-01-31 | CVE-2014-4859 | Integer Overflow or Wraparound vulnerability in Tianocore Edk2 Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restrictions via crafted data. | 7.2 |
| 2019-03-27 | CVE-2018-3613 | Unspecified vulnerability in Tianocore EDK II Udk2015/Udk2017/Udk2018 Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. | 7.8 |
| 2019-03-27 | CVE-2018-12180 | Out-of-bounds Write vulnerability in multiple products Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via network access. | 8.8 |
| 2019-03-27 | CVE-2018-12179 | Unspecified vulnerability in Tianocore EDK II Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access. | 7.8 |