Vulnerabilities > Tianocore > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-16 | CVE-2023-45229 | Out-of-bounds Read vulnerability in Tianocore Edk2 EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. | 6.5 |
| 2024-01-16 | CVE-2023-45231 | Out-of-bounds Read vulnerability in Tianocore Edk2 EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing Neighbor Discovery Redirect message. | 6.5 |
| 2021-08-05 | CVE-2021-28216 | Release of Invalid Pointer or Reference vulnerability in Tianocore EDK II BootPerformanceTable pointer is read from an NVRAM variable in PEI. | 4.6 |
| 2021-07-14 | CVE-2019-11098 | Improper Input Validation vulnerability in Tianocore EDK II Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access. | 4.6 |
| 2021-06-11 | CVE-2021-28210 | Uncontrolled Recursion vulnerability in Tianocore Edk2 An unlimited recursion in DxeCore in EDK II. | 4.6 |
| 2021-06-11 | CVE-2021-28211 | Out-of-bounds Write vulnerability in Tianocore Edk2 202008 A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. | 4.6 |
| 2021-06-11 | CVE-2021-28213 | Unspecified vulnerability in Tianocore Edk2 201905 Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks. | 5.0 |
| 2021-06-03 | CVE-2019-14584 | NULL Pointer Dereference vulnerability in Tianocore Edk2 20171107 Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.6 |
| 2020-11-23 | CVE-2019-14586 | Use After Free vulnerability in multiple products Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access. | 5.2 |
| 2020-11-23 | CVE-2019-14575 | Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. | 4.6 |