Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tianocore edk2 vulnerabilities and exploits
(subscribe to this query)
694
VMScore
CVE-2021-38576
A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system.
Tianocore Edk2 201808
Tianocore Edk2 201811
Tianocore Edk2 201903
Tianocore Edk2 201905
Tianocore Edk2 201908
Tianocore Edk2 201911
Tianocore Edk2 202002
Tianocore Edk2 202005
Tianocore Edk2 202008
Tianocore Edk2 202011
Tianocore Edk2 202102
Tianocore Edk2 202105
NA
CVE-2022-36763
EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
Tianocore Edk2
NA
CVE-2022-36764
EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
Tianocore Edk2
NA
CVE-2022-36765
EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
Tianocore Edk2
445
VMScore
CVE-2019-14559
Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.
Tianocore Edk2 -
NA
CVE-2023-45236
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an malicious user to gain unauthorized access and potentially lead to a loss of Confidentiality.
Tianocore Edk2
NA
CVE-2023-45237
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an malicious user to gain unauthorized access and potentially lead to a loss of Confidentiality.
Tianocore Edk2
641
VMScore
CVE-2014-4859
Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate malicious users to bypass intended access restrictions via crafted data.
Tianocore Edk2 -
641
VMScore
CVE-2014-4860
Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate malicious users to bypass intended access restrictions by providing crafted data that is not properly handled duri...
Tianocore Edk2 -
409
VMScore
CVE-2014-8271
Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 16280 allows physically proximate malicious users to gain privileges via a long variable name.
Tianocore Edk2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »